summaryrefslogtreecommitdiff
path: root/priv/policy.erl
blob: 99dc02e50841babcadba1b80c1866cf49dedc397 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

%%%-------------------------------------------------------------------
%%% @copyright (C) 2016, Guido Günther
%%% @doc
%%%
%%% @end
%%%-------------------------------------------------------------------
-module(policy).

-export([add_host/3,
         del_host/2
	]).

-define(POLICY_CONF, "priv/policy.conf").

% -> data to return
add_host(Hostname, Class, Realm) ->
    Dn = host2dn(Hostname, Realm),
    Members = members(Class),
    Attrs = class2attr(Hostname, Class, Realm, Members),
    ok = ldapsp_ldap:add(Dn, Attrs),
    [{dn, list_to_binary(Dn)},
     {randompassword, <<"UNSET">>}].

% -> true, false
del_host(Hostname, Realm) ->
    Dn = host2dn(Hostname, Realm),
    del_result(ldapsp_ldap:delete(Dn)).

%% Private functions
host2dn(Host, Realm) ->
    Base = string:join([ "dc=" ++ C || C <- string:tokens(Realm, ".")], ", "),
    "cn=" ++ hd(string:tokens(Host, ".")) ++ ", " ++ Base.

class2attr(Host, _Class, _Realm, Members) ->
    [{"objectclass", ["top", "groupOfUniqueNames"]},
     {"cn", [Host]},
     {"uniqueMember", Members}].


del_result({error,noSuchObject}) -> true;
del_result(ok) -> true;
del_result(_) ->  false.


members(Class, [{Dn,Classes}|Tail], Members) ->
    NewMembers = case lists:member(Class, Classes) of
		     true -> Members ++ [Dn];
		     _    -> Members
		 end,
    members(Class, Tail, NewMembers);
members(_Class, [], Members) -> Members.

members(Class) ->
    {ok, Config} = file:consult(?POLICY_CONF),

    Defaults = proplists:get_value(defaults, Config, []),
    Mappings = proplists:get_value(mappings, Config, []),

    Members = members(Class, Mappings, []),
    case Members of
	[] -> Defaults;
	_ -> Members
    end.

-ifdef(TEST).
-include_lib("eunit/include/eunit.hrl").

members_nonexistent_test() ->
    ?assertEqual(
       ["cn=default,dc=example,dc=com"],
       members("nonexistent")).

members_existent_test() ->
    ?assertEqual(
       ["cn=productA,dc=example,dc=com"],
       members("app1")).

members_multiple_test() ->
    ?assertEqual(
       ["cn=productA,dc=example,dc=com",
	"cn=productB,dc=example,dc=com"],
       members("app4")).

-endif.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 19:03:32 +0000