Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/ldap_auth.c

src/server/daemon/ldap_auth.c

changeset 469
9a36a6b52e4c
parent 468
73e80eb953f5
child 470
467ed0f559af
equal deleted inserted replaced
468:73e80eb953f5 469:9a36a6b52e4c
36 #include <sys/time.h> 36 #include <sys/time.h>
37 37
38 #include <cx/utils.h> 38 #include <cx/utils.h>
39 #include <cx/hash_map.h> 39 #include <cx/hash_map.h>
40 40
41 #include "../util/util.h"
42
41 #include "ldap_auth.h" 43 #include "ldap_auth.h"
42 #include "ldap_resource.h" 44 #include "ldap_resource.h"
43 45
46 static cxstring ws_ldap_default_uid_attr[] = {
47 CX_STR("uid")
48 };
49
50 static cxstring ws_ldap_default_member_attr[] = {
51 CX_STR("member"),
52 CX_STR("uniqueMember")
53 };
44 54
45 static LDAPConfig ws_ldap_default_config = { 55 static LDAPConfig ws_ldap_default_config = {
46 NULL, // resource 56 NULL, // resource
47 NULL, // basedn 57 NULL, // basedn
48 NULL, // binddn 58 NULL, // binddn
49 NULL, // bindpw 59 NULL, // bindpw
50 "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter 60 "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter
51 {"uid"}, // uidAttributes 61 ws_ldap_default_uid_attr, // uidAttributes
52 1, // numUidAttributes 62 1, // numUidAttributes
53 "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter 63 "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter
54 {"member", "uniqueMember"}, // memberAttributes 64 ws_ldap_default_member_attr, // memberAttributes
55 2, // numMemberAttributes 65 2, // numMemberAttributes
56 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType 66 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
57 TRUE, // enableGroups 67 TRUE, // enableGroups
58 FALSE // userNameIsDN 68 FALSE // userNameIsDN
59 }; 69 };
60 70
61 // TODO 71 // TODO: AD
72 static cxstring ws_ad_default_uid_attr[] = {
73 CX_STR("uid")
74 };
75
76 static cxstring ws_ad_default_member_attr[] = {
77 CX_STR("member"),
78 CX_STR("uniqueMember")
79 };
80
62 static LDAPConfig ws_ldap_ad_config = { 81 static LDAPConfig ws_ldap_ad_config = {
63 NULL, // resource 82 NULL, // resource
64 NULL, // basedn 83 NULL, // basedn
65 NULL, // binddn 84 NULL, // binddn
66 NULL, // bindpw 85 NULL, // bindpw
67 "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter 86 "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter
68 {"uid"}, // uidAttributes 87 ws_ad_default_uid_attr, // uidAttributes
69 1, // numUidAttributes 88 1, // numUidAttributes
70 "", // groupSearchFilter 89 "", // groupSearchFilter
71 {"uniqueMember", "member"}, // memberAttributes 90 ws_ad_default_member_attr, // memberAttributes
72 2, // numMemberAttributes 91 2, // numMemberAttributes
73 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType 92 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
74 TRUE, // enableGroups 93 TRUE, // enableGroups
75 FALSE // userNameIsDN 94 FALSE // userNameIsDN
95 };
96
97 static cxstring ws_posix_default_uid_attr[] = {
98 CX_STR("uid")
99 };
100
101 static cxstring ws_posix_default_member_attr[] = {
102 CX_STR("memberUid")
76 }; 103 };
77 104
78 static LDAPConfig ws_ldap_posix_config = { 105 static LDAPConfig ws_ldap_posix_config = {
79 NULL, // resource 106 NULL, // resource
80 NULL, // basedn 107 NULL, // basedn
81 NULL, // binddn 108 NULL, // binddn
82 NULL, // bindpw 109 NULL, // bindpw
83 "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter 110 "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter
84 {"uid"}, // uidAttributes 111 ws_posix_default_uid_attr, // uidAttributes
85 1, // numUidAttributes 112 1, // numUidAttributes
86 "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter 113 "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter
87 {"memberUid"}, // memberAttributes 114 ws_posix_default_member_attr, // memberAttributes
88 1, // numMemberAttributes 115 1, // numMemberAttributes
89 WS_LDAP_GROUP_MEMBER_UID, // groupMemberType 116 WS_LDAP_GROUP_MEMBER_UID, // groupMemberType
90 TRUE, // enableGroups 117 TRUE, // enableGroups
91 FALSE // userNameIsDN 118 FALSE // userNameIsDN
92 }; 119 };
122 // custom config 149 // custom config
123 cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource")); 150 cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource"));
124 cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); 151 cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn"));
125 cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); 152 cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn"));
126 cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); 153 cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw"));
127 cxstring usersearchfilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); 154 cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter"));
128 // TODO ... 155 cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes"));
156 cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter"));
157 cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes"));
158 cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType"));
159 cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups"));
160 cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn"));
129 161
130 if(!resource.ptr) { 162 if(!resource.ptr) {
131 // TODO: create resource pool 163 // TODO: create resource pool
132 } else { 164 } else {
133 authdb->config.resource = resource.ptr; 165 authdb->config.resource = resource.ptr;
136 if(!basedn.ptr) { 168 if(!basedn.ptr) {
137 log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); 169 log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name);
138 return NULL; 170 return NULL;
139 } 171 }
140 authdb->config.basedn = basedn.ptr; 172 authdb->config.basedn = basedn.ptr;
173
174 // optional config
175 if(binddn.ptr) {
176 if(!bindpw.ptr) {
177 log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name);
178 return NULL;
179 }
180
181 authdb->config.binddn = binddn.ptr;
182 authdb->config.bindpw = bindpw.ptr;
183 }
184
185 if(userSearchFilter.ptr) {
186 authdb->config.userSearchFilter = userSearchFilter.ptr;
187 }
188 if(uidAttributes.ptr) {
189 authdb->config.numUidAttributes = cx_strsplit_a(
190 cfg->a,
191 uidAttributes,
192 cx_str(","),
193 1024,
194 &authdb->config.uidAttributes);
195 }
196 if(groupSearchFilter.ptr) {
197 authdb->config.groupSearchFilter = groupSearchFilter.ptr;
198 }
199 if(memberAttributes.ptr) {
200 authdb->config.numMemberAttributes = cx_strsplit_a(
201 cfg->a,
202 memberAttributes,
203 cx_str(","),
204 1024,
205 &authdb->config.memberAttributes);
206 }
207 if(memberType.ptr) {
208 if(!cx_strcmp(memberType, cx_str("dn"))) {
209 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN;
210 } else if(cx_strcmp(memberType, cx_str("uid"))) {
211 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID;
212 } else {
213 log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr);
214 return NULL;
215 }
216 }
217 if(enableGroups.ptr) {
218 authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE);
219 }
220 if(userNameIsDn.ptr) {
221 authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE);
222 }
141 223
142 224
143 // initialize group cache 225 // initialize group cache
144 authdb->groups.first = NULL; 226 authdb->groups.first = NULL;
145 authdb->groups.last = NULL; 227 authdb->groups.last = NULL;

Mercurial Repository: webserver

mercurial