Skip to content
This repository has been archived by the owner on Nov 4, 2023. It is now read-only.

Merge branch #2

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Merge branch #2

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
17bf86a
Fixing reference paths
bfisher-novetta Jul 18, 2014
2aaebe8
Adding memberof to object struct. Adding prusers to flush
bfisher-novetta Sep 11, 2014
78f6b49
Better loggging
bfisher-novetta Oct 2, 2014
9e3175a
Putting back import
bfisher-novetta Oct 2, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 16 additions & 5 deletions ad/cache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,15 @@ package ad
import (
"errors"
"fmt"
"github.com/jmckaskill/gokerb"
"github.com/jmckaskill/goldap"
"io"
"log"
"net"
"strconv"
"strings"
"sync"

"github.com/jmckaskill/gokerb"
"github.com/jmckaskill/goldap"
)

type ldapObject struct {
Expand All @@ -21,7 +23,8 @@ type ldapObject struct {
ObjectSID ldap.SID
SAMAccountName string
Member []ldap.ObjectDN
Realm string `ldap:"-"`
MemberOf []ldap.ObjectDN
Realm string `ldap:"-"`
}

type User ldapObject
Expand Down Expand Up @@ -70,7 +73,7 @@ func (c *ldapMech) dial(network, addr string) (net.Conn, error) {
}

func (c *ldapMech) Connect(rw io.ReadWriter) (io.ReadWriter, error) {
serv := "ldap/"+c.addr
serv := "ldap/" + c.addr
if strings.HasSuffix(serv, ".") {
serv = serv[:len(serv)-1]
}
Expand Down Expand Up @@ -121,6 +124,7 @@ type principal struct {
// trust chain is recursively followed on creation to find all of the domain
// aliases. If you change the trust chain at all, you need to create a new db.
func New(cred *kerb.Credential, baseAlias string) *DB {
log.Printf("Getting new db")
c := &DB{
cred: cred,
dbs: make(map[string]*cacheDB),
Expand All @@ -136,6 +140,7 @@ func New(cred *kerb.Credential, baseAlias string) *DB {
return m.dial(net, addr)
}

log.Printf("Finding realms")
c.findRealms(baseAlias, cred.Realm())

// Figure out the SID of the base realm
Expand Down Expand Up @@ -169,6 +174,7 @@ func (c *DB) findRealms(alias, realm string) {
// connect. This way we can filter out realms which we have no chance
// of connecting to.
if _, err := c.cred.GetTicket("krbtgt/"+realm, nil); err != nil {
log.Printf("Can't get ticket")
return
}

Expand All @@ -180,10 +186,13 @@ func (c *DB) findRealms(alias, realm string) {
c.realmAlias[strings.ToUpper(alias)] = realm

if err := db.SearchTree(&trusts, base, filter); err != nil {
log.Printf("Returning error in searchtree")
return
}

log.Printf("Before trust loop")
for _, trust := range trusts {
log.Printf("Trust loop")
realm := strings.ToUpper(trust.TrustPartner)
if _, ok := c.dbs[realm]; ok {
continue
Expand Down Expand Up @@ -278,6 +287,7 @@ func (c *DB) LookupPrincipal(user, realm string) (*User, error) {

filter := ldap.Equal{"SAMAccountName", []byte(user)}

log.Printf("Avaliable realms: %+v", c.dbs)
db := c.dbs[realm]
if db == nil {
return nil, ErrInvalidRealm
Expand Down Expand Up @@ -315,6 +325,7 @@ func dnToRealm(dn ldap.ObjectDN) string {
func (c *DB) FlushCache() {
c.lk.Lock()
c.dnusers = make(map[ldap.ObjectDN]interface{})
c.prusers = make(map[principal]*User)
c.lk.Unlock()
}

Expand Down Expand Up @@ -344,7 +355,7 @@ func (c *DB) LookupDN(dn ldap.ObjectDN) (val interface{}, err error) {

obj := ldapObject{Realm: realm}
if err := db.GetObject(&obj, dn); err != nil {
return nil, err
return nil, err
}

var ret interface{}
Expand Down