root / LicensesMercure / LDAP.pas @ 1
Historique | Voir | Annoter | Télécharger (10,006 ko)
| 1 | 1 | avalancogn | unit LDAP;
|
|---|---|---|---|
| 2 | |||
| 3 | {
|
||
| 4 | LDAP Simple Authentification (c)2004 by Paul TOTH <tothpaul@free.fr>
|
||
| 5 | http://tothpaul.free.fr
|
||
| 6 | }
|
||
| 7 | |||
| 8 | {
|
||
| 9 | This program is free software; you can redistribute it and/or
|
||
| 10 | modify it under the terms of the GNU General Public License
|
||
| 11 | as published by the Free Software Foundation; either version 2
|
||
| 12 | of the License, or (at your option) any later version.
|
||
| 13 | |||
| 14 | This program is distributed in the hope that it will be useful,
|
||
| 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
| 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
| 17 | GNU General Public License for more details.
|
||
| 18 | |||
| 19 | You should have received a copy of the GNU General Public License
|
||
| 20 | along with this program; if not, write to the Free Software
|
||
| 21 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||
| 22 | }
|
||
| 23 | |||
| 24 | interface
|
||
| 25 | |||
| 26 | // http://abcdrfc.free.fr/rfc-vf/rfc2251.html
|
||
| 27 | |||
| 28 | uses
|
||
| 29 | Dialogs,Winsock,SysUtils; |
||
| 30 | |||
| 31 | function LDAPOpen(Server:string; Port:integer=389):integer; |
||
| 32 | function LDAPBind(LDAP:integer; Name,Password:string):boolean; |
||
| 33 | function LDAPWhoAmI(LDAP:integer):string; |
||
| 34 | function LDAPCaps(LDAP:integer):string; |
||
| 35 | function LDAPSearch(LDAP:integer; Name:string):string; |
||
| 36 | function LDAPAttribute(LDAP:integer; DN,Attribute:string):string; |
||
| 37 | procedure LDAPClose(var LDAP:integer); |
||
| 38 | |||
| 39 | implementation
|
||
| 40 | |||
| 41 | const
|
||
| 42 | LDAP_BOOLEAN =#$01;
|
||
| 43 | LDAP_INTEGER =#$02;
|
||
| 44 | LDAP_STRING =#$04;
|
||
| 45 | LDAP_NULL =#$05;
|
||
| 46 | LDAP_ENUM =#$0A;
|
||
| 47 | |||
| 48 | LDAP_SEQUENCE =#$30;
|
||
| 49 | LDAP_SET =#$31;
|
||
| 50 | |||
| 51 | LDAP_BIND =#$60;
|
||
| 52 | LDAP_BIND_REPLY =#$61;
|
||
| 53 | LDAP_SEARCH =#$63;
|
||
| 54 | LDAP_SEARCH_ENTRY=#$64;
|
||
| 55 | LDAP_SEARCH_DONE =#$65;
|
||
| 56 | LDAP_EXTENDED =#$77;
|
||
| 57 | |||
| 58 | LDAP_FILTER_ANY =#$87;
|
||
| 59 | LDAP_FILTER_OR =#$A1;
|
||
| 60 | LDAP_FILTER_MATCH=#$A3;
|
||
| 61 | |||
| 62 | LDAP_FALSE = #$00;
|
||
| 63 | LDAP_TRUE = #$FF;
|
||
| 64 | |||
| 65 | LDAP_WHOAMI = '1.3.6.1.4.1.4203.1.11.3';
|
||
| 66 | |||
| 67 | procedure WSAStartup;
|
||
| 68 | var
|
||
| 69 | WSA:TWSAData; |
||
| 70 | begin
|
||
| 71 | Winsock.WSAStartup($101,WSA);
|
||
| 72 | end;
|
||
| 73 | |||
| 74 | function INetAddr(Host:pansichar):integer;
|
||
| 75 | var
|
||
| 76 | PHost:PHostEnt; |
||
| 77 | begin
|
||
| 78 | Result:=inet_addr(Host); |
||
| 79 | if Result=INADDR_NONE then begin |
||
| 80 | PHost:=gethostbyname(Host); |
||
| 81 | if PHost=nil then exit; |
||
| 82 | Result:=integer(pointer(PHost.h_addr^)^); |
||
| 83 | end;
|
||
| 84 | end;
|
||
| 85 | |||
| 86 | function SendData(Socket:integer; var Data; Size:integer):integer; |
||
| 87 | var
|
||
| 88 | p:pchar; |
||
| 89 | i:integer; |
||
| 90 | begin
|
||
| 91 | Result:=Size; |
||
| 92 | p:=@Data; |
||
| 93 | while Size>0 do begin |
||
| 94 | i:=send(Socket,p^,Size,0);
|
||
| 95 | if i<=0 then begin |
||
| 96 | Result:=i; |
||
| 97 | exit; |
||
| 98 | end;
|
||
| 99 | dec(Size,i); |
||
| 100 | inc(p,i); |
||
| 101 | end;
|
||
| 102 | end;
|
||
| 103 | |||
| 104 | function ReadData(Socket:integer; var Str:string; Min:integer):boolean; |
||
| 105 | var
|
||
| 106 | l:integer; |
||
| 107 | i:integer; |
||
| 108 | b:array[0..1023] of char; |
||
| 109 | begin
|
||
| 110 | l:=Length(Str); |
||
| 111 | while l<Min do begin |
||
| 112 | i:=recv(Socket,b,SizeOf(b),0);
|
||
| 113 | if i<=0 then begin |
||
| 114 | Result:=False; |
||
| 115 | exit; |
||
| 116 | end;
|
||
| 117 | SetLength(Str,l+i); |
||
| 118 | Move(b,Str[l+1],i);
|
||
| 119 | inc(l,i); |
||
| 120 | end;
|
||
| 121 | Result:=True; |
||
| 122 | end;
|
||
| 123 | |||
| 124 | function BinToInt(var Data; Size:integer):integer; |
||
| 125 | var
|
||
| 126 | b:^byte; |
||
| 127 | begin
|
||
| 128 | b:=@Data; |
||
| 129 | Result:=b^; |
||
| 130 | while Size>1 do begin |
||
| 131 | Result:=Result shl 8+b^; |
||
| 132 | dec(Size); |
||
| 133 | end;
|
||
| 134 | end;
|
||
| 135 | |||
| 136 | function Chunk(Code:char; Data:string):string; |
||
| 137 | var
|
||
| 138 | len :integer; |
||
| 139 | begin
|
||
| 140 | len:=Length(Data); |
||
| 141 | Result:=chr(Len and $FF); |
||
| 142 | if len>=128 then begin |
||
| 143 | while Len>255 do begin |
||
| 144 | Len:=Len shr 8; |
||
| 145 | Result:=chr(Len and $FF)+Result; |
||
| 146 | end;
|
||
| 147 | Result:=chr($80+Length(Result))+Result;
|
||
| 148 | end;
|
||
| 149 | Result:=Code+Result+Data; |
||
| 150 | end;
|
||
| 151 | |||
| 152 | function GetChunk(Code:char; var Data,Chunk:string):boolean; |
||
| 153 | var
|
||
| 154 | Head,Size:integer; |
||
| 155 | begin
|
||
| 156 | Result:=False; |
||
| 157 | if (Data='')or(Data[1]<>Code) then exit; |
||
| 158 | Head:=2;
|
||
| 159 | Size:=ord(Data[Head]); |
||
| 160 | if Size>=128 then begin |
||
| 161 | Head:=2+Size and $7F; |
||
| 162 | Size:=BinToInt(Data[3],Head-2); |
||
| 163 | end;
|
||
| 164 | Chunk:=Copy(Data,Head+1,Size);
|
||
| 165 | Delete(Data,1,Head+Size);
|
||
| 166 | Result:=True; |
||
| 167 | end;
|
||
| 168 | |||
| 169 | function StrChunk(Var Data:string):string; |
||
| 170 | begin
|
||
| 171 | GetChunk(LDAP_STRING,Data,Result); |
||
| 172 | end;
|
||
| 173 | |||
| 174 | function IntChunk(var Data:string):integer; |
||
| 175 | var
|
||
| 176 | Chunk:string;
|
||
| 177 | begin
|
||
| 178 | if GetChunk(LDAP_INTEGER,Data,Chunk) then |
||
| 179 | Result:=BinToInt(Chunk[1],Length(Chunk))
|
||
| 180 | else
|
||
| 181 | Result:=-1;
|
||
| 182 | end;
|
||
| 183 | |||
| 184 | function EnumChunk(var Data:string):integer; |
||
| 185 | var
|
||
| 186 | Chunk:string;
|
||
| 187 | begin
|
||
| 188 | if GetChunk(LDAP_ENUM,Data,Chunk) then |
||
| 189 | Result:=BinToInt(Chunk[1],Length(Chunk))
|
||
| 190 | else
|
||
| 191 | Result:=-1;
|
||
| 192 | end;
|
||
| 193 | |||
| 194 | function OpenChunk(Code:char; var Data:string):boolean; |
||
| 195 | var
|
||
| 196 | Chunk:string;
|
||
| 197 | begin
|
||
| 198 | Result:=False; |
||
| 199 | Chunk:=Data; |
||
| 200 | if not GetChunk(Code,Chunk,Data) then exit; |
||
| 201 | if Chunk<>'' then exit; |
||
| 202 | Result:=True; |
||
| 203 | end;
|
||
| 204 | |||
| 205 | function ReadSequence(LDAP:integer; var Str,Left:string; Sequence:integer):boolean; |
||
| 206 | var
|
||
| 207 | Size:integer; |
||
| 208 | Head:integer; |
||
| 209 | begin
|
||
| 210 | Result:=False; |
||
| 211 | // minimum Header
|
||
| 212 | Head:=2;
|
||
| 213 | if ReadData(LDAP,Str,Head)=False then exit; |
||
| 214 | // Sequence
|
||
| 215 | if Str[1]<>LDAP_SEQUENCE then exit; |
||
| 216 | // Single byte size
|
||
| 217 | Size:=ord(Str[2]);
|
||
| 218 | // Multiple byte Size
|
||
| 219 | if Size>=128 then begin |
||
| 220 | Head:=2+Size and $7F; |
||
| 221 | if ReadData(LDAP,Str,Head)=False then exit; |
||
| 222 | Size:=BinToInt(Str[3],Head-2); |
||
| 223 | end;
|
||
| 224 | // Read whole Sequence
|
||
| 225 | if ReadData(LDAP,Str,Head+Size)=False then exit; |
||
| 226 | // drop Sequence header
|
||
| 227 | Delete(Str,1,Head);
|
||
| 228 | Left:=Copy(Str,Size+1,MaxInt);
|
||
| 229 | SetLength(Str,Size); |
||
| 230 | // Skip Sequence number
|
||
| 231 | if IntChunk(Str)<>Sequence then exit; |
||
| 232 | // Ok !
|
||
| 233 | Result:=True; |
||
| 234 | end;
|
||
| 235 | |||
| 236 | function LDAPOpen(Server:string; Port:integer=389):integer; |
||
| 237 | var
|
||
| 238 | SockAddr:TSockAddr; |
||
| 239 | begin
|
||
| 240 | Result:=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); |
||
| 241 | if Result=INVALID_SOCKET then exit; |
||
| 242 | FillChar(SockAddr,SizeOf(SockAddr),0);
|
||
| 243 | SockAddr.sin_family:=AF_INET; |
||
| 244 | SockAddr.sin_addr.S_addr:=INetAddr(pansichar(Server)); |
||
| 245 | SockAddr.sin_port:=htons(Port); |
||
| 246 | if connect(Result,SockAddr,SizeOf(SockAddr))<>0 then LDAPClose(Result); |
||
| 247 | end;
|
||
| 248 | |||
| 249 | function LDAPBind(LDAP:integer; Name,Password:string):boolean; |
||
| 250 | var
|
||
| 251 | s1,s2:string;
|
||
| 252 | begin
|
||
| 253 | Result:=False; |
||
| 254 | s1:=Chunk(LDAP_SEQUENCE, |
||
| 255 | Chunk(LDAP_INTEGER,#1)+ // Message ID 1 |
||
| 256 | Chunk(LDAP_BIND, // Bind
|
||
| 257 | Chunk(LDAP_INTEGER,#3)+ // LDAP version 3 |
||
| 258 | Chunk(LDAP_STRING,Name)+ // UserName
|
||
| 259 | Chunk(#$80,Password) // Password |
||
| 260 | ) |
||
| 261 | ); |
||
| 262 | if SendData(LDAP,s1[1],Length(s1))<=0 then exit; |
||
| 263 | s1:='';
|
||
| 264 | if not ReadSequence(LDAP,s1,s2,1) then exit; |
||
| 265 | if s2<>'' then exit; |
||
| 266 | if (OpenChunk(LDAP_BIND_REPLY,s1)=False) then exit; // Bind Response |
||
| 267 | Result:=EnumChunk(s1)=0; // OK |
||
| 268 | //StrChunk(s1); // DN
|
||
| 269 | //StrChunk(s1); // ResultString
|
||
| 270 | end;
|
||
| 271 | |||
| 272 | function LDAPWhoAmI(LDAP:integer):string; |
||
| 273 | var
|
||
| 274 | s1,s2:string;
|
||
| 275 | begin
|
||
| 276 | s1:=Chunk(LDAP_SEQUENCE, |
||
| 277 | Chunk(LDAP_INTEGER,#4)+ // Message ID 4 |
||
| 278 | Chunk(LDAP_EXTENDED, // Extension
|
||
| 279 | Chunk(#$80,LDAP_WHOAMI)
|
||
| 280 | ) |
||
| 281 | ); |
||
| 282 | if SendData(LDAP,s1[1],Length(s1))<=0 then exit; |
||
| 283 | s1:='';
|
||
| 284 | if not ReadSequence(LDAP,s1,s2,4) then exit; |
||
| 285 | Result:=s1; |
||
| 286 | end;
|
||
| 287 | |||
| 288 | function LDAPCaps(LDAP:integer):string; |
||
| 289 | var
|
||
| 290 | s1,s2,s3:string;
|
||
| 291 | begin
|
||
| 292 | s1:=Chunk(LDAP_SEQUENCE, // SEQUENCE
|
||
| 293 | Chunk(LDAP_INTEGER,#2)+ // Message ID 2 |
||
| 294 | Chunk(LDAP_SEARCH, // Search
|
||
| 295 | Chunk(LDAP_STRING,'')+ // BaseObject |
||
| 296 | Chunk(LDAP_ENUM,#0)+ // Scope 2 = Whole Tree |
||
| 297 | Chunk(LDAP_ENUM,#3)+ // Aliases 0 = derefaliases |
||
| 298 | Chunk(LDAP_INTEGER,#0)+ // Size limite |
||
| 299 | Chunk(LDAP_INTEGER,#0)+ // Time limite |
||
| 300 | Chunk(LDAP_BOOLEAN,LDAP_FALSE)+ // Type only (boolean)
|
||
| 301 | Chunk(LDAP_FILTER_ANY,'objectClass')+
|
||
| 302 | Chunk(LDAP_SEQUENCE, |
||
| 303 | Chunk(LDAP_STRING,'supportedCapabilities')
|
||
| 304 | ) |
||
| 305 | ) |
||
| 306 | ); |
||
| 307 | if SendData(LDAP,s1[1],Length(s1))<=0 then exit; |
||
| 308 | s1:='';
|
||
| 309 | if not ReadSequence(LDAP,s1,s2,2) then exit; |
||
| 310 | if not OpenChunk(LDAP_SEARCH_ENTRY,s1) then exit; |
||
| 311 | if not ReadSequence(LDAP,s2,s3,2) then exit; |
||
| 312 | if s3<>'' then exit; |
||
| 313 | if not OpenChunk(LDAP_SEARCH_DONE,s2) then exit; // Search Done |
||
| 314 | Result:=s1; |
||
| 315 | end;
|
||
| 316 | |||
| 317 | function LDAPSearch(LDAP:integer; Name:string):string; |
||
| 318 | var
|
||
| 319 | s1,s2,s3:string;
|
||
| 320 | begin
|
||
| 321 | Result:='';
|
||
| 322 | s1:=Chunk(LDAP_SEQUENCE, // SEQUENCE
|
||
| 323 | Chunk(LDAP_INTEGER,#2)+ // Message ID 2 |
||
| 324 | Chunk(LDAP_SEARCH, // Search
|
||
| 325 | Chunk(LDAP_STRING,'')+ // BaseObject |
||
| 326 | Chunk(LDAP_ENUM,#2)+ // Scope 2 = Whole Tree |
||
| 327 | Chunk(LDAP_ENUM,#0)+ // Aliases 0 = derefaliases |
||
| 328 | Chunk(LDAP_INTEGER,#0)+ // Size limite |
||
| 329 | Chunk(LDAP_INTEGER,#0)+ // Time limite |
||
| 330 | Chunk(LDAP_BOOLEAN,LDAP_FALSE)+ // Type only (boolean)
|
||
| 331 | Chunk(LDAP_FILTER_OR, // Filter = OR
|
||
| 332 | Chunk(LDAP_FILTER_MATCH, // Filter = Equality Match
|
||
| 333 | Chunk(LDAP_STRING,'cn')+ // common name |
||
| 334 | Chunk(LDAP_STRING,Name) |
||
| 335 | )+ |
||
| 336 | Chunk(LDAP_FILTER_MATCH, // Filter = Equality Match
|
||
| 337 | Chunk(LDAP_STRING,'uid')+ // unique id |
||
| 338 | Chunk(LDAP_STRING,Name) |
||
| 339 | ) |
||
| 340 | )+ |
||
| 341 | Chunk(LDAP_SEQUENCE, |
||
| 342 | Chunk(LDAP_NULL,'') // NULL |
||
| 343 | ) |
||
| 344 | ) |
||
| 345 | ); |
||
| 346 | if SendData(LDAP,s1[1],Length(s1))<=0 then exit; |
||
| 347 | s1:='';
|
||
| 348 | if not ReadSequence(LDAP,s1,s2,2) then exit; |
||
| 349 | if not OpenChunk(LDAP_SEARCH_ENTRY,s1) then exit; |
||
| 350 | if not ReadSequence(LDAP,s2,s3,2) then exit; |
||
| 351 | if s3<>'' then exit; |
||
| 352 | if not OpenChunk(LDAP_SEARCH_DONE,s2) then exit; // Search Done |
||
| 353 | Result:=StrChunk(s1); |
||
| 354 | end;
|
||
| 355 | |||
| 356 | function LDAPAttribute(LDAP:integer; DN,Attribute:string):string; |
||
| 357 | var
|
||
| 358 | s1,s2,s3:string;
|
||
| 359 | begin
|
||
| 360 | s1:=Chunk(LDAP_SEQUENCE, // SEQUENCE
|
||
| 361 | Chunk(LDAP_INTEGER,#3)+ // Message ID 2 |
||
| 362 | Chunk(LDAP_SEARCH, // Search
|
||
| 363 | Chunk(LDAP_STRING,DN)+ // BaseObject
|
||
| 364 | Chunk(LDAP_ENUM,#0)+ // Scope 0 = BaseObject |
||
| 365 | Chunk(LDAP_ENUM,#0)+ // Aliases 0 = derefaliases |
||
| 366 | Chunk(LDAP_INTEGER,#0)+ // Size limite |
||
| 367 | Chunk(LDAP_INTEGER,#0)+ // Time limite |
||
| 368 | Chunk(LDAP_BOOLEAN,LDAP_FALSE)+ // Type only (boolean)
|
||
| 369 | Chunk(LDAP_FILTER_ANY,'objectClass')+ // (objectClass=*) |
||
| 370 | Chunk(LDAP_SEQUENCE, // Sub-Sequence
|
||
| 371 | Chunk(LDAP_STRING,Attribute) |
||
| 372 | ) |
||
| 373 | ) |
||
| 374 | ); |
||
| 375 | if SendData(LDAP,s1[1],Length(s1))<=0 then exit; |
||
| 376 | s1:='';
|
||
| 377 | if not ReadSequence(LDAP,s1,s2,3) then exit; |
||
| 378 | if not OpenChunk(LDAP_SEARCH_ENTRY,s1) then exit; |
||
| 379 | if not ReadSequence(LDAP,s2,s3,3) then exit; |
||
| 380 | if s3<>'' then exit; |
||
| 381 | if not OpenChunk(LDAP_SEARCH_DONE,s2) then exit; // Search Done |
||
| 382 | if StrChunk(s1)<>DN then exit; // DN |
||
| 383 | if not OpenChunk(LDAP_SEQUENCE,s1) then exit; // Sequence of Sequence |
||
| 384 | if not OpenChunk(LDAP_SEQUENCE,s1) then exit; // Sequence |
||
| 385 | if UpperCase(StrChunk(s1))<>UpperCase(Attribute) then exit; |
||
| 386 | if not OpenChunk(LDAP_SET,s1) then exit; // Set of |
||
| 387 | Result:=StrChunk(s1); |
||
| 388 | end;
|
||
| 389 | |||
| 390 | procedure LDAPClose(var LDAP:integer); |
||
| 391 | begin
|
||
| 392 | closesocket(LDAP); |
||
| 393 | LDAP:=INVALID_SOCKET; |
||
| 394 | end;
|
||
| 395 | |||
| 396 | initialization
|
||
| 397 | WSAStartup; |
||
| 398 | finalization
|
||
| 399 | WSACleanup; |
||
| 400 | end. |