src/auth/db-ldap.h

	db-ldap.h revision e023e3c2677ab66d7a7445eae9caf3d739e199cb
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen#ifndef __DB_LDAP_H
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#define __DB_LDAP_H
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen#include <ldap.h>
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen
0536ccb51d41e3078c3a9fa33e509fb4b2420f95Timo Sirainenstruct auth_request;
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainenstruct ldap_connection;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstruct ldap_request;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainentypedef void db_search_callback_t(struct ldap_connection *conn,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen                  struct ldap_request *request,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen                  LDAPMessage *res);
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainenstruct ldap_settings {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *hosts;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *uris;
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    const char *dn;
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen    const char *dnpass;
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen    bool auth_bind;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *auth_bind_userdn;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    bool tls;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    bool sasl_bind;
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainen    const char *sasl_mech;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *sasl_realm;
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    const char *sasl_authz_id;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    const char *deref;
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    const char *scope;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *base;
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    unsigned int ldap_version;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *user_attrs;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *user_filter;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *pass_attrs;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *pass_filter;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *default_pass_scheme;
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    const char *user_global_uid;
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    const char *user_global_gid;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    /* ... */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    int ldap_deref, ldap_scope;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    uid_t uid;
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainen    gid_t gid;
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen};
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainenstruct ldap_connection {
4b8459c6c24b79d4ed5974ab6e3289a3f2b701c0Timo Sirainen    struct ldap_connection *next;
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    pool_t pool;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    int refcount;
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    char *config_path;
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen        struct ldap_settings set;
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    LDAP *ld;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    int fd; /* only set when connected/connecting */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    struct io *io;
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    struct hash_table *requests;
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    struct ldap_request *delayed_requests_head, *delayed_requests_tail;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    char **pass_attr_names, **user_attr_names;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    struct hash_table *pass_attr_map, *user_attr_map;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    unsigned int connected:1;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    unsigned int connecting:1;
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    unsigned int retrying:1; /* just reconnected, resending requests */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    unsigned int last_auth_bind:1;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstruct ldap_request {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    struct ldap_request *next; /* in conn->delayed_requests */
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    db_search_callback_t *callback;
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainen    void *context;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainen    /* for bind requests, base contains the DN and filter=NULL */
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    const char *base;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *filter;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    char **attributes; /* points to pass_attr_names / user_attr_names */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstruct ldap_sasl_bind_context {
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    const char *authcid;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    const char *passwd;
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    const char *realm;
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    const char *authzid;
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenvoid db_ldap_add_delayed_request(struct ldap_connection *conn,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen                 struct ldap_request *request);
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainenvoid db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen            int scope);
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenvoid db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen               char ***attr_names_r, struct hash_table *attr_map,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen               const char *const default_attr_map[],
965e13eea8dc7f1da3769ab0c4667e36d0f33192Timo Sirainen               const char *skip_attr);
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainenstruct ldap_connection *db_ldap_init(const char *config_path);
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenvoid db_ldap_unref(struct ldap_connection **conn);
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenint db_ldap_connect(struct ldap_connection *conn);
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainenconst char *ldap_escape(const char *str,
7420207c4eae66bd7edc2bdebaee7d2cb0b6c341Timo Sirainen            const struct auth_request *auth_request);
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainenconst char *ldap_get_error(struct ldap_connection *conn);
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainen
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainen#endif
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainen