src/server/daemon/ldap_auth.c@9a36a6b52e4c (annotated)
src/server/daemon/ldap_auth.c
Mon, 13 Mar 2023 20:53:46 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Mon, 13 Mar 2023 20:53:46 +0100
- changeset 469
- 9a36a6b52e4c
- parent 468
- 73e80eb953f5
- child 470
- 467ed0f559af
- permissions
- -rw-r--r--
load additional ldap authdb config
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
29 | #ifdef __gnu_linux__ |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
30 | #define _GNU_SOURCE |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
31 | #endif |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
32 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <stdio.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <stdlib.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | #include <string.h> |
|
111
c93be34fde76
fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
109
diff
changeset
|
36 | #include <sys/time.h> |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
38 | #include <cx/utils.h> |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
39 | #include <cx/hash_map.h> |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
40 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
41 | #include "../util/util.h" |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
42 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | #include "ldap_auth.h" |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
44 | #include "ldap_resource.h" |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
45 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
46 | static cxstring ws_ldap_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
47 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
48 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
49 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
50 | static cxstring ws_ldap_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
51 | CX_STR("member"), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
52 | CX_STR("uniqueMember") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
53 | }; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
54 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
55 | static LDAPConfig ws_ldap_default_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | NULL, // bindpw |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
61 | ws_ldap_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
62 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
63 | "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
64 | ws_ldap_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
65 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
66 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | }; |
|
89
5eecce5314d6
fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
87
diff
changeset
|
70 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
71 | // TODO: AD |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
72 | static cxstring ws_ad_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
73 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
74 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
75 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
76 | static cxstring ws_ad_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
77 | CX_STR("member"), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
78 | CX_STR("uniqueMember") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
79 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
80 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
81 | static LDAPConfig ws_ldap_ad_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
82 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | NULL, // bindpw |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
87 | ws_ad_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
88 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
89 | "", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
90 | ws_ad_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
91 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
92 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
97 | static cxstring ws_posix_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
98 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
99 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
100 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
101 | static cxstring ws_posix_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
102 | CX_STR("memberUid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
103 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
104 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
105 | static LDAPConfig ws_ldap_posix_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
106 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | NULL, // bindpw |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
111 | ws_posix_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
112 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
113 | "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
114 | ws_posix_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
115 | 1, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
116 | WS_LDAP_GROUP_MEMBER_UID, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
119 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
122 | LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB)); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
123 | if(!authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
124 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | } |
|
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
111
diff
changeset
|
126 | authdb->authdb.name = pool_strdup(cfg->pool, name); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
127 | if(!authdb->authdb.name) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
128 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
130 | authdb->authdb.get_user = ldap_get_user; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
131 | authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
132 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
133 | // initialize default ldap config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | LDAPConfig *default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | if(!dirtype.ptr) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | } else if(!cx_strcmp(dirtype, cx_str("ldap"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
140 | } else if(!cx_strcmp(dirtype, cx_str("posix"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
141 | default_config = &ws_ldap_posix_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
142 | } else if(!cx_strcmp(dirtype, cx_str("ad"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
143 | default_config = &ws_ldap_ad_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
144 | } else { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
145 | log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
146 | } |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
147 | memcpy(&authdb->config, default_config, sizeof(LDAPConfig)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
148 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
149 | // custom config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
150 | cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
151 | cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
152 | cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
153 | cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
154 | cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
155 | cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
156 | cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
157 | cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
158 | cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
159 | cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
160 | cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn")); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
161 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
162 | if(!resource.ptr) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
163 | // TODO: create resource pool |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
164 | } else { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
165 | authdb->config.resource = resource.ptr; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
166 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
167 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
168 | if(!basedn.ptr) { |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
169 | log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
170 | return NULL; |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
171 | } |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
172 | authdb->config.basedn = basedn.ptr; |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
173 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
174 | // optional config |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
175 | if(binddn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
176 | if(!bindpw.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
177 | log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
178 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
179 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
180 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
181 | authdb->config.binddn = binddn.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
182 | authdb->config.bindpw = bindpw.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
183 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
184 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
185 | if(userSearchFilter.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
186 | authdb->config.userSearchFilter = userSearchFilter.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
187 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
188 | if(uidAttributes.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
189 | authdb->config.numUidAttributes = cx_strsplit_a( |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
190 | cfg->a, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
191 | uidAttributes, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
192 | cx_str(","), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
193 | 1024, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
194 | &authdb->config.uidAttributes); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
195 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
196 | if(groupSearchFilter.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
197 | authdb->config.groupSearchFilter = groupSearchFilter.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
198 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
199 | if(memberAttributes.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
200 | authdb->config.numMemberAttributes = cx_strsplit_a( |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
201 | cfg->a, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
202 | memberAttributes, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
203 | cx_str(","), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
204 | 1024, |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
205 | &authdb->config.memberAttributes); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
206 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
207 | if(memberType.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
208 | if(!cx_strcmp(memberType, cx_str("dn"))) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
209 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
210 | } else if(cx_strcmp(memberType, cx_str("uid"))) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
211 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
212 | } else { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
213 | log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
214 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
215 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
216 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
217 | if(enableGroups.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
218 | authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
219 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
220 | if(userNameIsDn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
221 | authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
222 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
223 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
224 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
225 | // initialize group cache |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
226 | authdb->groups.first = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
227 | authdb->groups.last = NULL; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
228 | authdb->groups.map = cxHashMapCreate(cfg->a, 32); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
229 | if(!authdb->groups.map) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
230 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
231 | } |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
232 | |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
233 | log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
234 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
235 | return (AuthDB*) authdb; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
236 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
237 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
238 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
239 | ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
240 | if(!res) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
241 | log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
242 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
243 | } |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
244 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
245 | LDAP *ldap = res->data; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
246 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
247 | if(authdb->config.binddn) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
248 | struct berval *server_cred; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
249 | int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
250 | if(r != LDAP_SUCCESS) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
251 | log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
252 | resourcepool_free(sn, rq, res); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
253 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
254 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
255 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
256 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
257 | return ldap; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
258 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
259 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
260 | User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
261 | LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
262 | LDAPConfig *config = &authdb->config; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
263 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
264 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
265 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
266 | fprintf(stderr, "ldap_init failed\n"); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
267 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
268 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
269 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
270 | // get the user dn |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
271 | // TODO: use config for filter |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
272 | // TODO: use asprintf |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
273 | char filter[128]; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
274 | snprintf(filter, 128, "(uid=%s)", username); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
275 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
276 | LDAPMessage *result; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
277 | struct timeval timeout; |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
278 | timeout.tv_sec = 8; |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
279 | timeout.tv_usec = 0; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
280 | int r = ldap_search_ext_s( |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
281 | ld, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
282 | config->basedn, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
283 | LDAP_SCOPE_SUBTREE, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
284 | filter, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
285 | NULL, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
286 | 0, |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
287 | NULL, // server controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
288 | NULL, // client controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
289 | &timeout, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
290 | 1, // size limit |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
291 | &result); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
292 | if (r != LDAP_SUCCESS) { |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
293 | //ws_ldap_close(ld); |
|
89
5eecce5314d6
fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
87
diff
changeset
|
294 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
295 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r)); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
296 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
297 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
298 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
299 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
300 | if (msg) { |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
301 | LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser)); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
302 | if (user != NULL) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
303 | user->authdb = authdb; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
304 | user->user.verify_password = ldap_user_verify_password; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
305 | user->user.check_group = ldap_user_check_group; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
306 | user->user.free = ldap_user_free; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
307 | user->user.name = pool_strdup(sn->pool, username); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
308 | user->sn = sn; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
309 | user->rq = rq; |
|
63
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
49
diff
changeset
|
310 | |
|
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
49
diff
changeset
|
311 | // TODO: get uid/gid from ldap |
|
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
49
diff
changeset
|
312 | user->user.uid = -1; |
|
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
49
diff
changeset
|
313 | user->user.gid = -1; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
314 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
315 | user->ldap = ld; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
316 | user->userdn = ldap_get_dn(ld, msg); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
317 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
318 | ldap_msgfree(result); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
319 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
320 | return (User*)user; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
321 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
322 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
323 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
324 | //ws_ldap_close(ld); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
325 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
326 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
327 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
328 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
329 | printf("ldap_get_group: %s\n", group); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
330 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
331 | LDAPConfig *config = &authdb->config; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
332 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
333 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
334 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
335 | fprintf(stderr, "ldap_init failed\n"); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
336 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
337 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
338 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
339 | // get the user dn |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
340 | // TODO: use config for filter |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
341 | // TODO: use asprintf |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
342 | char filter[128]; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
343 | int s = snprintf(filter, 127, "cn=%s", group); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
344 | filter[s] = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
345 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
346 | LDAPMessage *result; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
347 | struct timeval timeout; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
348 | timeout.tv_sec = 8; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
349 | timeout.tv_usec = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
350 | int r = ldap_search_ext_s( |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
351 | ld, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
352 | config->basedn, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
353 | LDAP_SCOPE_SUBTREE, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
354 | filter, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
355 | NULL, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
356 | 0, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
357 | NULL, // server controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
358 | NULL, // client controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
359 | &timeout, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
360 | 1, // size limit |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
361 | &result); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
362 | if (r != LDAP_SUCCESS) { |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
363 | //ws_ldap_close(ld); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
364 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
365 | fprintf(stderr, "ldap_search_ext_s failed\n"); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
366 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
367 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
368 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
369 | LDAPGroup *wsgroup = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
370 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
371 | if (msg) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
372 | // create group object |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
373 | wsgroup = malloc(sizeof(LDAPGroup)); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
374 | wsgroup->name = strdup(group); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
375 | wsgroup->members = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
376 | wsgroup->nmembers = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
377 | wsgroup->update = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
378 | wsgroup->next = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
379 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
380 | // get attributes |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
381 | BerElement *ber = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
382 | char *attribute = attribute=ldap_first_attribute(ld, msg, &ber); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
383 | while(attribute != NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
384 | printf("attribute: %s\n", attribute); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
385 | if(!strcasecmp(attribute, "memberuid")) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
386 | // get all memberuid values and add the users to the group obj |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
387 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
388 | struct berval **values = ldap_get_values_len(ld, msg, attribute); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
389 | if(values) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
390 | int count = ldap_count_values_len(values); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
391 | wsgroup->members = calloc(count, sizeof(LDAPMember)); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
392 | wsgroup->nmembers = count; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
393 | for(int i=0;i<count;i++) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
394 | cxstring member = cx_strn( |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
395 | values[i]->bv_val, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
396 | values[i]->bv_len); |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
397 | wsgroup->members[i].name = cx_strdup(member).ptr; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
398 | // TODO: uid? |
|
101
7fbcdbad0baa
added support for absolute URIs and improved keep alive
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
97
diff
changeset
|
399 | printf("added member: %.*s\n", (int)member.length, member.ptr); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
400 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
401 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
402 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
403 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
404 | attribute = ldap_next_attribute(ld, msg, ber); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
405 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
406 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
407 | if(ber) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
408 | //ldap_ber_free(ber, 0); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
409 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
410 | if(attribute) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
411 | ldap_memfree(attribute); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
412 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
413 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
414 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
415 | //ws_ldap_close(ld); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
416 | return wsgroup; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
417 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
418 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
419 | int ldap_user_verify_password(User *u, const char *password) { |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
420 | LDAPUser *user = (LDAPUser*)u; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
421 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
422 | //int r = ldap_simple_bind_s(user->ldap, user->userdn, password); |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
423 | struct berval cred; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
424 | cred.bv_val = (char*)password; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
425 | cred.bv_len = strlen(password); |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
426 | struct berval *server_cred; |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
427 | int r = ldap_sasl_bind_s( |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
428 | user->ldap, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
429 | user->userdn, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
430 | LDAP_SASL_SIMPLE, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
431 | &cred, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
432 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
433 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
434 | &server_cred); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
435 | if(r == LDAP_SUCCESS) { |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
436 | printf("ldap password ok\n"); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
437 | return 1; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
438 | } else { |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
439 | printf("ldap password not ok\n"); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
440 | return 0; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
441 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
442 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
443 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
444 | int ldap_user_check_group(User *u, const char *group_str) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
445 | LDAPUser *user = (LDAPUser*)u; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
446 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
447 | int ret = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
448 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
449 | LDAPGroup *group = ldap_get_group(user->sn, user->rq, user->authdb, group_str); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
450 | for(int i=0;i<group->nmembers;i++) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
451 | char *member = group->members[i].name; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
452 | if(!strcmp(member, u->name)) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
453 | printf("is member\n"); |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
454 | ret = 1; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
455 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
456 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
457 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
458 | // TODO: free or cache group |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
459 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
460 | return ret; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
461 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
462 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
463 | void ldap_user_free(User *u) { |
|
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
464 | LDAPUser *user = (LDAPUser*)u; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
465 | ldap_memfree(user->userdn); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
466 | // TODO: use connection pool |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
467 | //ws_ldap_close(user->ldap); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
468 | free(user); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
469 | } |
