The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
base.h File Reference

Common utility functions for interacting with LDAP directories. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/connection.h>
#include <freeradius-devel/server/global_lib.h>
#include <freeradius-devel/server/map.h>
#include <freeradius-devel/server/trunk.h>
#include <freeradius-devel/unlang/function.h>
#include <freeradius-devel/util/dlist.h>
#include <lber.h>
#include <ldap.h>
#include "config.h"
+ Include dependency graph for base.h:

Go to the source code of this file.

Data Structures

struct  fr_ldap_bind_auth_ctx_t
 Holds arguments for async bind auth requests. More...
 
union  fr_ldap_bind_auth_ctx_t.__unnamed50__
 
struct  fr_ldap_bind_ctx_t
 Holds arguments for the async bind operation. More...
 
struct  fr_ldap_config_t
 Connection configuration. More...
 
struct  fr_ldap_connection_t
 Tracks the state of a libldap connection handle. More...
 
struct  fr_ldap_control_t
 
struct  fr_ldap_directory_t
 
struct  fr_ldap_map_exp_t
 Result of expanding the RHS of a set of maps. More...
 
struct  fr_ldap_query_s
 LDAP query structure. More...
 
union  fr_ldap_query_s.__unnamed40__
 
struct  fr_ldap_query_s.__unnamed40__.extended
 
struct  fr_ldap_query_s.__unnamed40__.search
 
struct  fr_ldap_referral_s
 Parsed LDAP referral structure. More...
 
struct  fr_ldap_result_t
 Contains a collection of values. More...
 
struct  fr_ldap_sasl_ctx_t
 Holds arguments for the async SASL bind operation. More...
 
struct  fr_ldap_sasl_t
 
struct  fr_ldap_thread_t
 Thread specific structure to manage LDAP trunk connections. More...
 
struct  fr_ldap_thread_trunk_s
 Thread LDAP trunk structure. More...
 
struct  fr_libldap_global_config_t
 libldap global configuration data More...
 
struct  ldap_filter_s
 Structure to hold parsed details of LDAP filters. More...
 
union  ldap_filter_s.__unnamed44__
 
struct  ldap_filter_s.__unnamed44__.__unnamed46__
 
struct  ldap_filter_s.__unnamed44__.__unnamed48__
 

Macros

#define LDAP_CONST
 
#define LDAP_DEPRECATED   0 /* Quiet warnings about LDAP_DEPRECATED not being defined */
 
#define LDAP_DIRECTORY_ATTRS
 
#define LDAP_MAP_RESERVED   5
 Number of additional items to allocate in expanded. More...
 
#define LDAP_MATCHING_RULE_BIT_AND   "1.2.840.113556.1.4.803"
 OID of bit-wise AND LDAP match rule. More...
 
#define LDAP_MATCHING_RULE_BIT_OR   "1.2.840.113556.1.4.804"
 OID of bit-wise OR LDAP match rule. More...
 
#define LDAP_MAX_ATTR_STR_LEN   256
 Maximum length of an xlat expanded LDAP attribute. More...
 
#define LDAP_MAX_ATTRMAP   128
 Maximum number of mappings between LDAP and. More...
 
#define LDAP_MAX_CACHEABLE   64
 Maximum number of groups we retrieve from the server for. More...
 
#define LDAP_MAX_CONTROLS   10
 Maximum number of client/server controls. More...
 
#define LDAP_MAX_DN_STR_LEN   1024
 Maximum length of an xlat expanded DN. More...
 
#define LDAP_MAX_FILTER_STR_LEN   1024
 Maximum length of an xlat expanded filter. More...
 
#define LDAP_MAX_GROUP_NAME_LEN   128
 Maximum name of a group name. More...
 
#define LDAP_SERVER_NOTIFICATION_OID   "1.2.840.113556.1.4.528"
 OID of Active Directory control for. More...
 
#define LDAP_SERVER_SHOW_DELETED_OID   "1.2.840.113556.1.4.417"
 OID of Active Directory control which. More...
 
#define LDAP_VENDOR_VERSION_PATCH   0
 
#define LDAP_VIRTUAL_DN_ATTR   "dn"
 'Virtual' attribute which maps to the DN of the object. More...
 
#define X   0
 

Typedefs

typedef int(* filter_attr_check_t) (char const *attr, void *uctx)
 
typedef struct fr_ldap_query_s fr_ldap_query_t
 
typedef struct fr_ldap_referral_s fr_ldap_referral_t
 Parsed LDAP referral structure. More...
 
typedef void(* fr_ldap_result_parser_t) (LDAP *handle, fr_ldap_query_t *query, LDAPMessage *head, void *rctx)
 
typedef struct fr_ldap_thread_trunk_s fr_ldap_thread_trunk_t
 Thread LDAP trunk structure. More...
 
typedef struct ldap_filter_s ldap_filter_t
 

Enumerations

enum  fr_ldap_bind_type_t { LDAP_BIND_SIMPLE = 0 }
 
enum  fr_ldap_directory_type_t {
  FR_LDAP_DIRECTORY_UNKNOWN = 0 ,
  FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY ,
  FR_LDAP_DIRECTORY_EDIRECTORY ,
  FR_LDAP_DIRECTORY_IBM ,
  FR_LDAP_DIRECTORY_NETSCAPE ,
  FR_LDAP_DIRECTORY_OPENLDAP ,
  FR_LDAP_DIRECTORY_ORACLE_INTERNET_DIRECTORY ,
  FR_LDAP_DIRECTORY_ORACLE_UNIFIED_DIRECTORY ,
  FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY ,
  FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY ,
  FR_LDAP_DIRECTORY_SIEMENS_AG ,
  FR_LDAP_DIRECTORY_UNBOUND_ID
}
 
enum  fr_ldap_rcode_t {
  LDAP_PROC_REFERRAL = 2 ,
  LDAP_PROC_CONTINUE = 1 ,
  LDAP_PROC_SUCCESS = 0 ,
  LDAP_PROC_ERROR = -1 ,
  LDAP_PROC_BAD_CONN = -2 ,
  LDAP_PROC_NOT_PERMITTED = -3 ,
  LDAP_PROC_REJECT = -4 ,
  LDAP_PROC_BAD_DN = -5 ,
  LDAP_PROC_NO_RESULT = -6 ,
  LDAP_PROC_TIMEOUT = -7 ,
  LDAP_PROC_REFRESH_REQUIRED = -8
}
 Codes returned by fr_ldap internal functions. More...
 
enum  fr_ldap_request_type_t {
  LDAP_REQUEST_SEARCH = 1 ,
  LDAP_REQUEST_MODIFY ,
  LDAP_REQUEST_EXTENDED
}
 Types of LDAP requests. More...
 
enum  fr_ldap_result_code_t {
  LDAP_RESULT_PENDING = 1 ,
  LDAP_RESULT_SUCCESS = 0 ,
  LDAP_RESULT_ERROR = -1 ,
  LDAP_RESULT_TIMEOUT = -2 ,
  LDAP_RESULT_BAD_DN = -3 ,
  LDAP_RESULT_NO_RESULT = -4 ,
  LDAP_RESULT_REFERRAL_FAIL = -5 ,
  LDAP_RESULT_EXCESS_REFERRALS = -6 ,
  LDAP_RESULT_MISSING_REFERRAL = -7
}
 LDAP query result codes. More...
 
enum  fr_ldap_state_t {
  FR_LDAP_STATE_INIT = 0 ,
  FR_LDAP_STATE_START_TLS ,
  FR_LDAP_STATE_BIND ,
  FR_LDAP_STATE_RUN ,
  FR_LDAP_STATE_ERROR
}
 LDAP connection handle states. More...
 
enum  fr_ldap_sync_type_t {
  FR_LDAP_SYNC_NONE = 0 ,
  FR_LDAP_SYNC_RFC4533 ,
  FR_LDAP_SYNC_ACTIVE_DIRECTORY ,
  FR_LDAP_SYNC_PERSISTENT_SEARCH
}
 
enum  ldap_filter_logic_t {
  LDAP_FILTER_LOGIC_AND = 1 ,
  LDAP_FILTER_LOGIC_OR ,
  LDAP_FILTER_LOGIC_NOT
}
 Logical operators for use in LDAP filters. More...
 
enum  ldap_filter_op_t {
  LDAP_FILTER_OP_UNSET = 0 ,
  LDAP_FILTER_OP_EQ ,
  LDAP_FILTER_OP_SUBSTR ,
  LDAP_FILTER_OP_PRESENT ,
  LDAP_FILTER_OP_GE ,
  LDAP_FILTER_OP_LE ,
  LDAP_FILTER_OP_BIT_AND ,
  LDAP_FILTER_OP_BIT_OR
}
 Operators for use in LDAP filters. More...
 
enum  ldap_filter_type_t {
  LDAP_FILTER_NODE = 0 ,
  LDAP_FILTER_GROUP
}
 Types of parsed LDAP filter nodes. More...
 
enum  ldap_supported_extension_t {
  LDAP_EXT_UNSUPPORTED ,
  LDAP_EXT_BINDNAME ,
  LDAP_EXT_BINDPW
}
 

Functions

int fr_ldap_attrs_check (char const **attrs, char const *attr)
 Check that a particular attribute is included in an attribute list. More...
 
static int fr_ldap_berval_strncasecmp (struct berval *value, char const *str, size_t strlen)
 Compare a berval with a C string of a known length using case insensitive comparison. More...
 
uint8_tfr_ldap_berval_to_bin (TALLOC_CTX *ctx, struct berval const *in)
 Convert a berval to a talloced buffer. More...
 
char * fr_ldap_berval_to_string (TALLOC_CTX *ctx, struct berval const *in)
 Convert a berval to a talloced string. More...
 
static void fr_ldap_berval_to_value_shallow (fr_value_box_t *value, struct berval *berval)
 Inline function to copy pointers from a berval to a valuebox. More...
 
static void fr_ldap_berval_to_value_str_shallow (fr_value_box_t *value, struct berval *berval)
 Inline function to copy pointer from a berval to a string value box. More...
 
int fr_ldap_bind_async (fr_ldap_connection_t *c, char const *bind_dn, char const *password, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Install I/O handlers for the bind operation. More...
 
unlang_action_t fr_ldap_bind_auth_async (request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password)
 Initiate an async LDAP bind for authentication. More...
 
static int8_t fr_ldap_bind_auth_cmp (void const *one, void const *two)
 Compare two ldap bind auth structures on msgid. More...
 
int fr_ldap_box_escape (fr_value_box_t *vb, UNUSED void *uctx)
 
size_t fr_ldap_common_dn (char const *full, char const *part)
 Find the place at which the two DN strings diverge. More...
 
int fr_ldap_conn_directory_alloc_async (fr_ldap_connection_t *ldap_conn)
 Async extract useful information from the rootDSE of the LDAP server. More...
 
fr_ldap_connection_tfr_ldap_connection_alloc (TALLOC_CTX *ctx)
 Allocate our ldap connection handle layer. More...
 
int fr_ldap_connection_configure (fr_ldap_connection_t *c, fr_ldap_config_t const *config)
 Allocate and configure a new connection. More...
 
fr_connection_tfr_ldap_connection_state_alloc (TALLOC_CTX *ctx, fr_event_list_t *el, fr_ldap_config_t const *config, char const *log_prefix)
 Alloc a self re-establishing connection to an LDAP server. More...
 
int fr_ldap_connection_timeout_reset (fr_ldap_connection_t const *conn)
 
int fr_ldap_connection_timeout_set (fr_ldap_connection_t const *conn, fr_time_delta_t timeout)
 
int fr_ldap_control_add_client (fr_ldap_connection_t *conn, LDAPControl *ctrl, bool freeit)
 Add a clientctrl to a connection handle. More...
 
int fr_ldap_control_add_server (fr_ldap_connection_t *conn, LDAPControl *ctrl, bool freeit)
 Add a serverctrl to a connection handle. More...
 
int fr_ldap_control_add_session_tracking (fr_ldap_connection_t *conn, request_t *request)
 
void fr_ldap_control_clear (fr_ldap_connection_t *conn)
 Clear and free any controls associated with a connection. More...
 
void fr_ldap_control_merge (LDAPControl *serverctrls_out[], LDAPControl *clientctrls_out[], size_t serverctrls_len, size_t clientctrls_len, fr_ldap_connection_t *conn, LDAPControl *serverctrls_in[], LDAPControl *clientctrls_in[])
 Merge connection and call specific client and server controls. More...
 
int fr_ldap_directory_result_parse (fr_ldap_directory_t *directory, LDAP *handle, LDAPMessage *result, char const *name)
 
char const * fr_ldap_edir_errstr (int code)
 
unlang_action_t fr_ldap_edir_get_password (request_t *request, char const *dn, fr_ldap_thread_trunk_t *ttrunk, fr_dict_attr_t const *password_da)
 Initiate retrieval of the universal password from Novell eDirectory. More...
 
fr_ldap_rcode_t fr_ldap_error_check (LDAPControl ***ctrls, fr_ldap_connection_t const *conn, LDAPMessage *msg, char const *dn)
 Perform basic parsing of multiple types of messages, checking for error conditions. More...
 
char const * fr_ldap_error_str (fr_ldap_connection_t const *conn)
 Return the error string associated with a handle. More...
 
fr_ldap_query_tfr_ldap_extended_alloc (TALLOC_CTX *ctx, char const *reqiod, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Allocate a new LDAP extended operations object. More...
 
fr_ldap_rcode_t fr_ldap_extended_async (int *msgid, request_t *request, fr_ldap_connection_t *pconn, char const *reqiod, struct berval *reqdata)
 Initiate an LDAP extended operation. More...
 
bool fr_ldap_filter_eval (fr_dlist_head_t *root, fr_ldap_connection_t *conn, LDAPMessage *msg)
 Evaluate an LDAP filter. More...
 
fr_slen_t fr_ldap_filter_parse (TALLOC_CTX *ctx, fr_dlist_head_t **root, fr_sbuff_t *filter, filter_attr_check_t attr_check, void *uctx)
 Parse an LDAP filter into its component nodes. More...
 
int fr_ldap_filter_to_tmpl (TALLOC_CTX *ctx, tmpl_rules_t const *t_rules, char const **sub, size_t sublen, tmpl_t **out))
 Combine filters and tokenize to a tmpl. More...
 
void fr_ldap_free (void)
 
int fr_ldap_global_config (int debug_level, char const *tls_random_file)
 Change settings global to libldap. More...
 
LDAP * fr_ldap_handle_thread_local (void)
 Get a thread local dummy LDAP handle. More...
 
int fr_ldap_init (void)
 Initialise libldap and check library versions. More...
 
int fr_ldap_map_do (request_t *request, char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry)
 Convert attribute map into valuepairs. More...
 
int fr_ldap_map_expand (TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, char const *generic_attr)
 Expand values in an attribute map where needed. More...
 
int fr_ldap_map_getvalue (TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, map_t const *map, void *uctx)
 Callback for map_to_request. More...
 
int fr_ldap_map_verify (map_t *map, void *instance)
 
fr_ldap_query_tfr_ldap_modify_alloc (TALLOC_CTX *ctx, char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls)
 Allocate a new LDAP modify object. More...
 
fr_ldap_rcode_t fr_ldap_modify_async (int *msgid, request_t *request, fr_ldap_connection_t *pconn, char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls)
 Modify something in the LDAP directory. More...
 
int fr_ldap_parse_url_extensions (LDAPControl **sss, size_t sss_len, char *extensions[])
 Parse a subset (just server side sort for now) of LDAP URL extensions. More...
 
static int8_t fr_ldap_query_cmp (void const *one, void const *two)
 Compare two ldap query structures on msgid. More...
 
fr_ldap_referral_tfr_ldap_referral_alloc (TALLOC_CTX *ctx, request_t *request)
 Allocate a new structure to handle an LDAP referral, setting the destructor. More...
 
int fr_ldap_referral_follow (fr_ldap_thread_t *thread, request_t *request, fr_ldap_query_t *query)
 Follow an LDAP referral. More...
 
int fr_ldap_referral_next (fr_ldap_thread_t *thread, request_t *request, fr_ldap_query_t *query)
 Follow an alternative LDAP referral. More...
 
fr_ldap_rcode_t fr_ldap_result (LDAPMessage **result, LDAPControl ***ctrls, fr_ldap_connection_t const *conn, int msgid, int all, char const *dn, fr_time_delta_t timeout)
 Parse response from LDAP server dealing with any errors. More...
 
fr_ldap_query_tfr_ldap_search_alloc (TALLOC_CTX *ctx, char const *base_dn, int scope, char const *filter, char const *const *attrs, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Allocate a new search object. More...
 
fr_ldap_rcode_t fr_ldap_search_async (int *msgid, request_t *request, fr_ldap_connection_t *pconn, char const *dn, int scope, char const *filter, char const *const *attrs, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Search for something in the LDAP directory. More...
 
int fr_ldap_server_config_check (fr_ldap_config_t *handle_config, char const *server, CONF_SECTION *cs)
 Check an LDAP server config in server:port format is valid. More...
 
int fr_ldap_server_url_check (fr_ldap_config_t *handle_config, char const *server, CONF_SECTION const *cs)
 Check an LDAP server entry in URL format is valid. More...
 
int fr_ldap_start_tls_async (fr_ldap_connection_t *c, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Install I/O handlers for Start TLS negotiation. More...
 
void fr_ldap_state_error (fr_ldap_connection_t *c)
 Signal that there's been an error on the connection. More...
 
fr_ldap_state_t fr_ldap_state_next (fr_ldap_connection_t *c)
 Move between LDAP connection states. More...
 
void fr_ldap_timeout_debug (request_t *request, fr_ldap_connection_t const *conn, fr_time_delta_t timeout, char const *prefix)
 Prints information to the debug log on the current timeout settings. More...
 
static int8_t fr_ldap_trunk_cmp (void const *one, void const *two)
 Compare two ldap trunk structures on connection URI / DN. More...
 
int fr_ldap_trunk_directory_alloc_async (TALLOC_CTX *ctx, fr_ldap_thread_trunk_t *ttrunk)
 Async extract useful information from the rootDSE of the LDAP server. More...
 
unlang_action_t fr_ldap_trunk_extended (TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Run an async LDAP "extended operation" query on a trunk connection. More...
 
unlang_action_t fr_ldap_trunk_modify (TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls)
 Run an async modification LDAP query on a trunk connection. More...
 
unlang_action_t fr_ldap_trunk_search (TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *base_dn, int scope, char const *filter, char const *const *attrs, LDAPControl **serverctrls, LDAPControl **clientctrls)
 Run an async search LDAP query on a trunk connection. More...
 
size_t fr_ldap_uri_escape_func (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg))
 Converts "bad" strings into ones which are safe for LDAP. More...
 
size_t fr_ldap_uri_unescape_func (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg))
 Converts escaped DNs and filter strings into normal. More...
 
char const * fr_ldap_url_err_to_str (int ldap_url_err)
 Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror() More...
 
bool fr_ldap_util_is_dn (char const *in, size_t inlen)
 Check whether a string looks like a DN. More...
 
size_t fr_ldap_util_normalise_dn (char *out, char const *in)
 Normalise escape sequences in a DN. More...
 
fr_ldap_thread_trunk_tfr_thread_ldap_bind_trunk_get (fr_ldap_thread_t *thread)
 Find the thread specific trunk to use for LDAP bind auths. More...
 
fr_ldap_thread_trunk_tfr_thread_ldap_trunk_get (fr_ldap_thread_t *thread, char const *uri, char const *bind_dn, char const *bind_password, request_t *request, fr_ldap_config_t const *config)
 Find a thread specific LDAP connection for a specific URI / bind DN. More...
 
fr_trunk_state_t fr_thread_ldap_trunk_state (fr_ldap_thread_t *thread, char const *uri, char const *bind_dn)
 Lookup the state of a thread specific LDAP connection trunk for a specific URI / bind DN. More...
 

Variables

fr_table_num_sorted_t const fr_ldap_connection_states []
 
size_t fr_ldap_connection_states_len
 
fr_table_num_sorted_t const fr_ldap_dereference []
 
size_t fr_ldap_dereference_len
 
fr_table_num_sorted_t const fr_ldap_scope []
 
size_t fr_ldap_scope_len
 
fr_table_num_sorted_t const fr_ldap_supported_extensions []
 
size_t fr_ldap_supported_extensions_len
 
fr_table_num_sorted_t const fr_ldap_tls_require_cert []
 
size_t fr_ldap_tls_require_cert_len
 
global_lib_autoinst_t fr_libldap_global_config
 
LDAP * ldap_global_handle
 Hack for OpenLDAP libldap global initialisation. More...
 

Detailed Description

Common utility functions for interacting with LDAP directories.

Id
172376fc8ddf3b582ac0a48639f629f42b9ae523
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Copyright
2017 The FreeRADIUS Server Project.
2017 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Definition in file base.h.

Data Structure Documentation

◆ fr_ldap_bind_auth_ctx_t

struct fr_ldap_bind_auth_ctx_t

Holds arguments for async bind auth requests.

Used when LDAP binds are being used to authenticate users, rather than admin binds. Allows tracking of multiple bind requests on a single connection.

Definition at line 608 of file base.h.

+ Collaboration diagram for fr_ldap_bind_auth_ctx_t:
Data Fields
union fr_ldap_bind_auth_ctx_t __unnamed__
int msgid libldap msgid for this bind.
fr_rb_node_t node Entry in the tree of outstanding bind requests.
request_t * request this bind relates to.
fr_ldap_rcode_t ret Return code of bind operation.
fr_ldap_thread_t * thread This bind is being run by.
fr_trunk_request_t * treq Trunk request this bind is associated with.
fr_ldap_bind_type_t type type of bind.

◆ fr_ldap_bind_auth_ctx_t.__unnamed50__

union fr_ldap_bind_auth_ctx_t.__unnamed50__

Definition at line 615 of file base.h.

Data Fields
fr_ldap_bind_ctx_t * bind_ctx User data for simple binds.
fr_ldap_sasl_ctx_t * sasl_ctx User data for SASL binds.

◆ fr_ldap_bind_ctx_t

struct fr_ldap_bind_ctx_t

Holds arguments for the async bind operation.

Definition at line 488 of file base.h.

+ Collaboration diagram for fr_ldap_bind_ctx_t:
Data Fields
char const * bind_dn of the user, may be NULL to bind anonymously.
fr_ldap_connection_t * c to bind. Only used when binding as admin user.
LDAPControl ** clientctrls Controls to pass to the client (library).
int msgid Of the bind operation. Only used when binding as admin.
char const * password of the user, may be NULL if no password is specified.
LDAPControl ** serverctrls Controls to pass to the server.

◆ fr_ldap_config_t

struct fr_ldap_config_t

Connection configuration.

Must not be passed into functions except via the connection handle this avoids problems with not using the connection pool configuration.

Definition at line 219 of file base.h.

+ Collaboration diagram for fr_ldap_config_t:
Data Fields
char const * admin_identity Identity we bind as when we need to query the LDAP directory.
char const * admin_password Password used in administrative bind.
fr_ldap_sasl_t admin_sasl SASL parameters used when binding as the admin.
bool chase_referrals If the LDAP server returns a referral to another server or point in the tree, follow it, establishing new connections and binding where necessary.
bool chase_referrals_unset If true, use the OpenLDAP defaults for chase_referrals.
int dereference libldap value specifying dereferencing behaviour.
char const * dereference_str When to dereference (never, searching, finding, always)
fr_time_delta_t idle_timeout How long to wait before closing unused connections.
fr_time_delta_t keepalive_idle Number of seconds a connections needs to remain idle before TCP starts sending keepalive probes.
fr_time_delta_t keepalive_interval Interval between keepalive probes.
uint32_t keepalive_probes Number of missed timeouts before the connection is dropped.
char const * name Name of the module that created this connection.
fr_time_delta_t net_timeout How long we wait in blocking network calls.

We set this in the LDAP API, even though with async calls, we control this using our event loop. This is just in case there are blocking calls which happen internally which we can't work around.

uint16_t port Port to use when binding to the server.
bool rebind If use_referral_credentials is false, controls whether we bind as our admin credentials (true) or anonymously (false) when connecting to a different server to follow a referral.
fr_time_delta_t reconnection_delay How long to wait before attempting to reconnect.
uint16_t referral_depth How many referrals to chase.
fr_time_delta_t res_timeout How long we wait for results.
const char * sasl_secprops SASL Security Properties to set.
char * server Initial server to bind to.
char const ** server_str Server set in the config.
fr_time_delta_t srv_timelimit How long the server should spent on a single request (also bounded by value on the server).
bool start_tls Send the Start TLS message to the LDAP directory to start encrypted communications using the standard LDAP port.
char const * tls_ca_file Sets the full path to a CA certificate (used to validate the certificate the server presents).
char const * tls_ca_path Sets the path to a directory containing CA certificates.
char const * tls_certificate_file Sets the path to the public certificate file we present to the servers.
fr_time_delta_t tls_handshake_timeout How long we wait for the TLS handshake to complete.
int tls_min_version
char const * tls_min_version_str Minimum TLS version.
int tls_mode
char const * tls_private_key_file Sets the path to the private key for our public certificate.
int tls_require_cert OpenLDAP constant representing the require cert string.
char const * tls_require_cert_str Sets requirements for validating the certificate the server presents.
bool use_referral_credentials If true use credentials from the referral URL.

◆ fr_ldap_connection_t

struct fr_ldap_connection_t

Tracks the state of a libldap connection handle.

Definition at line 330 of file base.h.

+ Collaboration diagram for fr_ldap_connection_t:
Data Fields
fr_ldap_control_t clientctrls[LDAP_MAX_CONTROLS+1] Client controls to use for all operations with this handle.
int clientctrls_cnt Number of client controls associated with the handle.
fr_ldap_config_t const * config rlm_ldap connection configuration.
fr_connection_t * conn Connection state handle.
fr_ldap_directory_t * directory The type of directory we're connected to.
int fd File descriptor for this connection.
LDAP * handle libldap handle.
fr_rb_tree_t * queries Outstanding queries on this connection.
fr_dlist_head_t refs Replied to queries still referencing this connection.
fr_ldap_control_t serverctrls[LDAP_MAX_CONTROLS+1] Server controls to use for all operations with this handle.
int serverctrls_cnt Number of server controls associated with the handle.
fr_ldap_state_t state LDAP connection state machine.
void * uctx User data associated with the handle.

◆ fr_ldap_control_t

struct fr_ldap_control_t

Definition at line 134 of file base.h.

Data Fields
LDAPControl * control LDAP control.
bool freeit Whether the control should be freed after we've finished using it.

◆ fr_ldap_directory_t

struct fr_ldap_directory_t

Definition at line 199 of file base.h.

Data Fields
bool cleartext_password Whether the server will return the user's plaintext password.
char const ** naming_contexts Databases served by this directory.
fr_ldap_sync_type_t sync_type What kind of LDAP sync this directory supports.
fr_ldap_directory_type_t type Canonical server implementation.
char const * vendor_str As returned from the vendorName attribute in the rootDSE.
char const * version_str As returned from the vendorVersion attribute in the rootDSE.

◆ fr_ldap_map_exp_t

struct fr_ldap_map_exp_t

Result of expanding the RHS of a set of maps.

Used to store the array of attributes we'll be querying for.

Definition at line 368 of file base.h.

Data Fields
char const * attrs[LDAP_MAX_ATTRMAP+LDAP_MAP_RESERVED+1] Reserve some space for access attributes.

and NULL termination.

int count Index on next free element.
TALLOC_CTX * ctx Context to allocate new attributes in.
map_list_t const * maps Head of list of maps we expanded the RHS of.

◆ fr_ldap_query_s

struct fr_ldap_query_s

LDAP query structure.

Used to hold the elements of an LDAP query and track its progress. libldap structures will be freed by the talloc destructor. The same structure is used both for search queries and modifications

Definition at line 420 of file base.h.

+ Collaboration diagram for fr_ldap_query_s:
Data Fields
union fr_ldap_query_s __unnamed__
fr_ldap_control_t clientctrls[LDAP_MAX_CONTROLS] Client controls specific to this query.
char const * dn Base DN for searches, DN for modifications.
fr_dlist_t entry Entry in the list of connection references.
fr_event_timer_t const * ev Event for timing out the query.
fr_ldap_connection_t * ldap_conn LDAP connection this query is running on.
LDAPURLDesc * ldap_url parsed URL for current query if the source of the query was a URL.
int msgid The unique identifier for this query.

Uniqueness is only per connection.

fr_rb_node_t node Entry in the tree of outstanding queries.
fr_ldap_result_parser_t parser Custom results parser.
fr_ldap_referral_t * referral Referral actually being followed.
uint16_t referral_depth How many referrals we have followed.
char ** referral_urls Referral results to follow.
fr_dlist_head_t referrals List of parsed referrals.
LDAPMessage * result Head of LDAP results list.
fr_ldap_result_code_t ret Result code.
fr_ldap_control_t serverctrls[LDAP_MAX_CONTROLS] Server controls specific to this query.
fr_trunk_request_t * treq Trunk request this query is associated with.
fr_ldap_request_type_t type What type of query this is.

◆ fr_ldap_query_s.__unnamed40__

union fr_ldap_query_s.__unnamed40__

Definition at line 429 of file base.h.

Data Fields
__unnamed40__ extended
LDAPMod ** mods Changes to be applied if this query is a modification.
__unnamed40__ search

◆ fr_ldap_query_s.__unnamed40__.extended

struct fr_ldap_query_s.__unnamed40__.extended

Definition at line 435 of file base.h.

Data Fields
struct berval * reqdata Data required for the request.
char const * reqoid OID of extended operation to perform.

◆ fr_ldap_query_s.__unnamed40__.search

struct fr_ldap_query_s.__unnamed40__.search

Definition at line 430 of file base.h.

Data Fields
char const ** attrs Attributes being requested in a search.
char const * filter Filter for search.
int scope Search scope.

◆ fr_ldap_referral_s

struct fr_ldap_referral_s

Parsed LDAP referral structure.

When LDAP servers respond with a referral, it is parsed into one or more fr_ldap_referral_t and kept until the referral has been followed. Avoids repeated parsing of the referrals as provided by libldap.

Definition at line 474 of file base.h.

+ Collaboration diagram for fr_ldap_referral_s:
Data Fields
fr_dlist_t entry Entry in list of possible referrals.
char * host_uri Host URI used for referral connection.
char const * identity Bind identity for referral connection.
char const * password Bind password for referral connection.
fr_ldap_query_t * query Query this referral relates to.
LDAPURLDesc * referral_url URL for the referral.
request_t * request Request this referral relates to.
fr_ldap_thread_trunk_t * ttrunk Trunk this referral should use.

◆ fr_ldap_result_t

struct fr_ldap_result_t

Contains a collection of values.

Definition at line 358 of file base.h.

Data Fields
int count Number of values.
struct berval ** values libldap struct containing bv_val (char *) and length bv_len.

◆ fr_ldap_sasl_ctx_t

struct fr_ldap_sasl_ctx_t

Holds arguments for the async SASL bind operation.

Definition at line 501 of file base.h.

+ Collaboration diagram for fr_ldap_sasl_ctx_t:
Data Fields
fr_ldap_connection_t * c to bind. Only used when binding as admin user.
LDAPControl ** clientctrls Controls to pass to the client (library).
char const * identity of the user.
char const * mechs SASL mechanisms to run.
int msgid Last msgid. Only used when binding as admin user.
char const * password of the user, may be NULL if no password is specified.
char const * proxy Proxy identity, may be NULL in which case identity is used.
char const * realm SASL realm (may be NULL).
LDAPMessage * result Previous result.
char const * rmech Mech we're continuing with.
LDAPControl ** serverctrls Controls to pass to the server.

◆ fr_ldap_sasl_t

struct fr_ldap_sasl_t

Definition at line 128 of file base.h.

Data Fields
char const * mech SASL mech(s) to try.
char const * proxy Identity to proxy.
char const * realm Kerberos realm.

◆ fr_ldap_thread_t

struct fr_ldap_thread_t

Thread specific structure to manage LDAP trunk connections.

Definition at line 379 of file base.h.

+ Collaboration diagram for fr_ldap_thread_t:
Data Fields
fr_ldap_thread_trunk_t * bind_trunk LDAP trunk used for bind auths.
fr_trunk_conf_t * bind_trunk_conf Trunk config for bind auth trunk.
fr_rb_tree_t * binds Tree of outstanding bind auths.
fr_ldap_config_t * config Module instance config.
fr_event_list_t * el Thread event list for callbacks / timeouts.
fr_trunk_conf_t * trunk_conf Module trunk config.
fr_rb_tree_t * trunks Tree of LDAP trunks used by this thread.

◆ fr_ldap_thread_trunk_s

struct fr_ldap_thread_trunk_s

Thread LDAP trunk structure.

One fr_ldap_thread_trunk_t will be allocated for each destination a thread needs to create an LDAP trunk connection to.

Used to hold config regarding the LDAP connection and associate pending queries with the trunk they are running on.

Definition at line 397 of file base.h.

+ Collaboration diagram for fr_ldap_thread_trunk_s:
Data Fields
char const * bind_dn DN connection is bound as.
fr_ldap_config_t config Config used for this connection.
fr_ldap_directory_t * directory The type of directory we're connected to.
fr_event_timer_t const * ev Event to close the thread when it has been idle.
fr_rb_node_t node Entry in the tree of connections.
fr_ldap_thread_t * t Thread this connection is associated with.
fr_trunk_t * trunk Connection trunk.
char const * uri Server URI for this connection.

◆ fr_libldap_global_config_t

struct fr_libldap_global_config_t

libldap global configuration data

Definition at line 317 of file base.h.

Data Fields
uint32_t ldap_debug LDAP debug level.
char const * tls_random_file Path to the ramdon file if /dev/random and /dev/urandom are unavailable.

◆ ldap_filter_s

struct ldap_filter_s

Structure to hold parsed details of LDAP filters.

Definition at line 557 of file base.h.

+ Collaboration diagram for ldap_filter_s:
Data Fields
union ldap_filter_s __unnamed__
fr_dlist_t entry Entry in the list of filter nodes.
ldap_filter_type_t filter_type Type of this filter node.
char * orig Text representation of filter for debug messages,.

◆ ldap_filter_s.__unnamed44__

union ldap_filter_s.__unnamed44__

Definition at line 561 of file base.h.

Data Fields
__unnamed44__ __unnamed__
__unnamed44__ __unnamed__

◆ ldap_filter_s.__unnamed44__.__unnamed46__

struct ldap_filter_s.__unnamed44__.__unnamed46__

Definition at line 562 of file base.h.

Data Fields
fr_dlist_head_t children List of child nodes in this group.
ldap_filter_logic_t logic_op Logical operator for this group.

◆ ldap_filter_s.__unnamed44__.__unnamed48__

struct ldap_filter_s.__unnamed44__.__unnamed48__

Definition at line 566 of file base.h.

Data Fields
char * attr Attribute for the filter node.
ldap_filter_op_t op Operator to be used for comparison.
fr_value_box_t * value Value to compare with.

Macro Definition Documentation

◆ LDAP_CONST

#define LDAP_CONST

Definition at line 91 of file base.h.

◆ LDAP_DEPRECATED

#define LDAP_DEPRECATED   0 /* Quiet warnings about LDAP_DEPRECATED not being defined */

Definition at line 20 of file base.h.

◆ LDAP_DIRECTORY_ATTRS

#define LDAP_DIRECTORY_ATTRS
Value:
{ "vendorname", \
"vendorversion", \
"isGlobalCatalogReady", \
"objectClass", \
"orcldirectoryversion", \
"supportedControl", \
"namingContexts", \
NULL }

Definition at line 815 of file base.h.

◆ LDAP_MAP_RESERVED

#define LDAP_MAP_RESERVED   5

Number of additional items to allocate in expanded.

attribute name arrays. Currently for enable attribute, group membership attribute, valuepair attribute, profile attribute and profile suspend attribute.

Definition at line 101 of file base.h.

◆ LDAP_MATCHING_RULE_BIT_AND

#define LDAP_MATCHING_RULE_BIT_AND   "1.2.840.113556.1.4.803"

OID of bit-wise AND LDAP match rule.

Definition at line 119 of file base.h.

◆ LDAP_MATCHING_RULE_BIT_OR

#define LDAP_MATCHING_RULE_BIT_OR   "1.2.840.113556.1.4.804"

OID of bit-wise OR LDAP match rule.

Definition at line 120 of file base.h.

◆ LDAP_MAX_ATTR_STR_LEN

#define LDAP_MAX_ATTR_STR_LEN   256

Maximum length of an xlat expanded LDAP attribute.

Definition at line 109 of file base.h.

◆ LDAP_MAX_ATTRMAP

#define LDAP_MAX_ATTRMAP   128

Maximum number of mappings between LDAP and.

FreeRADIUS attributes.

Definition at line 97 of file base.h.

◆ LDAP_MAX_CACHEABLE

#define LDAP_MAX_CACHEABLE   64

Maximum number of groups we retrieve from the server for.

a given user which need resolving from name to DN or DN to name. If more than this require resolving, the module returns invalid.

Definition at line 106 of file base.h.

◆ LDAP_MAX_CONTROLS

#define LDAP_MAX_CONTROLS   10

Maximum number of client/server controls.

Used to allocate static arrays of control pointers.

Definition at line 95 of file base.h.

◆ LDAP_MAX_DN_STR_LEN

#define LDAP_MAX_DN_STR_LEN   1024

Maximum length of an xlat expanded DN.

Definition at line 111 of file base.h.

◆ LDAP_MAX_FILTER_STR_LEN

#define LDAP_MAX_FILTER_STR_LEN   1024

Maximum length of an xlat expanded filter.

Definition at line 110 of file base.h.

◆ LDAP_MAX_GROUP_NAME_LEN

#define LDAP_MAX_GROUP_NAME_LEN   128

Maximum name of a group name.

Definition at line 108 of file base.h.

◆ LDAP_SERVER_NOTIFICATION_OID

#define LDAP_SERVER_NOTIFICATION_OID   "1.2.840.113556.1.4.528"

OID of Active Directory control for.

persistent search.

Definition at line 116 of file base.h.

◆ LDAP_SERVER_SHOW_DELETED_OID

#define LDAP_SERVER_SHOW_DELETED_OID   "1.2.840.113556.1.4.417"

OID of Active Directory control which.

enables searching for deleted objects.

Definition at line 118 of file base.h.

◆ LDAP_VENDOR_VERSION_PATCH

#define LDAP_VENDOR_VERSION_PATCH   0

Definition at line 67 of file base.h.

◆ LDAP_VIRTUAL_DN_ATTR

#define LDAP_VIRTUAL_DN_ATTR   "dn"

'Virtual' attribute which maps to the DN of the object.

Definition at line 113 of file base.h.

◆ X

#define X   0

Definition at line 64 of file base.h.

Typedef Documentation

◆ filter_attr_check_t

typedef int(* filter_attr_check_t) (char const *attr, void *uctx)

Definition at line 962 of file base.h.

◆ fr_ldap_query_t

typedef struct fr_ldap_query_s fr_ldap_query_t

Definition at line 323 of file base.h.

◆ fr_ldap_referral_t

typedef struct fr_ldap_referral_s fr_ldap_referral_t

Parsed LDAP referral structure.

When LDAP servers respond with a referral, it is parsed into one or more fr_ldap_referral_t and kept until the referral has been followed. Avoids repeated parsing of the referrals as provided by libldap.

Definition at line 323 of file base.h.

◆ fr_ldap_result_parser_t

typedef void(* fr_ldap_result_parser_t) (LDAP *handle, fr_ldap_query_t *query, LDAPMessage *head, void *rctx)

Definition at line 412 of file base.h.

◆ fr_ldap_thread_trunk_t

typedef struct fr_ldap_thread_trunk_s fr_ldap_thread_trunk_t

Thread LDAP trunk structure.

One fr_ldap_thread_trunk_t will be allocated for each destination a thread needs to create an LDAP trunk connection to.

Used to hold config regarding the LDAP connection and associate pending queries with the trunk they are running on.

Definition at line 323 of file base.h.

◆ ldap_filter_t

typedef struct ldap_filter_s ldap_filter_t

Definition at line 412 of file base.h.

Enumeration Type Documentation

◆ fr_ldap_bind_type_t

enum fr_ldap_bind_type_t
Enumerator
LDAP_BIND_SIMPLE 

Definition at line 516 of file base.h.

◆ fr_ldap_directory_type_t

enum fr_ldap_directory_type_t
Enumerator
FR_LDAP_DIRECTORY_UNKNOWN 

We can't determine the directory server.

FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY 

Directory server is Active Directory.

FR_LDAP_DIRECTORY_EDIRECTORY 

Directory server is eDir.

FR_LDAP_DIRECTORY_IBM 

Directory server is IBM.

FR_LDAP_DIRECTORY_NETSCAPE 

Directory server is Netscape.

FR_LDAP_DIRECTORY_OPENLDAP 

Directory server is OpenLDAP.

FR_LDAP_DIRECTORY_ORACLE_INTERNET_DIRECTORY 

Directory server is Oracle Internet Directory.

FR_LDAP_DIRECTORY_ORACLE_UNIFIED_DIRECTORY 

Directory server is Oracle Unified Directory.

FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY 

Directory server is Oracle Virtual Directory.

FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY 

Directory server is Sun One Directory.

FR_LDAP_DIRECTORY_SIEMENS_AG 

Directory server is Siemens AG.

FR_LDAP_DIRECTORY_UNBOUND_ID 

Directory server is Unbound ID.

Definition at line 140 of file base.h.

◆ fr_ldap_rcode_t

enum fr_ldap_rcode_t

Codes returned by fr_ldap internal functions.

Enumerator
LDAP_PROC_REFERRAL 

LDAP server returned referral URLs.

LDAP_PROC_CONTINUE 

Operation is in progress.

LDAP_PROC_SUCCESS 

Operation was successful.

LDAP_PROC_ERROR 

Unrecoverable library/server error.

LDAP_PROC_BAD_CONN 

Transitory error, caller should retry the operation with a new connection.

LDAP_PROC_NOT_PERMITTED 

Operation was not permitted, either current user was locked out in the case of binds, or has insufficient access.

LDAP_PROC_REJECT 

Bind failed, user was rejected.

LDAP_PROC_BAD_DN 

Specified an invalid object in a bind or search DN.

LDAP_PROC_NO_RESULT 

Got no results.

LDAP_PROC_TIMEOUT 

Operation timed out.

LDAP_PROC_REFRESH_REQUIRED 

Don't continue with the current refresh phase, exit, and retry the operation with a NULL cookie.

Definition at line 577 of file base.h.

◆ fr_ldap_request_type_t

enum fr_ldap_request_type_t

Types of LDAP requests.

Enumerator
LDAP_REQUEST_SEARCH 

A lookup in an LDAP directory.

LDAP_REQUEST_MODIFY 

A modification to an LDAP entity.

LDAP_REQUEST_EXTENDED 

An extended LDAP operation.

Definition at line 177 of file base.h.

◆ fr_ldap_result_code_t

enum fr_ldap_result_code_t

LDAP query result codes.

Enumerator
LDAP_RESULT_PENDING 

Result not yet returned.

LDAP_RESULT_SUCCESS 

Successfully got LDAP results.

LDAP_RESULT_ERROR 

A general error occurred.

LDAP_RESULT_TIMEOUT 

The query timed out.

LDAP_RESULT_BAD_DN 

The requested DN does not exist.

LDAP_RESULT_NO_RESULT 

No results returned.

LDAP_RESULT_REFERRAL_FAIL 

Initial results indicated a referral was needed but the referral could not be followed.

LDAP_RESULT_EXCESS_REFERRALS 

The referral chain took too many hops.

LDAP_RESULT_MISSING_REFERRAL 

A referral was indicated but no URL was provided.

Definition at line 186 of file base.h.

◆ fr_ldap_state_t

enum fr_ldap_state_t

LDAP connection handle states.

Enumerator
FR_LDAP_STATE_INIT 

Connection uninitialised.

FR_LDAP_STATE_START_TLS 

TLS is being negotiated.

FR_LDAP_STATE_BIND 

Connection is being bound.

FR_LDAP_STATE_RUN 

Connection is muxing/demuxing requests.

FR_LDAP_STATE_ERROR 

Connection is in an error state.

Definition at line 166 of file base.h.

◆ fr_ldap_sync_type_t

enum fr_ldap_sync_type_t
Enumerator
FR_LDAP_SYNC_NONE 

No support for LDAP sync.

FR_LDAP_SYNC_RFC4533 

Directory supports RFC 4533.

FR_LDAP_SYNC_ACTIVE_DIRECTORY 

Directory supports AD style persistent search.

FR_LDAP_SYNC_PERSISTENT_SEARCH 

Directory supports persistent search.

Definition at line 156 of file base.h.

◆ ldap_filter_logic_t

enum ldap_filter_logic_t

Logical operators for use in LDAP filters.

Enumerator
LDAP_FILTER_LOGIC_AND 
LDAP_FILTER_LOGIC_OR 
LDAP_FILTER_LOGIC_NOT 

Definition at line 536 of file base.h.

◆ ldap_filter_op_t

enum ldap_filter_op_t

Operators for use in LDAP filters.

Enumerator
LDAP_FILTER_OP_UNSET 

Attribute not set yet.

LDAP_FILTER_OP_EQ 

Attribute equals value.

LDAP_FILTER_OP_SUBSTR 

Attribute matches string with wildcards.

LDAP_FILTER_OP_PRESENT 

Attribute present.

LDAP_FILTER_OP_GE 

Attribute greater than or equal to value.

LDAP_FILTER_OP_LE 

Attribute less than or equal to value.

LDAP_FILTER_OP_BIT_AND 

Bitwise AND comparison.

LDAP_FILTER_OP_BIT_OR 

Bitwise OR comparison.

Definition at line 544 of file base.h.

◆ ldap_filter_type_t

enum ldap_filter_type_t

Types of parsed LDAP filter nodes.

Enumerator
LDAP_FILTER_NODE 

The filter node is an individual one to be evaluated against an attribute.

LDAP_FILTER_GROUP 

The filter node is a parent of a group which will be combined using a logical operator.

Definition at line 527 of file base.h.

◆ ldap_supported_extension_t

enum ldap_supported_extension_t
Enumerator
LDAP_EXT_UNSUPPORTED 

Unsupported extension.

LDAP_EXT_BINDNAME 

Specifies the user DN or name for an LDAP bind.

LDAP_EXT_BINDPW 

Specifies the password for an LDAP bind.

Definition at line 122 of file base.h.

Function Documentation

◆ fr_ldap_attrs_check()

int fr_ldap_attrs_check ( char const **  attrs,
char const *  attr 
)

Check that a particular attribute is included in an attribute list.

Parameters
[in]attrslist to check
[in]attrto look for
Returns
  • 1 if attr is in list
  • 0 if attr is missing
  • -1 if checks not possible

Definition at line 579 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_berval_strncasecmp()

static int fr_ldap_berval_strncasecmp ( struct berval *  value,
char const *  str,
size_t  strlen 
)
inlinestatic

Compare a berval with a C string of a known length using case insensitive comparison.

Parameters
[in]valueberval.
[in]strString to compare with value.
[in]strlenNumber of characters of str to compare.

Definition at line 672 of file base.h.

+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_bin()

uint8_t* fr_ldap_berval_to_bin ( TALLOC_CTX *  ctx,
struct berval const *  in 
)

Convert a berval to a talloced buffer.

Parameters
ctxto allocate in.
inBerval to copy.
Returns
buffer containing in->bv_val.

Definition at line 409 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_string()

char* fr_ldap_berval_to_string ( TALLOC_CTX *  ctx,
struct berval const *  in 
)

Convert a berval to a talloced string.

The ldap_get_values function is deprecated, and ldap_get_values_len does not guarantee the berval buffers it returns are \0 terminated.

For some cases this is fine, for others we require a \0 terminated buffer (feeding DNs back into libldap for example).

Parameters
ctxto allocate in.
inBerval to copy.
Returns
\0 terminated buffer containing in->bv_val.

Definition at line 390 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_value_shallow()

static void fr_ldap_berval_to_value_shallow ( fr_value_box_t value,
struct berval *  berval 
)
inlinestatic

Inline function to copy pointers from a berval to a valuebox.

Note
This results in a shallow copy of the berval, so if the berval is freed the value box becomes invalidated.
Parameters
[out]valueto write berval values to.
[in]bervalto copy pointers/lengths from.

Definition at line 645 of file base.h.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_value_str_shallow()

static void fr_ldap_berval_to_value_str_shallow ( fr_value_box_t value,
struct berval *  berval 
)
inlinestatic

Inline function to copy pointer from a berval to a string value box.

Useful for printing contents of bervals known to contain strings in DEBUG output since they are not NULL terminated.

Note
This results in a shallow copy of the berval, so if the berval is freed the value box becomes invalidated.
Parameters
[out]valueto write berval value to.
[in]bervaltop copy pointer / length from.

Definition at line 661 of file base.h.

+ Here is the call graph for this function:

◆ fr_ldap_bind_async()

int fr_ldap_bind_async ( fr_ldap_connection_t c,
char const *  bind_dn,
char const *  password,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Install I/O handlers for the bind operation.

Parameters
[in]cconnection to StartTLS on.
[in]bind_dnIdentity to bind with.
[in]passwordPassword to bind with.
[in]serverctrlsExtra controls to pass to the server.
[in]clientctrlsExtra controls to pass to libldap.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 185 of file bind.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_bind_auth_async()

unlang_action_t fr_ldap_bind_auth_async ( request_t request,
fr_ldap_thread_t thread,
char const *  bind_dn,
char const *  password 
)

Initiate an async LDAP bind for authentication.

Parameters
[in]requestthis bind relates to.
[in]threadwhose connection the bind should be performed on.
[in]bind_dnIdentity to bind with.
[in]passwordPassword to bind with.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 319 of file bind.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_bind_auth_cmp()

static int8_t fr_ldap_bind_auth_cmp ( void const *  one,
void const *  two 
)
inlinestatic

Compare two ldap bind auth structures on msgid.

Parameters
[in]onefirst bind request to compare.
[in]twosecond bind request to compare.
Returns
CMP(one,two)

Definition at line 719 of file base.h.

+ Here is the caller graph for this function:

◆ fr_ldap_box_escape()

int fr_ldap_box_escape ( fr_value_box_t vb,
UNUSED void *  uctx 
)

Definition at line 110 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_common_dn()

size_t fr_ldap_common_dn ( char const *  full,
char const *  part 
)

Find the place at which the two DN strings diverge.

Returns the length of the non matching string in full.

Parameters
fullDN.
partPartial DN as returned by ldap_parse_result.
Returns
  • Length of the portion of full which wasn't matched
  • -1 on failure.

Definition at line 488 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_conn_directory_alloc_async()

int fr_ldap_conn_directory_alloc_async ( fr_ldap_connection_t ldap_conn)

Async extract useful information from the rootDSE of the LDAP server.

This version is for a single connection rather than a connection trunk

Parameters
[in]ldap_connconnection to be queried
Returns
  • message ID on success < 0 on failure

Definition at line 283 of file directory.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_connection_alloc()

fr_ldap_connection_t* fr_ldap_connection_alloc ( TALLOC_CTX *  ctx)

Allocate our ldap connection handle layer.

This is using handles outside of the connection state machine.

Parameters
[in]ctxto allocate connection handle in.
Returns
  • A new unbound/unconfigured connection handle on success. Call f::r_ldap_connection_configure next.
  • NULL on OOM.

Definition at line 253 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_connection_configure()

int fr_ldap_connection_configure ( fr_ldap_connection_t c,
fr_ldap_config_t const *  config 
)

Allocate and configure a new connection.

Configures both our ldap handle, and libldap's handle.

This can be used by async code and async code as no attempt is made to connect to the LDAP server. An attempt will only be made if ldap_start_tls* or ldap_bind* functions are called.

If called on an fr_ldap_connection_t which has already been initialised, will clear any memory allocated to the connection, unbind the ldap handle, and reinitialise everything.

Parameters
[in]cto configure.
[in]configto apply.
Returns
  • 0 on success.
  • -1 on error.

Definition at line 67 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_connection_state_alloc()

fr_connection_t* fr_ldap_connection_state_alloc ( TALLOC_CTX *  ctx,
fr_event_list_t el,
fr_ldap_config_t const *  config,
char const *  log_prefix 
)

Alloc a self re-establishing connection to an LDAP server.

Parameters
[in]ctxto allocate any memory in, and to bind the lifetime of the connection to.
[in]elto insert I/O and timer callbacks into.
[in]configto use to bind the connection to an LDAP server.
[in]log_prefixto prepend to connection state messages.

Definition at line 380 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_connection_timeout_reset()

int fr_ldap_connection_timeout_reset ( fr_ldap_connection_t const *  conn)

Definition at line 425 of file connection.c.

+ Here is the caller graph for this function:

◆ fr_ldap_connection_timeout_set()

int fr_ldap_connection_timeout_set ( fr_ldap_connection_t const *  conn,
fr_time_delta_t  timeout 
)

Definition at line 403 of file connection.c.

+ Here is the caller graph for this function:

◆ fr_ldap_control_add_client()

int fr_ldap_control_add_client ( fr_ldap_connection_t conn,
LDAPControl *  ctrl,
bool  freeit 
)

Add a clientctrl to a connection handle.

All internal LDAP functions will pass this clientctrl to libldap.

Parameters
connto add control to.
ctrlto add.
freeitWhether the control should be freed when the handle is released or closed.
Returns
  • 0 on success.
  • -1 on failure (exceeded maximum controls).

Definition at line 117 of file control.c.

◆ fr_ldap_control_add_server()

int fr_ldap_control_add_server ( fr_ldap_connection_t conn,
LDAPControl *  ctrl,
bool  freeit 
)

Add a serverctrl to a connection handle.

All internal LDAP functions will pass this serverctrl to the server.

Parameters
connto add control to.
ctrlto add.
freeitWhether the control should be freed when the handle is released or closed.
Returns
  • 0 on success.
  • -1 on failure (exceeded maximum controls).

Definition at line 93 of file control.c.

◆ fr_ldap_control_add_session_tracking()

int fr_ldap_control_add_session_tracking ( fr_ldap_connection_t conn,
request_t request 
)

◆ fr_ldap_control_clear()

void fr_ldap_control_clear ( fr_ldap_connection_t conn)

Clear and free any controls associated with a connection.

Parameters
connto clear controls from.

Definition at line 134 of file control.c.

+ Here is the caller graph for this function:

◆ fr_ldap_control_merge()

void fr_ldap_control_merge ( LDAPControl *  serverctrls_out[],
LDAPControl *  clientctrls_out[],
size_t  serverctrls_len,
size_t  clientctrls_len,
fr_ldap_connection_t conn,
LDAPControl *  serverctrls_in[],
LDAPControl *  clientctrls_in[] 
)

Merge connection and call specific client and server controls.

LDAP_OPT_CLIENT_CONTROLS and LDAP_OPT_SERVER_CONTROLS are useless because they're overridden in their entirety if any call specific controls are specified.

Parameters
[out]serverctrls_outWhere to write serverctrls.
[out]clientctrls_outWhere to write clientctrls.
[in]serverctrls_lenlength of serverctrls array.
[in]clientctrls_lenlength of clientctrls array.
[in]connto get controls from.
[in]serverctrls_infrom arguments.
[in]clientctrls_infrom_arguments.

Definition at line 48 of file control.c.

+ Here is the caller graph for this function:

◆ fr_ldap_directory_result_parse()

int fr_ldap_directory_result_parse ( fr_ldap_directory_t directory,
LDAP *  handle,
LDAPMessage *  result,
char const *  name 
)

Definition at line 51 of file directory.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_edir_errstr()

char const* fr_ldap_edir_errstr ( int  code)

Definition at line 326 of file edir.c.

+ Here is the caller graph for this function:

◆ fr_ldap_edir_get_password()

unlang_action_t fr_ldap_edir_get_password ( request_t request,
char const *  dn,
fr_ldap_thread_trunk_t ttrunk,
fr_dict_attr_t const *  password_da 
)

Initiate retrieval of the universal password from Novell eDirectory.

Parameters
[in]requestCurrent request.
[in]dnof the user whose password is to be retrieved.
[in]ttrunkon which to send the LDAP request.
[in]password_daDA to use when creating password attribute.
Returns
  • UNLANG_ACTION_PUSHED_CHILD on success.
  • UNLANG_ACTION_FAIL on failure.

Definition at line 295 of file edir.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_error_check()

fr_ldap_rcode_t fr_ldap_error_check ( LDAPControl ***  ctrls,
fr_ldap_connection_t const *  conn,
LDAPMessage *  msg,
char const *  dn 
)

Perform basic parsing of multiple types of messages, checking for error conditions.

Note
Error messages should be retrieved with fr_strerror() and fr_strerror_pop()
Parameters
[out]ctrlsServer ctrls returned to the client. May be NULL if not required. Must be freed with ldap_free_ctrls.
[in]connthe message was received on.
[in]msgwe're parsing.
[in]dnif processing the result from a search request.
Returns
One of the LDAP_PROC_* (fr_ldap_rcode_t) values.

Definition at line 232 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_error_str()

char const* fr_ldap_error_str ( fr_ldap_connection_t const *  conn)

Return the error string associated with a handle.

Parameters
connto retrieve error from.
Returns
error string.

Definition at line 210 of file base.c.

◆ fr_ldap_extended_alloc()

fr_ldap_query_t* fr_ldap_extended_alloc ( TALLOC_CTX *  ctx,
char const *  reqoid,
struct berval *  reqdata,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Allocate a new LDAP extended operations object.

Parameters
[in]ctxto allocate the query in.
[in]reqoidOID of extended operation to perform.
[in]reqdataRequest data to send.
[in]serverctrlsControls to pass to the server. May be NULL.
[in]clientctrlsClient controls. May be NULL.
Returns
LDAP query object

Definition at line 1021 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_extended_async()

fr_ldap_rcode_t fr_ldap_extended_async ( int *  msgid,
request_t request,
fr_ldap_connection_t pconn,
char const *  reqoid,
struct berval *  reqdata 
)

Initiate an LDAP extended operation.

Called by the trunk mux function

Parameters
[out]msgidLDAP message ID.
[in]requestCurrent request.
[in]pconnto use.
[in]reqoidOID of extended operation to perform.
[in]reqdataData required for the request.
Returns
One of the LDAP_PROC_* (fr_ldap_rcode_t) values.

Definition at line 870 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_filter_eval()

bool fr_ldap_filter_eval ( fr_dlist_head_t root,
fr_ldap_connection_t conn,
LDAPMessage *  msg 
)

Evaluate an LDAP filter.

Parameters
[in]rootof the LDAP filter to evaluate.
[in]connLDAP connection the message being filtered was returned on.
[in]msgto filter.
Returns
true or false result of the node evaluation.

Definition at line 583 of file filter.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_filter_parse()

fr_slen_t fr_ldap_filter_parse ( TALLOC_CTX *  ctx,
fr_dlist_head_t **  root,
fr_sbuff_t filter,
filter_attr_check_t  attr_check,
void *  uctx 
)

Parse an LDAP filter into its component nodes.

Parameters
[in]ctxto allocate nodes in.
[in,out]rootwhere to allocate the root of the parsed filter.
[in]filterto parse.
[in]attr_checkcallback to check if required attributes are in the query.
[in]uctxpassed to attribute check callback.
Returns
  • number of bytes parsed on success < 0 on failure

Definition at line 343 of file filter.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_filter_to_tmpl()

int fr_ldap_filter_to_tmpl ( TALLOC_CTX *  ctx,
tmpl_rules_t const *  t_rules,
char const **  sub,
size_t  sublen,
tmpl_t **  out 
)

Combine filters and tokenize to a tmpl.

Parameters
ctxTo allocate combined filter in
t_rulesRules for parsing combined filter.
subArray of subfilters (may contain NULLs).
sublenNumber of potential subfilters in array.
outWhere to write a pointer to the resulting tmpl.
Returns
length of combined data.

Definition at line 517 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_free()

void fr_ldap_free ( void  )

◆ fr_ldap_global_config()

int fr_ldap_global_config ( int  debug_level,
char const *  tls_random_file 
)

Change settings global to libldap.

May only be called once. Subsequent calls will be ignored.

Parameters
[in]debug_levelto enable in libldap.
[in]tls_random_fileWhere OpenSSL gets its randomness.

Definition at line 1071 of file base.c.

+ Here is the caller graph for this function:

◆ fr_ldap_handle_thread_local()

LDAP* fr_ldap_handle_thread_local ( void  )

Get a thread local dummy LDAP handle.

Many functions in the OpenLDAP API don't actually use the handle for anything other than writing out error codes.

This is true for most of the LDAP extensions API functions.

This gives us a reusable handle that was can pass to those functions when we don't already have one available.

Definition at line 1051 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_init()

int fr_ldap_init ( void  )

Initialise libldap and check library versions.

Returns
  • 0 on success.
  • -1 on failure.

Definition at line 1110 of file base.c.

+ Here is the caller graph for this function:

◆ fr_ldap_map_do()

int fr_ldap_map_do ( request_t request,
char const *  valuepair_attr,
fr_ldap_map_exp_t const *  expanded,
LDAPMessage *  entry 
)

Convert attribute map into valuepairs.

Use the attribute map built earlier to convert LDAP values into valuepairs and insert them into whichever list they need to go into.

This is NOT atomic, but there's no condition for which we should error out...

Parameters
[in]requestCurrent request.
[in]valuepair_attrTreat attribute with this name as holding complete AVP definitions.
[in]expandedattributes (rhs of map).
[in]entryto retrieve attributes from.
Returns
  • Number of maps successfully applied.
  • -1 on failure.

Definition at line 323 of file map.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_map_expand()

int fr_ldap_map_expand ( TALLOC_CTX *  ctx,
fr_ldap_map_exp_t expanded,
request_t request,
map_list_t const *  maps,
char const *  generic_attr 
)

Expand values in an attribute map where needed.

Parameters
[in]ctxo allocate any dynamic expansions in.
[out]expandedarray of attributes. Need not be initialised (we'll initialise).
[in]requestThe current request.
[in]mapsto expand.
[in]generic_attrname to append to the attribute list.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 271 of file map.c.

+ Here is the caller graph for this function:

◆ fr_ldap_map_getvalue()

int fr_ldap_map_getvalue ( TALLOC_CTX *  ctx,
fr_pair_list_t out,
request_t request,
map_t const *  map,
void *  uctx 
)

Callback for map_to_request.

Performs exactly the same job as map_to_vp, but pulls attribute values from LDAP entries

See also
map_to_vp

Definition at line 39 of file map.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_map_verify()

int fr_ldap_map_verify ( map_t map,
void *  instance 
)
+ Here is the caller graph for this function:

◆ fr_ldap_modify_alloc()

fr_ldap_query_t* fr_ldap_modify_alloc ( TALLOC_CTX *  ctx,
char const *  dn,
LDAPMod *  mods[],
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Allocate a new LDAP modify object.

Parameters
[in]ctxto allocate the query in.
[in]dnof the object to modify.
[in]modsto apply to the object.
[in]serverctrlsControls to pass to the server. May be NULL.
[in]clientctrlsClient controls. May be NULL.
Returns
LDAP query object

Definition at line 998 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_modify_async()

fr_ldap_rcode_t fr_ldap_modify_async ( int *  msgid,
request_t request,
fr_ldap_connection_t pconn,
char const *  dn,
LDAPMod *  mods[],
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Modify something in the LDAP directory.

Used on connections bound as the administrative user to attempt to modify an LDAP object. Called by the trunk mux function

Parameters
[out]msgidLDAP message ID.
[in]requestCurrent request.
[in]pconnto use.
[in]dnof the object to modify.
[in]modsto make, see 'man ldap_modify' for more information.
[in]serverctrlsSearch controls to pass to the server. May be NULL.
[in]clientctrlsSearch controls for ldap_modify. May be NULL.
Returns
One of the LDAP_PROC_* (fr_ldap_rcode_t) values.

Definition at line 786 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_parse_url_extensions()

int fr_ldap_parse_url_extensions ( LDAPControl **  sss,
size_t  sss_len,
char *  extensions[] 
)

Parse a subset (just server side sort for now) of LDAP URL extensions.

Parameters
[out]sssArray of LDAPControl * pointers to add controls to.
[in]sss_lenHow many elements remain in the sss array.
[in]extensionsA NULL terminated array of extensions.
Returns
  • >0 the number of controls added.
  • 0 if no controls added.
  • -1 on failure.

Definition at line 309 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_query_cmp()

static int8_t fr_ldap_query_cmp ( void const *  one,
void const *  two 
)
inlinestatic

Compare two ldap query structures on msgid.

Parameters
[in]onefirst query to compare.
[in]twosecond query to compare.
Returns
CMP(one,two)

Definition at line 706 of file base.h.

+ Here is the caller graph for this function:

◆ fr_ldap_referral_alloc()

fr_ldap_referral_t* fr_ldap_referral_alloc ( TALLOC_CTX *  ctx,
request_t request 
)

Allocate a new structure to handle an LDAP referral, setting the destructor.

Parameters
[in]ctxto allocate the referral in
[in]requestthe LDAP query relates to.
Returns
  • a new referral structure on success
  • NULL on failure

Definition at line 49 of file referral.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_referral_follow()

int fr_ldap_referral_follow ( fr_ldap_thread_t t,
request_t request,
fr_ldap_query_t query 
)

Follow an LDAP referral.

The returned list of LDAP referrals should already be in query->referrals. We check all the possible referrals and look for one where there already is an active trunk connection.

Parameters
tThread running the query.
requestrelated to the query.
querywhose result was one or more referral URLs.
Returns
  • 0 on success.
  • < 0 on failure.

Definition at line 112 of file referral.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_referral_next()

int fr_ldap_referral_next ( fr_ldap_thread_t t,
request_t request,
fr_ldap_query_t query 
)

Follow an alternative LDAP referral.

If an initial chase of an LDAP referral results in an error being returned this function can be used to attempt one of the other referral URLs given in the initial query results.

The initial use of fr_ldap_referral_follow may have launched trunks for any referral URLs which parsed successfully, so this starts by looking for the first which has an active state and sends the query that way.

If no active trunks match the remaining servers listed in referrals then new trunks are launched with watchers to send the query on the first active trunk.

Parameters
tThread running the query.
requestthe query relates to.
querywhose referrals are being chased.
Returns
  • 0 on success.
  • < 0 on failure.

Definition at line 309 of file referral.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_result()

fr_ldap_rcode_t fr_ldap_result ( LDAPMessage **  result,
LDAPControl ***  ctrls,
fr_ldap_connection_t const *  conn,
int  msgid,
int  all,
char const *  dn,
fr_time_delta_t  timeout 
)

Parse response from LDAP server dealing with any errors.

Should be called after an LDAP operation. Will check result of operation and if it was successful, then attempt to retrieve and parse the result. Will also produce extended error output including any messages the server sent, and information about partial DN matches.

Note
Error messages should be retrieved with fr_strerror() and fr_strerror_pop()
Parameters
[out]resultWhere to write result, if NULL result will be freed. If not NULL caller must free with ldap_msgfree().
[out]ctrlsServer ctrls returned to the client. May be NULL if not required. Must be freed with ldap_free_ctrls.
[in]connCurrent connection.
[in]msgidreturned from last operation. Special values are:
  • LDAP_RES_ANY - Retrieve any received messages useful for multiplexing.
    • LDAP_RES_UNSOLICITED - Any unsolicited message.
[in]allHow many messages to retrieve:
  • LDAP_MSG_ONE - Retrieve the first message matching msgid (waiting if one is not available).
  • LDAP_MSG_ALL - Retrieve all received messages matching msgid (waiting if none are available).
  • LDAP_MSG_RECEIVED - Retrieve all received messages.
[in]dnLast search or bind DN. May be NULL.
[in]timeoutOverride the default result timeout.
Returns
One of the LDAP_PROC_* (fr_ldap_rcode_t) values.

Definition at line 449 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_search_alloc()

fr_ldap_query_t* fr_ldap_search_alloc ( TALLOC_CTX *  ctx,
char const *  base_dn,
int  scope,
char const *  filter,
char const *const *  attrs,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Allocate a new search object.

Parameters
[in]ctxto allocate query in.
[in]base_dnfor the search.
[in]scopeof the search.
[in]filterfor the search
[in]attrsto request.
[in]serverctrlsSearch controls to pass to the server. May be NULL.
[in]clientctrlsClient controls. May be NULL.

Definition at line 972 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_search_async()

fr_ldap_rcode_t fr_ldap_search_async ( int *  msgid,
request_t request,
fr_ldap_connection_t pconn,
char const *  dn,
int  scope,
char const *  filter,
char const *const *  attrs,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Search for something in the LDAP directory.

Performs an LDAP search, typically on a connection bound as the administrative user, dealing with any errors. Called from the trunk mux function and elsewhere where appropriate event handlers have been set on the connection fd.

Parameters
[out]msgidto match response to request.
[in]requestCurrent request.
[in]pconnto use.
[in]dnto use as base for the search.
[in]scopeto use (LDAP_SCOPE_BASE, LDAP_SCOPE_ONE, LDAP_SCOPE_SUB).
[in]filterto use, should be pre-escaped.
[in]attrsto retrieve.
[in]serverctrlsSearch controls to pass to the server. May be NULL.
[in]clientctrlsSearch controls for ldap_search. May be NULL.
Returns
One of the LDAP_PROC_* (fr_ldap_rcode_t) values.

Definition at line 528 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_server_config_check()

int fr_ldap_server_config_check ( fr_ldap_config_t handle_config,
char const *  server,
CONF_SECTION cs 
)

Check an LDAP server config in server:port format is valid.

Parameters
[in,out]handle_configLDAP handle config being built
[in]serverstring to parse
[in]csin which the server is defined
Returns
  • 0 for valid server definition
  • -1 for invalid server definition

Definition at line 699 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_server_url_check()

int fr_ldap_server_url_check ( fr_ldap_config_t handle_config,
char const *  server,
CONF_SECTION const *  cs 
)

Check an LDAP server entry in URL format is valid.

Parameters
[in,out]handle_configLDAP handle config being built
[in]serverstring to parse
[in]csin which the server is defined
Returns
  • 0 for valid server definition
  • -1 for invalid server definition

Definition at line 605 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_start_tls_async()

int fr_ldap_start_tls_async ( fr_ldap_connection_t c,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Install I/O handlers for Start TLS negotiation.

Parameters
[in]cconnection to StartTLS on.
[in]serverctrlsExtra controls to pass to the server.
[in]clientctrlsExtra controls to pass to libldap.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 222 of file start_tls.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_state_error()

void fr_ldap_state_error ( fr_ldap_connection_t c)

Signal that there's been an error on the connection.

Definition at line 134 of file state.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_state_next()

fr_ldap_state_t fr_ldap_state_next ( fr_ldap_connection_t c)

Move between LDAP connection states.

Bringing up an LDAP connection is quite complex, as we need to do multiple operations before we can install the main mux/demux functions which do the work of sending requests to the directory and processing the responses.

This function moves the connection through different states, setting different I/O handlers.

If any of the states

Definition at line 49 of file state.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_timeout_debug()

void fr_ldap_timeout_debug ( request_t request,
fr_ldap_connection_t const *  conn,
fr_time_delta_t  timeout,
char const *  prefix 
)

Prints information to the debug log on the current timeout settings.

There are so many different timers in LDAP it's often hard to debug issues with them, hence the need for this function.

Definition at line 152 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_trunk_cmp()

static int8_t fr_ldap_trunk_cmp ( void const *  one,
void const *  two 
)
inlinestatic

Compare two ldap trunk structures on connection URI / DN.

Parameters
[in]onefirst connection to compare.
[in]twosecond connection to compare.
Returns
CMP(one, two)

Definition at line 690 of file base.h.

+ Here is the caller graph for this function:

◆ fr_ldap_trunk_directory_alloc_async()

int fr_ldap_trunk_directory_alloc_async ( TALLOC_CTX *  ctx,
fr_ldap_thread_trunk_t ttrunk 
)

Async extract useful information from the rootDSE of the LDAP server.

This is called once for each new thread trunk when it first connects.

Parameters
[in]ctxto allocate fr_ldap_directory_t in.
[in]ttrunkThread trunk connection to be queried
Returns
  • 0 on success < 0 on failure

Definition at line 253 of file directory.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_trunk_extended()

unlang_action_t fr_ldap_trunk_extended ( TALLOC_CTX *  ctx,
fr_ldap_query_t **  out,
request_t request,
fr_ldap_thread_trunk_t ttrunk,
char const *  reqoid,
struct berval *  reqdata,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Run an async LDAP "extended operation" query on a trunk connection.

Parameters
[in]ctxto allocate the query in.
[out]outthat has been allocated.
[in]requestthis query relates to.
[in]ttrunkto submit the query to.
[in]reqoidOID of extended operation.
[in]reqdataRequest data to send.
[in]serverctrlsspecific to this query.
[in]clientctrlsspecific to this query.
Returns
  • UNLANG_ACTION_FAIL on error.
  • UNLANG_ACTION_PUSHED_CHILD on success.

Definition at line 827 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_trunk_modify()

unlang_action_t fr_ldap_trunk_modify ( TALLOC_CTX *  ctx,
fr_ldap_query_t **  out,
request_t request,
fr_ldap_thread_trunk_t ttrunk,
char const *  dn,
LDAPMod *  mods[],
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Run an async modification LDAP query on a trunk connection.

Parameters
[in]ctxto allocate the query in.
[out]outthat has been allocated.
[in]requestthis query relates to.
[in]ttrunkto submit the query to.
[in]dnof the object being modified.
[in]modsto be performed.
[in]serverctrlsspecific to this query.
[in]clientctrlsspecific to this query.
Returns
  • UNLANG_ACTION_FAIL on error.
  • UNLANG_ACTION_PUSHED_CHILD on success.

Definition at line 740 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_trunk_search()

unlang_action_t fr_ldap_trunk_search ( TALLOC_CTX *  ctx,
fr_ldap_query_t **  out,
request_t request,
fr_ldap_thread_trunk_t ttrunk,
char const *  base_dn,
int  scope,
char const *  filter,
char const *const *  attrs,
LDAPControl **  serverctrls,
LDAPControl **  clientctrls 
)

Run an async search LDAP query on a trunk connection.

Parameters
[in]ctxto allocate the query in.
[out]outthat has been allocated.
[in]requestthis query relates to.
[in]ttrunkto submit the query to.
[in]base_dnfor the search.
[in]scopeof the search.
[in]filterfor the search.
[in]attrsto be returned.
[in]serverctrlsspecific to this query.
[in]clientctrlsspecific to this query.
Returns
  • UNLANG_ACTION_FAIL on error.
  • UNLANG_ACTION_PUSHED_CHILD on success.

Definition at line 694 of file base.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_uri_escape_func()

size_t fr_ldap_uri_escape_func ( UNUSED request_t request,
char *  out,
size_t  outlen,
char const *  in,
UNUSED void *  arg 
)

Converts "bad" strings into ones which are safe for LDAP.

Note
RFC 4515 says filter strings can only use the
\<hex><hex>
format, whereas RFC 4514 indicates that some chars in DNs, may be escaped simply with a backslash. For simplicity, we always use the hex escape sequences. In other areas where we're doing DN comparison, the DNs need to be normalised first so that they both use only hex escape sequences.
This is a callback for xlat operations.

Will escape any characters in input strings that would cause the string to be interpreted as part of a DN and or filter. Escape sequence is

\<hex><hex>

.

Parameters
requestThe current request.
outPointer to output buffer.
outlenSize of the output buffer.
inRaw unescaped string.
argAny additional arguments (unused).

Definition at line 70 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_uri_unescape_func()

size_t fr_ldap_uri_unescape_func ( UNUSED request_t request,
char *  out,
size_t  outlen,
char const *  in,
UNUSED void *  arg 
)

Converts escaped DNs and filter strings into normal.

Note
RFC 4515 says filter strings can only use the
\<hex><hex>
format, whereas RFC 4514 indicates that some chars in DNs, may be escaped simply with a backslash..

Will unescape any special characters in strings, or

\<hex><hex>

sequences.

Parameters
requestThe current request.
outPointer to output buffer.
outlenSize of the output buffer.
inEscaped string string.
argAny additional arguments (unused).

Definition at line 164 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_url_err_to_str()

char const* fr_ldap_url_err_to_str ( int  ldap_url_err)

Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror()

Parameters
[in]ldap_url_errThe error code returned

Definition at line 740 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_util_is_dn()

bool fr_ldap_util_is_dn ( char const *  in,
size_t  inlen 
)

Check whether a string looks like a DN.

Parameters
[in]inStr to check.
[in]inlenLength of string to check.
Returns
  • true if string looks like a DN.
  • false if string does not look like DN.

Definition at line 211 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_util_normalise_dn()

size_t fr_ldap_util_normalise_dn ( char *  out,
char const *  in 
)

Normalise escape sequences in a DN.

Characters in a DN can either be escaped as 

\<hex><hex>

or

\<special>

The LDAP directory chooses how characters are escaped, which can make local comparisons of DNs difficult.

Here we search for hex sequences that match special chars, and convert them to the

\<special>

form.

Note
the resulting output string will only ever be shorter than the input, so it's fine to use the same buffer for both out and in.
Parameters
outWhere to write the normalised DN.
inThe input DN.
Returns
The number of bytes written to out.

Definition at line 439 of file util.c.

+ Here is the caller graph for this function:

◆ fr_thread_ldap_bind_trunk_get()

fr_ldap_thread_trunk_t* fr_thread_ldap_bind_trunk_get ( fr_ldap_thread_t thread)

Find the thread specific trunk to use for LDAP bind auths.

If there is no current trunk then a new one is created.

Parameters
[in]threadto which the connection belongs
Returns
  • an existing or new trunk.
  • NULL on failure

Definition at line 1367 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_thread_ldap_trunk_get()

fr_ldap_thread_trunk_t* fr_thread_ldap_trunk_get ( fr_ldap_thread_t thread,
char const *  uri,
char const *  bind_dn,
char const *  bind_password,
request_t request,
fr_ldap_config_t const *  config 
)

Find a thread specific LDAP connection for a specific URI / bind DN.

If no existing connection exists for that combination then create a new one

Parameters
[in]threadto which the connection belongs
[in]uriof the host to find / create a connection to
[in]bind_dnto make the connection as
[in]bind_passwordfor making connection
[in]requestcurrently being processed (only for debug messages)
[in]configLDAP config of the module requesting the connection.
Returns
  • an existing or new connection matching the URI and bind DN
  • NULL on failure

Definition at line 993 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_thread_ldap_trunk_state()

fr_trunk_state_t fr_thread_ldap_trunk_state ( fr_ldap_thread_t thread,
char const *  uri,
char const *  bind_dn 
)

Lookup the state of a thread specific LDAP connection trunk for a specific URI / bind DN.

Parameters
[in]threadto which the connection belongs
[in]uriof the host to find / create a connection to
[in]bind_dnto make the connection as
Returns
  • State of a trunk matching the URI and bind DN
  • FR_TRUNK_STATE_MAX if no matching trunk

Definition at line 1071 of file connection.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ fr_ldap_connection_states

fr_table_num_sorted_t const fr_ldap_connection_states[]
extern

Definition at line 51 of file base.c.

◆ fr_ldap_connection_states_len

size_t fr_ldap_connection_states_len
extern

Definition at line 58 of file base.c.

◆ fr_ldap_dereference

fr_table_num_sorted_t const fr_ldap_dereference[]
extern

Definition at line 86 of file base.c.

◆ fr_ldap_dereference_len

size_t fr_ldap_dereference_len
extern

Definition at line 92 of file base.c.

◆ fr_ldap_scope

fr_table_num_sorted_t const fr_ldap_scope[]
extern

Definition at line 69 of file base.c.

◆ fr_ldap_scope_len

size_t fr_ldap_scope_len
extern

Definition at line 75 of file base.c.

◆ fr_ldap_supported_extensions

fr_table_num_sorted_t const fr_ldap_supported_extensions[]
extern

Definition at line 60 of file base.c.

◆ fr_ldap_supported_extensions_len

size_t fr_ldap_supported_extensions_len
extern

Definition at line 64 of file base.c.

◆ fr_ldap_tls_require_cert

fr_table_num_sorted_t const fr_ldap_tls_require_cert[]
extern

Definition at line 77 of file base.c.

◆ fr_ldap_tls_require_cert_len

size_t fr_ldap_tls_require_cert_len
extern

Definition at line 84 of file base.c.

◆ fr_libldap_global_config

global_lib_autoinst_t fr_libldap_global_config
extern

Definition at line 134 of file base.c.

◆ ldap_global_handle

LDAP* ldap_global_handle
extern

Hack for OpenLDAP libldap global initialisation.

Definition at line 39 of file base.c.

Generated by   doxygen 1.9.1