Wed, 05 Jun 2024 19:50:44 +0200
add extra nullptr check in the event loop to handle the case when the finish ptr is set to NULL after it was already scheduled
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
42
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #ifndef LDAP_AUTH_H |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #define LDAP_AUTH_H |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | |
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
32 | #include "../public/auth.h" |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
33 | #include <sys/types.h> |
162
b169992137a8
improves cgi error handling and allows requests with empty headers
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
161
diff
changeset
|
34 | #include <ldap.h> |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
35 | #include <cx/map.h> |
161
aadda87bad1b
more windows porting
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
97
diff
changeset
|
36 | |
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
162
diff
changeset
|
37 | #include "config.h" |
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
162
diff
changeset
|
38 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
39 | #ifdef __cplusplus |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | extern "C" { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | #endif |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
43 | typedef struct ldap_auth_db LDAPAuthDB; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
44 | typedef struct ldap_config LDAPConfig; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
45 | typedef struct ldap_user LDAPUser; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
46 | typedef struct ldap_group LDAPGroup; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
47 | typedef struct ldap_member LDAPMember; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
48 | typedef struct ldap_group_cache LDAPGroupCache; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
49 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
50 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
51 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
52 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
53 | * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
54 | * e.g. member attribute of posixGroup |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
55 | * memberUid: user |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | enum WSLdapGroupMemberType { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | * the member attribute contains the full user dn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | * for example object class groupOfUniqueNames attribute uniqueMember |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
61 | * uniqueMember: uid=user,ou=People,dc=example,dc=com |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
62 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
63 | WS_LDAP_GROUP_MEMBER_DN = 0, |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
64 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
65 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
66 | * the member attribute contains the user uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | * for example object class posixGroup attribute memberUid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | * memberUid: user |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
70 | WS_LDAP_GROUP_MEMBER_UID |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
71 | }; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
72 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | struct ldap_config { |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
74 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
75 | * ldap resource pool name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
76 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
77 | const char *resource; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
78 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
79 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
80 | * ldap basedn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
81 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
82 | const char *basedn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | * default bind dn for search operations |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
87 | const char *binddn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
88 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
89 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
90 | * password for default binddn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
91 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
92 | const char *bindpw; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | * the ldap filter used to resolve user names to DN |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | * this can be specified in the config file directly or it will |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
97 | * auto-generated later, so it must always be a non-empty string |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
98 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
99 | const char *userSearchFilter; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
100 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
101 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
102 | * array of user id attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
103 | */ |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
104 | cxstring *uidAttributes; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
105 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
106 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | * number of uid attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | size_t numUidAttributes; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
111 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
112 | * same as userSearchFilter, but for groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
113 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
114 | const char *groupSearchFilter; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
115 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
116 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | * array of attributes that represent group members |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | */ |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
119 | cxstring *memberAttributes; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
122 | * number of group member attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
123 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
124 | size_t numMemberAttributes; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
126 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
127 | * value type of the group member attribute |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
128 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | enum WSLdapGroupMemberType groupMemberType; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
130 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
131 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
132 | * enables/disables support for ldap groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
133 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | WSBool enableGroups; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | * use the full DN internally as user name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | WSBool userNameIsDN; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
140 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
141 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
142 | struct ldap_group_cache { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
143 | LDAPGroup *first; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
144 | LDAPGroup *last; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
145 | CxMap *map; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
146 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
147 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
148 | struct ldap_auth_db { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
149 | AuthDB authdb; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
150 | LDAPConfig config; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
151 | LDAPGroupCache groups; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
152 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
153 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | struct ldap_user { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
155 | User user; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
156 | LDAPAuthDB *authdb; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
157 | LDAP *ldap; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
158 | Session *sn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
159 | Request *rq; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
160 | char *userdn; |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
161 | char *uid_attr; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
162 | int uid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
163 | int gid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
164 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
165 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
166 | struct ldap_member { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
167 | char *name; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
168 | int uid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
169 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
170 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
171 | struct ldap_group { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
172 | char *name; |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
173 | char *dn; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
174 | CxMap *members; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
175 | time_t update; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
176 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
177 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
178 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
179 | * Creates an LDAP AuthDB |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
180 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
181 | * Config parameters (from ConfigNode *node): |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
182 | * Resource ldap resource pool name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
183 | * Basedn ldap base dn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
184 | * Binddn binddn for search operations |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
185 | * Bindpw binddn password |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
186 | * DirectoryType type of the directory service (ldap|ad) which acts as |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
187 | * config preset for filter and attribute settings |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
188 | * UserSearchFilter ldap search filter for user dn resolution |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
189 | * UidAttributes comma separated list of attributes, that contain the uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
190 | * GroupSearchFilter ldap search filter for group resolution |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
191 | * MemberAttributes comma separated list of group member attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
192 | * MemberType member attribute type (dn|uid) |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
193 | * EnableGroups enable or disable support for groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
194 | * UserNameIsDn should the uid or the dn used internally as user name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
195 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
196 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
197 | * If no Resource parameter is specified, a resource pool is automatically |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
198 | * created with the name _<authdbname>_ldap and all parameters from the |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
199 | * ConfigNode are passed to resourcepool_new(). That means, all ldap |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
200 | * resource pool parameters can also specified in the AuthDB object. |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
201 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
202 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
203 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
204 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
205 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
206 | User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
207 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
208 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
209 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
210 | int ldap_user_verify_password(User *user, const char *password); |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
211 | int ldap_user_check_group(User *user, const char *group); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
212 | void ldap_user_free(User *user); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
213 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
214 | #ifdef __cplusplus |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
215 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
216 | #endif |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
217 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
218 | #endif /* LDAP_AUTH_H */ |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
219 |