src/auth/db-ldap.h

	db-ldap.h revision b270b29d458f3cbd6e63320bb17e23f809da0045
7cb14f34a92e0a8eae07db027344126bf5c901c9KATOH Yasufumi#ifndef __DB_LDAP_H
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#define __DB_LDAP_H
7cb14f34a92e0a8eae07db027344126bf5c901c9KATOH Yasufumi
7cb14f34a92e0a8eae07db027344126bf5c901c9KATOH Yasufumi#include <ldap.h>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
7cb14f34a92e0a8eae07db027344126bf5c901c9KATOH Yasufumistruct auth_request;
892bd61e0fcc788390abfadd32b1897943290879dlezcanostruct ldap_connection;
953e611ceabed9ccf986e0b234379c2af4bb331aJames Huntstruct ldap_request;
953e611ceabed9ccf986e0b234379c2af4bb331aJames Hunt
953e611ceabed9ccf986e0b234379c2af4bb331aJames Hunttypedef void db_search_callback_t(struct ldap_connection *conn,
953e611ceabed9ccf986e0b234379c2af4bb331aJames Hunt                  struct ldap_request *request,
5c320b769229d713e84b02ed6b7ae1309ac31dbbGuido Trotter                  LDAPMessage *res);
55fc19a1042bca36ae431cb4a51c2abc0ca4d801Stéphane Graber
55fc19a1042bca36ae431cb4a51c2abc0ca4d801Stéphane Graberstruct ldap_settings {
c13c0e08da7dbfecb52e85233ac6cd17afa5d818Stéphane Graber    const char *hosts;
892bd61e0fcc788390abfadd32b1897943290879dlezcano    const char *uris;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *dn;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *dnpass;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber    bool auth_bind;
a6adab20ff4b58887ff1d4314c5736f54e139386Stéphane Graber    const char *auth_bind_userdn;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber    bool tls;
735f2c6e504a541cbb2592a3f94858bf337a24ffTycho Andersen    bool sasl_bind;
11cddd70eb8c285287b73562ba4208d74e1b9fdeSerge Hallyn    const char *sasl_mech;
ff5e27510540a2ee3c66d8496996313d01bb848fStéphane Graber    const char *sasl_realm;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber    const char *sasl_authz_id;
2b47bac3f81af9eb8ba392867c78fe3dec40a36aChristian Brauner    const char *sasl_props;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *deref;
03f09a8ada8dcf15923b5913ec832e005179f962Wolfgang Bumiller    const char *scope;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *base;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber    unsigned int ldap_version;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber    const char *user_attrs;
813a4837659d5d7a2c0d0abe03c87196747217e9Serge Hallyn    const char *user_filter;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *pass_attrs;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *pass_filter;
e71549fc7e1455d7bb8d7bdb26b9276093fd27c6Stéphane Graber
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    const char *default_pass_scheme;
810567bbbe283c547e4ac837545d1e592916df26Serge Hallyn    const char *user_global_uid;
df3415e02282317348bbd5f9ce66d03e1c81eeecSerge Hallyn    const char *user_global_gid;
adade80c7e74c5185f63ff009116bf9d30c79876Serge Hallyn
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    /* ... */
8a67a2b2eaf28033962a432c214bd3303c29c54cdlezcano    int ldap_deref, ldap_scope;
8b8b04f80adf21480c25deb1aae263049ddd6754dlezcano    uid_t uid;
55fc19a1042bca36ae431cb4a51c2abc0ca4d801Stéphane Graber    gid_t gid;
55fc19a1042bca36ae431cb4a51c2abc0ca4d801Stéphane Graber};
df3415e02282317348bbd5f9ce66d03e1c81eeecSerge Hallyn
8b8b04f80adf21480c25deb1aae263049ddd6754dlezcanostruct ldap_connection {
8b8b04f80adf21480c25deb1aae263049ddd6754dlezcano    struct ldap_connection *next;
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber    pool_t pool;
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber    int refcount;
4019712d198a7d50b08b326ade17f5ff1666efbbStéphane Graber
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber    char *config_path;
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber        struct ldap_settings set;
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber
d1de19abd0067f38bc08a4a3357de701a4e5571ddlezcano    LDAP *ld;
aa8d013ec5b09cd1cd904173d6234ef126eb2126Peter Simons    int fd; /* only set when connected/connecting */
7822022c4c72cee06905b540b89b653491d6f6b2Stéphane Graber    struct io *io;
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber    struct hash_table *requests;
8a67a2b2eaf28033962a432c214bd3303c29c54cdlezcano
aa8d013ec5b09cd1cd904173d6234ef126eb2126Peter Simons    char **pass_attr_names, **user_attr_names;
7822022c4c72cee06905b540b89b653491d6f6b2Stéphane Graber    struct hash_table *pass_attr_map, *user_attr_map;
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber
8a67a2b2eaf28033962a432c214bd3303c29c54cdlezcano    unsigned int connected:1;
aa8d013ec5b09cd1cd904173d6234ef126eb2126Peter Simons    unsigned int connecting:1;
7822022c4c72cee06905b540b89b653491d6f6b2Stéphane Graber    unsigned int retrying:1; /* just reconnected, resending requests */
6a85cf91247b7dd9c3faeddceca8dacb96d02cd6Stéphane Graber    unsigned int last_auth_bind:1;
99e4008cad9e959b683c6f48411fcf15a92be3b5Michel Normand};
10fba81b9d0221b8e47aa1e0b43236413b7d28dfMichel Normand
8b8b04f80adf21480c25deb1aae263049ddd6754dlezcanostruct ldap_request {
9a42db48e0bcf4f34b05a3de1cda23e06f51d131Stéphane Graber    db_search_callback_t *callback;
3b9246c4aae3f7602c0ad64f5b1204eb559e5b07Daniel Lezcano    void *context;
892bd61e0fcc788390abfadd32b1897943290879dlezcano
    /* for bind requests, base contains the DN and filter=NULL */
    const char *base;
    const char *filter;
    char **attributes; /* points to pass_attr_names / user_attr_names */
};

struct ldap_sasl_bind_context {
    const char *authcid;
    const char *passwd;
    const char *realm;
    const char *authzid;
};

void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
            int scope);

void db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
               char ***attr_names_r, struct hash_table *attr_map,
               const char *const default_attr_map[],
               const char *skip_attr);

struct ldap_connection *db_ldap_init(const char *config_path);
void db_ldap_unref(struct ldap_connection **conn);

int db_ldap_connect(struct ldap_connection *conn);

const char *ldap_escape(const char *str,
            const struct auth_request *auth_request);
const char *ldap_get_error(struct ldap_connection *conn);

#endif