Wed, 05 Jun 2024 19:50:44 +0200
add extra nullptr check in the event loop to handle the case when the finish ptr is set to NULL after it was already scheduled
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
29 | #ifdef __gnu_linux__ |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
30 | #define _GNU_SOURCE |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
31 | #endif |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
32 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <stdio.h> |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <stdlib.h> |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | #include <string.h> |
111
c93be34fde76
fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
109
diff
changeset
|
36 | #include <sys/time.h> |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
38 | #include <cx/utils.h> |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
39 | #include <cx/hash_map.h> |
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
40 | #include <cx/printf.h> |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
41 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
42 | #include "../util/util.h" |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
43 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | #include "ldap_auth.h" |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
45 | #include "ldap_resource.h" |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
47 | static cxstring ws_ldap_default_uid_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
48 | CX_STR("uid") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
49 | }; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
50 | |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
51 | static cxstring ws_ldap_default_member_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
52 | CX_STR("member"), |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
53 | CX_STR("uniqueMember") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
54 | }; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
55 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | static LDAPConfig ws_ldap_default_config = { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | NULL, // resource |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | NULL, // basedn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | NULL, // binddn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | NULL, // bindpw |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
61 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
62 | ws_ldap_default_uid_attr, // uidAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
63 | 1, // numUidAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
64 | "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
65 | ws_ldap_default_member_attr, // memberAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
66 | 2, // numMemberAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | TRUE, // enableGroups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | FALSE // userNameIsDN |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
70 | }; |
89
5eecce5314d6
fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
87
diff
changeset
|
71 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
72 | // TODO: AD |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
73 | static cxstring ws_ad_default_uid_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
74 | CX_STR("uid") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
75 | }; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
76 | |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
77 | static cxstring ws_ad_default_member_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
78 | CX_STR("member"), |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
79 | CX_STR("uniqueMember") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
80 | }; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
81 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
82 | static LDAPConfig ws_ldap_ad_config = { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | NULL, // resource |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | NULL, // basedn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | NULL, // binddn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | NULL, // bindpw |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
87 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
88 | ws_ad_default_uid_attr, // uidAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
89 | 1, // numUidAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
90 | "", // groupSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
91 | ws_ad_default_member_attr, // memberAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
92 | 2, // numMemberAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | TRUE, // enableGroups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | FALSE // userNameIsDN |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | }; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
97 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
98 | static cxstring ws_posix_default_uid_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
99 | CX_STR("uid") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
100 | }; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
101 | |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
102 | static cxstring ws_posix_default_member_attr[] = { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
103 | CX_STR("memberUid") |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
104 | }; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
105 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
106 | static LDAPConfig ws_ldap_posix_config = { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | NULL, // resource |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | NULL, // basedn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | NULL, // binddn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | NULL, // bindpw |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
111 | "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
112 | ws_posix_default_uid_attr, // uidAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
113 | 1, // numUidAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
114 | "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
115 | ws_posix_default_member_attr, // memberAttributes |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
116 | 1, // numMemberAttributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | WS_LDAP_GROUP_MEMBER_UID, // groupMemberType |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | TRUE, // enableGroups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
119 | FALSE // userNameIsDN |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | }; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
122 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) { |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
123 | LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB)); |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
124 | if(!authdb) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | return NULL; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
126 | } |
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
111
diff
changeset
|
127 | authdb->authdb.name = pool_strdup(cfg->pool, name); |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
128 | if(!authdb->authdb.name) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | return NULL; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
130 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
131 | authdb->authdb.get_user = ldap_get_user; |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
132 | authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
133 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | // initialize default ldap config |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType")); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | LDAPConfig *default_config; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | if(!dirtype.ptr) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | default_config = &ws_ldap_default_config; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | } else if(!cx_strcmp(dirtype, cx_str("ldap"))) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
140 | default_config = &ws_ldap_default_config; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
141 | } else if(!cx_strcmp(dirtype, cx_str("posix"))) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
142 | default_config = &ws_ldap_posix_config; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
143 | } else if(!cx_strcmp(dirtype, cx_str("ad"))) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
144 | default_config = &ws_ldap_ad_config; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
145 | } else { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
146 | log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
147 | } |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
148 | memcpy(&authdb->config, default_config, sizeof(LDAPConfig)); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
149 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
150 | // custom config |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
151 | cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource")); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
152 | cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
153 | cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
154 | cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
155 | cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
156 | cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes")); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
157 | cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter")); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
158 | cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes")); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
159 | cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType")); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
160 | cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups")); |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
161 | cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn")); |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
162 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
163 | if(!resource.ptr) { |
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
164 | // implicitly create a resource pool for this authdb |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
165 | cxmutstr respool_name = cx_asprintf_a(cfg->a, "_authdb_%s", name); |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
166 | if(!respool_name.ptr) { |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
167 | return NULL; |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
168 | } |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
169 | log_ereport( |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
170 | LOG_INFORM, |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
171 | "ldap authdb %s: no resource specified: create resource pool %s", |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
172 | name, |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
173 | respool_name.ptr); |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
174 | if(resourcepool_new(cfg, cx_str("ldap"), cx_strcast(respool_name), node)) { |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
175 | log_ereport( |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
176 | LOG_FAILURE, |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
177 | "ldap authdb %s: cannot create ldap resource pool", |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
178 | name); |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
179 | return NULL; |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
180 | } |
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
181 | authdb->config.resource = respool_name.ptr; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
182 | } else { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
183 | authdb->config.resource = cx_strdup_a(cfg->a, resource).ptr; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
184 | if(!authdb->config.resource) return NULL; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
185 | } |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
186 | |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
187 | if(!basedn.ptr) { |
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
188 | log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); |
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
189 | return NULL; |
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
190 | } |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
191 | authdb->config.basedn = cx_strdup_a(cfg->a, basedn).ptr; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
192 | if(!authdb->config.basedn) return NULL; |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
193 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
194 | // optional config |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
195 | if(binddn.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
196 | if(!bindpw.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
197 | log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
198 | return NULL; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
199 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
200 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
201 | authdb->config.binddn = cx_strdup_a(cfg->a, binddn).ptr; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
202 | authdb->config.bindpw = cx_strdup_a(cfg->a, bindpw).ptr; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
203 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
204 | if(!authdb->config.binddn || !authdb->config.bindpw) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
205 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
206 | } |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
207 | } |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
208 | |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
209 | |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
210 | if(userSearchFilter.ptr) { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
211 | authdb->config.userSearchFilter = cx_strdup_a(cfg->a, userSearchFilter).ptr; |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
212 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
213 | if(uidAttributes.ptr) { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
214 | cxmutstr uidAttributesCopy = cx_strdup_a(cfg->a, uidAttributes); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
215 | if(uidAttributesCopy.ptr) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
216 | authdb->config.numUidAttributes = cx_strsplit_a( |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
217 | cfg->a, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
218 | cx_strcast(uidAttributesCopy), |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
219 | cx_str(","), |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
220 | 1024, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
221 | &authdb->config.uidAttributes); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
222 | } |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
223 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
224 | if(groupSearchFilter.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
225 | authdb->config.groupSearchFilter = groupSearchFilter.ptr; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
226 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
227 | if(memberAttributes.ptr) { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
228 | cxmutstr memberAttributesCopy = cx_strdup_a(cfg->a, memberAttributes); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
229 | if(memberAttributesCopy.ptr) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
230 | authdb->config.numMemberAttributes = cx_strsplit_a( |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
231 | cfg->a, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
232 | cx_strcast(memberAttributesCopy), |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
233 | cx_str(","), |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
234 | 1024, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
235 | &authdb->config.memberAttributes); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
236 | } |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
237 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
238 | if(memberType.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
239 | if(!cx_strcmp(memberType, cx_str("dn"))) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
240 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN; |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
241 | } else if(!cx_strcmp(memberType, cx_str("uid"))) { |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
242 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
243 | } else { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
244 | log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
245 | return NULL; |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
246 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
247 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
248 | if(enableGroups.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
249 | authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
250 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
251 | if(userNameIsDn.ptr) { |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
252 | authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE); |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
253 | } |
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
254 | |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
255 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
256 | // initialize group cache |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
257 | authdb->groups.first = NULL; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
258 | authdb->groups.last = NULL; |
490 | 259 | authdb->groups.map = cxHashMapCreate(cfg->a, CX_STORE_POINTERS, 32); |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
260 | if(!authdb->groups.map) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
261 | return NULL; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
262 | } |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
263 | |
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
264 | log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
265 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
266 | return (AuthDB*) authdb; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
267 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
268 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
269 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
270 | ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
271 | if(!res) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
272 | log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
273 | return NULL; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
274 | } |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
275 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
276 | LDAP *ldap = res->data; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
277 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
278 | if(authdb->config.binddn) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
279 | struct berval *server_cred; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
280 | int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
281 | if(r != LDAP_SUCCESS) { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
282 | log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r)); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
283 | resourcepool_free(sn, rq, res); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
284 | return NULL; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
285 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
286 | } |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
287 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
288 | return ldap; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
289 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
290 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
291 | static LDAPUser* ldap_msg_to_user( |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
292 | Session *sn, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
293 | Request *rq, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
294 | LDAPAuthDB *authdb, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
295 | LDAP *ldap, |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
296 | LDAPMessage *msg) |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
297 | { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
298 | CxAllocator *a = pool_allocator(sn->pool); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
299 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
300 | LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser)); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
301 | if(!user) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
302 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
303 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
304 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
305 | // get dn |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
306 | char *ldap_dn = ldap_get_dn(ldap, msg); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
307 | if(!ldap_dn) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
308 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
309 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
310 | char *dn = pool_strdup(sn->pool, ldap_dn); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
311 | ldap_memfree(ldap_dn); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
312 | if(!dn) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
313 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
314 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
315 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
316 | // get uid |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
317 | char *uid = NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
318 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
319 | // values of configured UidAttributes |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
320 | size_t numUidAttributes = authdb->config.numUidAttributes; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
321 | cxmutstr *uid_values = pool_calloc(sn->pool, authdb->config.numUidAttributes, sizeof(cxmutstr)); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
322 | if(!uid_values) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
323 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
324 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
325 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
326 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
327 | BerElement *ber = NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
328 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
329 | while(attribute) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
330 | cxstring attr = cx_str(attribute); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
331 | for(int i=0;i<numUidAttributes;i++) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
332 | // check if the attribute is one of the uid attributes |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
333 | if(!uid_values[i].ptr && !cx_strcmp(attr, authdb->config.uidAttributes[i])) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
334 | // copy value to uid_values |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
335 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
336 | if(values) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
337 | int count = ldap_count_values_len(values); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
338 | if(count > 0) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
339 | cxstring attr_val = cx_strn(values[0]->bv_val, values[0]->bv_len); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
340 | uid_values[i] = cx_strdup_a(a, attr_val); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
341 | } else { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
342 | log_ereport(LOG_FAILURE, "ldap user: dn: %s attribute %s: no values", dn, attribute); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
343 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
344 | ldap_value_free_len(values); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
345 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
346 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
347 | } |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
348 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
349 | if(uid_values[0].ptr) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
350 | // if we found a value for the first attribute, we can use that |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
351 | break; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
352 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
353 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
354 | ldap_memfree(attribute); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
355 | attribute = ldap_next_attribute(ldap, msg, ber); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
356 | } |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
357 | if(ber) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
358 | ber_free(ber, 0); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
359 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
360 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
361 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
362 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
363 | // use first value as uid |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
364 | for(int i=0;i<numUidAttributes;i++) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
365 | if(uid_values[i].ptr) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
366 | if(!uid) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
367 | uid = uid_values[i].ptr; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
368 | } else { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
369 | cxFree(a, uid_values[i].ptr); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
370 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
371 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
372 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
373 | pool_free(sn->pool, uid_values); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
374 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
375 | // get user name |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
376 | char *username; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
377 | if(authdb->config.userNameIsDN) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
378 | username = dn; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
379 | } else { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
380 | username = uid; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
381 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
382 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
383 | if(!username) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
384 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
385 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
386 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
387 | user->authdb = authdb; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
388 | user->user.verify_password = ldap_user_verify_password; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
389 | user->user.check_group = ldap_user_check_group; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
390 | user->user.free = ldap_user_free; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
391 | user->user.name = username; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
392 | user->sn = sn; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
393 | user->rq = rq; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
394 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
395 | // TODO: get uid/gid from ldap |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
396 | user->user.uid = -1; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
397 | user->user.gid = -1; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
398 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
399 | user->ldap = ldap; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
400 | user->userdn = dn; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
401 | user->uid_attr = uid; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
402 | |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
403 | return user; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
404 | } |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
405 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
406 | User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
407 | LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
408 | LDAPConfig *config = &authdb->config; |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
409 | CxAllocator *a = pool_allocator(sn->pool); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
410 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
411 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
412 | if (ld == NULL) { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
413 | return NULL; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
414 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
415 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
416 | // get the user dn |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
417 | cxstring userSearch = cx_str(config->userSearchFilter); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
418 | cxmutstr filter = cx_strreplace_a(a, userSearch, cx_str("%s"), cx_str(username)); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
419 | if(!filter.ptr) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
420 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
421 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
422 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
423 | log_ereport(LOG_DEBUG, "ldap_get_user: filter: %s", filter.ptr); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
424 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
425 | LDAPMessage *result; |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
426 | struct timeval timeout; |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
427 | timeout.tv_sec = 8; // TODO: add config parameter for timeout |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
428 | timeout.tv_usec = 0; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
429 | int r = ldap_search_ext_s( |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
430 | ld, |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
431 | config->basedn, |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
432 | LDAP_SCOPE_SUBTREE, |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
433 | filter.ptr, |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
434 | NULL, |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
435 | 0, |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
436 | NULL, // server controls |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
437 | NULL, // client controls |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
438 | &timeout, |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
439 | 2, // size limit |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
440 | &result); |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
441 | cxFree(a, filter.ptr); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
442 | if(r != LDAP_SUCCESS) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
443 | if(result) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
444 | ldap_msgfree(result); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
445 | } |
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
446 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r)); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
447 | return NULL; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
448 | } |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
449 | if(!result) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
450 | // not sure if this can happen |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
451 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: no result"); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
452 | return NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
453 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
454 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
455 | LDAPMessage *msg = ldap_first_entry(ld, result); |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
456 | LDAPUser *user = NULL; |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
457 | if(msg) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
458 | if(ldap_count_entries(ld, msg) > 1) { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
459 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
460 | } else { |
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
461 | user = ldap_msg_to_user(sn, rq, authdb, ld, msg); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
462 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
463 | } |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
464 | ldap_msgfree(result); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
465 | |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
466 | return (User*)user; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
467 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
468 | |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
469 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
470 | static int is_member_attribute(LDAPAuthDB *auth, const char *attribute) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
471 | LDAPConfig *config = &auth->config; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
472 | cxstring attr = cx_str(attribute); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
473 | for(int i=0;i<config->numMemberAttributes;i++) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
474 | if(!cx_strcmp(config->memberAttributes[i], attr)) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
475 | return 1; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
476 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
477 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
478 | return 0; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
479 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
480 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
481 | static int group_add_member(LDAPGroup *group, LDAP *ldap, LDAPMessage *msg, char *attribute) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
482 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
483 | int ret = 0; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
484 | if(values) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
485 | int count = ldap_count_values_len(values); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
486 | for(int i=0;i<count;i++) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
487 | cxstring memberValue = cx_strn(values[i]->bv_val, values[i]->bv_len); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
488 | CxHashKey key = cx_hash_key(memberValue.ptr, memberValue.length); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
489 | char *g_member = cxMapGet(group->members, key); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
490 | if(!g_member) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
491 | cxmutstr member = cx_strdup_a(group->members->allocator, memberValue); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
492 | if(!member.ptr) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
493 | ret = 1; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
494 | break; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
495 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
496 | if(cxMapPut(group->members, key, member.ptr)) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
497 | ret = 1; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
498 | break; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
499 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
500 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
501 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
502 | ldap_value_free_len(values); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
503 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
504 | return ret; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
505 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
506 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
507 | static LDAPGroup* ldap_msg_to_group( |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
508 | Session *sn, |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
509 | Request *rq, |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
510 | LDAPAuthDB *authdb, |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
511 | LDAP *ldap, |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
512 | LDAPMessage *msg, |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
513 | const char *group_name) |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
514 | { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
515 | CxAllocator *a = pool_allocator(sn->pool); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
516 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
517 | LDAPGroup *group = pool_malloc(sn->pool, sizeof(LDAPGroup)); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
518 | if(!group) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
519 | return NULL; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
520 | } |
490 | 521 | group->members = cxHashMapCreate(a, CX_STORE_POINTERS, 32); |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
522 | if(!group->members) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
523 | pool_free(sn->pool, group); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
524 | return NULL; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
525 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
526 | group->name = pool_strdup(sn->pool, group_name); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
527 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
528 | BerElement *ber = NULL; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
529 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
530 | while(attribute) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
531 | if(is_member_attribute(authdb, attribute)) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
532 | if(group_add_member(group, ldap, msg, attribute)) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
533 | // OOM |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
534 | ldap_memfree(attribute); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
535 | // free at least some memory |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
536 | cxMapDestroy(group->members); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
537 | pool_free(sn->pool, group); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
538 | group = NULL; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
539 | break; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
540 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
541 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
542 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
543 | ldap_memfree(attribute); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
544 | attribute = ldap_next_attribute(ldap, msg, ber); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
545 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
546 | if(ber) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
547 | ber_free(ber, 0); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
548 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
549 | |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
550 | return group; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
551 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
552 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
553 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
554 | LDAPConfig *config = &authdb->config; |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
555 | CxAllocator *a = pool_allocator(sn->pool); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
556 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
557 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
558 | if (ld == NULL) { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
559 | return NULL; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
560 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
561 | |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
562 | // if userNameIsDN is true, group will be the full group dn and we |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
563 | // don't need to search with a filter, to get the entry |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
564 | char *filterStr; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
565 | const char *basedn; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
566 | int scope; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
567 | if(config->userNameIsDN) { |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
568 | filterStr = NULL; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
569 | basedn = group; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
570 | scope = LDAP_SCOPE_BASE; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
571 | } else { |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
572 | cxstring groupSearch = cx_str(config->groupSearchFilter); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
573 | cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group)); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
574 | if(!filter.ptr) { |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
575 | return NULL; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
576 | } |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
577 | filterStr = filter.ptr; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
578 | basedn = config->basedn; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
579 | scope = LDAP_SCOPE_SUBTREE; |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
580 | } |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
581 | |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
582 | log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
583 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
584 | LDAPMessage *result; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
585 | struct timeval timeout; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
586 | timeout.tv_sec = 8; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
587 | timeout.tv_usec = 0; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
588 | int r = ldap_search_ext_s( |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
589 | ld, |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
590 | basedn, |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
591 | scope, |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
592 | filterStr, |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
593 | NULL, |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
594 | 0, |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
595 | NULL, // server controls |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
596 | NULL, // client controls |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
597 | &timeout, |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
598 | 2, // size limit |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
599 | &result); |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
600 | if(filterStr) { |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
601 | cxFree(a, filterStr); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
602 | } |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
603 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
604 | if (r != LDAP_SUCCESS) { |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
605 | if(result) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
606 | ldap_msgfree(result); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
607 | } |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
608 | log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r)); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
609 | return NULL; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
610 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
611 | |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
612 | LDAPMessage *msg = ldap_first_entry(ld, result); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
613 | LDAPGroup *wsgroup = NULL; |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
614 | if(msg) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
615 | if(ldap_count_entries(ld, msg) > 1) { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
616 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
617 | } else { |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
618 | wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
619 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
620 | } |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
621 | ldap_msgfree(result); |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
622 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
623 | return wsgroup; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
624 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
625 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
626 | int ldap_user_verify_password(User *u, const char *password) { |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
627 | LDAPUser *user = (LDAPUser*)u; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
628 | |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
629 | struct berval cred; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
630 | cred.bv_val = (char*)password; |
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
631 | cred.bv_len = strlen(password); |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
632 | struct berval *server_cred; |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
633 | int r = ldap_sasl_bind_s( |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
634 | user->ldap, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
635 | user->userdn, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
636 | LDAP_SASL_SIMPLE, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
637 | &cred, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
638 | NULL, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
639 | NULL, |
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
640 | &server_cred); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
641 | if(r == LDAP_SUCCESS) { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
642 | log_ereport(LOG_VERBOSE, "ldap user %s password ok", user->userdn); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
643 | return 1; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
644 | } else { |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
645 | log_ereport(LOG_VERBOSE, "ldap user %s password not ok", user->userdn); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
646 | return 0; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
647 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
648 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
649 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
650 | int ldap_user_check_group(User *u, const char *group_str) { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
651 | LDAPUser *user = (LDAPUser*)u; |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
652 | LDAPAuthDB *authdb = user->authdb; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
653 | if(!authdb->config.enableGroups) { |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
654 | log_ereport( |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
655 | LOG_DEBUG, |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
656 | "ldap_user_check_group: authdb %s: groups disabled", |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
657 | authdb->authdb.name); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
658 | return 0; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
659 | } |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
660 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
661 | int ret = 0; |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
662 | LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str); |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
663 | if(group) { |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
664 | const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr; |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
665 | char *member = cxMapGet(group->members, cx_hash_key_str(usr)); |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
666 | if(member) { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
667 | ret = 1; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
668 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
669 | } |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
670 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
671 | return ret; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
672 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
673 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
674 | void ldap_user_free(User *u) { |
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
675 | LDAPUser *user = (LDAPUser*)u; |
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
676 | pool_free(user->sn->pool, user->userdn); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
677 | pool_free(user->sn->pool, user->uid_attr); |
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
678 | pool_free(user->sn->pool, user); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
679 | } |