src/server/daemon/ldap_auth.c@ad44e72fbf50 (annotated)
src/server/daemon/ldap_auth.c
Wed, 05 Jun 2024 19:50:44 +0200
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Wed, 05 Jun 2024 19:50:44 +0200
- changeset 537
- ad44e72fbf50
- parent 490
- d218607f5a7e
- permissions
- -rw-r--r--
add extra nullptr check in the event loop to handle the case when the finish ptr is set to NULL after it was already scheduled
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
29 | #ifdef __gnu_linux__ |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
30 | #define _GNU_SOURCE |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
31 | #endif |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
32 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <stdio.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <stdlib.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | #include <string.h> |
|
111
c93be34fde76
fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
109
diff
changeset
|
36 | #include <sys/time.h> |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
38 | #include <cx/utils.h> |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
39 | #include <cx/hash_map.h> |
|
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
40 | #include <cx/printf.h> |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
41 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
42 | #include "../util/util.h" |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
43 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | #include "ldap_auth.h" |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
45 | #include "ldap_resource.h" |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
47 | static cxstring ws_ldap_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
48 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
49 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
50 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
51 | static cxstring ws_ldap_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
52 | CX_STR("member"), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
53 | CX_STR("uniqueMember") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
54 | }; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
55 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | static LDAPConfig ws_ldap_default_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | NULL, // bindpw |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
61 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
62 | ws_ldap_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
63 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
64 | "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
65 | ws_ldap_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
66 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
70 | }; |
|
89
5eecce5314d6
fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
87
diff
changeset
|
71 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
72 | // TODO: AD |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
73 | static cxstring ws_ad_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
74 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
75 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
76 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
77 | static cxstring ws_ad_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
78 | CX_STR("member"), |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
79 | CX_STR("uniqueMember") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
80 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
81 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
82 | static LDAPConfig ws_ldap_ad_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | NULL, // bindpw |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
87 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
88 | ws_ad_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
89 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
90 | "", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
91 | ws_ad_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
92 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
97 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
98 | static cxstring ws_posix_default_uid_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
99 | CX_STR("uid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
100 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
101 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
102 | static cxstring ws_posix_default_member_attr[] = { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
103 | CX_STR("memberUid") |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
104 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
105 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
106 | static LDAPConfig ws_ldap_posix_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | NULL, // bindpw |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
111 | "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
112 | ws_posix_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
113 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
114 | "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
115 | ws_posix_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
116 | 1, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | WS_LDAP_GROUP_MEMBER_UID, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
119 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
122 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
123 | LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB)); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
124 | if(!authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
126 | } |
|
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
111
diff
changeset
|
127 | authdb->authdb.name = pool_strdup(cfg->pool, name); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
128 | if(!authdb->authdb.name) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
130 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
131 | authdb->authdb.get_user = ldap_get_user; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
132 | authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
133 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | // initialize default ldap config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | LDAPConfig *default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | if(!dirtype.ptr) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | } else if(!cx_strcmp(dirtype, cx_str("ldap"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
140 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
141 | } else if(!cx_strcmp(dirtype, cx_str("posix"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
142 | default_config = &ws_ldap_posix_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
143 | } else if(!cx_strcmp(dirtype, cx_str("ad"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
144 | default_config = &ws_ldap_ad_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
145 | } else { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
146 | log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
147 | } |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
148 | memcpy(&authdb->config, default_config, sizeof(LDAPConfig)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
149 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
150 | // custom config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
151 | cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
152 | cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
153 | cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
154 | cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
155 | cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
156 | cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
157 | cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
158 | cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
159 | cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
160 | cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups")); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
161 | cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn")); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
162 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
163 | if(!resource.ptr) { |
|
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
164 | // implicitly create a resource pool for this authdb |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
165 | cxmutstr respool_name = cx_asprintf_a(cfg->a, "_authdb_%s", name); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
166 | if(!respool_name.ptr) { |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
167 | return NULL; |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
168 | } |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
169 | log_ereport( |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
170 | LOG_INFORM, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
171 | "ldap authdb %s: no resource specified: create resource pool %s", |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
172 | name, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
173 | respool_name.ptr); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
174 | if(resourcepool_new(cfg, cx_str("ldap"), cx_strcast(respool_name), node)) { |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
175 | log_ereport( |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
176 | LOG_FAILURE, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
177 | "ldap authdb %s: cannot create ldap resource pool", |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
178 | name); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
179 | return NULL; |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
180 | } |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
181 | authdb->config.resource = respool_name.ptr; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
182 | } else { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
183 | authdb->config.resource = cx_strdup_a(cfg->a, resource).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
184 | if(!authdb->config.resource) return NULL; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
185 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
186 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
187 | if(!basedn.ptr) { |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
188 | log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
189 | return NULL; |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
190 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
191 | authdb->config.basedn = cx_strdup_a(cfg->a, basedn).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
192 | if(!authdb->config.basedn) return NULL; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
193 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
194 | // optional config |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
195 | if(binddn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
196 | if(!bindpw.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
197 | log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
198 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
199 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
200 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
201 | authdb->config.binddn = cx_strdup_a(cfg->a, binddn).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
202 | authdb->config.bindpw = cx_strdup_a(cfg->a, bindpw).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
203 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
204 | if(!authdb->config.binddn || !authdb->config.bindpw) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
205 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
206 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
207 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
208 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
209 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
210 | if(userSearchFilter.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
211 | authdb->config.userSearchFilter = cx_strdup_a(cfg->a, userSearchFilter).ptr; |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
212 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
213 | if(uidAttributes.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
214 | cxmutstr uidAttributesCopy = cx_strdup_a(cfg->a, uidAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
215 | if(uidAttributesCopy.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
216 | authdb->config.numUidAttributes = cx_strsplit_a( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
217 | cfg->a, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
218 | cx_strcast(uidAttributesCopy), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
219 | cx_str(","), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
220 | 1024, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
221 | &authdb->config.uidAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
222 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
223 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
224 | if(groupSearchFilter.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
225 | authdb->config.groupSearchFilter = groupSearchFilter.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
226 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
227 | if(memberAttributes.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
228 | cxmutstr memberAttributesCopy = cx_strdup_a(cfg->a, memberAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
229 | if(memberAttributesCopy.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
230 | authdb->config.numMemberAttributes = cx_strsplit_a( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
231 | cfg->a, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
232 | cx_strcast(memberAttributesCopy), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
233 | cx_str(","), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
234 | 1024, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
235 | &authdb->config.memberAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
236 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
237 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
238 | if(memberType.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
239 | if(!cx_strcmp(memberType, cx_str("dn"))) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
240 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
241 | } else if(!cx_strcmp(memberType, cx_str("uid"))) { |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
242 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
243 | } else { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
244 | log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
245 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
246 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
247 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
248 | if(enableGroups.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
249 | authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
250 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
251 | if(userNameIsDn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
252 | authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
253 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
254 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
255 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
256 | // initialize group cache |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
257 | authdb->groups.first = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
258 | authdb->groups.last = NULL; |
| 490 | 259 | authdb->groups.map = cxHashMapCreate(cfg->a, CX_STORE_POINTERS, 32); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
260 | if(!authdb->groups.map) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
261 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
262 | } |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
263 | |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
264 | log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
265 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
266 | return (AuthDB*) authdb; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
267 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
268 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
269 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
270 | ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
271 | if(!res) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
272 | log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
273 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
274 | } |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
275 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
276 | LDAP *ldap = res->data; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
277 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
278 | if(authdb->config.binddn) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
279 | struct berval *server_cred; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
280 | int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
281 | if(r != LDAP_SUCCESS) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
282 | log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
283 | resourcepool_free(sn, rq, res); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
284 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
285 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
286 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
287 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
288 | return ldap; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
289 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
290 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
291 | static LDAPUser* ldap_msg_to_user( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
292 | Session *sn, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
293 | Request *rq, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
294 | LDAPAuthDB *authdb, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
295 | LDAP *ldap, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
296 | LDAPMessage *msg) |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
297 | { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
298 | CxAllocator *a = pool_allocator(sn->pool); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
299 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
300 | LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
301 | if(!user) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
302 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
303 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
304 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
305 | // get dn |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
306 | char *ldap_dn = ldap_get_dn(ldap, msg); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
307 | if(!ldap_dn) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
308 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
309 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
310 | char *dn = pool_strdup(sn->pool, ldap_dn); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
311 | ldap_memfree(ldap_dn); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
312 | if(!dn) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
313 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
314 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
315 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
316 | // get uid |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
317 | char *uid = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
318 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
319 | // values of configured UidAttributes |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
320 | size_t numUidAttributes = authdb->config.numUidAttributes; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
321 | cxmutstr *uid_values = pool_calloc(sn->pool, authdb->config.numUidAttributes, sizeof(cxmutstr)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
322 | if(!uid_values) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
323 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
324 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
325 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
326 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
327 | BerElement *ber = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
328 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
329 | while(attribute) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
330 | cxstring attr = cx_str(attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
331 | for(int i=0;i<numUidAttributes;i++) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
332 | // check if the attribute is one of the uid attributes |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
333 | if(!uid_values[i].ptr && !cx_strcmp(attr, authdb->config.uidAttributes[i])) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
334 | // copy value to uid_values |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
335 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
336 | if(values) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
337 | int count = ldap_count_values_len(values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
338 | if(count > 0) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
339 | cxstring attr_val = cx_strn(values[0]->bv_val, values[0]->bv_len); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
340 | uid_values[i] = cx_strdup_a(a, attr_val); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
341 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
342 | log_ereport(LOG_FAILURE, "ldap user: dn: %s attribute %s: no values", dn, attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
343 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
344 | ldap_value_free_len(values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
345 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
346 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
347 | } |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
348 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
349 | if(uid_values[0].ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
350 | // if we found a value for the first attribute, we can use that |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
351 | break; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
352 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
353 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
354 | ldap_memfree(attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
355 | attribute = ldap_next_attribute(ldap, msg, ber); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
356 | } |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
357 | if(ber) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
358 | ber_free(ber, 0); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
359 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
360 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
361 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
362 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
363 | // use first value as uid |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
364 | for(int i=0;i<numUidAttributes;i++) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
365 | if(uid_values[i].ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
366 | if(!uid) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
367 | uid = uid_values[i].ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
368 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
369 | cxFree(a, uid_values[i].ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
370 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
371 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
372 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
373 | pool_free(sn->pool, uid_values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
374 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
375 | // get user name |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
376 | char *username; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
377 | if(authdb->config.userNameIsDN) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
378 | username = dn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
379 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
380 | username = uid; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
381 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
382 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
383 | if(!username) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
384 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
385 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
386 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
387 | user->authdb = authdb; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
388 | user->user.verify_password = ldap_user_verify_password; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
389 | user->user.check_group = ldap_user_check_group; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
390 | user->user.free = ldap_user_free; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
391 | user->user.name = username; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
392 | user->sn = sn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
393 | user->rq = rq; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
394 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
395 | // TODO: get uid/gid from ldap |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
396 | user->user.uid = -1; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
397 | user->user.gid = -1; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
398 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
399 | user->ldap = ldap; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
400 | user->userdn = dn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
401 | user->uid_attr = uid; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
402 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
403 | return user; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
404 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
405 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
406 | User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
407 | LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
408 | LDAPConfig *config = &authdb->config; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
409 | CxAllocator *a = pool_allocator(sn->pool); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
410 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
411 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
412 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
413 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
414 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
415 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
416 | // get the user dn |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
417 | cxstring userSearch = cx_str(config->userSearchFilter); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
418 | cxmutstr filter = cx_strreplace_a(a, userSearch, cx_str("%s"), cx_str(username)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
419 | if(!filter.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
420 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
421 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
422 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
423 | log_ereport(LOG_DEBUG, "ldap_get_user: filter: %s", filter.ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
424 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
425 | LDAPMessage *result; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
426 | struct timeval timeout; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
427 | timeout.tv_sec = 8; // TODO: add config parameter for timeout |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
428 | timeout.tv_usec = 0; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
429 | int r = ldap_search_ext_s( |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
430 | ld, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
431 | config->basedn, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
432 | LDAP_SCOPE_SUBTREE, |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
433 | filter.ptr, |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
434 | NULL, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
435 | 0, |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
436 | NULL, // server controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
437 | NULL, // client controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
438 | &timeout, |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
439 | 2, // size limit |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
440 | &result); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
441 | cxFree(a, filter.ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
442 | if(r != LDAP_SUCCESS) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
443 | if(result) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
444 | ldap_msgfree(result); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
445 | } |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
446 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r)); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
447 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
448 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
449 | if(!result) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
450 | // not sure if this can happen |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
451 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: no result"); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
452 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
453 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
454 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
455 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
456 | LDAPUser *user = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
457 | if(msg) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
458 | if(ldap_count_entries(ld, msg) > 1) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
459 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
460 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
461 | user = ldap_msg_to_user(sn, rq, authdb, ld, msg); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
462 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
463 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
464 | ldap_msgfree(result); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
465 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
466 | return (User*)user; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
467 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
468 | |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
469 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
470 | static int is_member_attribute(LDAPAuthDB *auth, const char *attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
471 | LDAPConfig *config = &auth->config; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
472 | cxstring attr = cx_str(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
473 | for(int i=0;i<config->numMemberAttributes;i++) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
474 | if(!cx_strcmp(config->memberAttributes[i], attr)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
475 | return 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
476 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
477 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
478 | return 0; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
479 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
480 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
481 | static int group_add_member(LDAPGroup *group, LDAP *ldap, LDAPMessage *msg, char *attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
482 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
483 | int ret = 0; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
484 | if(values) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
485 | int count = ldap_count_values_len(values); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
486 | for(int i=0;i<count;i++) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
487 | cxstring memberValue = cx_strn(values[i]->bv_val, values[i]->bv_len); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
488 | CxHashKey key = cx_hash_key(memberValue.ptr, memberValue.length); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
489 | char *g_member = cxMapGet(group->members, key); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
490 | if(!g_member) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
491 | cxmutstr member = cx_strdup_a(group->members->allocator, memberValue); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
492 | if(!member.ptr) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
493 | ret = 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
494 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
495 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
496 | if(cxMapPut(group->members, key, member.ptr)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
497 | ret = 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
498 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
499 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
500 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
501 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
502 | ldap_value_free_len(values); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
503 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
504 | return ret; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
505 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
506 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
507 | static LDAPGroup* ldap_msg_to_group( |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
508 | Session *sn, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
509 | Request *rq, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
510 | LDAPAuthDB *authdb, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
511 | LDAP *ldap, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
512 | LDAPMessage *msg, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
513 | const char *group_name) |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
514 | { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
515 | CxAllocator *a = pool_allocator(sn->pool); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
516 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
517 | LDAPGroup *group = pool_malloc(sn->pool, sizeof(LDAPGroup)); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
518 | if(!group) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
519 | return NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
520 | } |
| 490 | 521 | group->members = cxHashMapCreate(a, CX_STORE_POINTERS, 32); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
522 | if(!group->members) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
523 | pool_free(sn->pool, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
524 | return NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
525 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
526 | group->name = pool_strdup(sn->pool, group_name); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
527 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
528 | BerElement *ber = NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
529 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
530 | while(attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
531 | if(is_member_attribute(authdb, attribute)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
532 | if(group_add_member(group, ldap, msg, attribute)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
533 | // OOM |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
534 | ldap_memfree(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
535 | // free at least some memory |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
536 | cxMapDestroy(group->members); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
537 | pool_free(sn->pool, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
538 | group = NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
539 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
540 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
541 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
542 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
543 | ldap_memfree(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
544 | attribute = ldap_next_attribute(ldap, msg, ber); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
545 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
546 | if(ber) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
547 | ber_free(ber, 0); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
548 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
549 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
550 | return group; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
551 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
552 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
553 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
554 | LDAPConfig *config = &authdb->config; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
555 | CxAllocator *a = pool_allocator(sn->pool); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
556 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
557 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
558 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
559 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
560 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
561 | |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
562 | // if userNameIsDN is true, group will be the full group dn and we |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
563 | // don't need to search with a filter, to get the entry |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
564 | char *filterStr; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
565 | const char *basedn; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
566 | int scope; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
567 | if(config->userNameIsDN) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
568 | filterStr = NULL; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
569 | basedn = group; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
570 | scope = LDAP_SCOPE_BASE; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
571 | } else { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
572 | cxstring groupSearch = cx_str(config->groupSearchFilter); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
573 | cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group)); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
574 | if(!filter.ptr) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
575 | return NULL; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
576 | } |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
577 | filterStr = filter.ptr; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
578 | basedn = config->basedn; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
579 | scope = LDAP_SCOPE_SUBTREE; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
580 | } |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
581 | |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
582 | log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
583 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
584 | LDAPMessage *result; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
585 | struct timeval timeout; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
586 | timeout.tv_sec = 8; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
587 | timeout.tv_usec = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
588 | int r = ldap_search_ext_s( |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
589 | ld, |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
590 | basedn, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
591 | scope, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
592 | filterStr, |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
593 | NULL, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
594 | 0, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
595 | NULL, // server controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
596 | NULL, // client controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
597 | &timeout, |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
598 | 2, // size limit |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
599 | &result); |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
600 | if(filterStr) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
601 | cxFree(a, filterStr); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
602 | } |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
603 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
604 | if (r != LDAP_SUCCESS) { |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
605 | if(result) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
606 | ldap_msgfree(result); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
607 | } |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
608 | log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r)); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
609 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
610 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
611 | |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
612 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
613 | LDAPGroup *wsgroup = NULL; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
614 | if(msg) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
615 | if(ldap_count_entries(ld, msg) > 1) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
616 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
617 | } else { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
618 | wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
619 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
620 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
621 | ldap_msgfree(result); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
622 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
623 | return wsgroup; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
624 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
625 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
626 | int ldap_user_verify_password(User *u, const char *password) { |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
627 | LDAPUser *user = (LDAPUser*)u; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
628 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
629 | struct berval cred; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
630 | cred.bv_val = (char*)password; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
631 | cred.bv_len = strlen(password); |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
632 | struct berval *server_cred; |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
633 | int r = ldap_sasl_bind_s( |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
634 | user->ldap, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
635 | user->userdn, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
636 | LDAP_SASL_SIMPLE, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
637 | &cred, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
638 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
639 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
640 | &server_cred); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
641 | if(r == LDAP_SUCCESS) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
642 | log_ereport(LOG_VERBOSE, "ldap user %s password ok", user->userdn); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
643 | return 1; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
644 | } else { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
645 | log_ereport(LOG_VERBOSE, "ldap user %s password not ok", user->userdn); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
646 | return 0; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
647 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
648 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
649 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
650 | int ldap_user_check_group(User *u, const char *group_str) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
651 | LDAPUser *user = (LDAPUser*)u; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
652 | LDAPAuthDB *authdb = user->authdb; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
653 | if(!authdb->config.enableGroups) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
654 | log_ereport( |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
655 | LOG_DEBUG, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
656 | "ldap_user_check_group: authdb %s: groups disabled", |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
657 | authdb->authdb.name); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
658 | return 0; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
659 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
660 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
661 | int ret = 0; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
662 | LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
663 | if(group) { |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
664 | const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
665 | char *member = cxMapGet(group->members, cx_hash_key_str(usr)); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
666 | if(member) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
667 | ret = 1; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
668 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
669 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
670 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
671 | return ret; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
672 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
673 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
674 | void ldap_user_free(User *u) { |
|
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
675 | LDAPUser *user = (LDAPUser*)u; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
676 | pool_free(user->sn->pool, user->userdn); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
677 | pool_free(user->sn->pool, user->uid_attr); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
678 | pool_free(user->sn->pool, user); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
679 | } |
