Merge tag 'v0.0.2' into debian/sid

ldapsp v0.0.2

15 files changed, 354 insertions, 40 deletions

diff --git a/README.md b/README.md
index 58a7df8..eccc37b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # A Realm smart proxy for the Foreman
 
-[![Build Status](https://travis-ci.org/theforeman/foreman_ansible_inventory.svg?branch=master)](https://travis-ci.org/theforeman/foreman_ansible_inventory)
+[![Build Status](https://travis-ci.org/agx/ldapsp.svg?branch=master)](https://travis-ci.org/agx/ldapsp)
 
 ldapsp is a simple smart proxy for the [Foreman][] that creates LDAP
 entries on host creation and removes them on destroy. It uses
diff --git a/priv/ldapsp.conf b/priv/ldapsp.conf
index 0f67bfd..2445384 100644
--- a/priv/ldapsp.conf
+++ b/priv/ldapsp.conf
@@ -1,7 +1,7 @@
-%% coding: utf-8
 %% -*- mode: erlang -*-
 {connection,
-  [{server, "192.168.122.172"},
-   {user, "cn=admin,dc=example,dc=com"},
-   {password, "r00tme"}]}.
+  [{server, "ldap.forumsys.com"},
+   %{tls, false},
+   {user, "cn=read-only-admin,dc=example,dc=com"},
+   {password, "password"}]}.
 
diff --git a/rebar.config b/rebar.config
index fdbb381..dd10d2c 100644
--- a/rebar.config
+++ b/rebar.config
@@ -1,6 +1,6 @@
 %%-*- mode: erlang -*-
 {deps, [
-  {webmachine, {git, "git://github.com/webmachine/webmachine", {branch, "master"}}}
+  {webmachine, {git, "https://github.com/webmachine/webmachine", {branch, "master"}}}
 ]}.
 
 {relx, [{release, {'ldapsp', "0.0.1"},
diff --git a/rebar.lock b/rebar.lock
index be29bcb..a074cc9 100644
--- a/rebar.lock
+++ b/rebar.lock
@@ -1,7 +1,7 @@
 {"1.1.0",
 [{<<"mochiweb">>,{pkg,<<"mochiweb">>,<<"2.12.2">>},1},
  {<<"webmachine">>,
-  {git,"git://github.com/webmachine/webmachine",
+  {git,"https://github.com/webmachine/webmachine",
        {ref,"b4758b51c05e8f4e8898a70b7a14514a8c150ffa"}},
   0}]}.
 [
diff --git a/rebar3 b/rebar3
index 8d86860..f4d93ab 100755
--- a/rebar3
+++ b/rebar3
diff --git a/src/ldapsp_app.erl b/src/ldapsp_app.erl
index 793cd4d..60cde79 100644
--- a/src/ldapsp_app.erl
+++ b/src/ldapsp_app.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_app).
 
 -behaviour(application).
@@ -8,7 +26,7 @@
 
 start(_Type, _StartArgs) ->
     LogHandlers = [{webmachine_access_log_handler, ["priv/log"]},
-                   {webmachine_error_log_handler, ["priv/log"]}],
+                   {ldapsp_error_log_handler, ["priv/log"]}],
     application:set_env(webmachine, log_handlers, LogHandlers), 
     % Evil hack so we reprocess the app config
     webmachine:stop(),
diff --git a/src/ldapsp_config.erl b/src/ldapsp_config.erl
index 73d15bd..938f7cd 100644
--- a/src/ldapsp_config.erl
+++ b/src/ldapsp_config.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_config).
 
 -export([
@@ -29,10 +47,7 @@ web_config() ->
 
 ldap_config() ->
     {ok, Config } = file:consult("priv/ldapsp.conf"),
-    Con = proplists:get_value(connection, Config),
-    [{server, proplists:get_value(server, Con)},
-     {user, proplists:get_value(user, Con)},
-     {password, proplists:get_value(password, Con)}].
+    proplists:get_value(connection, Config).
 
 policy_config() ->
     {ok, _Module} = compile:file("priv/policy.erl").
diff --git a/src/ldapsp_error_log_handler.erl b/src/ldapsp_error_log_handler.erl
new file mode 100644
index 0000000..f7825ea
--- /dev/null
+++ b/src/ldapsp_error_log_handler.erl
@@ -0,0 +1,160 @@
+%%-----------------------------------------------------------------------
+%% Copyright (c) 2017 Guido Günther
+%%
+%% This file is provided to you under the Apache License,
+%% Version 2.0 (the "License"); you may not use this file
+%% except in compliance with the License.  You may obtain
+%% a copy of the License at
+%%
+%%   http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing,
+%% software distributed under the License is distributed on an
+%% "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+%% KIND, either express or implied.  See the License for the
+%% specific language governing permissions and limitations
+%% under the License.
+%%
+%% based on error_log_handler.erl
+%% Copyright (c) 2011-2014 Basho Technologies, Inc.  All Rights Reserved.
+%%-----------------------------------------------------------------------
+
+%% @doc Log handler for ldapsp
+
+-module(ldapsp_error_log_handler).
+
+-behaviour(gen_event).
+
+%% gen_event callbacks
+-export([init/1,
+         handle_call/2,
+         handle_event/2,
+         handle_info/2,
+         terminate/2,
+         code_change/3]).
+
+-ifdef(TEST).
+-include_lib("eunit/include/eunit.hrl").
+-endif.
+
+-record(state, {filename, handle}).
+
+-define(FILENAME, "ldapsp_error.log").
+
+%% ===================================================================
+%% gen_event callbacks
+%% ===================================================================
+
+%% @private
+init([BaseDir]) ->
+    {ok,_} = webmachine_log:defer_refresh(?MODULE),
+    FileName = filename:join(BaseDir, ?FILENAME),
+    Handle = log_open(FileName),
+    {ok, #state{filename=FileName, handle=Handle}}.
+
+%% @private
+handle_call({_Label, MRef, get_modules}, State) ->
+    {ok, {MRef, [?MODULE]}, State};
+handle_call({refresh, _Time}, State) ->
+    NewHandle = maybe_reopen(?MODULE,
+			     State#state.filename,
+			     State#state.handle),
+    {ok, ok, State#state{handle=NewHandle}};
+handle_call(_Request, State) ->
+    {ok, ok, State}.
+
+%% @private
+handle_event({log_error, Msg}, State) ->
+    NewHandle = maybe_reopen(?MODULE,
+			     State#state.filename,
+			     State#state.handle),
+    NewState = State#state{handle=NewHandle},
+    FormattedMsg = format_req(error, undefined, undefined, Msg),
+    _ = webmachine_log:log_write(State#state.handle, FormattedMsg),
+    {ok, NewState};
+handle_event({log_error, Code, _Req, _Reason}, State) when Code < 500 ->
+    {ok, State};
+handle_event({log_error, Code, Req, Reason}, State) ->
+    NewHandle = maybe_reopen(?MODULE,
+			     State#state.filename,
+			     State#state.handle),
+    NewState = State#state{handle=NewHandle},
+    Msg = format_req(error, Code, Req, Reason),
+    _ = webmachine_log:log_write(State#state.handle, Msg),
+    {ok, NewState};
+handle_event({log_info, Msg}, State) ->
+    NewHandle = maybe_reopen(?MODULE,
+			     State#state.filename,
+			     State#state.handle),
+    NewState = State#state{handle=NewHandle},
+    FormattedMsg = format_req(info, undefined, undefined, Msg),
+    _ = webmachine_log:log_write(State#state.handle, FormattedMsg),
+    {ok, NewState};
+handle_event(_Event, State) ->
+    {ok, State}.
+
+%% @private
+handle_info(_Info, State) ->
+    {ok, State}.
+
+%% @private
+terminate(_Reason, _State) ->
+    ok.
+
+%% @private
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%% ===================================================================
+%% Internal functions
+%% ===================================================================
+
+
+format_req(Level, Code, Req, Msg) ->
+    Time = webmachine_log:fmtnow(),
+    format_req(Level, Time, Code, Req, Msg).
+
+format_req(info, Time, undefined, _, Msg) ->
+    [Time, " [info] ", Msg];
+format_req(error, Time, undefined, _, Msg) ->
+    [Time, " [error] ", Msg];
+format_req(error, Time, 501, Req, _) ->
+    {Path, _} = Req:path(),
+    {Method, _} = Req:method(),
+    Reason = "Webmachine does not support method ",
+    [Time, " [error] ", Reason, Method, ": path=", Path, $\n];
+format_req(error, Time, 503, Req, _) ->
+    {Path, _} = Req:path(),
+    Reason = "Webmachine cannot fulfill the request at this time",
+    [Time, " [error] ", Reason, ": path=", Path, $\n];
+format_req(error, Time, _Code, Req, Reason) ->
+    {Path, _} = Req:path(),
+    Str = io_lib:format("~p", [Reason]),
+    [Time, " [error] ", "path=", Path, $\x20, Str, $\n].
+
+%% @doc Open a new log file for writing
+-spec log_open(string()) -> file:io_device().
+log_open(LogName) ->
+    error_logger:info_msg("opening log file: ~p~n", [LogName]),
+    ok = filelib:ensure_dir(LogName),
+    {ok, FD} = file:open(LogName, [read, write, raw]),
+    {ok, Location} = file:position(FD, eof),
+    webmachine_log:fix_log(FD, Location),
+    ok = file:truncate(FD),
+    FD.
+
+%% @doc Rotate a log file if the hour it represents
+%% has passed.
+-spec maybe_reopen(atom(), string(), file:io_device()) -> file:io_device().
+maybe_reopen(Mod, FileName, Handle) ->
+    Reopen = not filelib:is_regular(FileName),
+    maybe_reopen(Mod, FileName, Handle, Reopen).
+
+-spec maybe_reopen(atom(), string(), file:io_device(), boolean()) ->
+			  file:io_device().
+maybe_reopen(_Mod, _FileName, Handle, false) ->
+    Handle;
+maybe_reopen(Mod, FileName, Handle, true) ->
+    ok = webmachine_log:log_close(Mod, FileName, Handle),
+    NewHandle = log_open(FileName),
+    NewHandle.
diff --git a/src/ldapsp_features.erl b/src/ldapsp_features.erl
index e976bea..62804c2 100644
--- a/src/ldapsp_features.erl
+++ b/src/ldapsp_features.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_features).
 -export([
 	 init/1,
diff --git a/src/ldapsp_ldap.erl b/src/ldapsp_ldap.erl
index 9228565..e87c6d8 100644
--- a/src/ldapsp_ldap.erl
+++ b/src/ldapsp_ldap.erl
@@ -1,11 +1,21 @@
-%%%-------------------------------------------------------------------
-%%% @author Guido <agx@sigxcpu.org>
-%%% @copyright (C) 2016, Guido Günther
-%%% @doc
-%%%
-%%% @end
-%%% Created : 16 Aug 2016 by Guido <agx@sigxcpu.org>
-%%%-------------------------------------------------------------------
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_ldap).
 
 -behaviour(gen_server).
@@ -23,7 +33,7 @@
 
 -define(SERVER, ?MODULE).
 
--record(state, {server, user, password}).
+-record(state, {server, user, password, tls=true, tls_opts}).
 
 %%%===================================================================
 %%% API
@@ -62,10 +72,13 @@ start_link(Args) ->
 %%                     {stop, Reason}
 %% @end
 %%--------------------------------------------------------------------
-init([{server, Server}, {user, User}, {password, Password}]) ->
-    {ok, #state{server=Server,
-		user=User,
-		password=Password}}.
+init(Opts) ->
+    {ok, #state{server=proplists:get_value(server, Opts),
+                tls=proplists:get_value(tls, Opts, true),
+                tls_opts=proplists:get_value(tls_opts, Opts,
+                                             [{verify_type, verify_peer}]),
+                user=proplists:get_value(user, Opts),
+                password=proplists:get_value(password, Opts)}}.
 
 %%--------------------------------------------------------------------
 %% @private
@@ -143,20 +156,29 @@ code_change(_OldVsn, State, _Extra) ->
 %%% Internal functions
 %%%===================================================================
 
-% -> ok , {error,Reaseon}
-do_add(Dn, Attributes, #state{server=Server, user=User, password=Pw}) ->
+start_tls(Handle, TLSOpts)->
+    ok = eldap:start_tls(Handle, TLSOpts).
+
+connect(#state{server=Server, user=User, password=Pw, tls=TLS, tls_opts=TLSOpts}) ->
     {ok, Handle} = eldap:open([Server]),
+    ok = case TLS of
+        true -> start_tls(Handle, TLSOpts);
+        _    -> ok
+    end,
     ok = eldap:simple_bind(Handle, User, Pw),
+    {ok, Handle}.
+
+% -> ok , {error,Reaseon}
+do_add(Dn, Attributes, State) ->
+    {ok, Handle} = connect(State),
     ldapsp_log:debug("Will create: ~p with ~p~n", [Dn, Attributes]),
     Resp = eldap:add(Handle, Dn, Attributes),
     check_close(eldap:close(Handle)),
     Resp.
 
 % -> ok , {error,Reaseon}
-do_delete(Dn, #state{server=Server, user=User, password=Pw}) ->
-    {ok, Handle} = eldap:open([Server]),
-    ok = eldap:simple_bind(Handle, User, Pw),
-    ldapsp_log:debug("Will delete: ~p~n", [Dn]),
+do_delete(Dn, State) ->
+    {ok, Handle} = connect(State),
     Resp = eldap:delete(Handle, Dn),
     check_close(eldap:close(Handle)),
     Resp.
@@ -165,4 +187,3 @@ check_close(ok) -> ok;
 % erlang 17.1 has another return value than 1.18.3
 check_close({_Pid, close}) -> ok;
 check_close(EverythingElse) -> ok = EverythingElse.
-    
diff --git a/src/ldapsp_log.erl b/src/ldapsp_log.erl
index 7ec808c..3b2a577 100644
--- a/src/ldapsp_log.erl
+++ b/src/ldapsp_log.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_log).
 -export([
 	 err/2,
diff --git a/src/ldapsp_proxy.erl b/src/ldapsp_proxy.erl
index 9639401..b924aaa 100644
--- a/src/ldapsp_proxy.erl
+++ b/src/ldapsp_proxy.erl
@@ -1,11 +1,21 @@
-%%%-------------------------------------------------------------------
-%%% @author Guido <agx@sigxcpu.org>
-%%% @copyright (C) 2016, Guido Günther
-%%% @doc
-%%%
-%%% @end
-%%% Created : 16 Aug 2016 by Guido <agx@sigxcpu.org>
-%%%-------------------------------------------------------------------
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_proxy).
 
 -export([add_host/3,
diff --git a/src/ldapsp_realm.erl b/src/ldapsp_realm.erl
index 3f786af..f3e283a 100644
--- a/src/ldapsp_realm.erl
+++ b/src/ldapsp_realm.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_realm).
 -export([
 	 allowed_methods/2,
diff --git a/src/ldapsp_realm_hostname.erl b/src/ldapsp_realm_hostname.erl
index a28d19d..4965066 100644
--- a/src/ldapsp_realm_hostname.erl
+++ b/src/ldapsp_realm_hostname.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_realm_hostname).
 -export([
 	 allowed_methods/2,
diff --git a/src/ldapsp_sup.erl b/src/ldapsp_sup.erl
index 21bb4fb..5df7443 100644
--- a/src/ldapsp_sup.erl
+++ b/src/ldapsp_sup.erl
@@ -1,3 +1,21 @@
+%%-------------------------------------------------------------------
+%% This file is part of ldapsp.
+%%
+%% Copyright (C) 2016 Guido Günther <agx@sigxcpu.org>
+%%
+%% ldapsp is free software: you can redistribute it and/or modify
+%% it under the terms of the GNU General Public License as published by
+%% the Free Software Foundation, either version 3 of the License, or
+%% (at your option) any later version.
+%%
+%% ldapsp is distributed in the hope that it will be useful,
+%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+%% GNU General Public License for more details.
+%%
+%% You should have received a copy of the GNU General Public License
+%% along with ldapsp.  If not, see <http://www.gnu.org/licenses/>.
+%%-------------------------------------------------------------------
 -module(ldapsp_sup).
 -behaviour(supervisor).