lldap/server/src/infra/ldap_server.rs

use crate::{
    domain::{
        handler::{BackendHandler, LoginHandler},
        opaque_handler::OpaqueHandler,
    },
    infra::{configuration::Configuration, ldap_handler::LdapHandler},
};
use actix_rt::net::TcpStream;
use actix_server::ServerBuilder;
use actix_service::{fn_service, ServiceFactoryExt};
use anyhow::{bail, Context, Result};
use futures_util::future::ok;
use ldap3_server::{proto::LdapMsg, LdapCodec};
use log::*;
use tokio::net::tcp::WriteHalf;
use tokio_util::codec::{FramedRead, FramedWrite};

async fn handle_incoming_message<Backend>(
    msg: Result<LdapMsg, std::io::Error>,
    resp: &mut FramedWrite<WriteHalf<'_>, LdapCodec>,
    session: &mut LdapHandler<Backend>,
) -> Result<bool>
where
    Backend: BackendHandler + LoginHandler + OpaqueHandler,
{
    use futures_util::SinkExt;
    let msg = msg.context("while receiving LDAP op")?;
    debug!("Received LDAP message: {:?}", &msg);
    match session.handle_ldap_message(msg.op).await {
        None => return Ok(false),
        Some(result) => {
            if result.is_empty() {
                debug!("No response");
            }
            for result_op in result.into_iter() {
                debug!("Replying with LDAP op: {:?}", &result_op);
                resp.send(LdapMsg {
                    msgid: msg.msgid,
                    op: result_op,
                    ctrl: vec![],
                })
                .await
                .context("while sending a response: {:#}")?
            }

            if let Err(e) = resp.flush().await {
                bail!("Error while flushing responses: {:?}", e);
            }
        }
    }
    Ok(true)
}

pub fn build_ldap_server<Backend>(
    config: &Configuration,
    backend_handler: Backend,
    server_builder: ServerBuilder,
) -> Result<ServerBuilder>
where
    Backend: BackendHandler + LoginHandler + OpaqueHandler + 'static,
{
    use futures_util::StreamExt;

    let ldap_base_dn = config.ldap_base_dn.clone();
    let ldap_user_dn = config.ldap_user_dn.clone();
    Ok(
        server_builder.bind("ldap", ("0.0.0.0", config.ldap_port), move || {
            let backend_handler = backend_handler.clone();
            let ldap_base_dn = ldap_base_dn.clone();
            let ldap_user_dn = ldap_user_dn.clone();
            fn_service(move |mut stream: TcpStream| {
                let backend_handler = backend_handler.clone();
                let ldap_base_dn = ldap_base_dn.clone();
                let ldap_user_dn = ldap_user_dn.clone();
                async move {
                    // Configure the codec etc.
                    let (r, w) = stream.split();
                    let mut requests = FramedRead::new(r, LdapCodec);
                    let mut resp = FramedWrite::new(w, LdapCodec);

                    let mut session = LdapHandler::new(backend_handler, ldap_base_dn, ldap_user_dn);

                    while let Some(msg) = requests.next().await {
                        if !handle_incoming_message(msg, &mut resp, &mut session).await? {
                            break;
                        }
                    }

                    Ok(stream)
                }
            })
            .map_err(|err: anyhow::Error| error!("Service Error: {:?}", err))
            // catch
            .and_then(move |_| {
                // finally
                ok(())
            })
        })?,
    )
}
ldap: Add support for password modify extension This allows other systems (e.g. Authelia) to reset passwords for users. 2021-10-28 16:04:09 +00:00			`use crate::{`
			`domain::{`
			`handler::{BackendHandler, LoginHandler},`
			`opaque_handler::OpaqueHandler,`
			`},`
			`infra::{configuration::Configuration, ldap_handler::LdapHandler},`
			`};`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`use actix_rt::net::TcpStream;`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`use actix_server::ServerBuilder;`
Replace the echo server with an HTTP server 2021-05-08 11:27:48 +00:00			`use actix_service::{fn_service, ServiceFactoryExt};`
server: Add a debug log for LDAP messages 2021-11-03 08:52:51 +00:00			`use anyhow::{bail, Context, Result};`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`use futures_util::future::ok;`
ldap: Switch to using LdapOp instead of ServerOp This is in preparation of supporting the password change message, since this is from the Extended Operations that is not available in the simple ServerOp. 2021-10-24 09:03:09 +00:00			`use ldap3_server::{proto::LdapMsg, LdapCodec};`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`use log::*;`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`use tokio::net::tcp::WriteHalf;`
			`use tokio_util::codec::{FramedRead, FramedWrite};`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00
Add a handler for OPAQUE messages 2021-06-16 20:04:11 +00:00			`async fn handle_incoming_message<Backend>(`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`msg: Result<LdapMsg, std::io::Error>,`
			`resp: &mut FramedWrite<WriteHalf<'_>, LdapCodec>,`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`session: &mut LdapHandler<Backend>,`
Add a handler for OPAQUE messages 2021-06-16 20:04:11 +00:00			`) -> Result<bool>`
			`where`
ldap: Add support for password modify extension This allows other systems (e.g. Authelia) to reset passwords for users. 2021-10-28 16:04:09 +00:00			`Backend: BackendHandler + LoginHandler + OpaqueHandler,`
Add a handler for OPAQUE messages 2021-06-16 20:04:11 +00:00			`{`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`use futures_util::SinkExt;`
server: Add a debug log for LDAP messages 2021-11-03 08:52:51 +00:00			`let msg = msg.context("while receiving LDAP op")?;`
			`debug!("Received LDAP message: {:?}", &msg);`
ldap: Switch to using LdapOp instead of ServerOp This is in preparation of supporting the password change message, since this is from the Extended Operations that is not available in the simple ServerOp. 2021-10-24 09:03:09 +00:00			`match session.handle_ldap_message(msg.op).await {`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`None => return Ok(false),`
			`Some(result) => {`
ldap: Improve debug messages 2021-11-07 13:57:34 +00:00			`if result.is_empty() {`
			`debug!("No response");`
			`}`
ldap: Switch to using LdapOp instead of ServerOp This is in preparation of supporting the password change message, since this is from the Extended Operations that is not available in the simple ServerOp. 2021-10-24 09:03:09 +00:00			`for result_op in result.into_iter() {`
server: Add a debug log for LDAP messages 2021-11-03 08:52:51 +00:00			`debug!("Replying with LDAP op: {:?}", &result_op);`
			`resp.send(LdapMsg {`
			`msgid: msg.msgid,`
			`op: result_op,`
			`ctrl: vec![],`
			`})`
			`.await`
			`.context("while sending a response: {:#}")?`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`}`

			`if let Err(e) = resp.flush().await {`
			`bail!("Error while flushing responses: {:?}", e);`
			`}`
			`}`
			`}`
			`Ok(true)`
			`}`

Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`pub fn build_ldap_server<Backend>(`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`config: &Configuration,`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`backend_handler: Backend,`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`server_builder: ServerBuilder,`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`) -> Result<ServerBuilder>`
			`where`
ldap: Add support for password modify extension This allows other systems (e.g. Authelia) to reset passwords for users. 2021-10-28 16:04:09 +00:00			`Backend: BackendHandler + LoginHandler + OpaqueHandler + 'static,`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`{`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`use futures_util::StreamExt;`

Add ability to list users with an LDAP search request 2021-03-16 17:27:31 +00:00			`let ldap_base_dn = config.ldap_base_dn.clone();`
Add support for non-admin bind 2021-04-07 18:14:21 +00:00			`let ldap_user_dn = config.ldap_user_dn.clone();`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`Ok(`
			`server_builder.bind("ldap", ("0.0.0.0", config.ldap_port), move \|\| {`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`let backend_handler = backend_handler.clone();`
Add ability to list users with an LDAP search request 2021-03-16 17:27:31 +00:00			`let ldap_base_dn = ldap_base_dn.clone();`
Add support for non-admin bind 2021-04-07 18:14:21 +00:00			`let ldap_user_dn = ldap_user_dn.clone();`
Replace the echo server with an HTTP server 2021-05-08 11:27:48 +00:00			`fn_service(move \|mut stream: TcpStream\| {`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`let backend_handler = backend_handler.clone();`
Add ability to list users with an LDAP search request 2021-03-16 17:27:31 +00:00			`let ldap_base_dn = ldap_base_dn.clone();`
Add support for non-admin bind 2021-04-07 18:14:21 +00:00			`let ldap_user_dn = ldap_user_dn.clone();`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`async move {`
			`// Configure the codec etc.`
			`let (r, w) = stream.split();`
			`let mut requests = FramedRead::new(r, LdapCodec);`
			`let mut resp = FramedWrite::new(w, LdapCodec);`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00
Add support for non-admin bind 2021-04-07 18:14:21 +00:00			`let mut session = LdapHandler::new(backend_handler, ldap_base_dn, ldap_user_dn);`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00
Implement SQL connection 2021-03-07 15:13:50 +00:00			`while let Some(msg) = requests.next().await {`
			`if !handle_incoming_message(msg, &mut resp, &mut session).await? {`
			`break;`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`}`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`}`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00
Implement SQL connection 2021-03-07 15:13:50 +00:00			`Ok(stream)`
			`}`
Replace the echo server with an HTTP server 2021-05-08 11:27:48 +00:00			`})`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`.map_err(\|err: anyhow::Error\| error!("Service Error: {:?}", err))`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`// catch`
			`.and_then(move \|_\| {`
			`// finally`
			`ok(())`
			`})`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`})?,`
			`)`
WIP: sorry this does not compiles 2021-03-06 22:39:34 +00:00			`}`