src/auth/db-ldap.h

	db-ldap.h revision cfdaa223525f87c9c980a25cc7bb6770a248d76a
e59faf65ce864fe95dc00f5d52b8323cdbd0608aTimo Sirainen#ifndef __DB_LDAP_H
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define __DB_LDAP_H
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen/* Functions like ldap_bind() have been deprecated in OpenLDAP 2.3
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen   This define enables them until the code here can be refactored */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#define LDAP_DEPRECATED 1
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen#include <ldap.h>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
5fb3f13537dffd15a31e997da133a721c0728af8Timo Sirainenstruct auth_request;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_connection;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_request;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainentypedef void db_search_callback_t(struct ldap_connection *conn,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen                  struct ldap_request *request,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen                  LDAPMessage *res);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_settings {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *hosts;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *uris;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *dn;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *dnpass;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    bool auth_bind;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *auth_bind_userdn;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    bool tls;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    bool sasl_bind;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *sasl_mech;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *sasl_realm;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *sasl_authz_id;
ddb018bc886680f462463b2c87f983fdedbf6cf0Timo Sirainen
d22301419109ed4a38351715e6760011421dadecTimo Sirainen    const char *deref;
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen    const char *scope;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *base;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    unsigned int ldap_version;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *user_attrs;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *user_filter;
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen    const char *pass_attrs;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *pass_filter;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *default_pass_scheme;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *user_global_uid;
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    const char *user_global_gid;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    /* ... */
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    int ldap_deref, ldap_scope;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    uid_t uid;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    gid_t gid;
ddb018bc886680f462463b2c87f983fdedbf6cf0Timo Sirainen};
d22301419109ed4a38351715e6760011421dadecTimo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_connection {
5b62dea2f88165f3f4d87bba9011343f3ff415ffTimo Sirainen    struct ldap_connection *next;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    pool_t pool;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    int refcount;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    char *config_path;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen        struct ldap_settings set;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    LDAP *ld;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    int fd; /* only set when connected/connecting */
d22301419109ed4a38351715e6760011421dadecTimo Sirainen    struct io *io;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
ca98d6a1bbe73499da758a36bfab2963375c8d06Timo Sirainen    struct hash_table *requests;
767ff4367960efd5fa868f3b56f850fd4c205c8bTimo Sirainen    struct ldap_request *delayed_requests_head, *delayed_requests_tail;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    char **pass_attr_names, **user_attr_names;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    struct hash_table *pass_attr_map, *user_attr_map;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    unsigned int connected:1;
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    unsigned int connecting:1;
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    unsigned int binding:1;
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    unsigned int retrying:1; /* just reconnected, resending requests */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    unsigned int last_auth_bind:1;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_request {
d22301419109ed4a38351715e6760011421dadecTimo Sirainen    struct ldap_request *next; /* in conn->delayed_requests */
d22301419109ed4a38351715e6760011421dadecTimo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    db_search_callback_t *callback;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    void *context;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    /* for bind requests, base contains the DN and filter=NULL */
c18ff860dc22960fd37c272d929f889c7939a2c8Timo Sirainen    const char *base;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *filter;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    char **attributes; /* points to pass_attr_names / user_attr_names */
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_sasl_bind_context {
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *authcid;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *passwd;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *realm;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    const char *authzid;
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen};
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenvoid db_ldap_add_delayed_request(struct ldap_connection *conn,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen                 struct ldap_request *request);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenvoid db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen            int scope);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenvoid db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen               char ***attr_names_r, struct hash_table *attr_map,
d22301419109ed4a38351715e6760011421dadecTimo Sirainen               const char *const default_attr_map[],
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen               const char *skip_attr);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenstruct ldap_connection *db_ldap_init(const char *config_path);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenvoid db_ldap_unref(struct ldap_connection **conn);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenint db_ldap_connect(struct ldap_connection *conn);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenconst char *ldap_escape(const char *str,
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen            const struct auth_request *auth_request);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainenconst char *ldap_get_error(struct ldap_connection *conn);
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
fc40a9a002458e372ff4b9f6f4e15239520c0bcdTimo Sirainen#endif
767ff4367960efd5fa868f3b56f850fd4c205c8bTimo Sirainen