src/auth/db-ldap.h

	db-ldap.h revision c25356d5978632df6203437e1953bcb29e0c736f
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#ifndef DB_LDAP_H
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#define DB_LDAP_H
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
cfdaa223525f87c9c980a25cc7bb6770a248d76aTimo Sirainen/* Functions like ldap_bind() have been deprecated in OpenLDAP 2.3
cfdaa223525f87c9c980a25cc7bb6770a248d76aTimo Sirainen   This define enables them until the code here can be refactored */
cfdaa223525f87c9c980a25cc7bb6770a248d76aTimo Sirainen#define LDAP_DEPRECATED 1
cfdaa223525f87c9c980a25cc7bb6770a248d76aTimo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen#include <ldap.h>
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
3c9783956dea385b322cd7fa6bf8c98c17a907a0Timo Sirainenstruct auth_request;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_connection;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_request;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainentypedef void db_search_callback_t(struct ldap_connection *conn,
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen                  struct ldap_request *request,
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen                  LDAPMessage *res);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_settings {
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    const char *hosts;
e65cc79f80577e83c706f0678c78e2c0bd91434fTimo Sirainen    const char *uris;
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen    const char *dn;
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen    const char *dnpass;
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    bool auth_bind;
f1ddb98e6b639394ae205b305be1ddcfab102578Timo Sirainen    const char *auth_bind_userdn;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen
40992309053d51192ae1b36d1dd6c057f2d37257Timo Sirainen    bool tls;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    bool sasl_bind;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *sasl_mech;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *sasl_realm;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *sasl_authz_id;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    const char *deref;
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen    const char *scope;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    const char *base;
b567e0172c73dcf7642462e86962060358dd5f28Timo Sirainen    unsigned int ldap_version;
b567e0172c73dcf7642462e86962060358dd5f28Timo Sirainen
10c5fd417af4ee30b68c967f5e7d5a49f4f149b5Timo Sirainen    const char *user_attrs;
10c5fd417af4ee30b68c967f5e7d5a49f4f149b5Timo Sirainen    const char *user_filter;
10c5fd417af4ee30b68c967f5e7d5a49f4f149b5Timo Sirainen    const char *pass_attrs;
10c5fd417af4ee30b68c967f5e7d5a49f4f149b5Timo Sirainen    const char *pass_filter;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen    const char *default_pass_scheme;
1f18053d463f0294387b5e4dd11f9010bda9a24eTimo Sirainen
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    /* ... */
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen    int ldap_deref, ldap_scope;
e714eed72515794c46c6712a611e5ab924d903daTimo Sirainen    uid_t uid;
e714eed72515794c46c6712a611e5ab924d903daTimo Sirainen    gid_t gid;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen};
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_connection {
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen    struct ldap_connection *next;
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    pool_t pool;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    int refcount;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    char *config_path;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen        struct ldap_settings set;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    LDAP *ld;
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainen    int fd; /* only set when connected/connecting */
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    struct io *io;
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    struct hash_table *requests;
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainen    struct ldap_request *delayed_requests_head, *delayed_requests_tail;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
0d7d27765267594a5870892268ab345148306d49Timo Sirainen    char **pass_attr_names, **user_attr_names;
0d7d27765267594a5870892268ab345148306d49Timo Sirainen    struct hash_table *pass_attr_map, *user_attr_map;
9f431ccfb6932746db56245c8a3d3415717ef545Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    unsigned int connected:1;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen    unsigned int connecting:1;
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen    unsigned int binding:1;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen    unsigned int retrying:1; /* just reconnected, resending requests */
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen    unsigned int last_auth_bind:1;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen};
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_request {
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainen    struct ldap_request *next; /* in conn->delayed_requests */
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    db_search_callback_t *callback;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen    void *context;
ed5e91e58dfc372c2135c55427bf6f25a7725042Timo Sirainen
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen    /* for bind requests, base contains the DN and filter=NULL */
ed5e91e58dfc372c2135c55427bf6f25a7725042Timo Sirainen    const char *base;
ed5e91e58dfc372c2135c55427bf6f25a7725042Timo Sirainen    const char *filter;
ed5e91e58dfc372c2135c55427bf6f25a7725042Timo Sirainen    char **attributes; /* points to pass_attr_names / user_attr_names */
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen};
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
dd2d3ef41dc407afb8afc49e18ff53640e4b4e02Timo Sirainenstruct ldap_sasl_bind_context {
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *authcid;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *passwd;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *realm;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen    const char *authzid;
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen};
a399486f2d8d5bed51bc6344baba61a7f2b0dcdbTimo Sirainen
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainenvoid db_ldap_add_delayed_request(struct ldap_connection *conn,
e023e3c2677ab66d7a7445eae9caf3d739e199cbTimo Sirainen                 struct ldap_request *request);
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainenvoid db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen            int scope);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
9f431ccfb6932746db56245c8a3d3415717ef545Timo Sirainenvoid db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
0d7d27765267594a5870892268ab345148306d49Timo Sirainen               char ***attr_names_r, struct hash_table *attr_map,
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen               const char *skip_attr);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_connection *db_ldap_init(const char *config_path);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainenvoid db_ldap_unref(struct ldap_connection **conn);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenint db_ldap_connect(struct ldap_connection *conn);
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainen
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenstruct var_expand_table *
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_value_get_var_expand_table(struct auth_request *auth_request);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen
3c9783956dea385b322cd7fa6bf8c98c17a907a0Timo Sirainenconst char *ldap_escape(const char *str,
3c9783956dea385b322cd7fa6bf8c98c17a907a0Timo Sirainen            const struct auth_request *auth_request);
ebfcfd258acc89633c47d9c3b0b40a1a3f75cdcbTimo Sirainenconst char *ldap_get_error(struct ldap_connection *conn);
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenstruct db_ldap_result_iterate_context *
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_result_iterate_init(struct ldap_connection *conn, LDAPMessage *entry,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen                struct auth_request *auth_request,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen                struct hash_table *attr_map);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenbool db_ldap_result_iterate_next(struct db_ldap_result_iterate_context *ctx,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen                 const char **name_r, const char **value_r);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenbool db_ldap_result_iterate_next_all(struct db_ldap_result_iterate_context *ctx,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen                     const char **name_r,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen                     const char *const **values_r);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen#endif