src/server/daemon/ldap_auth.c

Wed, 31 May 2023 12:43:30 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 31 May 2023 12:43:30 +0200
changeset 494
f7f624cfe80a
parent 490
d218607f5a7e
permissions
-rw-r--r--

fix missing connection ssl_error initialization

38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
44
3da1f7b6847f added some error messages
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 38
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
29 #ifdef __gnu_linux__
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
30 #define _GNU_SOURCE
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
31 #endif
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
32
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <stdio.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include <stdlib.h>
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #include <string.h>
111
c93be34fde76 fixed NetBSD build and an uninitialized struct member
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
36 #include <sys/time.h>
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
38 #include <cx/utils.h>
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
39 #include <cx/hash_map.h>
473
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
40 #include <cx/printf.h>
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
41
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
42 #include "../util/util.h"
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
43
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 #include "ldap_auth.h"
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
45 #include "ldap_resource.h"
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
47 static cxstring ws_ldap_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
48 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
49 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
50
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
51 static cxstring ws_ldap_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
52 CX_STR("member"),
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
53 CX_STR("uniqueMember")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
54 };
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
55
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
56 static LDAPConfig ws_ldap_default_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
57 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
58 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
59 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
60 NULL, // bindpw
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
61 "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
62 ws_ldap_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
63 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
64 "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
65 ws_ldap_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
66 2, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
67 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
68 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
69 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
70 };
89
5eecce5314d6 fixed solaris build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 87
diff changeset
71
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
72 // TODO: AD
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
73 static cxstring ws_ad_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
74 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
75 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
76
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
77 static cxstring ws_ad_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
78 CX_STR("member"),
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
79 CX_STR("uniqueMember")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
80 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
81
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
82 static LDAPConfig ws_ldap_ad_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
83 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
84 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
85 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
86 NULL, // bindpw
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
87 "(&(objectclass=inetorgperson)(|(cn=%s)(uid=%s)))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
88 ws_ad_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
89 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
90 "", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
91 ws_ad_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
92 2, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
93 WS_LDAP_GROUP_MEMBER_DN, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
94 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
95 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
96 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
97
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
98 static cxstring ws_posix_default_uid_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
99 CX_STR("uid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
100 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
101
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
102 static cxstring ws_posix_default_member_attr[] = {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
103 CX_STR("memberUid")
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
104 };
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
105
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
106 static LDAPConfig ws_ldap_posix_config = {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
107 NULL, // resource
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
108 NULL, // basedn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
109 NULL, // binddn
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
110 NULL, // bindpw
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
111 "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
112 ws_posix_default_uid_attr, // uidAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
113 1, // numUidAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
114 "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
115 ws_posix_default_member_attr, // memberAttributes
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
116 1, // numMemberAttributes
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
117 WS_LDAP_GROUP_MEMBER_UID, // groupMemberType
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
118 TRUE, // enableGroups
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
119 FALSE // userNameIsDN
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
120 };
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
121
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
122 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
123 LDAPAuthDB *authdb = cxMalloc(cfg->a, sizeof(LDAPAuthDB));
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
124 if(!authdb) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
125 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
126 }
256
19259b6c5cf7 replace old server config loader
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 111
diff changeset
127 authdb->authdb.name = pool_strdup(cfg->pool, name);
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
128 if(!authdb->authdb.name) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
129 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
130 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 authdb->authdb.get_user = ldap_get_user;
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
132 authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
133
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
134 // initialize default ldap config
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
135 cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
136 LDAPConfig *default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
137 if(!dirtype.ptr) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
138 default_config = &ws_ldap_default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
139 } else if(!cx_strcmp(dirtype, cx_str("ldap"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
140 default_config = &ws_ldap_default_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
141 } else if(!cx_strcmp(dirtype, cx_str("posix"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
142 default_config = &ws_ldap_posix_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
143 } else if(!cx_strcmp(dirtype, cx_str("ad"))) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
144 default_config = &ws_ldap_ad_config;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
145 } else {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
146 log_ereport(LOG_FAILURE, "cannot create ldap authdb %s: unknown directory type %s", name, dirtype.ptr);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
147 }
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
148 memcpy(&authdb->config, default_config, sizeof(LDAPConfig));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
149
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
150 // custom config
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
151 cxstring resource = serverconfig_object_directive_value(node, cx_str("Resource"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
152 cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
153 cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn"));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
154 cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw"));
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
155 cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
156 cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
157 cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
158 cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
159 cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType"));
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
160 cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups"));
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
161 cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn"));
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
162
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
163 if(!resource.ptr) {
473
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
164 // implicitly create a resource pool for this authdb
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
165 cxmutstr respool_name = cx_asprintf_a(cfg->a, "_authdb_%s", name);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
166 if(!respool_name.ptr) {
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
167 return NULL;
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
168 }
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
169 log_ereport(
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
170 LOG_INFORM,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
171 "ldap authdb %s: no resource specified: create resource pool %s",
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
172 name,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
173 respool_name.ptr);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
174 if(resourcepool_new(cfg, cx_str("ldap"), cx_strcast(respool_name), node)) {
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
175 log_ereport(
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
176 LOG_FAILURE,
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
177 "ldap authdb %s: cannot create ldap resource pool",
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
178 name);
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
179 return NULL;
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
180 }
102322b6f4ee implicitly create a resource pools for ldap authdbs, if no resource is specified
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 472
diff changeset
181 authdb->config.resource = respool_name.ptr;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
182 } else {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
183 authdb->config.resource = cx_strdup_a(cfg->a, resource).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
184 if(!authdb->config.resource) return NULL;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
185 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
186
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
187 if(!basedn.ptr) {
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
188 log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name);
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
189 return NULL;
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
190 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
191 authdb->config.basedn = cx_strdup_a(cfg->a, basedn).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
192 if(!authdb->config.basedn) return NULL;
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
193
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
194 // optional config
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
195 if(binddn.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
196 if(!bindpw.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
197 log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
198 return NULL;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
199 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
200
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
201 authdb->config.binddn = cx_strdup_a(cfg->a, binddn).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
202 authdb->config.bindpw = cx_strdup_a(cfg->a, bindpw).ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
203
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
204 if(!authdb->config.binddn || !authdb->config.bindpw) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
205 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
206 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
207 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
208
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
209
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
210 if(userSearchFilter.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
211 authdb->config.userSearchFilter = cx_strdup_a(cfg->a, userSearchFilter).ptr;
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
212 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
213 if(uidAttributes.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
214 cxmutstr uidAttributesCopy = cx_strdup_a(cfg->a, uidAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
215 if(uidAttributesCopy.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
216 authdb->config.numUidAttributes = cx_strsplit_a(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
217 cfg->a,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
218 cx_strcast(uidAttributesCopy),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
219 cx_str(","),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
220 1024,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
221 &authdb->config.uidAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
222 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
223 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
224 if(groupSearchFilter.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
225 authdb->config.groupSearchFilter = groupSearchFilter.ptr;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
226 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
227 if(memberAttributes.ptr) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
228 cxmutstr memberAttributesCopy = cx_strdup_a(cfg->a, memberAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
229 if(memberAttributesCopy.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
230 authdb->config.numMemberAttributes = cx_strsplit_a(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
231 cfg->a,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
232 cx_strcast(memberAttributesCopy),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
233 cx_str(","),
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
234 1024,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
235 &authdb->config.memberAttributes);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
236 }
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
237 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
238 if(memberType.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
239 if(!cx_strcmp(memberType, cx_str("dn"))) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
240 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
241 } else if(!cx_strcmp(memberType, cx_str("uid"))) {
469
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
242 authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
243 } else {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
244 log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
245 return NULL;
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
246 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
247 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
248 if(enableGroups.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
249 authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
250 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
251 if(userNameIsDn.ptr) {
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
252 authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE);
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
253 }
9a36a6b52e4c load additional ldap authdb config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 468
diff changeset
254
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
255
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
256 // initialize group cache
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
257 authdb->groups.first = NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
258 authdb->groups.last = NULL;
490
d218607f5a7e update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 473
diff changeset
259 authdb->groups.map = cxHashMapCreate(cfg->a, CX_STORE_POINTERS, 32);
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
260 if(!authdb->groups.map) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
261 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
262 }
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
263
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
264 log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
265
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
266 return (AuthDB*) authdb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
267 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
268
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
269 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
270 ResourceData *res = resourcepool_lookup(sn, rq, authdb->config.resource, 0);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
271 if(!res) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
272 log_ereport(LOG_FAILURE, "AuthDB %s: cannot get resource %s", authdb->authdb.name, authdb->config.resource);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
273 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
274 }
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
275
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
276 LDAP *ldap = res->data;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
277
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
278 if(authdb->config.binddn) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
279 struct berval *server_cred;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
280 int r = ws_ldap_bind(ldap, authdb->config.binddn, authdb->config.bindpw, &server_cred);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
281 if(r != LDAP_SUCCESS) {
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
282 log_ereport(LOG_FAILURE, "AuthDB %s: bind to %s failed: %s", authdb->config.binddn, ldap_err2string(r));
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
283 resourcepool_free(sn, rq, res);
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
284 return NULL;
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
285 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
286 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
287
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
288 return ldap;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
289 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
290
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
291 static LDAPUser* ldap_msg_to_user(
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
292 Session *sn,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
293 Request *rq,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
294 LDAPAuthDB *authdb,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
295 LDAP *ldap,
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
296 LDAPMessage *msg)
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
297 {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
298 CxAllocator *a = pool_allocator(sn->pool);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
299
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
300 LDAPUser *user = pool_malloc(sn->pool, sizeof(LDAPUser));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
301 if(!user) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
302 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
303 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
304
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
305 // get dn
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
306 char *ldap_dn = ldap_get_dn(ldap, msg);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
307 if(!ldap_dn) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
308 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
309 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
310 char *dn = pool_strdup(sn->pool, ldap_dn);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
311 ldap_memfree(ldap_dn);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
312 if(!dn) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
313 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
314 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
315
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
316 // get uid
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
317 char *uid = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
318
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
319 // values of configured UidAttributes
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
320 size_t numUidAttributes = authdb->config.numUidAttributes;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
321 cxmutstr *uid_values = pool_calloc(sn->pool, authdb->config.numUidAttributes, sizeof(cxmutstr));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
322 if(!uid_values) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
323 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
324 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
325
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
326
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
327 BerElement *ber = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
328 char *attribute = ldap_first_attribute(ldap, msg, &ber);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
329 while(attribute) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
330 cxstring attr = cx_str(attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
331 for(int i=0;i<numUidAttributes;i++) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
332 // check if the attribute is one of the uid attributes
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
333 if(!uid_values[i].ptr && !cx_strcmp(attr, authdb->config.uidAttributes[i])) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
334 // copy value to uid_values
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
335 struct berval **values = ldap_get_values_len(ldap, msg, attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
336 if(values) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
337 int count = ldap_count_values_len(values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
338 if(count > 0) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
339 cxstring attr_val = cx_strn(values[0]->bv_val, values[0]->bv_len);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
340 uid_values[i] = cx_strdup_a(a, attr_val);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
341 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
342 log_ereport(LOG_FAILURE, "ldap user: dn: %s attribute %s: no values", dn, attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
343 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
344 ldap_value_free_len(values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
345 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
346 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
347 }
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
348
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
349 if(uid_values[0].ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
350 // if we found a value for the first attribute, we can use that
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
351 break;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
352 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
353
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
354 ldap_memfree(attribute);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
355 attribute = ldap_next_attribute(ldap, msg, ber);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
356 }
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
357 if(ber) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
358 ber_free(ber, 0);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
359 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
360
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
361
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
362
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
363 // use first value as uid
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
364 for(int i=0;i<numUidAttributes;i++) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
365 if(uid_values[i].ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
366 if(!uid) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
367 uid = uid_values[i].ptr;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
368 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
369 cxFree(a, uid_values[i].ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
370 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
371 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
372 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
373 pool_free(sn->pool, uid_values);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
374
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
375 // get user name
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
376 char *username;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
377 if(authdb->config.userNameIsDN) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
378 username = dn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
379 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
380 username = uid;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
381 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
382
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
383 if(!username) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
384 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
385 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
386
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
387 user->authdb = authdb;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
388 user->user.verify_password = ldap_user_verify_password;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
389 user->user.check_group = ldap_user_check_group;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
390 user->user.free = ldap_user_free;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
391 user->user.name = username;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
392 user->sn = sn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
393 user->rq = rq;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
394
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
395 // TODO: get uid/gid from ldap
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
396 user->user.uid = -1;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
397 user->user.gid = -1;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
398
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
399 user->ldap = ldap;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
400 user->userdn = dn;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
401 user->uid_attr = uid;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
402
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
403 return user;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
404 }
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
405
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
406 User* ldap_get_user(AuthDB *db, Session *sn, Request *rq, const char *username) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
407 LDAPAuthDB *authdb = (LDAPAuthDB*) db;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
408 LDAPConfig *config = &authdb->config;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
409 CxAllocator *a = pool_allocator(sn->pool);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
410
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
411 LDAP *ld = get_ldap_session(sn, rq, authdb);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
412 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
413 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
414 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
415
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
416 // get the user dn
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
417 cxstring userSearch = cx_str(config->userSearchFilter);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
418 cxmutstr filter = cx_strreplace_a(a, userSearch, cx_str("%s"), cx_str(username));
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
419 if(!filter.ptr) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
420 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
421 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
422
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
423 log_ereport(LOG_DEBUG, "ldap_get_user: filter: %s", filter.ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
424
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
425 LDAPMessage *result;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
426 struct timeval timeout;
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
427 timeout.tv_sec = 8; // TODO: add config parameter for timeout
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
428 timeout.tv_usec = 0;
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
429 int r = ldap_search_ext_s(
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
430 ld,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
431 config->basedn,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
432 LDAP_SCOPE_SUBTREE,
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
433 filter.ptr,
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
434 NULL,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
435 0,
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
436 NULL, // server controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
437 NULL, // client controls
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
438 &timeout,
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
439 2, // size limit
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
440 &result);
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
441 cxFree(a, filter.ptr);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
442 if(r != LDAP_SUCCESS) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
443 if(result) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
444 ldap_msgfree(result);
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
445 }
468
73e80eb953f5 make ldap auth minimally working again and disable auth caching, because it is currently broken
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 467
diff changeset
446 log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r));
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
447 return NULL;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
448 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
449 if(!result) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
450 // not sure if this can happen
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
451 log_ereport(LOG_FAILURE, "ldap_get_user: search failed: no result");
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
452 return NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
453 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
454
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
455 LDAPMessage *msg = ldap_first_entry(ld, result);
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
456 LDAPUser *user = NULL;
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
457 if(msg) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
458 if(ldap_count_entries(ld, msg) > 1) {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
459 log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result");
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
460 } else {
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
461 user = ldap_msg_to_user(sn, rq, authdb, ld, msg);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
462 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
463 }
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
464 ldap_msgfree(result);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
465
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
466 return (User*)user;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
467 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
468
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
469
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
470 static int is_member_attribute(LDAPAuthDB *auth, const char *attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
471 LDAPConfig *config = &auth->config;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
472 cxstring attr = cx_str(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
473 for(int i=0;i<config->numMemberAttributes;i++) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
474 if(!cx_strcmp(config->memberAttributes[i], attr)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
475 return 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
476 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
477 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
478 return 0;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
479 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
480
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
481 static int group_add_member(LDAPGroup *group, LDAP *ldap, LDAPMessage *msg, char *attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
482 struct berval **values = ldap_get_values_len(ldap, msg, attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
483 int ret = 0;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
484 if(values) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
485 int count = ldap_count_values_len(values);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
486 for(int i=0;i<count;i++) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
487 cxstring memberValue = cx_strn(values[i]->bv_val, values[i]->bv_len);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
488 CxHashKey key = cx_hash_key(memberValue.ptr, memberValue.length);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
489 char *g_member = cxMapGet(group->members, key);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
490 if(!g_member) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
491 cxmutstr member = cx_strdup_a(group->members->allocator, memberValue);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
492 if(!member.ptr) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
493 ret = 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
494 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
495 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
496 if(cxMapPut(group->members, key, member.ptr)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
497 ret = 1;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
498 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
499 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
500 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
501 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
502 ldap_value_free_len(values);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
503 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
504 return ret;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
505 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
506
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
507 static LDAPGroup* ldap_msg_to_group(
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
508 Session *sn,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
509 Request *rq,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
510 LDAPAuthDB *authdb,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
511 LDAP *ldap,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
512 LDAPMessage *msg,
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
513 const char *group_name)
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
514 {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
515 CxAllocator *a = pool_allocator(sn->pool);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
516
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
517 LDAPGroup *group = pool_malloc(sn->pool, sizeof(LDAPGroup));
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
518 if(!group) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
519 return NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
520 }
490
d218607f5a7e update ucx
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 473
diff changeset
521 group->members = cxHashMapCreate(a, CX_STORE_POINTERS, 32);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
522 if(!group->members) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
523 pool_free(sn->pool, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
524 return NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
525 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
526 group->name = pool_strdup(sn->pool, group_name);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
527
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
528 BerElement *ber = NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
529 char *attribute = ldap_first_attribute(ldap, msg, &ber);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
530 while(attribute) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
531 if(is_member_attribute(authdb, attribute)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
532 if(group_add_member(group, ldap, msg, attribute)) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
533 // OOM
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
534 ldap_memfree(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
535 // free at least some memory
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
536 cxMapDestroy(group->members);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
537 pool_free(sn->pool, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
538 group = NULL;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
539 break;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
540 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
541 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
542
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
543 ldap_memfree(attribute);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
544 attribute = ldap_next_attribute(ldap, msg, ber);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
545 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
546 if(ber) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
547 ber_free(ber, 0);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
548 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
549
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
550 return group;
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
551 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
552
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
553 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
554 LDAPConfig *config = &authdb->config;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
555 CxAllocator *a = pool_allocator(sn->pool);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
556
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
557 LDAP *ld = get_ldap_session(sn, rq, authdb);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
558 if (ld == NULL) {
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
559 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
560 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
561
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
562 // if userNameIsDN is true, group will be the full group dn and we
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
563 // don't need to search with a filter, to get the entry
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
564 char *filterStr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
565 const char *basedn;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
566 int scope;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
567 if(config->userNameIsDN) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
568 filterStr = NULL;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
569 basedn = group;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
570 scope = LDAP_SCOPE_BASE;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
571 } else {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
572 cxstring groupSearch = cx_str(config->groupSearchFilter);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
573 cxmutstr filter = cx_strreplace_a(a, groupSearch, cx_str("%s"), cx_str(group));
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
574 if(!filter.ptr) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
575 return NULL;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
576 }
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
577 filterStr = filter.ptr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
578 basedn = config->basedn;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
579 scope = LDAP_SCOPE_SUBTREE;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
580 }
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
581
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
582 log_ereport(LOG_DEBUG, "ldap_get_group: basedn: %s filter: %s", basedn, filterStr);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
583
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
584 LDAPMessage *result;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
585 struct timeval timeout;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
586 timeout.tv_sec = 8;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
587 timeout.tv_usec = 0;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
588 int r = ldap_search_ext_s(
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
589 ld,
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
590 basedn,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
591 scope,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
592 filterStr,
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
593 NULL,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
594 0,
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
595 NULL, // server controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
596 NULL, // client controls
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
597 &timeout,
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
598 2, // size limit
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
599 &result);
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
600 if(filterStr) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
601 cxFree(a, filterStr);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
602 }
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
603
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
604 if (r != LDAP_SUCCESS) {
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
605 if(result) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
606 ldap_msgfree(result);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
607 }
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
608 log_ereport(LOG_FAILURE, "ldap_get_group %s: search failed: %s", group, ldap_err2string(r));
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
609 return NULL;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
610 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
611
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
612 LDAPMessage *msg = ldap_first_entry(ld, result);
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
613 LDAPGroup *wsgroup = NULL;
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
614 if(msg) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
615 if(ldap_count_entries(ld, msg) > 1) {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
616 log_ereport(LOG_FAILURE, "ldap_get_user: more than one search result");
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
617 } else {
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
618 wsgroup = ldap_msg_to_group(sn, rq, authdb, ld, msg, group);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
619 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
620 }
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
621 ldap_msgfree(result);
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
622
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
623 return wsgroup;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
624 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
625
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
626 int ldap_user_verify_password(User *u, const char *password) {
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
627 LDAPUser *user = (LDAPUser*)u;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
628
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
629 struct berval cred;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
630 cred.bv_val = (char*)password;
86
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
631 cred.bv_len = strlen(password);
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
632 struct berval *server_cred;
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
633 int r = ldap_sasl_bind_s(
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
634 user->ldap,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
635 user->userdn,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
636 LDAP_SASL_SIMPLE,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
637 &cred,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
638 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
639 NULL,
49bb6c8ceb2b replaced usage of deprecated openldap functions
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
640 &server_cred);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
641 if(r == LDAP_SUCCESS) {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
642 log_ereport(LOG_VERBOSE, "ldap user %s password ok", user->userdn);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
643 return 1;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
644 } else {
470
467ed0f559af refactor ldap user authentication, use new filter config
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 469
diff changeset
645 log_ereport(LOG_VERBOSE, "ldap user %s password not ok", user->userdn);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
646 return 0;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
647 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
648 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
649
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 256
diff changeset
650 int ldap_user_check_group(User *u, const char *group_str) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
651 LDAPUser *user = (LDAPUser*)u;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
652 LDAPAuthDB *authdb = user->authdb;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
653 if(!authdb->config.enableGroups) {
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
654 log_ereport(
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
655 LOG_DEBUG,
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
656 "ldap_user_check_group: authdb %s: groups disabled",
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
657 authdb->authdb.name);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
658 return 0;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
659 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
660
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
661 int ret = 0;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
662 LDAPGroup *group = ldap_get_group(user->sn, user->rq, authdb, group_str);
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
663 if(group) {
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
664 const char *usr = authdb->config.groupMemberType == WS_LDAP_GROUP_MEMBER_DN ? user->userdn : user->uid_attr;
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
665 char *member = cxMapGet(group->members, cx_hash_key_str(usr));
471
9aa5ae3258f5 minimal support for ldap groups
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 470
diff changeset
666 if(member) {
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
667 ret = 1;
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
668 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
669 }
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
670
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 91
diff changeset
671 return ret;
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
672 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
673
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
674 void ldap_user_free(User *u) {
48
37a512d7b8f6 fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 44
diff changeset
675 LDAPUser *user = (LDAPUser*)u;
472
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
676 pool_free(user->sn->pool, user->userdn);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
677 pool_free(user->sn->pool, user->uid_attr);
d6bc67906c8c implement userNameIsDN and enableGroups for ldap auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 471
diff changeset
678 pool_free(user->sn->pool, user);
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
679 }

mercurial