Initial commit
This commit is contained in:
		
						commit
						9f8c47712a
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | |||||||
|  | /target | ||||||
|  | **/*.rs.bk | ||||||
							
								
								
									
										1403
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										1403
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										15
									
								
								Cargo.toml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								Cargo.toml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,15 @@ | |||||||
|  | [package] | ||||||
|  | name = "auth" | ||||||
|  | version = "0.1.0" | ||||||
|  | authors = ["alex"] | ||||||
|  | edition = "2018" | ||||||
|  | 
 | ||||||
|  | [dependencies] | ||||||
|  | futures = "0.1.21" | ||||||
|  | hyper = "0.12.25" | ||||||
|  | hyper-router = "0.5" | ||||||
|  | ldap3 = "0.6" | ||||||
|  | tokio = "0.1.0" | ||||||
|  | base64 = "0.10.0" | ||||||
|  | #[dependencies.ldap3] | ||||||
|  | # version = "0.6" | ||||||
							
								
								
									
										148
									
								
								src/main.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										148
									
								
								src/main.rs
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,148 @@ | |||||||
|  | // #![deny(warnings)]
 | ||||||
|  | // extern crate futures;
 | ||||||
|  | extern crate base64; | ||||||
|  | extern crate hyper; | ||||||
|  | extern crate ldap3; | ||||||
|  | extern crate tokio; | ||||||
|  | 
 | ||||||
|  | use std::str::{ | ||||||
|  |     FromStr, | ||||||
|  |     from_utf8, | ||||||
|  | }; | ||||||
|  | use std::thread; | ||||||
|  | 
 | ||||||
|  | use hyper::rt::{Future}; | ||||||
|  | use hyper::{Body, Request, Response, Server, StatusCode}; | ||||||
|  | use hyper::header::{AUTHORIZATION}; | ||||||
|  | use hyper_router::{Route, RouterBuilder, RouterService}; | ||||||
|  | use base64::decode; | ||||||
|  | 
 | ||||||
|  | use ldap3::{ LdapConn, Scope, SearchEntry }; | ||||||
|  | 
 | ||||||
|  | #[derive(Debug)] | ||||||
|  | struct BasicAuthentication { | ||||||
|  |     pub username: String, | ||||||
|  |     pub password: String, | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | #[derive(Debug)] | ||||||
|  | pub enum AuthError { | ||||||
|  |     Parse, | ||||||
|  |     Decode, | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | impl FromStr for BasicAuthentication { | ||||||
|  |     type Err = AuthError; | ||||||
|  |     fn from_str(s: &str) -> Result<BasicAuthentication, AuthError> { | ||||||
|  |         match decode(s) { | ||||||
|  |             Ok(bytes) => match from_utf8(&bytes) { | ||||||
|  |                 Ok(text) => { | ||||||
|  |                     let mut pair = text.splitn(2, ":"); | ||||||
|  |                     Ok(BasicAuthentication { | ||||||
|  |                         username: pair.next().unwrap().to_string(), | ||||||
|  |                         password: pair.next().unwrap().to_string(), | ||||||
|  |                     }) | ||||||
|  |                 }, | ||||||
|  |                 Err(_) => Err(AuthError::Parse) | ||||||
|  |             }, | ||||||
|  |             Err(_) => Err(AuthError::Decode) | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | #[derive(Debug)] | ||||||
|  | struct LdapUser { | ||||||
|  |     pub dn: String, | ||||||
|  |     pub services: Vec<String>, | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn auth_user(auth: &BasicAuthentication) -> Result<LdapUser, AuthError> { | ||||||
|  |     let ldap = match LdapConn::new("ldap://192.168.122.61:389") { | ||||||
|  |         Ok(conn) => conn, | ||||||
|  |         Err(err) => panic!(err), | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     let base = format!("uid={},ou=people,dc=xeentech,dc=com", auth.username); | ||||||
|  |     match ldap.simple_bind(&base, &auth.password).unwrap().success() { | ||||||
|  |         Ok(ldap) => println!("Connected and authenticated"), | ||||||
|  |         Err(err) => panic!("Failed to bind with dn+password"), | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     let filter = format!("(uid={})", auth.username); | ||||||
|  |     let s = match ldap.search(&base, Scope::Subtree, &filter, vec!["mail", "enabledService"]) { | ||||||
|  |         Ok(result) => { | ||||||
|  |             let (rs, _) = result.success().unwrap(); | ||||||
|  |             rs | ||||||
|  |         }, | ||||||
|  |         Err(err) => panic!("Search failed? {:?}", err), | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     // Grab the first, if any, result and discard the rest
 | ||||||
|  |     let se = SearchEntry::construct(s.first().unwrap().to_owned()); | ||||||
|  |     let services = match se.attrs.get("enabledService") { | ||||||
|  |         Some(services) => services.to_vec(), | ||||||
|  |         None => [].to_vec(), | ||||||
|  |     }; | ||||||
|  |     let mail = match se.attrs.get("mail") { | ||||||
|  |         Some(mail) => mail.to_vec(), | ||||||
|  |         None => [].to_ved(), | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     Ok(LdapUser { | ||||||
|  |         dn: base, | ||||||
|  |         services: services, | ||||||
|  |     }) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn auth_handler(req: Request<Body>) -> Response<Body> { | ||||||
|  |     let header = match req.headers().get(AUTHORIZATION) { | ||||||
|  |         Some(auth_value) => auth_value.to_str().unwrap(), | ||||||
|  |         None => return Response::builder() | ||||||
|  |             .status(StatusCode::UNAUTHORIZED) | ||||||
|  |             .body(Body::from("Authentication header missing")) | ||||||
|  |             .unwrap(), | ||||||
|  |     }; | ||||||
|  |     let (auth_type, credentials) = { | ||||||
|  |         let mut split = header.split_ascii_whitespace(); | ||||||
|  |         let auth_type = split.next().unwrap(); | ||||||
|  |         let credentials = split.next().unwrap(); | ||||||
|  |         (auth_type, credentials) | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     if auth_type != "Basic" { | ||||||
|  |         return Response::builder() | ||||||
|  |             .status(StatusCode::UNAUTHORIZED) | ||||||
|  |             .body(Body::from("Basic Authentication was expected")) | ||||||
|  |             .unwrap(); | ||||||
|  |     } | ||||||
|  |     let auth = BasicAuthentication::from_str(credentials).unwrap(); | ||||||
|  |     let worker = thread::spawn(move || { | ||||||
|  |         let user = auth_user(&auth); | ||||||
|  |         user | ||||||
|  |     }); | ||||||
|  |     let user = worker.join().expect("ldap thread threw?"); | ||||||
|  | 
 | ||||||
|  |     Response::new(Body::from(format!("BasicAuthentication {:?}", user))) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn hello(req: Request<Body>) -> Response<Body> { | ||||||
|  |     Response::new(Body::from("Hi!")) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn router_service() -> Result<RouterService, std::io::Error> { | ||||||
|  |     let router = RouterBuilder::new() | ||||||
|  |         .add(Route::get("/hello").using(hello)) | ||||||
|  |         .add(Route::post("/auth").using(auth_handler)) | ||||||
|  |         .build(); | ||||||
|  |     Ok(RouterService::new(router)) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | fn main() { | ||||||
|  |     let addr = "0.0.0.0:3000".parse().expect("Bad Address"); | ||||||
|  |     let server = Server::bind(&addr) | ||||||
|  |         .serve(router_service) | ||||||
|  |         .map_err(|e| eprintln!("server error: {}", e)); | ||||||
|  | 
 | ||||||
|  |     println!("Listening on http://{}", addr); | ||||||
|  |     tokio::run(server); | ||||||
|  | } | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Alex Wright
						Alex Wright