diff options
author | Guido Günther <agx@sigxcpu.org> | 2017-04-19 14:13:21 +0200 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2017-04-19 14:13:21 +0200 |
commit | e0cb1bf616b74f6040da5529ede6e778677efa7c (patch) | |
tree | 6088dc8d9b9e25a0d36982f994949c9f1f22a6ce | |
parent | 67e99e3b9e916669785533103d5c2199190db9da (diff) | |
parent | 5d8488c75ea385bea0c13b09c94732cd3595a21c (diff) |
Merge tag 'v0.0.2' into debian/sid
ldapsp v0.0.2
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | priv/ldapsp.conf | 8 | ||||
-rw-r--r-- | rebar.config | 2 | ||||
-rw-r--r-- | rebar.lock | 2 | ||||
-rwxr-xr-x | rebar3 | bin | 764944 -> 785001 bytes | |||
-rw-r--r-- | src/ldapsp_app.erl | 20 | ||||
-rw-r--r-- | src/ldapsp_config.erl | 23 | ||||
-rw-r--r-- | src/ldapsp_error_log_handler.erl | 160 | ||||
-rw-r--r-- | src/ldapsp_features.erl | 18 | ||||
-rw-r--r-- | src/ldapsp_ldap.erl | 61 | ||||
-rw-r--r-- | src/ldapsp_log.erl | 18 | ||||
-rw-r--r-- | src/ldapsp_proxy.erl | 26 | ||||
-rw-r--r-- | src/ldapsp_realm.erl | 18 | ||||
-rw-r--r-- | src/ldapsp_realm_hostname.erl | 18 | ||||
-rw-r--r-- | src/ldapsp_sup.erl | 18 |
15 files changed, 354 insertions, 40 deletions
@@ -1,6 +1,6 @@ # A Realm smart proxy for the Foreman -[![Build Status](https://travis-ci.org/theforeman/foreman_ansible_inventory.svg?branch=master)](https://travis-ci.org/theforeman/foreman_ansible_inventory) +[![Build Status](https://travis-ci.org/agx/ldapsp.svg?branch=master)](https://travis-ci.org/agx/ldapsp) ldapsp is a simple smart proxy for the [Foreman][] that creates LDAP entries on host creation and removes them on destroy. It uses diff --git a/priv/ldapsp.conf b/priv/ldapsp.conf index 0f67bfd..2445384 100644 --- a/priv/ldapsp.conf +++ b/priv/ldapsp.conf @@ -1,7 +1,7 @@ -%% coding: utf-8 %% -*- mode: erlang -*- {connection, - [{server, "192.168.122.172"}, - {user, "cn=admin,dc=example,dc=com"}, - {password, "r00tme"}]}. + [{server, "ldap.forumsys.com"}, + %{tls, false}, + {user, "cn=read-only-admin,dc=example,dc=com"}, + {password, "password"}]}. diff --git a/rebar.config b/rebar.config index fdbb381..dd10d2c 100644 --- a/rebar.config +++ b/rebar.config @@ -1,6 +1,6 @@ %%-*- mode: erlang -*- {deps, [ - {webmachine, {git, "git://github.com/webmachine/webmachine", {branch, "master"}}} + {webmachine, {git, "https://github.com/webmachine/webmachine", {branch, "master"}}} ]}. {relx, [{release, {'ldapsp', "0.0.1"}, @@ -1,7 +1,7 @@ {"1.1.0", [{<<"mochiweb">>,{pkg,<<"mochiweb">>,<<"2.12.2">>},1}, {<<"webmachine">>, - {git,"git://github.com/webmachine/webmachine", + {git,"https://github.com/webmachine/webmachine", {ref,"b4758b51c05e8f4e8898a70b7a14514a8c150ffa"}}, 0}]}. [ Binary files differdiff --git a/src/ldapsp_app.erl b/src/ldapsp_app.erl index 793cd4d..60cde79 100644 --- a/src/ldapsp_app.erl +++ b/src/ldapsp_app.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_app). -behaviour(application). @@ -8,7 +26,7 @@ start(_Type, _StartArgs) -> LogHandlers = [{webmachine_access_log_handler, ["priv/log"]}, - {webmachine_error_log_handler, ["priv/log"]}], + {ldapsp_error_log_handler, ["priv/log"]}], application:set_env(webmachine, log_handlers, LogHandlers), % Evil hack so we reprocess the app config webmachine:stop(), diff --git a/src/ldapsp_config.erl b/src/ldapsp_config.erl index 73d15bd..938f7cd 100644 --- a/src/ldapsp_config.erl +++ b/src/ldapsp_config.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_config). -export([ @@ -29,10 +47,7 @@ web_config() -> ldap_config() -> {ok, Config } = file:consult("priv/ldapsp.conf"), - Con = proplists:get_value(connection, Config), - [{server, proplists:get_value(server, Con)}, - {user, proplists:get_value(user, Con)}, - {password, proplists:get_value(password, Con)}]. + proplists:get_value(connection, Config). policy_config() -> {ok, _Module} = compile:file("priv/policy.erl"). diff --git a/src/ldapsp_error_log_handler.erl b/src/ldapsp_error_log_handler.erl new file mode 100644 index 0000000..f7825ea --- /dev/null +++ b/src/ldapsp_error_log_handler.erl @@ -0,0 +1,160 @@ +%%----------------------------------------------------------------------- +%% Copyright (c) 2017 Guido Günther +%% +%% This file is provided to you under the Apache License, +%% Version 2.0 (the "License"); you may not use this file +%% except in compliance with the License. You may obtain +%% a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, +%% software distributed under the License is distributed on an +%% "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +%% KIND, either express or implied. See the License for the +%% specific language governing permissions and limitations +%% under the License. +%% +%% based on error_log_handler.erl +%% Copyright (c) 2011-2014 Basho Technologies, Inc. All Rights Reserved. +%%----------------------------------------------------------------------- + +%% @doc Log handler for ldapsp + +-module(ldapsp_error_log_handler). + +-behaviour(gen_event). + +%% gen_event callbacks +-export([init/1, + handle_call/2, + handle_event/2, + handle_info/2, + terminate/2, + code_change/3]). + +-ifdef(TEST). +-include_lib("eunit/include/eunit.hrl"). +-endif. + +-record(state, {filename, handle}). + +-define(FILENAME, "ldapsp_error.log"). + +%% =================================================================== +%% gen_event callbacks +%% =================================================================== + +%% @private +init([BaseDir]) -> + {ok,_} = webmachine_log:defer_refresh(?MODULE), + FileName = filename:join(BaseDir, ?FILENAME), + Handle = log_open(FileName), + {ok, #state{filename=FileName, handle=Handle}}. + +%% @private +handle_call({_Label, MRef, get_modules}, State) -> + {ok, {MRef, [?MODULE]}, State}; +handle_call({refresh, _Time}, State) -> + NewHandle = maybe_reopen(?MODULE, + State#state.filename, + State#state.handle), + {ok, ok, State#state{handle=NewHandle}}; +handle_call(_Request, State) -> + {ok, ok, State}. + +%% @private +handle_event({log_error, Msg}, State) -> + NewHandle = maybe_reopen(?MODULE, + State#state.filename, + State#state.handle), + NewState = State#state{handle=NewHandle}, + FormattedMsg = format_req(error, undefined, undefined, Msg), + _ = webmachine_log:log_write(State#state.handle, FormattedMsg), + {ok, NewState}; +handle_event({log_error, Code, _Req, _Reason}, State) when Code < 500 -> + {ok, State}; +handle_event({log_error, Code, Req, Reason}, State) -> + NewHandle = maybe_reopen(?MODULE, + State#state.filename, + State#state.handle), + NewState = State#state{handle=NewHandle}, + Msg = format_req(error, Code, Req, Reason), + _ = webmachine_log:log_write(State#state.handle, Msg), + {ok, NewState}; +handle_event({log_info, Msg}, State) -> + NewHandle = maybe_reopen(?MODULE, + State#state.filename, + State#state.handle), + NewState = State#state{handle=NewHandle}, + FormattedMsg = format_req(info, undefined, undefined, Msg), + _ = webmachine_log:log_write(State#state.handle, FormattedMsg), + {ok, NewState}; +handle_event(_Event, State) -> + {ok, State}. + +%% @private +handle_info(_Info, State) -> + {ok, State}. + +%% @private +terminate(_Reason, _State) -> + ok. + +%% @private +code_change(_OldVsn, State, _Extra) -> + {ok, State}. + +%% =================================================================== +%% Internal functions +%% =================================================================== + + +format_req(Level, Code, Req, Msg) -> + Time = webmachine_log:fmtnow(), + format_req(Level, Time, Code, Req, Msg). + +format_req(info, Time, undefined, _, Msg) -> + [Time, " [info] ", Msg]; +format_req(error, Time, undefined, _, Msg) -> + [Time, " [error] ", Msg]; +format_req(error, Time, 501, Req, _) -> + {Path, _} = Req:path(), + {Method, _} = Req:method(), + Reason = "Webmachine does not support method ", + [Time, " [error] ", Reason, Method, ": path=", Path, $\n]; +format_req(error, Time, 503, Req, _) -> + {Path, _} = Req:path(), + Reason = "Webmachine cannot fulfill the request at this time", + [Time, " [error] ", Reason, ": path=", Path, $\n]; +format_req(error, Time, _Code, Req, Reason) -> + {Path, _} = Req:path(), + Str = io_lib:format("~p", [Reason]), + [Time, " [error] ", "path=", Path, $\x20, Str, $\n]. + +%% @doc Open a new log file for writing +-spec log_open(string()) -> file:io_device(). +log_open(LogName) -> + error_logger:info_msg("opening log file: ~p~n", [LogName]), + ok = filelib:ensure_dir(LogName), + {ok, FD} = file:open(LogName, [read, write, raw]), + {ok, Location} = file:position(FD, eof), + webmachine_log:fix_log(FD, Location), + ok = file:truncate(FD), + FD. + +%% @doc Rotate a log file if the hour it represents +%% has passed. +-spec maybe_reopen(atom(), string(), file:io_device()) -> file:io_device(). +maybe_reopen(Mod, FileName, Handle) -> + Reopen = not filelib:is_regular(FileName), + maybe_reopen(Mod, FileName, Handle, Reopen). + +-spec maybe_reopen(atom(), string(), file:io_device(), boolean()) -> + file:io_device(). +maybe_reopen(_Mod, _FileName, Handle, false) -> + Handle; +maybe_reopen(Mod, FileName, Handle, true) -> + ok = webmachine_log:log_close(Mod, FileName, Handle), + NewHandle = log_open(FileName), + NewHandle. diff --git a/src/ldapsp_features.erl b/src/ldapsp_features.erl index e976bea..62804c2 100644 --- a/src/ldapsp_features.erl +++ b/src/ldapsp_features.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_features). -export([ init/1, diff --git a/src/ldapsp_ldap.erl b/src/ldapsp_ldap.erl index 9228565..e87c6d8 100644 --- a/src/ldapsp_ldap.erl +++ b/src/ldapsp_ldap.erl @@ -1,11 +1,21 @@ -%%%------------------------------------------------------------------- -%%% @author Guido <agx@sigxcpu.org> -%%% @copyright (C) 2016, Guido Günther -%%% @doc -%%% -%%% @end -%%% Created : 16 Aug 2016 by Guido <agx@sigxcpu.org> -%%%------------------------------------------------------------------- +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_ldap). -behaviour(gen_server). @@ -23,7 +33,7 @@ -define(SERVER, ?MODULE). --record(state, {server, user, password}). +-record(state, {server, user, password, tls=true, tls_opts}). %%%=================================================================== %%% API @@ -62,10 +72,13 @@ start_link(Args) -> %% {stop, Reason} %% @end %%-------------------------------------------------------------------- -init([{server, Server}, {user, User}, {password, Password}]) -> - {ok, #state{server=Server, - user=User, - password=Password}}. +init(Opts) -> + {ok, #state{server=proplists:get_value(server, Opts), + tls=proplists:get_value(tls, Opts, true), + tls_opts=proplists:get_value(tls_opts, Opts, + [{verify_type, verify_peer}]), + user=proplists:get_value(user, Opts), + password=proplists:get_value(password, Opts)}}. %%-------------------------------------------------------------------- %% @private @@ -143,20 +156,29 @@ code_change(_OldVsn, State, _Extra) -> %%% Internal functions %%%=================================================================== -% -> ok , {error,Reaseon} -do_add(Dn, Attributes, #state{server=Server, user=User, password=Pw}) -> +start_tls(Handle, TLSOpts)-> + ok = eldap:start_tls(Handle, TLSOpts). + +connect(#state{server=Server, user=User, password=Pw, tls=TLS, tls_opts=TLSOpts}) -> {ok, Handle} = eldap:open([Server]), + ok = case TLS of + true -> start_tls(Handle, TLSOpts); + _ -> ok + end, ok = eldap:simple_bind(Handle, User, Pw), + {ok, Handle}. + +% -> ok , {error,Reaseon} +do_add(Dn, Attributes, State) -> + {ok, Handle} = connect(State), ldapsp_log:debug("Will create: ~p with ~p~n", [Dn, Attributes]), Resp = eldap:add(Handle, Dn, Attributes), check_close(eldap:close(Handle)), Resp. % -> ok , {error,Reaseon} -do_delete(Dn, #state{server=Server, user=User, password=Pw}) -> - {ok, Handle} = eldap:open([Server]), - ok = eldap:simple_bind(Handle, User, Pw), - ldapsp_log:debug("Will delete: ~p~n", [Dn]), +do_delete(Dn, State) -> + {ok, Handle} = connect(State), Resp = eldap:delete(Handle, Dn), check_close(eldap:close(Handle)), Resp. @@ -165,4 +187,3 @@ check_close(ok) -> ok; % erlang 17.1 has another return value than 1.18.3 check_close({_Pid, close}) -> ok; check_close(EverythingElse) -> ok = EverythingElse. - diff --git a/src/ldapsp_log.erl b/src/ldapsp_log.erl index 7ec808c..3b2a577 100644 --- a/src/ldapsp_log.erl +++ b/src/ldapsp_log.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_log). -export([ err/2, diff --git a/src/ldapsp_proxy.erl b/src/ldapsp_proxy.erl index 9639401..b924aaa 100644 --- a/src/ldapsp_proxy.erl +++ b/src/ldapsp_proxy.erl @@ -1,11 +1,21 @@ -%%%------------------------------------------------------------------- -%%% @author Guido <agx@sigxcpu.org> -%%% @copyright (C) 2016, Guido Günther -%%% @doc -%%% -%%% @end -%%% Created : 16 Aug 2016 by Guido <agx@sigxcpu.org> -%%%------------------------------------------------------------------- +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_proxy). -export([add_host/3, diff --git a/src/ldapsp_realm.erl b/src/ldapsp_realm.erl index 3f786af..f3e283a 100644 --- a/src/ldapsp_realm.erl +++ b/src/ldapsp_realm.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_realm). -export([ allowed_methods/2, diff --git a/src/ldapsp_realm_hostname.erl b/src/ldapsp_realm_hostname.erl index a28d19d..4965066 100644 --- a/src/ldapsp_realm_hostname.erl +++ b/src/ldapsp_realm_hostname.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_realm_hostname). -export([ allowed_methods/2, diff --git a/src/ldapsp_sup.erl b/src/ldapsp_sup.erl index 21bb4fb..5df7443 100644 --- a/src/ldapsp_sup.erl +++ b/src/ldapsp_sup.erl @@ -1,3 +1,21 @@ +%%------------------------------------------------------------------- +%% This file is part of ldapsp. +%% +%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org> +%% +%% ldapsp is free software: you can redistribute it and/or modify +%% it under the terms of the GNU General Public License as published by +%% the Free Software Foundation, either version 3 of the License, or +%% (at your option) any later version. +%% +%% ldapsp is distributed in the hope that it will be useful, +%% but WITHOUT ANY WARRANTY; without even the implied warranty of +%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +%% GNU General Public License for more details. +%% +%% You should have received a copy of the GNU General Public License +%% along with ldapsp. If not, see <http://www.gnu.org/licenses/>. +%%------------------------------------------------------------------- -module(ldapsp_sup). -behaviour(supervisor). |