bitwarden_rs_ldap/src/main.rs

extern crate ldap3;

use std::collections::HashSet;
use std::error::Error;
use std::thread::sleep;
use std::time::Duration;

use ldap3::{DerefAliases, LdapConn, LdapConnSettings, Scope, SearchEntry, SearchOptions};

mod config;
mod vw_admin;

fn main() {
    let config = config::Config::from_file();
    let mut client = vw_admin::Client::new(
        config.get_vaultwarden_url().clone(),
        config.get_vaultwarden_admin_token().clone(),
        config.get_vaultwarden_root_cert_file().clone(),
    );

    if let Err(e) = invite_users(&config, &mut client, config.get_ldap_sync_loop()) {
        panic!("{}", e);
    }
}

/// Invites new users to Bitwarden from LDAP
fn invite_users(
    config: &config::Config,
    client: &mut vw_admin::Client,
    start_loop: bool,
) -> Result<(), Box<dyn Error>> {
    if start_loop {
        start_sync_loop(config, client)?;
    } else {
        invite_from_ldap(config, client)?;
    }

    Ok(())
}

/// Creates set of email addresses for users that already exist in Bitwarden
fn get_existing_users(client: &mut vw_admin::Client) -> Result<HashSet<String>, Box<dyn Error>> {
    let all_users = client.users()?;
    let mut user_emails = HashSet::with_capacity(all_users.len());
    for user in all_users {
        user_emails.insert(user.get_email().to_lowercase());
        if user.is_disabled() {
            println!(
                "Existing disabled user found with email: {}",
                user.get_email()
            );
        } else {
            println!(
                "Existing user or invite found with email: {}",
                user.get_email()
            );
        }
    }

    Ok(user_emails)
}

/// Creates an LDAP connection, authenticating if necessary
fn ldap_client(
    ldap_url: String,
    bind_dn: String,
    bind_pw: String,
    no_tls_verify: bool,
    starttls: bool,
) -> Result<LdapConn, Box<dyn Error>> {
    let settings = LdapConnSettings::new()
        .set_starttls(starttls)
        .set_no_tls_verify(no_tls_verify);
    let ldap = LdapConn::with_settings(settings, ldap_url.as_str())?;
    match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) {
        _ => {}
    };

    Ok(ldap)
}

/// Retrieves search results from ldap
fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn Error>> {
    let ldap = ldap_client(
        config.get_ldap_url(),
        config.get_ldap_bind_dn(),
        config.get_ldap_bind_password(),
        config.get_ldap_no_tls_verify(),
        config.get_ldap_starttls(),
    );

    if ldap.is_err() {
        println!("Error: Could not bind to ldap server");
    }

    let mail_field = config.get_ldap_mail_field();
    let fields = vec!["uid", "givenname", "sn", "cn", mail_field.as_str()];

    // TODO: Something something error handling
    let (results, _res) = ldap?
        .with_search_options(SearchOptions::new().deref(DerefAliases::Always))
        .search(
            &config.get_ldap_search_base_dn().as_str(),
            Scope::Subtree,
            &config.get_ldap_search_filter().as_str(),
            fields,
        )?
        .success()?;

    // Build list of entries
    let mut entries = Vec::new();
    for result in results {
        entries.push(SearchEntry::construct(result));
    }

    Ok(entries)
}

/// Invite all LDAP users to Bitwarden
fn invite_from_ldap(
    config: &config::Config,
    client: &mut vw_admin::Client,
) -> Result<(), Box<dyn Error>> {
    match get_existing_users(client) {
        Ok(existing_users) => {
            let mail_field = config.get_ldap_mail_field();
            let mut num_users = 0;
            for ldap_user in search_entries(config)? {
                // Safely get first email from list of emails in field
                if let Some(user_email) = ldap_user
                    .attrs
                    .get(mail_field.as_str())
                    .and_then(|l| (l.first()))
                {
                    if existing_users.contains(&user_email.to_lowercase()) {
                        println!("User with email already exists: {}", user_email);
                    } else {
                        println!("Try to invite user: {}", user_email);
                        // TODO: Validate response
                        let _response = client.invite(user_email);
                        num_users = num_users + 1;
                        // println!("Invite response: {:?}", response);
                    }
                } else {
                    println!("Warning: Email field, {:?}, not found on user", mail_field);
                }
            }

            // Maybe think about returning this value for some other use
            println!("Sent invites to {} user(s).", num_users);
        }
        Err(e) => {
            println!("Error: Failed to get existing users from Bitwarden");
            return Err(e);
        }
    }

    Ok(())
}

/// Begin sync loop to invite LDAP users to Bitwarden
fn start_sync_loop(
    config: &config::Config,
    client: &mut vw_admin::Client,
) -> Result<(), Box<dyn Error>> {
    let interval = Duration::from_secs(config.get_ldap_sync_interval_seconds());
    loop {
        invite_from_ldap(config, client)?;
        sleep(interval);
    }
}
LDAP querying complete 2019-03-29 18:18:56 +00:00			`extern crate ldap3;`

Add cli 2019-04-11 19:01:06 +00:00			`use std::collections::HashSet;`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`use std::error::Error;`
			`use std::thread::sleep;`
			`use std::time::Duration;`

renamed bitwarden_root_cert into bitwarden_root_cert_file separate get_root_cert() function formatting (rustfmt) 2020-07-10 03:14:12 +00:00			`use ldap3::{DerefAliases, LdapConn, LdapConnSettings, Scope, SearchEntry, SearchOptions};`
LDAP querying complete 2019-03-29 18:18:56 +00:00
			`mod config;`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`mod vw_admin;`
LDAP querying complete 2019-03-29 18:18:56 +00:00
			`fn main() {`
			`let config = config::Config::from_file();`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`let mut client = vw_admin::Client::new(`
			`config.get_vaultwarden_url().clone(),`
			`config.get_vaultwarden_admin_token().clone(),`
			`config.get_vaultwarden_root_cert_file().clone(),`
WIP: Add bw_rs client For some reason, we're unable to get the cookies from the reqwest result. 2019-03-29 22:18:25 +00:00			`);`

Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`if let Err(e) = invite_users(&config, &mut client, config.get_ldap_sync_loop()) {`
Add cli 2019-04-11 19:01:06 +00:00			`panic!("{}", e);`
WIP get users 2019-04-05 18:49:32 +00:00			`}`
Add cli 2019-04-11 19:01:06 +00:00			`}`
WIP get users 2019-04-05 18:49:32 +00:00
Add cli 2019-04-11 19:01:06 +00:00			`/// Invites new users to Bitwarden from LDAP`
			`fn invite_users(`
			`config: &config::Config,`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`client: &mut vw_admin::Client,`
Add cli 2019-04-11 19:01:06 +00:00			`start_loop: bool,`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`) -> Result<(), Box<dyn Error>> {`
Add cli 2019-04-11 19:01:06 +00:00			`if start_loop {`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`start_sync_loop(config, client)?;`
Add cli 2019-04-11 19:01:06 +00:00			`} else {`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`invite_from_ldap(config, client)?;`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`}`

Add cli 2019-04-11 19:01:06 +00:00			`Ok(())`
			`}`

			`/// Creates set of email addresses for users that already exist in Bitwarden`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`fn get_existing_users(client: &mut vw_admin::Client) -> Result<HashSet<String>, Box<dyn Error>> {`
Update to not query invites, but instead use new _Status field 2019-04-12 23:40:50 +00:00			`let all_users = client.users()?;`
Add cli 2019-04-11 19:01:06 +00:00			`let mut user_emails = HashSet::with_capacity(all_users.len());`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`for user in all_users {`
Make checking for existing users case insensitive Email addresses are not case case sensitive, so when we check for an existing user, we should make sure we do it in a way that is not sensitive to case. Fixes #8 2020-03-05 21:07:26 +00:00			`user_emails.insert(user.get_email().to_lowercase());`
Update to not query invites, but instead use new _Status field 2019-04-12 23:40:50 +00:00			`if user.is_disabled() {`
Fix warning 2019-04-12 23:45:23 +00:00			`println!(`
			`"Existing disabled user found with email: {}",`
			`user.get_email()`
			`);`
Update to not query invites, but instead use new _Status field 2019-04-12 23:40:50 +00:00			`} else {`
Fix warning 2019-04-12 23:45:23 +00:00			`println!(`
			`"Existing user or invite found with email: {}",`
			`user.get_email()`
			`);`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`}`
Fix redirection on auth 2019-03-29 22:40:26 +00:00			`}`
Add cli 2019-04-11 19:01:06 +00:00
			`Ok(user_emails)`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`}`

			`/// Creates an LDAP connection, authenticating if necessary`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`fn ldap_client(`
			`ldap_url: String,`
			`bind_dn: String,`
			`bind_pw: String,`
renamed bitwarden_root_cert into bitwarden_root_cert_file separate get_root_cert() function formatting (rustfmt) 2020-07-10 03:14:12 +00:00			`no_tls_verify: bool,`
Add support for starttls Fixes #18 2020-12-27 15:50:10 +00:00			`starttls: bool,`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`) -> Result<LdapConn, Box<dyn Error>> {`
Add support for starttls Fixes #18 2020-12-27 15:50:10 +00:00			`let settings = LdapConnSettings::new()`
			`.set_starttls(starttls)`
			`.set_no_tls_verify(no_tls_verify);`
Added optional ldap_no_tls_verify config that allows bypassiung ldap ssl certification check 2020-07-09 06:24:36 +00:00			`let ldap = LdapConn::with_settings(settings, ldap_url.as_str())?;`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) {`
			`_ => {}`
			`};`

			`Ok(ldap)`
			`}`

			`/// Retrieves search results from ldap`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn Error>> {`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`let ldap = ldap_client(`
			`config.get_ldap_url(),`
			`config.get_ldap_bind_dn(),`
			`config.get_ldap_bind_password(),`
renamed bitwarden_root_cert into bitwarden_root_cert_file separate get_root_cert() function formatting (rustfmt) 2020-07-10 03:14:12 +00:00			`config.get_ldap_no_tls_verify(),`
Add support for starttls Fixes #18 2020-12-27 15:50:10 +00:00			`config.get_ldap_starttls(),`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`);`

Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`if ldap.is_err() {`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`println!("Error: Could not bind to ldap server");`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`}`

LDAP querying complete 2019-03-29 18:18:56 +00:00			`let mail_field = config.get_ldap_mail_field();`
			`let fields = vec!["uid", "givenname", "sn", "cn", mail_field.as_str()];`

			`// TODO: Something something error handling`
			`let (results, _res) = ldap?`
			`.with_search_options(SearchOptions::new().deref(DerefAliases::Always))`
			`.search(`
			`&config.get_ldap_search_base_dn().as_str(),`
			`Scope::Subtree,`
			`&config.get_ldap_search_filter().as_str(),`
			`fields,`
			`)?`
			`.success()?;`

			`// Build list of entries`
			`let mut entries = Vec::new();`
			`for result in results {`
			`entries.push(SearchEntry::construct(result));`
			`}`

			`Ok(entries)`
			`}`

Fix redirection on auth 2019-03-29 22:40:26 +00:00			`/// Invite all LDAP users to Bitwarden`
WIP: Add bw_rs client For some reason, we're unable to get the cookies from the reqwest result. 2019-03-29 22:18:25 +00:00			`fn invite_from_ldap(`
			`config: &config::Config,`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`client: &mut vw_admin::Client,`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`) -> Result<(), Box<dyn Error>> {`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`match get_existing_users(client) {`
			`Ok(existing_users) => {`
			`let mail_field = config.get_ldap_mail_field();`
			`let mut num_users = 0;`
			`for ldap_user in search_entries(config)? {`
Fix invalid email field error Instead of crashing with a cryptic message, instead we print an error message. Also, as a bonus, better testing instructions! Fixes #3 Fixes #2 2019-10-02 20:02:51 +00:00			`// Safely get first email from list of emails in field`
			`if let Some(user_email) = ldap_user`
			`.attrs`
			`.get(mail_field.as_str())`
			`.and_then(\|l\| (l.first()))`
			`{`
Make checking for existing users case insensitive Email addresses are not case case sensitive, so when we check for an existing user, we should make sure we do it in a way that is not sensitive to case. Fixes #8 2020-03-05 21:07:26 +00:00			`if existing_users.contains(&user_email.to_lowercase()) {`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`println!("User with email already exists: {}", user_email);`
			`} else {`
			`println!("Try to invite user: {}", user_email);`
Fix warning 2019-04-12 23:45:23 +00:00			`// TODO: Validate response`
			`let _response = client.invite(user_email);`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`num_users = num_users + 1;`
Remove extra print 2019-04-12 23:42:31 +00:00			`// println!("Invite response: {:?}", response);`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`}`
Fix invalid email field error Instead of crashing with a cryptic message, instead we print an error message. Also, as a bonus, better testing instructions! Fixes #3 Fixes #2 2019-10-02 20:02:51 +00:00			`} else {`
			`println!("Warning: Email field, {:?}, not found on user", mail_field);`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`}`
Add checking of both users and invites before sending new ones 2019-04-11 23:20:00 +00:00			`}`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00
			`// Maybe think about returning this value for some other use`
			`println!("Sent invites to {} user(s).", num_users);`
Fix warning 2019-04-12 23:45:23 +00:00			`}`
Update compose to mostly work Untested since latest bitwarden_rs image doesn't have new endpoints 2019-04-12 00:07:59 +00:00			`Err(e) => {`
			`println!("Error: Failed to get existing users from Bitwarden");`
			`return Err(e);`
LDAP querying complete 2019-03-29 18:18:56 +00:00			`}`
			`}`

			`Ok(())`
			`}`

Fix redirection on auth 2019-03-29 22:40:26 +00:00			`/// Begin sync loop to invite LDAP users to Bitwarden`
			`fn start_sync_loop(`
			`config: &config::Config,`
Rebrand vaultwarden 2021-05-07 19:55:29 +00:00			`client: &mut vw_admin::Client,`
Fix a few compile warnings 2020-03-05 21:07:14 +00:00			`) -> Result<(), Box<dyn Error>> {`
Fix redirection on auth 2019-03-29 22:40:26 +00:00			`let interval = Duration::from_secs(config.get_ldap_sync_interval_seconds());`
			`loop {`
			`invite_from_ldap(config, client)?;`
			`sleep(interval);`
			`}`
			`}`