ldap authentication works

8 years ago · efeb7a6987
parent 53a51b354c
commit efeb7a6987
12 changed files with 103 additions and 45 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-/usr/share/automake-1.14/COPYING
+/usr/share/automake-1.15/COPYING
--- a/36
+++ b/36
@ -1,3 +1,39 @@
+2016-09-20 15:00  marc
+
+	* autogen.sh, ax_cxx_compile_stdcxx_11.m4,
+	  ax_init_standard_project.m4, bootstrap.sh, build-in-docker.sh,
+	  doc/doxyfile.in, doc/footer.html.in, doc/header.html.in,
+	  doc/plantuml.jar, doc/style.css, makefile_test.inc.am,
+	  nodejs/authentication/index.js, nodejs/etc/servicedock.json,
+	  nodejs/package.json.in, nodejs/public/javascripts/servicedock.js,
+	  nodejs/public/stylesheets/servicedock.css, nodejs/servicedock.js,
+	  nodejs/sockets/index.js, nodejs/views/index.ejs,
+	  resolve-debbuilddeps.sh, resolve-rpmbuilddeps.sh, sql-to-dot.sed:
+	  login is possible
+
+2016-07-29 19:25  marc
+
+	* nodejs/authentication, nodejs/authentication/index.js,
+	  nodejs/etc/servicedock.json, nodejs/package.json.in,
+	  nodejs/public/javascripts/servicedock.js, nodejs/routes/index.js,
+	  nodejs/servicedock.js, nodejs/sockets/index.js,
+	  nodejs/views/index.ejs, scripts, scripts/docker-backup.sh: in the
+	  middle of the work for authentication
+
+2016-04-03 16:19  marc
+
+	* ChangeLog: after svn-server restore
+
+2016-03-02 15:25  marc
+
+	* ax_init_standard_project.m4, bootstrap.sh, build-in-docker.sh,
+	  debian/control.in, debian/servicedock.postinst,
+	  mac-create-app-bundle.sh, nodejs/etc/default,
+	  nodejs/etc/default/servicedock, nodejs/etc/init,
+	  nodejs/etc/init/servicedock.conf, nodejs/etc/servicedock.json,
+	  nodejs/makefile.am, nodejs/servicedock.js: proper packaging and
+	  upstart scripts for ubuntu
+
 2016-02-19 15:27  marc

 	* ChangeLog, nodejs/sockets/index.js: little fix: fail outside of
--- a/2
+++ b/2
@ -1 +1 @@
-/usr/share/automake-1.14/INSTALL
+/usr/share/automake-1.15/INSTALL
--- a/doc/screenshot10.png
+++ b/doc/screenshot10.png
--- a/doc/screenshot11.png
+++ b/doc/screenshot11.png
--- a/doc/screenshot12.png
+++ b/doc/screenshot12.png
--- a/nodejs/authentication/index.js
+++ b/nodejs/authentication/index.js
@ -1,51 +1,78 @@
 module.exports = function(config) {

-  authentication = function (username, password, success, fail) {
+  var authentication;
  
  if (config) {
+    
+    authentication = function (username, password, success, fail) {
+
+      console.log("...try: ", username);
      const crypto = require('crypto');
      if (config.passwords && config.passwords[username]) {
+        console.log("...check hash");
        if (crypto.getHashes().indexOf(config.passwords[username][0])>=0) {
          if (crypto.createHash(config.passwords[username][0]).update(password, 'utf8').digest('hex') === config.passwords[username][1]) {
-            success();
+            success(username);
            return;
          } else {
-            fail();
+            fail(username);
            return;
          }
        } else {
          console.log("**** HASH NOT FOUND ****");
          console.log(config.passwords[username][0]);
          console.log(crypto.getHashes());
-          fail();
+          fail(username);
          return;
        }
      }
      if (config.ldap) try {
+        console.log("...check ldap");
        var LdapAuth = require('ldapauth');
        var auth = new LdapAuth(config.ldap);
+        auth.once('connect', function () {
+          try {
            auth.authenticate(username, password, function(err, usr) {
              auth.close(function(err) {})
              if (err) {
                console.log("**** ERROR: LDAP Authentication failed:", err);
-            fail();
+                fail(username);
                return;
              }
              console.log("**** SUCCESS: LDAP Authentication:");
-          success();
+              success(username);
              return;
            });
+          } catch (e) {
+            console.log("**** Error: LDAP failed: ", e, e.stack);
+            fail(username);
+          }
          return; // need to block here!
+        });
      } catch (e) {
        console.log("**** Error: LDAP failed: ", e, e.stack);
-        fail();
+        fail(username);
        return;
      }
-    }
-    fail();
+      if (config.unrestricted)
+        success(username);
+      else
+        fail(username);
      return;
    }

+  } else {
+
+    authentication = function (username, password, success, fail) {
+      console.log('**** Error: no access configuraion. To allow any user, add:')
+      console.log('            "restrict": {');
+      console.log('              "unrestricted": true');
+      console.log('            }');
+      fail(username);
+    }
+
+  }
+
  return authentication;

 }
--- a/nodejs/etc/servicedock.json
+++ b/nodejs/etc/servicedock.json
@ -2,17 +2,12 @@
  "port": 8888,
  "restrict": {
    "passwords": {
-            "marc": ["sha256", "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
-            "foo": ["sha256", "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
+      "foo": ["sha256", "fcde2b2edxx56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
    },
    "ldap": {
-            "tlsOptions": {
-                "requestCert": false,
-                "rejectUnauthorized": false
-            },
      "url": "ldap://dev.marc.waeckerlin.org",
      "adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
-            "adminPassword": "dGg7benUnZ9z",
+      "adminPassword": "secret",
      "searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
      "searchFilter": "(uid={{username}})"
    }
--- a/nodejs/etc/systemd/system/servicedock.service
+++ b/nodejs/etc/systemd/system/servicedock.service
--- a/nodejs/package.json.in
+++ b/nodejs/package.json.in
@ -9,7 +9,8 @@
    "socket.io": "~1.4.4",
    "pty.js": "~0.3.0",
    "async": "~1.5.2",
-    "socketio-auth": "0.0.5"
+    "socketio-auth": "0.0.5",
+    "ldapauth": "git+https://github.com/DimensionSoftware/node-ldapauth.git"
  },
  "description": "@DESCRIPTION@",
  "main": "@PACKAGE_NAME@.js",
--- a/nodejs/servicedock.js
+++ b/nodejs/servicedock.js
@ -19,8 +19,8 @@ try {
  var package = require(__dirname+'/package.json');
  var config = require(package.path.config);
  var docker = require(__dirname+'/docker')(app);
-  //var authentication = require(__dirname+'/authentication')(config.restrict);
-  var sockets = require(__dirname+'/sockets')(io);
+  var authentication = require(__dirname+'/authentication')(config.restrict);
+  var sockets = require(__dirname+'/sockets')(io, authentication);

  // Configuration
  process.argv.forEach(function(val, index) {
--- a/nodejs/sockets/index.js
+++ b/nodejs/sockets/index.js
@ -1,4 +1,4 @@
-module.exports = function(io) {
+module.exports = function(io, authentication) {

  var pty = require('pty.js');
  var proc = require('child_process');
@ -287,10 +287,9 @@ module.exports = function(io) {
      //get credentials sent by the client
      var username = data.username;
      var password = data.password;
-      if (username=="hello")
-        return callback(null, "world" == password);
-      else
-        return callback(new Error("wrong credentials"));
+      authentication(data.username, data.password,
+                     function() {console.log("####LOGIN-SUCESS####");callback(null, true)},
+                     function() {console.log("####LOGIN-FAIL####");callback(new Error("wrong credentials"))});
    },
    postAuthenticate: connection,
    timeout: "none"