Thu, 16 Mar 2023 19:38:18 +0100
implement userNameIsDN and enableGroups for ldap auth
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
42
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #ifndef LDAP_AUTH_H |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #define LDAP_AUTH_H |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | |
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
32 | #include "../public/auth.h" |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
33 | #include <sys/types.h> |
162
b169992137a8
improves cgi error handling and allows requests with empty headers
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
161
diff
changeset
|
34 | #include <ldap.h> |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
35 | #include <cx/map.h> |
161
aadda87bad1b
more windows porting
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
97
diff
changeset
|
36 | |
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
162
diff
changeset
|
37 | #include "config.h" |
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
162
diff
changeset
|
38 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
39 | #ifdef __cplusplus |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | extern "C" { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | #endif |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
43 | typedef struct ldap_auth_db LDAPAuthDB; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
44 | typedef struct ldap_config LDAPConfig; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
45 | typedef struct ldap_user LDAPUser; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
46 | typedef struct ldap_group LDAPGroup; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
47 | typedef struct ldap_member LDAPMember; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
48 | typedef struct ldap_group_cache LDAPGroupCache; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
49 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
50 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
51 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
52 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
53 | * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
54 | * e.g. member attribute of posixGroup |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
55 | * memberUid: user |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | enum WSLdapGroupMemberType { |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | * the member attribute contains the full user dn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | * for example object class groupOfUniqueNames attribute uniqueMember |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
61 | * uniqueMember: uid=user,ou=People,dc=example,dc=com |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
62 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
63 | WS_LDAP_GROUP_MEMBER_DN = 0, |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
64 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
65 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
66 | * the member attribute contains the user uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | * for example object class posixGroup attribute memberUid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | * memberUid: user |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
70 | WS_LDAP_GROUP_MEMBER_UID |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
71 | }; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
72 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | struct ldap_config { |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
74 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
75 | * ldap resource pool name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
76 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
77 | const char *resource; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
78 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
79 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
80 | * ldap basedn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
81 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
82 | const char *basedn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | * default bind dn for search operations |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
87 | const char *binddn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
88 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
89 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
90 | * password for default binddn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
91 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
92 | const char *bindpw; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | * the ldap filter used to resolve user names to DN |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | * this can be specified in the config file directly or it will |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
97 | * auto-generated later, so it must always be a non-empty string |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
98 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
99 | const char *userSearchFilter; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
100 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
101 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
102 | * array of user id attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
103 | */ |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
104 | cxstring *uidAttributes; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
105 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
106 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | * number of uid attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | size_t numUidAttributes; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
111 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
112 | * same as userSearchFilter, but for groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
113 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
114 | const char *groupSearchFilter; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
115 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
116 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | * array of attributes that represent group members |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | */ |
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
119 | cxstring *memberAttributes; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
122 | * number of group member attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
123 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
124 | size_t numMemberAttributes; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
126 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
127 | * value type of the group member attribute |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
128 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | enum WSLdapGroupMemberType groupMemberType; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
130 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
131 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
132 | * enables/disables support for ldap groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
133 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | WSBool enableGroups; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | * use the full DN internally as user name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | WSBool userNameIsDN; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
140 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
141 | |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
142 | struct ldap_group_cache { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
143 | LDAPGroup *first; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
144 | LDAPGroup *last; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
145 | CxMap *map; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
146 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
147 | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
148 | struct ldap_auth_db { |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
149 | AuthDB authdb; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
150 | LDAPConfig config; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
151 | LDAPGroupCache groups; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
152 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
153 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | struct ldap_user { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
155 | User user; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
156 | LDAPAuthDB *authdb; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
157 | LDAP *ldap; |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
158 | Session *sn; |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
159 | Request *rq; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
160 | char *userdn; |
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
161 | char *uid_attr; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
162 | int uid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
163 | int gid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
164 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
165 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
166 | struct ldap_member { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
167 | char *name; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
168 | int uid; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
169 | }; |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
170 | |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
171 | struct ldap_group { |
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
172 | char *name; |
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
173 | char *dn; |
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
174 | CxMap *members; |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
175 | time_t update; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
176 | }; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
177 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
178 | /* |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
179 | * Creates an LDAP AuthDB |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
180 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
181 | * Config parameters (from ConfigNode *node): |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
182 | * Resource ldap resource pool name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
183 | * Basedn ldap base dn |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
184 | * Binddn binddn for search operations |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
185 | * Bindpw binddn password |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
186 | * DirectoryType type of the directory service (ldap|ad) which acts as |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
187 | * config preset for filter and attribute settings |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
188 | * UserSearchFilter ldap search filter for user dn resolution |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
189 | * UidAttributes comma separated list of attributes, that contain the uid |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
190 | * GroupSearchFilter ldap search filter for group resolution |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
191 | * MemberAttributes comma separated list of group member attributes |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
192 | * MemberType member attribute type (dn|uid) |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
193 | * EnableGroups enable or disable support for groups |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
194 | * UserNameIsDn should the uid or the dn used internally as user name |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
195 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
196 | * |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
197 | * If no Resource parameter is specified, a resource pool is automatically |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
198 | * created with the name _<authdbname>_ldap and all parameters from the |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
199 | * ConfigNode are passed to resourcepool_new(). That means, all ldap |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
200 | * resource pool parameters can also specified in the AuthDB object. |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
201 | */ |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
202 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
203 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
204 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
205 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
206 | User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username); |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
207 | |
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
208 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group); |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
209 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
210 | int ldap_user_verify_password(User *user, const char *password); |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
211 | int ldap_user_check_group(User *user, const char *group); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
212 | void ldap_user_free(User *user); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
213 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
214 | #ifdef __cplusplus |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
215 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
216 | #endif |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
217 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
218 | #endif /* LDAP_AUTH_H */ |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
219 |