src/server/daemon/ldap_auth.h

Thu, 16 Mar 2023 19:38:18 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Thu, 16 Mar 2023 19:38:18 +0100
changeset 472
d6bc67906c8c
parent 471
9aa5ae3258f5
permissions
-rw-r--r--

implement userNameIsDN and enableGroups for ldap auth

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 42
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #ifndef LDAP_AUTH_H
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #define LDAP_AUTH_H
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
32 #include "../public/auth.h"
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
33 #include <sys/types.h>
162
b169992137a8 improves cgi error handling and allows requests with empty headers
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 161
diff changeset
34 #include <ldap.h>
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
35 #include <cx/map.h>
161
aadda87bad1b more windows porting
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 97
diff changeset
36
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 162
diff changeset
37 #include "config.h"
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 162
diff changeset
38
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39 #ifdef __cplusplus
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 extern "C" {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #endif
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
43 typedef struct ldap_auth_db LDAPAuthDB;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
44 typedef struct ldap_config LDAPConfig;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
45 typedef struct ldap_user LDAPUser;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
46 typedef struct ldap_group LDAPGroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
47 typedef struct ldap_member LDAPMember;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
48 typedef struct ldap_group_cache LDAPGroupCache;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
49
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
50 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
51
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
52 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
53 * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
54 * e.g. member attribute of posixGroup
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
55 * memberUid: user
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
56 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
57 enum WSLdapGroupMemberType {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
58 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
59 * the member attribute contains the full user dn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
60 * for example object class groupOfUniqueNames attribute uniqueMember
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
61 * uniqueMember: uid=user,ou=People,dc=example,dc=com
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
62 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
63 WS_LDAP_GROUP_MEMBER_DN = 0,
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
64
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
65 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
66 * the member attribute contains the user uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
67 * for example object class posixGroup attribute memberUid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
68 * memberUid: user
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
69 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
70 WS_LDAP_GROUP_MEMBER_UID
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
71 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
72
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 struct ldap_config {
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
74 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
75 * ldap resource pool name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
76 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
77 const char *resource;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
78
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
79 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
80 * ldap basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
81 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
82 const char *basedn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
83
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
84 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
85 * default bind dn for search operations
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
86 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
87 const char *binddn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
88
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
89 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
90 * password for default binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
91 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
92 const char *bindpw;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
93
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
94 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
95 * the ldap filter used to resolve user names to DN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
96 * this can be specified in the config file directly or it will
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
97 * auto-generated later, so it must always be a non-empty string
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
98 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
99 const char *userSearchFilter;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
100
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
101 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
102 * array of user id attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
103 */
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
104 cxstring *uidAttributes;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
105
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
106 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
107 * number of uid attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
108 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
109 size_t numUidAttributes;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
110
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
111 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
112 * same as userSearchFilter, but for groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
113 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
114 const char *groupSearchFilter;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
115
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
116 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
117 * array of attributes that represent group members
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
118 */
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
119 cxstring *memberAttributes;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
120
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
121 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
122 * number of group member attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
123 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
124 size_t numMemberAttributes;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
125
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
126 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
127 * value type of the group member attribute
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
128 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
129 enum WSLdapGroupMemberType groupMemberType;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
130
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
131 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
132 * enables/disables support for ldap groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
133 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
134 WSBool enableGroups;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
135
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
136 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
137 * use the full DN internally as user name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
138 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
139 WSBool userNameIsDN;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
142 struct ldap_group_cache {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
143 LDAPGroup *first;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
144 LDAPGroup *last;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
145 CxMap *map;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
146 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
147
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
148 struct ldap_auth_db {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
149 AuthDB authdb;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
150 LDAPConfig config;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
151 LDAPGroupCache groups;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
153
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 struct ldap_user {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155 User user;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156 LDAPAuthDB *authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 LDAP *ldap;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
158 Session *sn;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
159 Request *rq;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160 char *userdn;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
161 char *uid_attr;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
162 int uid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
163 int gid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
164 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
165
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
166 struct ldap_member {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
167 char *name;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
168 int uid;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
169 };
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
170
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
171 struct ldap_group {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
172 char *name;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
173 char *dn;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
174 CxMap *members;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
175 time_t update;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 };
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
178 /*
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
179 * Creates an LDAP AuthDB
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
180 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
181 * Config parameters (from ConfigNode *node):
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
182 * Resource ldap resource pool name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
183 * Basedn ldap base dn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
184 * Binddn binddn for search operations
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
185 * Bindpw binddn password
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
186 * DirectoryType type of the directory service (ldap|ad) which acts as
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
187 * config preset for filter and attribute settings
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
188 * UserSearchFilter ldap search filter for user dn resolution
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
189 * UidAttributes comma separated list of attributes, that contain the uid
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
190 * GroupSearchFilter ldap search filter for group resolution
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
191 * MemberAttributes comma separated list of group member attributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
192 * MemberType member attribute type (dn|uid)
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
193 * EnableGroups enable or disable support for groups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
194 * UserNameIsDn should the uid or the dn used internally as user name
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
195 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
196 *
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
197 * If no Resource parameter is specified, a resource pool is automatically
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
198 * created with the name _<authdbname>_ldap and all parameters from the
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
199 * ConfigNode are passed to resourcepool_new(). That means, all ldap
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
200 * resource pool parameters can also specified in the AuthDB object.
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
201 */
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
202 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
203
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
204 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
205
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
206 User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
207
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
208 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
209
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
210 int ldap_user_verify_password(User *user, const char *password);
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
211 int ldap_user_check_group(User *user, const char *group);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
212 void ldap_user_free(User *user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
213
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
214 #ifdef __cplusplus
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
215 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
216 #endif
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
217
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
218 #endif /* LDAP_AUTH_H */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
219

mercurial