Mercurial > hg > webserver / annotate

src/server/daemon/ldap_auth.c@f3ddd6dc8e7b (annotated)

src/server/daemon/ldap_auth.c

Mon, 26 May 2025 21:13:11 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Mon, 26 May 2025 21:13:11 +0200
changeset 584
f3ddd6dc8e7b
parent 579
e10457d74fe1
permissions
-rw-r--r--

remove ucx utils.h includes

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 38
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
29 #ifdef __gnu_linux__
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
30 #define _GNU_SOURCE
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
31 #endif
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
32
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <stdio.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include <stdlib.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #include <string.h>
111
c93be34fde76 fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
36 #include <sys/time.h>
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
38 #include <cx/hash_map.h>
473
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
39 #include <cx/printf.h>
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
40
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
41 #include "../util/util.h"
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
42
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 #include "ldap_auth.h"
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
44 #include "ldap_resource.h"
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
46 static cxstring ws_ldap_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
47 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
48 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
49
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
50 static cxstring ws_ldap_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
51 CX_STR("member"),
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
52 CX_STR("uniqueMember")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
53 };
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
54
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
55 static LDAPConfig ws_ldap_default_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
56 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
57 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
58 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
59 NULL, // bindpw
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
60 "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
61 ws_ldap_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
62 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
63 "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
64 ws_ldap_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
65 2, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
66 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
67 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
68 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
69 };
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
70
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
71 // TODO: AD
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
72 static cxstring ws_ad_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
73 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
74 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
75
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
76 static cxstring ws_ad_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
77 CX_STR("member"),
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
78 CX_STR("uniqueMember")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
79 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
80
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
81 static LDAPConfig ws_ldap_ad_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
82 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
83 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
84 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
85 NULL, // bindpw
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
86 "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
87 ws_ad_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
88 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
89 "", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
90 ws_ad_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
91 2, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
92 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
93 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
94 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
95 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
96
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
97 static cxstring ws_posix_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
98 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
99 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
100
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
101 static cxstring ws_posix_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
102 CX_STR("memberUid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
103 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
104
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
105 static LDAPConfig ws_ldap_posix_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
106 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
107 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
108 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
109 NULL, // bindpw
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
110 "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
111 ws_posix_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
112 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
113 "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
114 ws_posix_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
115 1, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
116 WS_LDAP_GROUP_MEMBER_UID, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
117 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
118 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
119 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
120
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
121 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
122 LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB));
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
123 if(!authdb) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
124 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
125 }
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
126 authdb->authdb.name = pool_strdup(cfg->pool, name);
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
127 if(!authdb->authdb.name) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
128 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
129 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 authdb->authdb.get_user = ldap_get_user;
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
131 authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
132
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
133 // initialize default ldap config
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
134 cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
135 LDAPConfig *default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
136 if(!dirtype.ptr) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
137 default_config = &ws_ldap_default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
138 } else if(!cx_strcmp(dirtype, cx_str("ldap"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
139 default_config = &ws_ldap_default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
140 } else if(!cx_strcmp(dirtype, cx_str("posix"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
141 default_config = &ws_ldap_posix_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
142 } else if(!cx_strcmp(dirtype, cx_str("ad"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
143 default_config = &ws_ldap_ad_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
144 } else {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
145 log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
146 }
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
147 memcpy(&authdb->config, default_config, sizeof(LDAPConfig));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
148
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
149 // custom config
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
150 cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
151 cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
152 cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
153 cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw"));
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
154 cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
155 cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
156 cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
157 cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
158 cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
159 cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups"));
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
160 cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn"));
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
161
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
162 if(!resource.ptr) {
473
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
163 // implicitly create a resource pool for this authdb
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
164 cxmutstr respool_name = cx_asprintf_a(cfg->a, "_authdb_%s", name);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
165 if(!respool_name.ptr) {
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
166 return NULL;
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
167 }
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
168 log_ereport(
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
169 LOG_INFORM,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
170 "ldap authdb %s: no resource specified: create resource pool %s",
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
171 name,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
172 respool_name.ptr);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
173 if(resourcepool_new(cfg, cx_str("ldap"), cx_strcast(respool_name), node)) {
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
174 log_ereport(
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
175 LOG_FAILURE,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
176 "ldap authdb %s: cannot create ldap resource pool",
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
177 name);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
178 return NULL;
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
179 }
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
180 authdb->config.resource = respool_name.ptr;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
181 } else {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
182 authdb->config.resource = cx_strdup_a(cfg->a, resource).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
183 if(!authdb->config.resource) return NULL;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
184 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
185
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
186 if(!basedn.ptr) {
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
187 log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name);
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
188 return NULL;
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
189 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
190 authdb->config.basedn = cx_strdup_a(cfg->a, basedn).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
191 if(!authdb->config.basedn) return NULL;
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
192
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
193 // optional config
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
194 if(binddn.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
195 if(!bindpw.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
196 log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
197 return NULL;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
198 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
199
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
200 authdb->config.binddn = cx_strdup_a(cfg->a, binddn).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
201 authdb->config.bindpw = cx_strdup_a(cfg->a, bindpw).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
202
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
203 if(!authdb->config.binddn || !authdb->config.bindpw) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
204 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
205 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
206 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
207
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
208
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
209 if(userSearchFilter.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
210 authdb->config.userSearchFilter = cx_strdup_a(cfg->a, userSearchFilter).ptr;
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
211 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
212 if(uidAttributes.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
213 cxmutstr uidAttributesCopy = cx_strdup_a(cfg->a, uidAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
214 if(uidAttributesCopy.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
215 authdb->config.numUidAttributes = cx_strsplit_a(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
216 cfg->a,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
217 cx_strcast(uidAttributesCopy),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
218 cx_str(","),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
219 1024,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
220 &authdb->config.uidAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
221 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
222 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
223 if(groupSearchFilter.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
224 authdb->config.groupSearchFilter = groupSearchFilter.ptr;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
225 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
226 if(memberAttributes.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
227 cxmutstr memberAttributesCopy = cx_strdup_a(cfg->a, memberAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
228 if(memberAttributesCopy.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
229 authdb->config.numMemberAttributes = cx_strsplit_a(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
230 cfg->a,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
231 cx_strcast(memberAttributesCopy),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
232 cx_str(","),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
233 1024,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
234 &authdb->config.memberAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
235 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
236 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
237 if(memberType.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
238 if(!cx_strcmp(memberType, cx_str("dn"))) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
239 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
240 } else if(!cx_strcmp(memberType, cx_str("uid"))) {
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
241 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
242 } else {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
243 log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
244 return NULL;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
245 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
246 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
247 if(enableGroups.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
248 authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
249 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
250 if(userNameIsDn.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
251 authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
252 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
253
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
254
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
255 // initialize group cache
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
256 authdb->groups.first = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
257 authdb->groups.last = NULL;
490
d218607f5a7e update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 473
diff changeset
258 authdb->groups.map = cxHashMapCreate(cfg->a, CX_STORE_POINTERS, 32);
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
259 if(!authdb->groups.map) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
260 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
261 }
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
262
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
263 log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
264
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
265 return (AuthDB*) authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
266 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
267
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
268 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
269 ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
270 if(!res) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
271 log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
272 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
273 }
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
274
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
275 LDAP *ldap = res->data;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
276
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
277 if(authdb->config.binddn) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
278 struct berval *server_cred;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
279 int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
280 if(r != LDAP_SUCCESS) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
281 log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
282 resourcepool_free(sn, rq, res);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
283 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
284 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
285 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
286
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
287 return ldap;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
288 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
289
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
290 static LDAPUser* ldap_msg_to_user(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
291 Session *sn,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
292 Request *rq,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
293 LDAPAuthDB *authdb,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
294 LDAP *ldap,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
295 LDAPMessage *msg)
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
296 {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
297 CxAllocator *a = pool_allocator(sn->pool);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
298
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
299 LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
300 if(!user) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
301 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
302 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
303
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
304 // get dn
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
305 char *ldap_dn = ldap_get_dn(ldap, msg);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
306 if(!ldap_dn) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
307 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
308 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
309 char *dn = pool_strdup(sn->pool, ldap_dn);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
310 ldap_memfree(ldap_dn);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
311 if(!dn) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
312 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
313 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
314
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
315 // get uid
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
316 char *uid = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
317
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
318 // values of configured UidAttributes
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
319 size_t numUidAttributes = authdb->config.numUidAttributes;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
320 cxmutstr *uid_values = pool_calloc(sn->pool, authdb->config.numUidAttributes, sizeof(cxmutstr));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
321 if(!uid_values) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
322 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
323 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
324
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
325
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
326 BerElement *ber = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
327 char *attribute = ldap_first_attribute(ldap, msg, &ber);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
328 while(attribute) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
329 cxstring attr = cx_str(attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
330 for(int i=0;i<numUidAttributes;i++) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
331 // check if the attribute is one of the uid attributes
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
332 if(!uid_values[i].ptr && !cx_strcmp(attr, authdb->config.uidAttributes[i])) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
333 // copy value to uid_values
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
334 struct berval **values = ldap_get_values_len(ldap, msg, attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
335 if(values) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
336 int count = ldap_count_values_len(values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
337 if(count > 0) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
338 cxstring attr_val = cx_strn(values[0]->bv_val, values[0]->bv_len);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
339 uid_values[i] = cx_strdup_a(a, attr_val);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
340 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
341 log_ereport(LOG_FAILURE, "ldap user: dn: %s attribute %s: no values", dn, attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
342 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
343 ldap_value_free_len(values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
344 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
345 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
346 }
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
347
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
348 if(uid_values[0].ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
349 // if we found a value for the first attribute, we can use that
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
350 break;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
351 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
352
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
353 ldap_memfree(attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
354 attribute = ldap_next_attribute(ldap, msg, ber);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
355 }
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
356 if(ber) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
357 ber_free(ber, 0);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
358 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
359
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
360
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
361
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
362 // use first value as uid
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
363 for(int i=0;i<numUidAttributes;i++) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
364 if(uid_values[i].ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
365 if(!uid) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
366 uid = uid_values[i].ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
367 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
368 cxFree(a, uid_values[i].ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
369 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
370 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
371 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
372 pool_free(sn->pool, uid_values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
373
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
374 // get user name
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
375 char *username;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
376 if(authdb->config.userNameIsDN) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
377 username = dn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
378 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
379 username = uid;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
380 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
381
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
382 if(!username) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
383 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
384 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
385
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
386 user->authdb = authdb;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
387 user->user.verify_password = ldap_user_verify_password;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
388 user->user.check_group = ldap_user_check_group;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
389 user->user.free = ldap_user_free;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
390 user->user.name = username;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
391 user->sn = sn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
392 user->rq = rq;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
393
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
394 // TODO: get uid/gid from ldap
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
395 user->user.uid = -1;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
396 user->user.gid = -1;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
397
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
398 user->ldap = ldap;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
399 user->userdn = dn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
400 user->uid_attr = uid;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
401
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
402 return user;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
403 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
404
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
405 User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
406 LDAPAuthDB *authdb = (LDAPAuthDB*) db;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
407 LDAPConfig *config = &authdb->config;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
408 CxAllocator *a = pool_allocator(sn->pool);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
409
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
410 LDAP *ld = get_ldap_session(sn, rq, authdb);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
411 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
412 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
413 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
414
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
415 // get the user dn
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
416 cxstring userSearch = cx_str(config->userSearchFilter);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
417 cxmutstr filter = cx_strreplace_a(a, userSearch, cx_str("%s"), cx_str(username));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
418 if(!filter.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
419 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
420 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
421
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
422 log_ereport(LOG_DEBUG, "ldap_get_user: filter: %s", filter.ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
423
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
424 LDAPMessage *result;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
425 struct timeval timeout;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
426 timeout.tv_sec = 8; // TODO: add config parameter for timeout
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
427 timeout.tv_usec = 0;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
428 int r = ldap_search_ext_s(
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
429 ld,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
430 config->basedn,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
431 LDAP_SCOPE_SUBTREE,
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
432 filter.ptr,
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
433 NULL,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
434 0,
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
435 NULL, // server controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
436 NULL, // client controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
437 &timeout,
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
438 2, // size limit
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
439 &result);
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
440 cxFree(a, filter.ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
441 if(r != LDAP_SUCCESS) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
442 if(result) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
443 ldap_msgfree(result);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
444 }
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
445 log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r));
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
446 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
447 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
448 if(!result) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
449 // not sure if this can happen
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
450 log_ereport(LOG_FAILURE, "ldap_get_user: search failed: no result");
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
451 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
452 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
453
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
454 LDAPMessage *msg = ldap_first_entry(ld, result);
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
455 LDAPUser *user = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
456 if(msg) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
457 if(ldap_count_entries(ld, msg) > 1) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
458 log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result");
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
459 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
460 user = ldap_msg_to_user(sn, rq, authdb, ld, msg);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
461 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
462 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
463 ldap_msgfree(result);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
464
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
465 return (User*)user;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
466 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
467
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
468
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
469 static int is_member_attribute(LDAPAuthDB *auth, const char *attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
470 LDAPConfig *config = &auth->config;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
471 cxstring attr = cx_str(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
472 for(int i=0;i<config->numMemberAttributes;i++) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
473 if(!cx_strcmp(config->memberAttributes[i], attr)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
474 return 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
475 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
476 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
477 return 0;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
478 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
479
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
480 static int group_add_member(LDAPGroup *group, LDAP *ldap, LDAPMessage *msg, char *attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
481 struct berval **values = ldap_get_values_len(ldap, msg, attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
482 int ret = 0;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
483 if(values) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
484 int count = ldap_count_values_len(values);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
485 for(int i=0;i<count;i++) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
486 cxstring memberValue = cx_strn(values[i]->bv_val, values[i]->bv_len);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
487 CxHashKey key = cx_hash_key(memberValue.ptr, memberValue.length);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
488 char *g_member = cxMapGet(group->members, key);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
489 if(!g_member) {
579
e10457d74fe1 update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 490
diff changeset
490 cxmutstr member = cx_strdup_a(group->members->collection.allocator, memberValue);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
491 if(!member.ptr) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
492 ret = 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
493 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
494 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
495 if(cxMapPut(group->members, key, member.ptr)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
496 ret = 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
497 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
498 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
499 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
500 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
501 ldap_value_free_len(values);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
502 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
503 return ret;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
504 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
505
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
506 static LDAPGroup* ldap_msg_to_group(
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
507 Session *sn,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
508 Request *rq,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
509 LDAPAuthDB *authdb,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
510 LDAP *ldap,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
511 LDAPMessage *msg,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
512 const char *group_name)
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
513 {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
514 CxAllocator *a = pool_allocator(sn->pool);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
515
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
516 LDAPGroup *group = pool_malloc(sn->pool, sizeof(LDAPGroup));
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
517 if(!group) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
518 return NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
519 }
490
d218607f5a7e update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 473
diff changeset
520 group->members = cxHashMapCreate(a, CX_STORE_POINTERS, 32);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
521 if(!group->members) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
522 pool_free(sn->pool, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
523 return NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
524 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
525 group->name = pool_strdup(sn->pool, group_name);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
526
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
527 BerElement *ber = NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
528 char *attribute = ldap_first_attribute(ldap, msg, &ber);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
529 while(attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
530 if(is_member_attribute(authdb, attribute)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
531 if(group_add_member(group, ldap, msg, attribute)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
532 // OOM
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
533 ldap_memfree(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
534 // free at least some memory
579
e10457d74fe1 update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 490
diff changeset
535 cxMapFree(group->members);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
536 pool_free(sn->pool, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
537 group = NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
538 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
539 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
540 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
541
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
542 ldap_memfree(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
543 attribute = ldap_next_attribute(ldap, msg, ber);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
544 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
545 if(ber) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
546 ber_free(ber, 0);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
547 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
548
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
549 return group;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
550 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
551
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
552 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
553 LDAPConfig *config = &authdb->config;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
554 CxAllocator *a = pool_allocator(sn->pool);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
555
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
556 LDAP *ld = get_ldap_session(sn, rq, authdb);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
557 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
558 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
559 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
560
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
561 // if userNameIsDN is true, group will be the full group dn and we
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
562 // don't need to search with a filter, to get the entry
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
563 char *filterStr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
564 const char *basedn;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
565 int scope;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
566 if(config->userNameIsDN) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
567 filterStr = NULL;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
568 basedn = group;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
569 scope = LDAP_SCOPE_BASE;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
570 } else {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
571 cxstring groupSearch = cx_str(config->groupSearchFilter);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
572 cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group));
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
573 if(!filter.ptr) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
574 return NULL;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
575 }
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
576 filterStr = filter.ptr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
577 basedn = config->basedn;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
578 scope = LDAP_SCOPE_SUBTREE;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
579 }
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
580
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
581 log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
582
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
583 LDAPMessage *result;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
584 struct timeval timeout;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
585 timeout.tv_sec = 8;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
586 timeout.tv_usec = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
587 int r = ldap_search_ext_s(
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
588 ld,
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
589 basedn,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
590 scope,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
591 filterStr,
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
592 NULL,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
593 0,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
594 NULL, // server controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
595 NULL, // client controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
596 &timeout,
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
597 2, // size limit
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
598 &result);
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
599 if(filterStr) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
600 cxFree(a, filterStr);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
601 }
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
602
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
603 if (r != LDAP_SUCCESS) {
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
604 if(result) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
605 ldap_msgfree(result);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
606 }
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
607 log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r));
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
608 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
609 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
610
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
611 LDAPMessage *msg = ldap_first_entry(ld, result);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
612 LDAPGroup *wsgroup = NULL;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
613 if(msg) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
614 if(ldap_count_entries(ld, msg) > 1) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
615 log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result");
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
616 } else {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
617 wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
618 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
619 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
620 ldap_msgfree(result);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
621
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
622 return wsgroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
623 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
624
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
625 int ldap_user_verify_password(User *u, const char *password) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
626 LDAPUser *user = (LDAPUser*)u;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
627
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
628 struct berval cred;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
629 cred.bv_val = (char*)password;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
630 cred.bv_len = strlen(password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
631 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
632 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
633 user->ldap,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
634 user->userdn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
635 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
636 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
637 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
638 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
639 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
640 if(r == LDAP_SUCCESS) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
641 log_ereport(LOG_VERBOSE, "ldap user %s password ok", user->userdn);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
642 return 1;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
643 } else {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
644 log_ereport(LOG_VERBOSE, "ldap user %s password not ok", user->userdn);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
645 return 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
646 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
647 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
648
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
649 int ldap_user_check_group(User *u, const char *group_str) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
650 LDAPUser *user = (LDAPUser*)u;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
651 LDAPAuthDB *authdb = user->authdb;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
652 if(!authdb->config.enableGroups) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
653 log_ereport(
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
654 LOG_DEBUG,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
655 "ldap_user_check_group: authdb %s: groups disabled",
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
656 authdb->authdb.name);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
657 return 0;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
658 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
659
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
660 int ret = 0;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
661 LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
662 if(group) {
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
663 const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
664 char *member = cxMapGet(group->members, cx_hash_key_str(usr));
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
665 if(member) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
666 ret = 1;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
667 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
668 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
669
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
670 return ret;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
671 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
672
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
673 void ldap_user_free(User *u) {
48
37a512d7b8f6 fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
674 LDAPUser *user = (LDAPUser*)u;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
675 pool_free(user->sn->pool, user->userdn);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
676 pool_free(user->sn->pool, user->uid_attr);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
677 pool_free(user->sn->pool, user);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
678 }

Mercurial Repository: webserver

mercurial