LDAP authentication (Ericsson#529)

Added new LDAP authenticator plugin. It depends on the ldap-cpp wrapper of OpenLDAP which is compiled along with the source code. Adding a new CMake flag to be able to compile authentication plugins on demand.
wbqpk3 · May 21, 2021 · 0d4764a · 0d4764a
1 parent 8c8b124
commit 0d4764a
Show file tree

Hide file tree

Showing 18 changed files with 1,850 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -46,7 +46,7 @@ jobs:
         run: >
           sudo apt-get install -y git cmake make g++ gcc-7-plugin-dev libboost-all-dev
           llvm-10-dev clang-10 libclang-10-dev default-jdk libssl1.0-dev libgraphviz-dev
-          libmagic-dev libgit2-dev ctags libgtest-dev npm
+          libmagic-dev libgit2-dev ctags libgtest-dev npm libldap2-dev
 
       - name: Install Postgresql Ubuntu 18
         if: ${{ matrix.os == 'ubuntu-18.04' && matrix.db == 'postgresql' }}
@@ -127,7 +127,7 @@ jobs:
         run: >
           sudo apt-get install -y git cmake make g++ libboost-all-dev llvm-10-dev clang-10
           libclang-10-dev odb libodb-dev thrift-compiler libthrift-dev default-jdk libssl-dev
-          libgraphviz-dev libmagic-dev libgit2-dev ctags libgtest-dev npm
+          libgraphviz-dev libmagic-dev libgit2-dev ctags libgtest-dev npm libldap2-dev
 
       - name: Install Postgresql Ubuntu 20
         if: ${{ matrix.os == 'ubuntu-20.04' && matrix.db == 'postgresql' }}
@@ -256,7 +256,7 @@ jobs:
           sudo apt-get install -y git cmake make g++ gcc-7-plugin-dev libgraphviz-dev
           libboost-filesystem-dev libboost-log-dev libboost-program-options-dev
           llvm-10-dev clang-10 libclang-10-dev default-jre libssl1.0-dev libmagic-dev
-          libgit2-dev ctags libgtest-dev
+          libgit2-dev ctags libgtest-dev libldap-2.4-2
 
       - name: Install Postgresql Ubuntu 18
         if: ${{ matrix.os == 'ubuntu-18.04' && matrix.db == 'postgresql' }}
@@ -296,6 +296,7 @@ jobs:
           libboost-log-dev libboost-program-options-dev llvm-10-dev clang-10
           libclang-10-dev libgraphviz-dev libgtest-dev odb libodb-dev
           libthrift-dev default-jre libssl1.1 libmagic-dev libgit2-dev ctags
+          libldap-2.4-2
 
       - name: Install Postgresql Ubuntu 20
         if: ${{ matrix.os == 'ubuntu-20.04' && matrix.db == 'postgresql' }}

diff --git a/FindOpenLdap.cmake b/FindOpenLdap.cmake
@@ -0,0 +1,24 @@
+# - Find OpenLDAP C Libraries
+#
+# OPENLDAP_FOUND - True if found.
+# OPENLDAP_INCLUDE_DIR - Path to the openldap include directory
+# OPENLDAP_LIBRARIES - Paths to the ldap and lber libraries
+
+# Source: https://fossies.org/linux/ceph/cmake/modules/FindOpenLdap.cmake
+
+find_path(OPENLDAP_INCLUDE_DIR ldap.h PATHS
+        /usr/include
+        /opt/local/include
+        /usr/local/include)
+
+find_library(LDAP_LIBRARY ldap)
+find_library(LBER_LIBRARY lber)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(OpenLdap DEFAULT_MSG
+        OPENLDAP_INCLUDE_DIR LDAP_LIBRARY LBER_LIBRARY)
+
+set(OPENLDAP_LIBRARIES ${LDAP_LIBRARY} ${LBER_LIBRARY})
+
+mark_as_advanced(
+        OPENLDAP_INCLUDE_DIR LDAP_LIBRARY LBER_LIBRARY)
diff --git a/doc/authentication.md b/doc/authentication.md
@@ -64,6 +64,23 @@ be separated by `:`.
     }
 ~~~~
 
+LDAP authentication (`ldap`)
+---------------------------------------------------------
+
+The configuration of the LDAP server should be given under the `ldap` key.
+
+~~~~{.json}
+    "ldap": {
+        "enabled": true,
+        "host": "ldap://mydomain.com:389",
+        "baseDn": "OU=...,DC=...,DC=...,DC=...",
+        "bindDn": "CN=...,OU=...,DC=...,DC=...,DC=...",
+        "bindPw": "bindPassword",
+        "uidAttr": "sAMAccountName"
+    }
+~~~~
+
+
 
 `AuthenticationService` API
 ---------------------------

diff --git a/doc/deps.md b/doc/deps.md
@@ -38,6 +38,7 @@ be installed from the official repository of the given Linux distribution.
 - **`ctags`**: For search parsing.
 - **`libgtest-dev`**: For testing CodeCompass.
   ***See [Known issues](#known-issues)!***
+- **`libldap2-dev`**: For LDAP authentication.
 
 ## Quick guide
 
@@ -264,3 +265,4 @@ relevant during compilation.
 | `TEST_DB` | The connection string for the database that will be used when executing tests with `make test`. Optional. |
 | `CODECOMPASS_LINKER` | The path of the linker, if the system's default linker is to be overridden. |
 | `WITH_PLUGIN`/`WITHOUT_PLUGIN` | The names of the plugins to be built/skipped at build. Possible values are **cpp**, **cpp_reparse**, **dummy**, **git**, **metrics**, **search**. The `metrics` and `search` plugins are fundamental, they will be compiled even if not included. `WITH_PLUGIN` **cannot** be used together with `WITHOUT_PLUGIN`. Example: `-DWITH_PLUGIN="cpp;git"` This will compile the cpp, git, metrics and search plugins. |
+| `WITH_AUTH` | The names of the authentication plugins to be compiled. Possible values are **plain** and **ldap**. `plain` **cannot** be skipped. Example: `-DWITH_AUTH="plain;ldap"`|
diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile
@@ -19,6 +19,7 @@ RUN set -x && apt-get update -qq \
   libgit2-dev \
   libgraphviz-dev \
   libgtest-dev \
+  libldap2-dev \
   libmagic-dev \
   libsqlite3-dev \
   libssl-dev \
@@ -49,6 +50,7 @@ ENV DATABASE=sqlite \
     INSTALL_DIR=/CodeCompass/install \
     SOURCE_DIR=/CodeCompass/CodeCompass \
     TEST_WORKSPACE=/CodeCompass/test_workspace \
-    TEST_DB="sqlite:database=$TEST_WORKSPACE/cc_test.sqlite"
+    TEST_DB="sqlite:database=$TEST_WORKSPACE/cc_test.sqlite" \
+    WITH_AUTH="plain;ldap"
 
 ENV PATH="$INSTALL_DIR/bin:$PATH"
diff --git a/docker/runtime/Dockerfile b/docker/runtime/Dockerfile
@@ -28,6 +28,7 @@ RUN mkdir /CodeCompass-build && \
     -DDATABASE=$CC_DATABASE \
     -DCMAKE_INSTALL_PREFIX=/CodeCompass-install \
     -DCMAKE_BUILD_TYPE=$CC_BUILD_TYPE && \
+    -DWITH_AUTH="plain;ldap" \
   make -j $(nproc) && \
   make install
 
@@ -62,6 +63,7 @@ RUN set -x && apt-get update -qq && \
     libgit2-dev \
     libssl1.1 \
     libgvc6 \
+    libldap-2.4-2 \
     libmagic-dev \
     libthrift-dev \
     ctags && \

diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile
@@ -23,6 +23,7 @@ RUN set -x && apt-get update -qq \
     postgresql-server-dev-12 \
     default-jre \
     libgit2-dev \
+    libldap-2.4-2 \
     libssl1.1 \
     libgvc6 \
     libthrift-dev \

diff --git a/webserver/authenticators/CMakeLists.txt b/webserver/authenticators/CMakeLists.txt
@@ -1,6 +1,30 @@
 # Add all subdirectories to the build
 file(GLOB plugins RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "${CMAKE_CURRENT_SOURCE_DIR}/*")
 
+set(baseline "plain")
+if(WITH_AUTH)
+    foreach(_base ${baseline})
+        if(NOT ("${_base}" IN_LIST WITH_AUTH))
+            message(WARNING "The ${_base} authenticator cannot be skipped, "
+                    "it will be compiled anyway.")
+        endif()
+    endforeach()
+
+    foreach(_plugin ${plugins})
+        if(NOT ("${_plugin}" IN_LIST WITH_AUTH)
+            AND NOT ("${_plugin}" IN_LIST baseline)
+            AND IS_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/${_plugin}")
+                list(REMOVE_ITEM plugins ${_plugin})
+        endif()
+    endforeach()
+else()
+    foreach(_plugin ${plugins})
+        if(NOT ("${_plugin}" IN_LIST baseline))
+            list(REMOVE_ITEM plugins ${_plugin})
+        endif()
+    endforeach()
+endif()
+
 # Set unique plugin directory variable for each plugin.
 message(STATUS "Found the following authentication plugins:")
 foreach(_plugin ${plugins})

diff --git a/webserver/authenticators/ldap/CMakeLists.txt b/webserver/authenticators/ldap/CMakeLists.txt
@@ -0,0 +1,22 @@
+find_package(OpenLdap REQUIRED)
+
+include_directories(
+  include
+  ${PROJECT_SOURCE_DIR}/util/include
+  ${PROJECT_SOURCE_DIR}/webserver/include
+  ${PROJECT_SOURCE_DIR}/webserver/authenticators/ldap/ldap-cpp/
+  ${OPENLDAP_INCLUDE_DIR})
+
+add_library(ldapauth SHARED
+  src/plugin.cpp
+  ldap-cpp/cldap_entry.cpp
+  ldap-cpp/cldap_mod.cpp
+  ldap-cpp/cldap_server.cpp)
+
+target_compile_options(ldapauth PUBLIC -Wno-unknown-pragmas)
+
+target_link_libraries(ldapauth
+  ${OPENLDAP_LIBRARIES}
+  util)
+
+install(TARGETS ldapauth DESTINATION ${INSTALL_AUTH_DIR})
diff --git a/webserver/authenticators/ldap/ldap-cpp/cldap.h b/webserver/authenticators/ldap/ldap-cpp/cldap.h
@@ -0,0 +1,29 @@
+/***************************************************************************
+ *   Copyright (C) 2012 by Andrey Afletdinov                               *
+ *   afletdinov@gmail.com                                                  *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#ifndef CLDAP_H
+#define CLDAP_H
+
+#include "cldap_mod.h"
+#include "cldap_entry.h"
+#include "cldap_server.h"
+#include "cldap_types.h"
+
+#endif