24RCSID(
"$Id: e7590cd992bbfd9c1c80a15f908f557ceb86a8e5 $")
28#include <freeradius-devel/ldap/base.h>
29#include <freeradius-devel/util/debug.h>
69 DEBUG2(
"Bind as \"%s\" to \"%s\" successful",
75 PERROR(
"Bind as \"%s\" to \"%s\" not permitted",
81 PERROR(
"Bind as \"%s\" to \"%s\" failed",
113 memcpy(&cred.bv_val, &bind_ctx->
password,
sizeof(cred.bv_val));
114 cred.bv_len = talloc_array_length(bind_ctx->
password) - 1;
125 ret = ldap_sasl_bind(c->
handle, bind_ctx->
bind_dn, LDAP_SASL_SIMPLE, &cred,
126 our_serverctrls, our_clientctrls, &bind_ctx->
msgid);
134 case LDAP_X_CONNECTING:
135 ret = ldap_get_option(c->
handle, LDAP_OPT_DESC, &fd);
154 ret = ldap_get_option(c->
handle, LDAP_OPT_DESC, &fd);
155 if ((ret != LDAP_OPT_SUCCESS) || (fd < 0))
goto error;
167 ERROR(
"Bind failed: %s", ldap_err2string(ret));
186 char const *bind_dn,
char const *password,
187 LDAPControl **serverctrls, LDAPControl **clientctrls)
193 DEBUG2(
"Starting bind operation");
201 bind_ctx->
bind_dn = bind_dn ? bind_dn :
"";
212 if ((ldap_get_option(c->
handle, LDAP_OPT_DESC, &fd) == LDAP_SUCCESS) && (fd >= 0)) {
254 switch (bind_auth_ctx->
ret) {
282 if (bind_auth_ctx->
treq) {
304 RWARN(
"Cancelling bind auth");
327 ERROR(
"Failed to get trunk connection for LDAP bind");
333 ERROR (
"Failed to allocate trunk request for LDAP bind");
359 ERROR(
"Failed to enqueue bind request");
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
@ UNLANG_ACTION_YIELD
Temporarily pause execution until an event occurs.
static void ldap_async_auth_bind_cancel(request_t *request, UNUSED fr_signal_t action, void *uctx)
Signal an outstanding LDAP bind request to cancel.
int fr_ldap_bind_async(fr_ldap_connection_t *c, char const *bind_dn, char const *password, LDAPControl **serverctrls, LDAPControl **clientctrls)
Install I/O handlers for the bind operation.
static unlang_action_t ldap_async_auth_bind_results(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Handle the return code from parsed LDAP results to set the module rcode.
static void _ldap_bind_io_read(UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED int flags, void *uctx)
Parse a bind response from a server.
static USES_APPLE_DEPRECATED_API void _ldap_bind_io_error(UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED int flags, UNUSED int fd_errno, void *uctx)
Error reading from or writing to the file descriptor.
static unlang_action_t ldap_async_auth_bind_start(UNUSED rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, UNUSED void *uctx)
Yield interpreter after queueing LDAP bind.
unlang_action_t fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password)
Initiate an async LDAP bind for authentication.
static void _ldap_bind_io_write(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
Send a bind request to a server.
#define USES_APPLE_DEPRECATED_API
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
#define fr_event_fd_insert(...)
#define unlang_function_push(_request, _func, _repeat, _signal, _sigmask, _top_frame, _uctx)
Push a generic function onto the unlang stack.
LDAPControl ** clientctrls
Controls to pass to the client (library).
fr_ldap_rcode_t ret
Return code of bind operation.
int msgid
libldap msgid for this bind.
char * server
Initial server to bind to.
LDAP * handle
libldap handle.
void fr_ldap_control_merge(LDAPControl *serverctrls_out[], LDAPControl *clientctrls_out[], size_t serverctrls_len, size_t clientctrls_len, fr_ldap_connection_t *conn, LDAPControl *serverctrls_in[], LDAPControl *clientctrls_in[])
Merge connection and call specific client and server controls.
int fd
File descriptor for this connection.
void fr_ldap_state_error(fr_ldap_connection_t *c)
Signal that there's been an error on the connection.
int msgid
Of the bind operation. Only used when binding as admin.
fr_ldap_config_t const * config
rlm_ldap connection configuration.
fr_ldap_connection_t * c
to bind. Only used when binding as admin user.
trunk_request_t * treq
Trunk request this bind is associated with.
fr_ldap_state_t fr_ldap_state_next(fr_ldap_connection_t *c)
Move between LDAP connection states.
LDAPControl ** serverctrls
Controls to pass to the server.
fr_ldap_thread_trunk_t * fr_thread_ldap_bind_trunk_get(fr_ldap_thread_t *thread)
Find the thread specific trunk to use for LDAP bind auths.
#define LDAP_MAX_CONTROLS
Maximum number of client/server controls.
int fr_ldap_connection_timeout_reset(fr_ldap_connection_t const *conn)
char const * bind_dn
of the user, may be NULL to bind anonymously.
trunk_t * trunk
Connection trunk.
fr_ldap_thread_t * thread
This bind is being run by.
connection_t * conn
Connection state handle.
fr_rb_tree_t * binds
Tree of outstanding bind auths.
char const * password
of the user, may be NULL if no password is specified.
fr_ldap_rcode_t
Codes returned by fr_ldap internal functions.
@ LDAP_PROC_SUCCESS
Operation was successful.
@ LDAP_PROC_NOT_PERMITTED
Operation was not permitted, either current user was locked out in the case of binds,...
@ LDAP_PROC_REJECT
Bind failed, user was rejected.
@ LDAP_PROC_BAD_DN
Specified an invalid object in a bind or search DN.
@ LDAP_PROC_NO_RESULT
Got no results.
Holds arguments for async bind auth requests.
Holds arguments for the async bind operation.
Tracks the state of a libldap connection handle.
Thread specific structure to manage LDAP trunk connections.
Thread LDAP trunk structure.
fr_ldap_rcode_t fr_ldap_result(LDAPMessage **result, LDAPControl ***ctrls, fr_ldap_connection_t const *conn, int msgid, int all, char const *dn, fr_time_delta_t timeout)
Parse response from LDAP server dealing with any errors.
Stores all information relating to an event list.
void * fr_rb_remove(fr_rb_tree_t *tree, void const *data)
Remove an entry from the tree, without freeing the data.
#define RETURN_MODULE_RCODE(_rcode)
rlm_rcode_t
Return codes indicating the result of the module call.
@ RLM_MODULE_INVALID
The module considers the request invalid.
@ RLM_MODULE_OK
The module is OK, continue.
@ RLM_MODULE_FAIL
Module failed, don't reply.
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
@ RLM_MODULE_REJECT
Immediately reject the request.
@ RLM_MODULE_NOTFOUND
User not found.
fr_signal_t
Signals that can be generated/processed by request signal handlers.
@ FR_SIGNAL_CANCEL
Request has been cancelled.
#define fr_time_delta_wrap(_time)
trunk_request_t * trunk_request_alloc(trunk_t *trunk, request_t *request)
(Pre-)Allocate a new trunk request
trunk_enqueue_t trunk_request_enqueue(trunk_request_t **treq_out, trunk_t *trunk, request_t *request, void *preq, void *rctx)
Enqueue a request that needs data written to the trunk.
void trunk_request_signal_cancel(trunk_request_t *treq)
Cancel a trunk request.
void trunk_request_free(trunk_request_t **treq_to_free)
If the trunk request is freed then update the target requests.
void trunk_request_signal_complete(trunk_request_t *treq)
Signal that a trunk request is complete.
@ TRUNK_ENQUEUE_OK
Operation was successful.
@ TRUNK_ENQUEUE_IN_BACKLOG
Request should be enqueued in backlog.
static fr_event_list_t * el
1.9.8