Mercurial > hg > webserver / annotate

src/server/daemon/ldap_auth.h@ad44e72fbf50 (annotated)

src/server/daemon/ldap_auth.h

Wed, 05 Jun 2024 19:50:44 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 05 Jun 2024 19:50:44 +0200
changeset 537
ad44e72fbf50
parent 471
9aa5ae3258f5
permissions
-rw-r--r--

add extra nullptr check in the event loop to handle the case when the finish ptr is set to NULL after it was already scheduled

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 42
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #ifndef LDAP_AUTH_H
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #define LDAP_AUTH_H
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
32 #include "../public/auth.h"
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
33 #include <sys/types.h>
162
b169992137a8 improves cgi error handling and allows requests with empty headers
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 161
diff changeset
34 #include <ldap.h>
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
35 #include <cx/map.h>
161
aadda87bad1b more windows porting
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 97
diff changeset
36
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 162
diff changeset
37 #include "config.h"
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 162
diff changeset
38
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39 #ifdef __cplusplus
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 extern "C" {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #endif
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
43 typedef struct ldap_auth_db LDAPAuthDB;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
44 typedef struct ldap_config LDAPConfig;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
45 typedef struct ldap_user LDAPUser;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
46 typedef struct ldap_group LDAPGroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
47 typedef struct ldap_member LDAPMember;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
48 typedef struct ldap_group_cache LDAPGroupCache;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
49
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
50 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
51
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
52 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
53 * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
54 * e.g. member attribute of posixGroup
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
55 * memberUid: user
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
56 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
57 enum WSLdapGroupMemberType {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
58 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
59 * the member attribute contains the full user dn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
60 * for example object class groupOfUniqueNames attribute uniqueMember
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
61 * uniqueMember: uid=user,ou=People,dc=example,dc=com
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
62 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
63 WS_LDAP_GROUP_MEMBER_DN = 0,
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
64
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
65 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
66 * the member attribute contains the user uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
67 * for example object class posixGroup attribute memberUid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
68 * memberUid: user
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
69 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
70 WS_LDAP_GROUP_MEMBER_UID
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
71 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
72
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 struct ldap_config {
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
74 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
75 * ldap resource pool name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
76 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
77 const char *resource;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
78
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
79 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
80 * ldap basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
81 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
82 const char *basedn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
83
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
84 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
85 * default bind dn for search operations
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
86 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
87 const char *binddn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
88
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
89 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
90 * password for default binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
91 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
92 const char *bindpw;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
93
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
94 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
95 * the ldap filter used to resolve user names to DN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
96 * this can be specified in the config file directly or it will
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
97 * auto-generated later, so it must always be a non-empty string
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
98 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
99 const char *userSearchFilter;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
100
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
101 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
102 * array of user id attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
103 */
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
104 cxstring *uidAttributes;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
105
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
106 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
107 * number of uid attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
108 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
109 size_t numUidAttributes;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
110
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
111 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
112 * same as userSearchFilter, but for groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
113 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
114 const char *groupSearchFilter;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
115
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
116 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
117 * array of attributes that represent group members
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
118 */
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
119 cxstring *memberAttributes;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
120
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
121 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
122 * number of group member attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
123 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
124 size_t numMemberAttributes;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
125
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
126 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
127 * value type of the group member attribute
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
128 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
129 enum WSLdapGroupMemberType groupMemberType;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
130
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
131 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
132 * enables/disables support for ldap groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
133 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
134 WSBool enableGroups;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
135
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
136 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
137 * use the full DN internally as user name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
138 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
139 WSBool userNameIsDN;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
142 struct ldap_group_cache {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
143 LDAPGroup *first;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
144 LDAPGroup *last;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
145 CxMap *map;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
146 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
147
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
148 struct ldap_auth_db {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
149 AuthDB authdb;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
150 LDAPConfig config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
151 LDAPGroupCache groups;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
153
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 struct ldap_user {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155 User user;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156 LDAPAuthDB *authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 LDAP *ldap;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
158 Session *sn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
159 Request *rq;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160 char *userdn;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
161 char *uid_attr;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
162 int uid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
163 int gid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
164 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
165
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
166 struct ldap_member {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
167 char *name;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
168 int uid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
169 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
170
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
171 struct ldap_group {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
172 char *name;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
173 char *dn;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
174 CxMap *members;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
175 time_t update;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
178 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
179 * Creates an LDAP AuthDB
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
180 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
181 * Config parameters (from ConfigNode *node):
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
182 * Resource ldap resource pool name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
183 * Basedn ldap base dn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
184 * Binddn binddn for search operations
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
185 * Bindpw binddn password
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
186 * DirectoryType type of the directory service (ldap|ad) which acts as
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
187 * config preset for filter and attribute settings
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
188 * UserSearchFilter ldap search filter for user dn resolution
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
189 * UidAttributes comma separated list of attributes, that contain the uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
190 * GroupSearchFilter ldap search filter for group resolution
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
191 * MemberAttributes comma separated list of group member attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
192 * MemberType member attribute type (dn|uid)
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
193 * EnableGroups enable or disable support for groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
194 * UserNameIsDn should the uid or the dn used internally as user name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
195 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
196 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
197 * If no Resource parameter is specified, a resource pool is automatically
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
198 * created with the name _<authdbname>_ldap and all parameters from the
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
199 * ConfigNode are passed to resourcepool_new(). That means, all ldap
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
200 * resource pool parameters can also specified in the AuthDB object.
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
201 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
202 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
203
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
204 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
205
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
206 User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
207
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
208 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
209
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
210 int ldap_user_verify_password(User *user, const char *password);
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
211 int ldap_user_check_group(User *user, const char *group);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
212 void ldap_user_free(User *user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
213
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
214 #ifdef __cplusplus
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
215 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
216 #endif
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
217
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
218 #endif /* LDAP_AUTH_H */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
219

Mercurial Repository: webserver

mercurial