src/server/daemon/ldap_auth.c@a4e1ba59b733 (annotated)
src/server/daemon/ldap_auth.c
Tue, 03 Feb 2026 19:09:53 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Tue, 03 Feb 2026 19:09:53 +0100
- changeset 661
- a4e1ba59b733
- parent 660
- f00d03835dd9
- permissions
- -rw-r--r--
use bool instead of WSBool in strreplace
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
44
3da1f7b6847f
added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
29 | #ifdef __gnu_linux__ |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
30 | #define _GNU_SOURCE |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
31 | #endif |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
32 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <stdio.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <stdlib.h> |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | #include <string.h> |
|
111
c93be34fde76
fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
109
diff
changeset
|
36 | #include <sys/time.h> |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
38 | #include <cx/hash_map.h> |
|
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
39 | #include <cx/printf.h> |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
40 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
41 | #include "../util/util.h" |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
42 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | #include "ldap_auth.h" |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
44 | #include "ldap_resource.h" |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
45 | |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
46 | #define CXSTR(s) {s, sizeof(s)-1} |
|
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
47 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
48 | static cxstring ws_ldap_default_uid_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
49 | CXSTR("uid") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
50 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
51 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
52 | static cxstring ws_ldap_default_member_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
53 | CXSTR("member"), |
|
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
54 | CXSTR("uniqueMember") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
55 | }; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
56 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
57 | static LDAPConfig ws_ldap_default_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
58 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
59 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
60 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
61 | NULL, // bindpw |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
62 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
63 | ws_ldap_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
64 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
65 | "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
66 | ws_ldap_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
67 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
68 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
69 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
70 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
71 | }; |
|
89
5eecce5314d6
fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
87
diff
changeset
|
72 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
73 | // TODO: AD |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
74 | static cxstring ws_ad_default_uid_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
75 | CXSTR("uid") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
76 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
77 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
78 | static cxstring ws_ad_default_member_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
79 | CXSTR("member"), |
|
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
80 | CXSTR("uniqueMember") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
81 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
82 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
83 | static LDAPConfig ws_ldap_ad_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
84 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
85 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
86 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
87 | NULL, // bindpw |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
88 | "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
89 | ws_ad_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
90 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
91 | "", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
92 | ws_ad_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
93 | 2, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
94 | WS_LDAP_GROUP_MEMBER_DN, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
95 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
96 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
97 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
98 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
99 | static cxstring ws_posix_default_uid_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
100 | CXSTR("uid") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
101 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
102 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
103 | static cxstring ws_posix_default_member_attr[] = { |
|
660
f00d03835dd9
update ucx to version 4.0
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
659
diff
changeset
|
104 | CXSTR("memberUid") |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
105 | }; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
106 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
107 | static LDAPConfig ws_ldap_posix_config = { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
108 | NULL, // resource |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
109 | NULL, // basedn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
110 | NULL, // binddn |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
111 | NULL, // bindpw |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
112 | "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
113 | ws_posix_default_uid_attr, // uidAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
114 | 1, // numUidAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
115 | "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
116 | ws_posix_default_member_attr, // memberAttributes |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
117 | 1, // numMemberAttributes |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
118 | WS_LDAP_GROUP_MEMBER_UID, // groupMemberType |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
119 | TRUE, // enableGroups |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
120 | FALSE // userNameIsDN |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
121 | }; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
122 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
123 | AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
124 | LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB)); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
125 | if(!authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
126 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
127 | } |
|
256
19259b6c5cf7
replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
111
diff
changeset
|
128 | authdb->authdb.name = pool_strdup(cfg->pool, name); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
129 | if(!authdb->authdb.name) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
130 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
131 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
132 | authdb->authdb.get_user = ldap_get_user; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
133 | authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
134 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
135 | // initialize default ldap config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
136 | cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
137 | LDAPConfig *default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
138 | if(!dirtype.ptr) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
139 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
140 | } else if(!cx_strcmp(dirtype, cx_str("ldap"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
141 | default_config = &ws_ldap_default_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
142 | } else if(!cx_strcmp(dirtype, cx_str("posix"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
143 | default_config = &ws_ldap_posix_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
144 | } else if(!cx_strcmp(dirtype, cx_str("ad"))) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
145 | default_config = &ws_ldap_ad_config; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
146 | } else { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
147 | log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
148 | } |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
149 | memcpy(&authdb->config, default_config, sizeof(LDAPConfig)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
150 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
151 | // custom config |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
152 | cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
153 | cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
154 | cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
155 | cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
156 | cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
157 | cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
158 | cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
159 | cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
160 | cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType")); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
161 | cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups")); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
162 | cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn")); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
163 | |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
164 | if(!resource.ptr) { |
|
473
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
165 | // implicitly create a resource pool for this authdb |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
166 | cxmutstr respool_name = cx_asprintf_a(cfg->a, "_authdb_%s", name); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
167 | if(!respool_name.ptr) { |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
168 | return NULL; |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
169 | } |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
170 | log_ereport( |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
171 | LOG_INFORM, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
172 | "ldap authdb %s: no resource specified: create resource pool %s", |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
173 | name, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
174 | respool_name.ptr); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
175 | if(resourcepool_new(cfg, cx_str("ldap"), cx_strcast(respool_name), node)) { |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
176 | log_ereport( |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
177 | LOG_FAILURE, |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
178 | "ldap authdb %s: cannot create ldap resource pool", |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
179 | name); |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
180 | return NULL; |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
181 | } |
|
102322b6f4ee
implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
472
diff
changeset
|
182 | authdb->config.resource = respool_name.ptr; |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
183 | } else { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
184 | authdb->config.resource = cx_strdup_a(cfg->a, resource).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
185 | if(!authdb->config.resource) return NULL; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
186 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
187 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
188 | if(!basedn.ptr) { |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
189 | log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
190 | return NULL; |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
191 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
192 | authdb->config.basedn = cx_strdup_a(cfg->a, basedn).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
193 | if(!authdb->config.basedn) return NULL; |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
194 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
195 | // optional config |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
196 | if(binddn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
197 | if(!bindpw.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
198 | log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
199 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
200 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
201 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
202 | authdb->config.binddn = cx_strdup_a(cfg->a, binddn).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
203 | authdb->config.bindpw = cx_strdup_a(cfg->a, bindpw).ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
204 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
205 | if(!authdb->config.binddn || !authdb->config.bindpw) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
206 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
207 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
208 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
209 | |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
210 | |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
211 | if(userSearchFilter.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
212 | authdb->config.userSearchFilter = cx_strdup_a(cfg->a, userSearchFilter).ptr; |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
213 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
214 | if(uidAttributes.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
215 | cxmutstr uidAttributesCopy = cx_strdup_a(cfg->a, uidAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
216 | if(uidAttributesCopy.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
217 | authdb->config.numUidAttributes = cx_strsplit_a( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
218 | cfg->a, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
219 | cx_strcast(uidAttributesCopy), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
220 | cx_str(","), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
221 | 1024, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
222 | &authdb->config.uidAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
223 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
224 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
225 | if(groupSearchFilter.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
226 | authdb->config.groupSearchFilter = groupSearchFilter.ptr; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
227 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
228 | if(memberAttributes.ptr) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
229 | cxmutstr memberAttributesCopy = cx_strdup_a(cfg->a, memberAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
230 | if(memberAttributesCopy.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
231 | authdb->config.numMemberAttributes = cx_strsplit_a( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
232 | cfg->a, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
233 | cx_strcast(memberAttributesCopy), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
234 | cx_str(","), |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
235 | 1024, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
236 | &authdb->config.memberAttributes); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
237 | } |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
238 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
239 | if(memberType.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
240 | if(!cx_strcmp(memberType, cx_str("dn"))) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
241 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
242 | } else if(!cx_strcmp(memberType, cx_str("uid"))) { |
|
469
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
243 | authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
244 | } else { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
245 | log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
246 | return NULL; |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
247 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
248 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
249 | if(enableGroups.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
250 | authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
251 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
252 | if(userNameIsDn.ptr) { |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
253 | authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE); |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
254 | } |
|
9a36a6b52e4c
load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
468
diff
changeset
|
255 | |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
256 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
257 | // initialize group cache |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
258 | authdb->groups.first = NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
259 | authdb->groups.last = NULL; |
| 490 | 260 | authdb->groups.map = cxHashMapCreate(cfg->a, CX_STORE_POINTERS, 32); |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
261 | if(!authdb->groups.map) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
262 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
263 | } |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
264 | |
|
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
265 | log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
266 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
267 | return (AuthDB*) authdb; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
268 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
269 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
270 | LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
271 | ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
272 | if(!res) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
273 | log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
274 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
275 | } |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
276 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
277 | LDAP *ldap = res->data; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
278 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
279 | if(authdb->config.binddn) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
280 | struct berval *server_cred; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
281 | int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
282 | if(r != LDAP_SUCCESS) { |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
283 | log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r)); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
284 | resourcepool_free(sn, rq, res); |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
285 | return NULL; |
|
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
286 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
287 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
288 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
289 | return ldap; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
290 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
291 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
292 | static LDAPUser* ldap_msg_to_user( |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
293 | Session *sn, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
294 | Request *rq, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
295 | LDAPAuthDB *authdb, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
296 | LDAP *ldap, |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
297 | LDAPMessage *msg) |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
298 | { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
299 | CxAllocator *a = pool_allocator(sn->pool); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
300 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
301 | LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
302 | if(!user) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
303 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
304 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
305 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
306 | // get dn |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
307 | char *ldap_dn = ldap_get_dn(ldap, msg); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
308 | if(!ldap_dn) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
309 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
310 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
311 | char *dn = pool_strdup(sn->pool, ldap_dn); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
312 | ldap_memfree(ldap_dn); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
313 | if(!dn) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
314 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
315 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
316 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
317 | // get uid |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
318 | char *uid = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
319 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
320 | // values of configured UidAttributes |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
321 | size_t numUidAttributes = authdb->config.numUidAttributes; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
322 | cxmutstr *uid_values = pool_calloc(sn->pool, authdb->config.numUidAttributes, sizeof(cxmutstr)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
323 | if(!uid_values) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
324 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
325 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
326 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
327 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
328 | BerElement *ber = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
329 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
330 | while(attribute) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
331 | cxstring attr = cx_str(attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
332 | for(int i=0;i<numUidAttributes;i++) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
333 | // check if the attribute is one of the uid attributes |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
334 | if(!uid_values[i].ptr && !cx_strcmp(attr, authdb->config.uidAttributes[i])) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
335 | // copy value to uid_values |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
336 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
337 | if(values) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
338 | int count = ldap_count_values_len(values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
339 | if(count > 0) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
340 | cxstring attr_val = cx_strn(values[0]->bv_val, values[0]->bv_len); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
341 | uid_values[i] = cx_strdup_a(a, attr_val); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
342 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
343 | log_ereport(LOG_FAILURE, "ldap user: dn: %s attribute %s: no values", dn, attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
344 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
345 | ldap_value_free_len(values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
346 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
347 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
348 | } |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
349 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
350 | if(uid_values[0].ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
351 | // if we found a value for the first attribute, we can use that |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
352 | break; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
353 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
354 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
355 | ldap_memfree(attribute); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
356 | attribute = ldap_next_attribute(ldap, msg, ber); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
357 | } |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
358 | if(ber) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
359 | ber_free(ber, 0); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
360 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
361 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
362 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
363 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
364 | // use first value as uid |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
365 | for(int i=0;i<numUidAttributes;i++) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
366 | if(uid_values[i].ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
367 | if(!uid) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
368 | uid = uid_values[i].ptr; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
369 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
370 | cxFree(a, uid_values[i].ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
371 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
372 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
373 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
374 | pool_free(sn->pool, uid_values); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
375 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
376 | // get user name |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
377 | char *username; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
378 | if(authdb->config.userNameIsDN) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
379 | username = dn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
380 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
381 | username = uid; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
382 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
383 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
384 | if(!username) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
385 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
386 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
387 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
388 | user->authdb = authdb; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
389 | user->user.verify_password = ldap_user_verify_password; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
390 | user->user.check_group = ldap_user_check_group; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
391 | user->user.free = ldap_user_free; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
392 | user->user.name = username; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
393 | user->sn = sn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
394 | user->rq = rq; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
395 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
396 | // TODO: get uid/gid from ldap |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
397 | user->user.uid = -1; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
398 | user->user.gid = -1; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
399 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
400 | user->ldap = ldap; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
401 | user->userdn = dn; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
402 | user->uid_attr = uid; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
403 | |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
404 | return user; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
405 | } |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
406 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
407 | User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
408 | LDAPAuthDB *authdb = (LDAPAuthDB*) db; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
409 | LDAPConfig *config = &authdb->config; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
410 | CxAllocator *a = pool_allocator(sn->pool); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
411 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
412 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
413 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
414 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
415 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
416 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
417 | // get the user dn |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
418 | cxstring userSearch = cx_str(config->userSearchFilter); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
419 | cxmutstr filter = cx_strreplace_a(a, userSearch, cx_str("%s"), cx_str(username)); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
420 | if(!filter.ptr) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
421 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
422 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
423 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
424 | log_ereport(LOG_DEBUG, "ldap_get_user: filter: %s", filter.ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
425 | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
426 | LDAPMessage *result; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
427 | struct timeval timeout; |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
428 | timeout.tv_sec = 8; // TODO: add config parameter for timeout |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
429 | timeout.tv_usec = 0; |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
430 | int r = ldap_search_ext_s( |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
431 | ld, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
432 | config->basedn, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
433 | LDAP_SCOPE_SUBTREE, |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
434 | filter.ptr, |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
435 | NULL, |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
436 | 0, |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
437 | NULL, // server controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
438 | NULL, // client controls |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
439 | &timeout, |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
440 | 2, // size limit |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
441 | &result); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
442 | cxFree(a, filter.ptr); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
443 | if(r != LDAP_SUCCESS) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
444 | if(result) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
445 | ldap_msgfree(result); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
446 | } |
|
468
73e80eb953f5
make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
467
diff
changeset
|
447 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r)); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
448 | return NULL; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
449 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
450 | if(!result) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
451 | // not sure if this can happen |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
452 | log_ereport(LOG_FAILURE, "ldap_get_user: search failed: no result"); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
453 | return NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
454 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
455 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
456 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
457 | LDAPUser *user = NULL; |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
458 | if(msg) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
459 | if(ldap_count_entries(ld, msg) > 1) { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
460 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
461 | } else { |
|
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
462 | user = ldap_msg_to_user(sn, rq, authdb, ld, msg); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
463 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
464 | } |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
465 | ldap_msgfree(result); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
466 | |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
467 | return (User*)user; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
468 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
469 | |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
470 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
471 | static int is_member_attribute(LDAPAuthDB *auth, const char *attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
472 | LDAPConfig *config = &auth->config; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
473 | cxstring attr = cx_str(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
474 | for(int i=0;i<config->numMemberAttributes;i++) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
475 | if(!cx_strcmp(config->memberAttributes[i], attr)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
476 | return 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
477 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
478 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
479 | return 0; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
480 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
481 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
482 | static int group_add_member(LDAPGroup *group, LDAP *ldap, LDAPMessage *msg, char *attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
483 | struct berval **values = ldap_get_values_len(ldap, msg, attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
484 | int ret = 0; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
485 | if(values) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
486 | int count = ldap_count_values_len(values); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
487 | for(int i=0;i<count;i++) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
488 | cxstring memberValue = cx_strn(values[i]->bv_val, values[i]->bv_len); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
489 | CxHashKey key = cx_hash_key(memberValue.ptr, memberValue.length); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
490 | char *g_member = cxMapGet(group->members, key); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
491 | if(!g_member) { |
| 579 | 492 | cxmutstr member = cx_strdup_a(group->members->collection.allocator, memberValue); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
493 | if(!member.ptr) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
494 | ret = 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
495 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
496 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
497 | if(cxMapPut(group->members, key, member.ptr)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
498 | ret = 1; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
499 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
500 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
501 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
502 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
503 | ldap_value_free_len(values); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
504 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
505 | return ret; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
506 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
507 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
508 | static LDAPGroup* ldap_msg_to_group( |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
509 | Session *sn, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
510 | Request *rq, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
511 | LDAPAuthDB *authdb, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
512 | LDAP *ldap, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
513 | LDAPMessage *msg, |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
514 | const char *group_name) |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
515 | { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
516 | CxAllocator *a = pool_allocator(sn->pool); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
517 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
518 | LDAPGroup *group = pool_malloc(sn->pool, sizeof(LDAPGroup)); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
519 | if(!group) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
520 | return NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
521 | } |
| 490 | 522 | group->members = cxHashMapCreate(a, CX_STORE_POINTERS, 32); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
523 | if(!group->members) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
524 | pool_free(sn->pool, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
525 | return NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
526 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
527 | group->name = pool_strdup(sn->pool, group_name); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
528 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
529 | BerElement *ber = NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
530 | char *attribute = ldap_first_attribute(ldap, msg, &ber); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
531 | while(attribute) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
532 | if(is_member_attribute(authdb, attribute)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
533 | if(group_add_member(group, ldap, msg, attribute)) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
534 | // OOM |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
535 | ldap_memfree(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
536 | // free at least some memory |
| 579 | 537 | cxMapFree(group->members); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
538 | pool_free(sn->pool, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
539 | group = NULL; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
540 | break; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
541 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
542 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
543 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
544 | ldap_memfree(attribute); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
545 | attribute = ldap_next_attribute(ldap, msg, ber); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
546 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
547 | if(ber) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
548 | ber_free(ber, 0); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
549 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
550 | |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
551 | return group; |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
552 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
553 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
554 | LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
555 | LDAPConfig *config = &authdb->config; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
556 | CxAllocator *a = pool_allocator(sn->pool); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
557 | |
|
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
558 | LDAP *ld = get_ldap_session(sn, rq, authdb); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
559 | if (ld == NULL) { |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
560 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
561 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
562 | |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
563 | // if userNameIsDN is true, group will be the full group dn and we |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
564 | // don't need to search with a filter, to get the entry |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
565 | char *filterStr; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
566 | const char *basedn; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
567 | int scope; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
568 | if(config->userNameIsDN) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
569 | filterStr = NULL; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
570 | basedn = group; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
571 | scope = LDAP_SCOPE_BASE; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
572 | } else { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
573 | cxstring groupSearch = cx_str(config->groupSearchFilter); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
574 | cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group)); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
575 | if(!filter.ptr) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
576 | return NULL; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
577 | } |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
578 | filterStr = filter.ptr; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
579 | basedn = config->basedn; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
580 | scope = LDAP_SCOPE_SUBTREE; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
581 | } |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
582 | |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
583 | log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
584 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
585 | LDAPMessage *result; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
586 | struct timeval timeout; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
587 | timeout.tv_sec = 8; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
588 | timeout.tv_usec = 0; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
589 | int r = ldap_search_ext_s( |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
590 | ld, |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
591 | basedn, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
592 | scope, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
593 | filterStr, |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
594 | NULL, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
595 | 0, |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
596 | NULL, // server controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
597 | NULL, // client controls |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
598 | &timeout, |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
599 | 2, // size limit |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
600 | &result); |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
601 | if(filterStr) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
602 | cxFree(a, filterStr); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
603 | } |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
604 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
605 | if (r != LDAP_SUCCESS) { |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
606 | if(result) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
607 | ldap_msgfree(result); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
608 | } |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
609 | log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r)); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
610 | return NULL; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
611 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
612 | |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
613 | LDAPMessage *msg = ldap_first_entry(ld, result); |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
614 | LDAPGroup *wsgroup = NULL; |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
615 | if(msg) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
616 | if(ldap_count_entries(ld, msg) > 1) { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
617 | log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result"); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
618 | } else { |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
619 | wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
620 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
621 | } |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
622 | ldap_msgfree(result); |
|
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
623 | |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
624 | return wsgroup; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
625 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
626 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
627 | int ldap_user_verify_password(User *u, const char *password) { |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
628 | LDAPUser *user = (LDAPUser*)u; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
629 | |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
630 | struct berval cred; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
631 | cred.bv_val = (char*)password; |
|
86
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
632 | cred.bv_len = strlen(password); |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
633 | struct berval *server_cred; |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
634 | int r = ldap_sasl_bind_s( |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
635 | user->ldap, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
636 | user->userdn, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
637 | LDAP_SASL_SIMPLE, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
638 | &cred, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
639 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
640 | NULL, |
|
49bb6c8ceb2b
replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
66
diff
changeset
|
641 | &server_cred); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
642 | if(r == LDAP_SUCCESS) { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
643 | log_ereport(LOG_VERBOSE, "ldap user %s password ok", user->userdn); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
644 | return 1; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
645 | } else { |
|
470
467ed0f559af
refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
469
diff
changeset
|
646 | log_ereport(LOG_VERBOSE, "ldap user %s password not ok", user->userdn); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
647 | return 0; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
648 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
649 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
650 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
256
diff
changeset
|
651 | int ldap_user_check_group(User *u, const char *group_str) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
652 | LDAPUser *user = (LDAPUser*)u; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
653 | LDAPAuthDB *authdb = user->authdb; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
654 | if(!authdb->config.enableGroups) { |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
655 | log_ereport( |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
656 | LOG_DEBUG, |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
657 | "ldap_user_check_group: authdb %s: groups disabled", |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
658 | authdb->authdb.name); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
659 | return 0; |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
660 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
661 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
662 | int ret = 0; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
663 | LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
664 | if(group) { |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
665 | const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr; |
|
659
07b815faa6ac
remove unnecessary usage of cx_hash_key_str
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
584
diff
changeset
|
666 | char *member = cxMapGet(group->members, usr); |
|
471
9aa5ae3258f5
minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
470
diff
changeset
|
667 | if(member) { |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
668 | ret = 1; |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
669 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
670 | } |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
671 | |
|
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
672 | return ret; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
673 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
674 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
675 | void ldap_user_free(User *u) { |
|
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
44
diff
changeset
|
676 | LDAPUser *user = (LDAPUser*)u; |
|
472
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
677 | pool_free(user->sn->pool, user->userdn); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
678 | pool_free(user->sn->pool, user->uid_attr); |
|
d6bc67906c8c
implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
471
diff
changeset
|
679 | pool_free(user->sn->pool, user); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
680 | } |
