 |
The FreeRADIUS server
$Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
|
The FreeRADIUS server
$Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
LDAP module group functions. More...
Include dependency graph for groups.c:Go to the source code of this file.
Data Structures | |
| struct | ldap_group_groupobj_ctx_t |
| Context to use when looking up group membership using group objects. More... | |
| struct | ldap_group_userobj_ctx_t |
| Context to use when resolving group membership from the user object. More... | |
| struct | ldap_group_userobj_dyn_ctx_t |
| Context to use when evaluating group membership from the user object in an xlat. More... | |
Macros | |
| #define | LOG_PREFIX "rlm_ldap groups" |
Functions | |
| static unlang_action_t | ldap_cacheable_groupobj_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Process the results of a group object lookup. More... | |
| static unlang_action_t | ldap_cacheable_groupobj_start (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Initiate an LDAP search for group membership looking at the group objects. More... | |
| static unlang_action_t | ldap_cacheable_userobj_resolve (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Initiate DN to name and name to DN group lookups. More... | |
| static unlang_action_t | ldap_cacheable_userobj_store (rlm_rcode_t *p_result, request_t *request, ldap_group_userobj_ctx_t *group_ctx) |
| Move user object group attributes to the control list. More... | |
| static unlang_action_t | ldap_check_groupobj_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Process the results of a group object lookup. More... | |
| static unlang_action_t | ldap_check_userobj_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Process the results of evaluating a user object when checking group membership. More... | |
| static unlang_action_t | ldap_check_userobj_start (UNUSED rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Initiate a user lookup to check membership. More... | |
| static void | ldap_dn2name_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx) |
| Cancel an in-progress DN to name lookup. More... | |
| static unlang_action_t | ldap_dn2name_start (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Initiate resolving a group DN to its name. More... | |
| static unlang_action_t | ldap_group_dn2name_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Process the results of a group DN -> name lookup. More... | |
| static unlang_action_t | ldap_group_dn2name_start (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Initiate an LDAP search to turn a group DN into it's name. More... | |
| static void | ldap_group_groupobj_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx) |
| Cancel a pending group object lookup. More... | |
| static unlang_action_t | ldap_group_name2dn_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Process the results of looking up group DNs from names. More... | |
| static unlang_action_t | ldap_group_name2dn_start (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx) |
| Convert multiple group names into a DNs. More... | |
| static void | ldap_group_userobj_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx) |
| Cancel a pending group lookup query. More... | |
| unlang_action_t | rlm_ldap_cacheable_groupobj (rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx) |
| Convert group membership information into attributes. More... | |
| unlang_action_t | rlm_ldap_cacheable_userobj (rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, char const *attr) |
| Convert group membership information into attributes. More... | |
| unlang_action_t | rlm_ldap_check_cached (rlm_rcode_t *p_result, rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check) |
| Check group membership attributes to see if a user is a member. More... | |
| unlang_action_t | rlm_ldap_check_groupobj_dynamic (rlm_rcode_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx) |
| Initiate an LDAP search to determine group membership, querying group objects. More... | |
| unlang_action_t | rlm_ldap_check_userobj_dynamic (rlm_rcode_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx) |
| Query the LDAP directory to check if a user object is a member of a group. More... | |
| static int | userobj_dyn_free (ldap_group_userobj_dyn_ctx_t *group_ctx) |
| Ensure retrieved LDAP values are cleared up. More... | |
Variables | |
| static char const * | null_attrs [] = { NULL } |
LDAP module group functions.
Definition in file groups.c.
| struct ldap_group_groupobj_ctx_t |
Context to use when looking up group membership using group objects.
Collaboration diagram for ldap_group_groupobj_ctx_t:| Data Fields | ||
|---|---|---|
| char const * | attrs[2] | For retrieving the group name. |
| fr_value_box_t * | base_dn | The base DN to search for groups in. |
| fr_value_box_list_t | expanded_filter | Values produced by expanding filter xlat. |
| tmpl_t * | filter_tmpl | Tmpl to expand into LDAP filter. |
| rlm_ldap_t const * | inst | Module instance. |
| fr_ldap_query_t * | query | Current query performing group lookup. |
| fr_ldap_thread_trunk_t * | ttrunk | Trunk on which to perform additional queries. |
| void * | uctx | Optional context for use in results parsing. |
| struct ldap_group_userobj_ctx_t |
Context to use when resolving group membership from the user object.
Collaboration diagram for ldap_group_userobj_ctx_t:| Data Fields | ||
|---|---|---|
| char const * | attrs[2] | For resolving name from DN. |
| fr_value_box_t * | base_dn | The base DN to search for groups in. |
| char ** | dn | Current DN being resolved. |
| char * | group_dn[LDAP_MAX_CACHEABLE+1] | List of group DNs which need resolving. |
| char * | group_name[LDAP_MAX_CACHEABLE+1] | List of group names which need resolving. |
| fr_pair_list_t | groups | Temporary list to hold pairs. |
| rlm_ldap_t const * | inst | Module instance. |
| TALLOC_CTX * | list_ctx | In which to allocate pairs. |
| unsigned int | name_cnt | How many names need resolving. |
| fr_ldap_query_t * | query | Current query performing group resolution. |
| fr_ldap_thread_trunk_t * | ttrunk | Trunk on which to perform additional queries. |
| struct ldap_group_userobj_dyn_ctx_t |
Context to use when evaluating group membership from the user object in an xlat.
Collaboration diagram for ldap_group_userobj_dyn_ctx_t:| Data Fields | ||
|---|---|---|
| char const * | attrs[2] | For retrieving the group name. |
| int | count | How many entries there are in values. |
| char * | group_name | Result of resolving the provided group DN as to a name. |
| char const * | lookup_dn | The DN currently being looked up, when resolving DN to name. |
| fr_ldap_query_t * | query | Current query doing a DN to name resolution. |
| bool | resolving_value | Is the current query resolving a DN from values. |
| int | value_no | The current entry in values being processed. |
| struct berval ** | values | Values of the membership attribute to check. |
| ldap_group_xlat_ctx_t * | xlat_ctx | Xlat context being evaluated. |
|
static |
Process the results of a group object lookup.
| [out] | p_result | Result of processing group lookup. |
| [out] | priority | Unused. |
| [in] | request | Current request. |
| [in] | uctx | Group lookup context. |
Definition at line 614 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Initiate an LDAP search for group membership looking at the group objects.
| [out] | p_result | Result of submitting LDAP search |
| [out] | priority | Unused. |
| [in] | request | Current request. |
| [in] | uctx | Group lookup context. |
Definition at line 574 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Initiate DN to name and name to DN group lookups.
Called repeatedly until there are no more lookups to perform or an unresolved lookup causes the module to fail.
| p_result | The result of the previous expansion. |
| priority | unused. |
| request | Current request. |
| uctx | The group context being processed. |
Definition at line 383 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Move user object group attributes to the control list.
| p_result | The result of adding user object group attributes |
| request | Current request. |
| group_ctx | Context used to evaluate group attributes |
Definition at line 346 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Process the results of a group object lookup.
| [out] | p_result | Result of processing group lookup. |
| [out] | priority | Unused. |
| [in] | request | Current request. |
| [in] | uctx | Group lookup context. |
Definition at line 741 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
|
static |
|
static |
|
static |
|
static |
Process the results of a group DN -> name lookup.
The retrieved value is added as a value pair to the temporary list in the group resolution context.
| [out] | p_result | The result of trying to resolve a dn to a group name. |
| [in] | priority | unused. |
| [in] | request | Current request. |
| [in] | uctx | The group resolution context. |
Definition at line 279 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Initiate an LDAP search to turn a group DN into it's name.
Unlike the inverse conversion of a name to a DN, most LDAP directories don't allow filtering by DN, so we need to search for each DN individually.
| [out] | p_result | The result of trying to resolve a dn to a group name. |
| [in] | priority | unused. |
| [in] | request | Current request. |
| [in] | uctx | The group resolution context. |
Definition at line 251 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
|
static |
Process the results of looking up group DNs from names.
| [out] | p_result | The result of trying to resolve a group name to a dn. |
| [out] | priority | Unused |
| [in] | request | Current request. |
| [in] | uctx | Group lookup context. |
Definition at line 162 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
Convert multiple group names into a DNs.
Given an array of group names, builds a filter matching all names, then retrieves all group objects and stores the DN associated with each group object.
| [out] | p_result | The result of trying to resolve a group name to a dn. |
| [out] | priority | Unused |
| [in] | request | Current request. |
| [in] | uctx | Group lookup context. |
Definition at line 111 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
| unlang_action_t rlm_ldap_cacheable_groupobj | ( | rlm_rcode_t * | p_result, |
| request_t * | request, | ||
| ldap_autz_ctx_t * | autz_ctx | ||
| ) |
Convert group membership information into attributes.
| [out] | p_result | The result of trying to resolve a dn to a group name. |
| [in] | request | Current request. |
| [in] | autz_ctx | Authentication context being processed. |
Definition at line 700 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:| unlang_action_t rlm_ldap_cacheable_userobj | ( | rlm_rcode_t * | p_result, |
| request_t * | request, | ||
| ldap_autz_ctx_t * | autz_ctx, | ||
| char const * | attr | ||
| ) |
Convert group membership information into attributes.
This may just be able to parse attribute values in the user object or it may need to yield to other LDAP searches depending on what was returned and what is set to be cached.
| [out] | p_result | The result of trying to resolve a dn to a group name. |
| [in] | request | Current request. |
| [in] | autz_ctx | LDAP authorization context being processed. |
| [in] | attr | membership attribute to look for in the entry. |
Definition at line 443 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:| unlang_action_t rlm_ldap_check_cached | ( | rlm_rcode_t * | p_result, |
| rlm_ldap_t const * | inst, | ||
| request_t * | request, | ||
| fr_value_box_t const * | check | ||
| ) |
Check group membership attributes to see if a user is a member.
| [out] | p_result | Result of calling the module. |
| [in] | inst | rlm_ldap configuration. |
| [in] | request | Current request. |
| [in] | check | vb containing the group value (name or dn). |
Definition at line 1155 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:| unlang_action_t rlm_ldap_check_groupobj_dynamic | ( | rlm_rcode_t * | p_result, |
| request_t * | request, | ||
| ldap_group_xlat_ctx_t * | xlat_ctx | ||
| ) |
Initiate an LDAP search to determine group membership, querying group objects.
Used by LDAP group membership xlat
| p_result | Current module result code. |
| request | Current request. |
| xlat_ctx | xlat context being processed. |
Definition at line 786 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:| unlang_action_t rlm_ldap_check_userobj_dynamic | ( | rlm_rcode_t * | p_result, |
| request_t * | request, | ||
| ldap_group_xlat_ctx_t * | xlat_ctx | ||
| ) |
Query the LDAP directory to check if a user object is a member of a group.
| [out] | p_result | Result of calling the module. |
| [in] | request | Current request. |
| [in] | xlat_ctx | Context of the xlat being evaluated. |
Definition at line 1117 of file groups.c.
Here is the call graph for this function: Here is the caller graph for this function:
|
static |
1.9.1