The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
Data Structures | Macros | Enumerations | Functions | Variables
rlm_ldap.c File Reference

LDAP authorization and authentication module. More...

#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/table.h>
#include <freeradius-devel/util/uri.h>
#include <freeradius-devel/util/value.h>
#include <freeradius-devel/ldap/conf.h>
#include <freeradius-devel/ldap/base.h>
#include <freeradius-devel/server/map_proc.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/rcode.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/unlang/action.h>
#include <ldap.h>
#include "rlm_ldap.h"
+ Include dependency graph for rlm_ldap.c:

Go to the source code of this file.

Data Structures

struct  ldap_auth_call_env_t
 
struct  ldap_auth_ctx_t
 Holds state of in progress async authentication. More...
 
struct  ldap_map_ctx_t
 Holds state of in progress LDAP map. More...
 
struct  ldap_mod_tmpl_t
 
struct  ldap_update_rules_t
 Parameters to allow ldap_update_section_parse to be reused. More...
 
struct  ldap_user_modify_ctx_t
 Holds state of in progress ldap user modifications. More...
 
struct  ldap_usermod_call_env_t
 
struct  ldap_xlat_profile_call_env_t
 Call environment used in the profile xlat. More...
 
struct  ldap_xlat_profile_ctx_t
 
struct  rlm_ldap_boot_t
 

Macros

#define CHECK_EXPANDED_SPACE(_expanded)   fr_assert((size_t)_expanded->count < (NUM_ELEMENTS(_expanded->attrs) - 1));
 
#define LDAP_URI_SAFE_FOR   (fr_value_box_safe_for_t)fr_ldap_uri_escape_func
 This is the common function that actually ends up doing all the URI escaping.
 
#define REPEAT_LDAP_MEMBEROF_XLAT_RESULTS
 
#define REPEAT_MOD_AUTHORIZE_RESUME
 
#define USER_CALL_ENV_COMMON(_struct)
 
#define USERMOD_ENV(_section)
 

Enumerations

enum  ldap_schemes_t {
  LDAP_SCHEME_UNIX = 0 ,
  LDAP_SCHEME_TCP ,
  LDAP_SCHEME_TCP_SSL
}
 

Functions

static int autz_ctx_free (ldap_autz_ctx_t *autz_ctx)
 Ensure authorization context is properly cleared up.
 
static char * host_uri_canonify (request_t *request, LDAPURLDesc *url_parsed, fr_value_box_t *url_in)
 Produce canonical LDAP host URI for finding trunks.
 
static int ldap_group_filter_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
 
static int ldap_group_filter_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, UNUSED CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
 
static xlat_action_t ldap_group_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Check for a user being in a LDAP group.
 
static void ldap_group_xlat_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx)
 Cancel an in-progress query for the LDAP group membership xlat.
 
static unlang_action_t ldap_group_xlat_results (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Run the state machine for the LDAP membership xlat.
 
static xlat_action_t ldap_group_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, UNUSED fr_value_box_list_t *in)
 Process the results of evaluating LDAP group membership.
 
static unlang_action_t ldap_group_xlat_user_find (UNUSED rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 User object lookup as part of group membership xlat.
 
static int ldap_map_verify (CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst, tmpl_t const *src, UNUSED map_list_t const *maps)
 
static int ldap_mod_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
 
static int ldap_mod_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
 
static xlat_action_t ldap_profile_xlat (UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Expand an LDAP URL into a query, applying the results using the user update map.
 
static xlat_action_t ldap_profile_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, UNUSED fr_value_box_list_t *in)
 Return whether evaluating the profile was successful.
 
static void ldap_query_timeout (UNUSED fr_event_list_t *el, UNUSED fr_time_t now, void *uctx)
 Callback when LDAP query times out.
 
static int ldap_update_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
 
static int ldap_update_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED call_env_ctx_t const *cec, call_env_parser_t const *rule)
 
static xlat_action_t ldap_uri_escape_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Escape LDAP string.
 
static int ldap_uri_part_escape (fr_value_box_t *vb, UNUSED void *uctx)
 Escape function for a part of an LDAP URI.
 
static xlat_action_t ldap_uri_unescape_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Unescape LDAP string.
 
static xlat_action_t ldap_xlat (UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Expand an LDAP URL into a query, and return a string result from that query.
 
static int ldap_xlat_profile_ctx_free (ldap_xlat_profile_ctx_t *to_free)
 
static xlat_action_t ldap_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
 Callback when resuming after async ldap query is completed.
 
static void ldap_xlat_signal (xlat_ctx_t const *xctx, request_t *request, UNUSED fr_signal_t action)
 Callback for signalling async ldap query.
 
static int ldap_xlat_uri_parse (LDAPURLDesc **uri_parsed, char **host_out, bool *free_host_out, request_t *request, char *host_default, fr_value_box_t *uri_in)
 Utility function for parsing LDAP URLs.
 
static int map_ctx_free (ldap_map_ctx_t *map_ctx)
 Ensure map context is properly cleared up.
 
static unlang_action_t mod_authenticate (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 
static unlang_action_t mod_authenticate_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Initiate async LDAP bind to authenticate user.
 
static unlang_action_t mod_authenticate_start (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Perform async lookup of user DN if required for authentication.
 
static unlang_action_t mod_authorize (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 
static void mod_authorize_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx)
 Clear up when cancelling a mod_authorize call.
 
static unlang_action_t mod_authorize_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Resume function called after each potential yield in LDAP authorization.
 
static unlang_action_t mod_authorize_start (UNUSED rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Start LDAP authorization with async lookup of user DN.
 
static int mod_bootstrap (module_inst_ctx_t const *mctx)
 Bootstrap the module.
 
static int mod_detach (module_detach_ctx_t const *mctx)
 Detach from the LDAP server and cleanup internal state.
 
static int mod_instantiate (module_inst_ctx_t const *mctx)
 Instantiate the module.
 
static int mod_load (void)
 
static unlang_action_t mod_map_proc (rlm_rcode_t *p_result, void const *mod_inst, UNUSED void *proc_inst, request_t *request, fr_value_box_list_t *url, map_list_t const *maps)
 Perform a search and map the result of the search to server attributes.
 
static unlang_action_t mod_map_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Process the results of an LDAP map query.
 
static unlang_action_t mod_modify (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Modify user's object in LDAP.
 
static int mod_thread_detach (module_thread_inst_ctx_t const *mctx)
 Clean up thread specific data structure.
 
static int mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)
 Initialise thread specific data structure.
 
static void mod_unload (void)
 
static void user_modify_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx)
 Cancel an in progress user modification.
 
static unlang_action_t user_modify_final (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Handle results of user modification.
 
static unlang_action_t user_modify_mod_build_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 
static unlang_action_t user_modify_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Take the retrieved user DN and launch the async tmpl expansion of mod_values.
 
static unlang_action_t user_modify_start (UNUSED rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Perform async lookup of user DN if required for user modification.
 
 USERMOD_ENV (accounting)
 
 USERMOD_ENV (send)
 

Variables

fr_dict_attr_t const * attr_cleartext_password
 
fr_dict_attr_t const * attr_crypt_password
 
static fr_dict_attr_t const * attr_expr_bool_enum
 
fr_dict_attr_t const * attr_ldap_userdn
 
fr_dict_attr_t const * attr_nt_password
 
fr_dict_attr_t const * attr_password
 
fr_dict_attr_t const * attr_password_with_header
 
static const call_env_method_t authenticate_method_env
 
static const call_env_method_t authorize_method_env
 
static fr_dict_t const * dict_freeradius
 
static conf_parser_t group_config []
 
static fr_uri_part_t const ldap_dn_parts []
 
static xlat_arg_parser_t const ldap_group_xlat_arg []
 
static xlat_arg_parser_t const ldap_safe_xlat_arg []
 
static xlat_arg_parser_t const ldap_uri_escape_xlat_arg []
 
static fr_uri_part_t const ldap_uri_parts []
 
static fr_table_num_sorted_t const ldap_uri_scheme_table []
 
static size_t ldap_uri_scheme_table_len = NUM_ELEMENTS(ldap_uri_scheme_table)
 
static xlat_arg_parser_t const ldap_uri_unescape_xlat_arg []
 
static xlat_arg_parser_t const ldap_xlat_arg []
 
static const conf_parser_t module_config []
 
static conf_parser_t profile_config []
 
module_rlm_t rlm_ldap
 
fr_dict_autoload_t rlm_ldap_dict []
 
fr_dict_attr_autoload_t rlm_ldap_dict_attr []
 
global_lib_autoinst_t const * rlm_ldap_lib []
 
static const call_env_parser_t sasl_call_env []
 
static conf_parser_t user_config []
 
static const call_env_method_t xlat_memberof_method_env
 
static const call_env_method_t xlat_profile_method_env
 

Detailed Description

LDAP authorization and authentication module.

Id
eaf3a74c5207144d24b4c6762ad0889d13626668
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)
Copyright
2012,2015 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
2013,2015 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)
2012 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)
1999-2013 The FreeRADIUS Server Project.
Id
d3ae16a98488b5ab4b4be483d72a9f0b9d61a1f7
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)
Copyright
2012,2015 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
2013,2015 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)
2012 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)
1999-2013 The FreeRADIUS Server Project.

Definition in file rlm_ldap.c.

Data Structure Documentation

◆ ldap_auth_call_env_t

struct ldap_auth_call_env_t

Definition at line 57 of file rlm_ldap.c.

+ Collaboration diagram for ldap_auth_call_env_t:
Data Fields
fr_value_box_t password
tmpl_t const * password_tmpl
fr_value_box_t user_base
fr_value_box_t user_filter
fr_value_box_t user_sasl_authname
fr_value_box_t user_sasl_mech
fr_value_box_t user_sasl_proxy
fr_value_box_t user_sasl_realm

◆ ldap_auth_ctx_t

struct ldap_auth_ctx_t

Holds state of in progress async authentication.

Definition at line 347 of file rlm_ldap.c.

+ Collaboration diagram for ldap_auth_ctx_t:
Data Fields
ldap_auth_call_env_t * call_env
char const * dn
rlm_ldap_t const * inst
char const * password
fr_ldap_thread_t * thread

◆ ldap_map_ctx_t

struct ldap_map_ctx_t

Holds state of in progress LDAP map.

Definition at line 375 of file rlm_ldap.c.

+ Collaboration diagram for ldap_map_ctx_t:
Data Fields
fr_ldap_map_exp_t expanded
LDAPURLDesc * ldap_url
map_list_t const * maps
fr_ldap_query_t * query

◆ ldap_mod_tmpl_t

struct ldap_mod_tmpl_t

Definition at line 68 of file rlm_ldap.c.

+ Collaboration diagram for ldap_mod_tmpl_t:
Data Fields
char const * attr
fr_token_t op
tmpl_t const * tmpl

◆ ldap_update_rules_t

struct ldap_update_rules_t

Parameters to allow ldap_update_section_parse to be reused.

Definition at line 207 of file rlm_ldap.c.

Data Fields
ssize_t expect_password_offset
size_t map_offset

◆ ldap_user_modify_ctx_t

struct ldap_user_modify_ctx_t

Holds state of in progress ldap user modifications.

Definition at line 358 of file rlm_ldap.c.

+ Collaboration diagram for ldap_user_modify_ctx_t:
Data Fields
ldap_usermod_call_env_t * call_env
size_t current_mod
char const * dn
fr_value_box_list_t expanded
size_t expanded_mods
rlm_ldap_t const * inst
LDAPMod ** mod_p
LDAPMod * mod_s
size_t num_mods
fr_ldap_query_t * query
fr_ldap_thread_trunk_t * ttrunk

◆ ldap_usermod_call_env_t

struct ldap_usermod_call_env_t

Definition at line 73 of file rlm_ldap.c.

+ Collaboration diagram for ldap_usermod_call_env_t:
Data Fields
ldap_mod_tmpl_t ** mod
fr_value_box_t user_base
fr_value_box_t user_filter

◆ ldap_xlat_profile_call_env_t

struct ldap_xlat_profile_call_env_t

Call environment used in the profile xlat.

Definition at line 81 of file rlm_ldap.c.

+ Collaboration diagram for ldap_xlat_profile_call_env_t:
Data Fields
fr_value_box_t profile_filter Filter to use when searching for users.
map_list_t * profile_map List of maps to apply to the profile.

◆ ldap_xlat_profile_ctx_t

struct ldap_xlat_profile_ctx_t

Definition at line 1029 of file rlm_ldap.c.

+ Collaboration diagram for ldap_xlat_profile_ctx_t:
Data Fields
fr_ldap_map_exp_t expanded
fr_ldap_result_code_t ret
LDAPURLDesc * url

◆ rlm_ldap_boot_t

struct rlm_ldap_boot_t

Definition at line 52 of file rlm_ldap.c.

+ Collaboration diagram for rlm_ldap_boot_t:
Data Fields
fr_dict_attr_t const * cache_da
fr_dict_attr_t const * group_da

Macro Definition Documentation

◆ CHECK_EXPANDED_SPACE

#define CHECK_EXPANDED_SPACE (   _expanded)    fr_assert((size_t)_expanded->count < (NUM_ELEMENTS(_expanded->attrs) - 1));

◆ LDAP_URI_SAFE_FOR

#define LDAP_URI_SAFE_FOR   (fr_value_box_safe_for_t)fr_ldap_uri_escape_func

This is the common function that actually ends up doing all the URI escaping.

Definition at line 397 of file rlm_ldap.c.

◆ REPEAT_LDAP_MEMBEROF_XLAT_RESULTS

#define REPEAT_LDAP_MEMBEROF_XLAT_RESULTS
Value:
if (unlang_function_repeat_set(request, ldap_group_xlat_results) < 0) do { \
rcode = RLM_MODULE_FAIL; \
goto finish; \
} while (0)
unlang_function_repeat_set
#define unlang_function_repeat_set(_request, _repeat)
Set a new repeat function for an existing function frame.
Definition function.h:89
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
ldap_group_xlat_results
static unlang_action_t ldap_group_xlat_results(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Run the state machine for the LDAP membership xlat.
Definition rlm_ldap.c:870

Definition at line 860 of file rlm_ldap.c.

◆ REPEAT_MOD_AUTHORIZE_RESUME

#define REPEAT_MOD_AUTHORIZE_RESUME
Value:
if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) do { \
rcode = RLM_MODULE_FAIL; \
goto finish; \
} while (0)
mod_authorize_resume
static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after each potential yield in LDAP authorization.
Definition rlm_ldap.c:1552

Definition at line 1533 of file rlm_ldap.c.

◆ USER_CALL_ENV_COMMON

#define USER_CALL_ENV_COMMON (   _struct)
Value:
{ FR_CALL_ENV_OFFSET("base_dn", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_CONCAT, _struct, user_base), .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING }, \
{ FR_CALL_ENV_OFFSET("filter", FR_TYPE_STRING, CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT, _struct, user_filter), .pair.dflt = "(&)", .pair.dflt_quote = T_SINGLE_QUOTED_STRING }
CALL_ENV_FLAG_CONCAT
@ CALL_ENV_FLAG_CONCAT
If the tmpl produced multiple boxes they should be concatenated.
Definition call_env.h:76
CALL_ENV_FLAG_REQUIRED
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition call_env.h:75
CALL_ENV_FLAG_NULLABLE
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition call_env.h:80
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition call_env.h:335
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition token.h:122

Definition at line 184 of file rlm_ldap.c.

◆ USERMOD_ENV

#define USERMOD_ENV (   _section)
Value:
static const call_env_method_t _section ## _usermod_method_env = { \
FR_CALL_ENV_METHOD_OUT(ldap_usermod_call_env_t), \
.env = (call_env_parser_t[]) { \
{ FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED, \
((call_env_parser_t[]) { \
USER_CALL_ENV_COMMON(ldap_usermod_call_env_t), CALL_ENV_TERMINATOR \
})) }, \
{ FR_CALL_ENV_SUBSECTION_FUNC(STRINGIFY(_section), CF_IDENT_ANY, CALL_ENV_FLAG_SUBSECTION | CALL_ENV_FLAG_PARSE_MISSING, ldap_mod_section_parse) }, \
CALL_ENV_TERMINATOR \
} \
}
STRINGIFY
#define STRINGIFY(x)
Definition build.h:197
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition call_env.h:231
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition call_env.h:242
FR_CALL_ENV_SUBSECTION
#define FR_CALL_ENV_SUBSECTION(_name, _name2, _flags, _subcs)
Specify a call_env_parser_t which defines a nested subsection.
Definition call_env.h:397
CALL_ENV_FLAG_SUBSECTION
@ CALL_ENV_FLAG_SUBSECTION
This is a subsection.
Definition call_env.h:87
CALL_ENV_FLAG_PARSE_MISSING
@ CALL_ENV_FLAG_PARSE_MISSING
If this subsection is missing, still parse it.
Definition call_env.h:88
FR_CALL_ENV_SUBSECTION_FUNC
#define FR_CALL_ENV_SUBSECTION_FUNC(_name, _name2, _flags, _func)
Specify a call_env_parser_t which parses a subsection using a callback function.
Definition call_env.h:407
call_env_method_s
Definition call_env.h:239
call_env_parser_s
Per method call config.
Definition call_env.h:175
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:78
ldap_mod_section_parse
static int ldap_mod_section_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
ldap_usermod_call_env_t
Definition rlm_ldap.c:73

Definition at line 250 of file rlm_ldap.c.

Enumeration Type Documentation

◆ ldap_schemes_t

enum ldap_schemes_t
Enumerator
LDAP_SCHEME_UNIX 
LDAP_SCHEME_TCP 
LDAP_SCHEME_TCP_SSL 

Definition at line 382 of file rlm_ldap.c.

Function Documentation

◆ autz_ctx_free()

static int autz_ctx_free ( ldap_autz_ctx_t autz_ctx)
static

Ensure authorization context is properly cleared up.

Definition at line 1846 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ host_uri_canonify()

static char * host_uri_canonify ( request_t request,
LDAPURLDesc *  url_parsed,
fr_value_box_t url_in 
)
inlinestatic

Produce canonical LDAP host URI for finding trunks.

Definition at line 652 of file rlm_ldap.c.

+ Here is the caller graph for this function:

◆ ldap_group_filter_parse() [1/2]

static int ldap_group_filter_parse ( TALLOC_CTX *  ctx,
void *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
call_env_ctx_t const *  cec,
UNUSED call_env_parser_t const *  rule 
)
static

◆ ldap_group_filter_parse() [2/2]

static int ldap_group_filter_parse ( TALLOC_CTX *  ctx,
void *  out,
tmpl_rules_t const *  t_rules,
UNUSED CONF_ITEM ci,
call_env_ctx_t const *  cec,
UNUSED call_env_parser_t const *  rule 
)
static

Definition at line 2382 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ ldap_group_xlat_cancel()

static void ldap_group_xlat_cancel ( UNUSED request_t request,
UNUSED fr_signal_t  action,
void *  uctx 
)
static

Cancel an in-progress query for the LDAP group membership xlat.

Definition at line 851 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_group_xlat_results()

static unlang_action_t ldap_group_xlat_results ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Run the state machine for the LDAP membership xlat.

This is called after each async lookup is completed

Definition at line 870 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_group_xlat_resume()

static xlat_action_t ldap_group_xlat_resume ( TALLOC_CTX *  ctx,
fr_dcursor_t out,
xlat_ctx_t const *  xctx,
UNUSED request_t request,
UNUSED fr_value_box_list_t *  in 
)
static

Process the results of evaluating LDAP group membership.

Definition at line 918 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_group_xlat_user_find()

static unlang_action_t ldap_group_xlat_user_find ( UNUSED rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

User object lookup as part of group membership xlat.

Called if the ldap membership xlat is used and the user DN is not already known

Definition at line 835 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_map_verify()

static int ldap_map_verify ( CONF_SECTION cs,
UNUSED void const *  mod_inst,
UNUSED void *  proc_inst,
tmpl_t const *  src,
UNUSED map_list_t const *  maps 
)
static

Definition at line 1194 of file rlm_ldap.c.

+ Here is the caller graph for this function:

◆ ldap_mod_section_parse() [1/2]

static int ldap_mod_section_parse ( TALLOC_CTX *  ctx,
call_env_parsed_head_t *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
call_env_ctx_t const *  cec,
call_env_parser_t const *  rule 
)
static

◆ ldap_mod_section_parse() [2/2]

static int ldap_mod_section_parse ( TALLOC_CTX *  ctx,
call_env_parsed_head_t *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
call_env_ctx_t const *  cec,
UNUSED call_env_parser_t const *  rule 
)
static

Definition at line 2285 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ ldap_profile_xlat_resume()

static xlat_action_t ldap_profile_xlat_resume ( TALLOC_CTX *  ctx,
fr_dcursor_t out,
xlat_ctx_t const *  xctx,
UNUSED request_t request,
UNUSED fr_value_box_list_t *  in 
)
static

Return whether evaluating the profile was successful.

Definition at line 1038 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_query_timeout()

static void ldap_query_timeout ( UNUSED fr_event_list_t el,
UNUSED fr_time_t  now,
void *  uctx 
)
static

Callback when LDAP query times out.

Definition at line 535 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_update_section_parse() [1/2]

static int ldap_update_section_parse ( TALLOC_CTX *  ctx,
call_env_parsed_head_t *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
call_env_ctx_t const *  cec,
call_env_parser_t const *  rule 
)
static

◆ ldap_update_section_parse() [2/2]

static int ldap_update_section_parse ( TALLOC_CTX *  ctx,
call_env_parsed_head_t *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
UNUSED call_env_ctx_t const *  cec,
call_env_parser_t const *  rule 
)
static

Definition at line 2206 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ ldap_uri_part_escape()

static int ldap_uri_part_escape ( fr_value_box_t vb,
UNUSED void *  uctx 
)
static

Escape function for a part of an LDAP URI.

Definition at line 505 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ ldap_xlat_profile_ctx_free()

static int ldap_xlat_profile_ctx_free ( ldap_xlat_profile_ctx_t to_free)
static

Definition at line 1051 of file rlm_ldap.c.

+ Here is the caller graph for this function:

◆ ldap_xlat_resume()

static xlat_action_t ldap_xlat_resume ( TALLOC_CTX *  ctx,
fr_dcursor_t out,
xlat_ctx_t const *  xctx,
request_t request,
UNUSED fr_value_box_list_t *  in 
)
static

Callback when resuming after async ldap query is completed.

Definition at line 561 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_xlat_signal()

static void ldap_xlat_signal ( xlat_ctx_t const *  xctx,
request_t request,
UNUSED fr_signal_t  action 
)
static

Callback for signalling async ldap query.

Definition at line 608 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ldap_xlat_uri_parse()

static int ldap_xlat_uri_parse ( LDAPURLDesc **  uri_parsed,
char **  host_out,
bool free_host_out,
request_t request,
char *  host_default,
fr_value_box_t uri_in 
)
static

Utility function for parsing LDAP URLs.

All LDAP xlat functions that work with LDAP URLs should call this function to parse the URL.

Parameters
[out]uri_parsedLDAP URL parsed. Must be freed with ldap_url_desc_free.
[out]host_outhost name to use for the query. Must be freed with ldap_mem_free if free_host_out is true.
[out]free_host_outTrue if host_out should be freed.
[in]requestRequest being processed.
[in]host_defaultDefault host to use if the URL does not specify a host.
[in]uri_inURI to parse.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 683 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ map_ctx_free()

static int map_ctx_free ( ldap_map_ctx_t map_ctx)
static

Ensure map context is properly cleared up.

Definition at line 1307 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authenticate()

static unlang_action_t mod_authenticate ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Definition at line 1473 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_authenticate_resume()

static unlang_action_t mod_authenticate_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Initiate async LDAP bind to authenticate user.

Definition at line 1430 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authenticate_start()

static unlang_action_t mod_authenticate_start ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Perform async lookup of user DN if required for authentication.

Definition at line 1412 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Definition at line 1853 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_authorize_cancel()

static void mod_authorize_cancel ( UNUSED request_t request,
UNUSED fr_signal_t  action,
void *  uctx 
)
static

Clear up when cancelling a mod_authorize call.

Definition at line 1836 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authorize_resume()

static unlang_action_t mod_authorize_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Resume function called after each potential yield in LDAP authorization.

Some operations may or may not yield. E.g. if group membership is read from an attribute returned with the user object and is already in the correct form, that will not yield. Hence, each state may fall through to the next.

Parameters
p_resultResult of current authorization.
priorityUnused.
requestCurrent request.
uctxCurrent authorization context.
Returns
One of the RLM_MODULE_* values.

Definition at line 1552 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authorize_start()

static unlang_action_t mod_authorize_start ( UNUSED rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Start LDAP authorization with async lookup of user DN.

Definition at line 1524 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx)
static

Bootstrap the module.

Define attributes.

Parameters
[in]mctxconfiguration data.
Returns
  • 0 on success.
  • < 0 on failure.

Definition at line 2672 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_detach()

static int mod_detach ( module_detach_ctx_t const *  mctx)
static

Detach from the LDAP server and cleanup internal state.

Definition at line 2197 of file rlm_ldap.c.

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx)
static

Instantiate the module.

Creates a new instance of the module reading parameters from a configuration section.

Parameters
[in]mctxconfiguration data.
Returns
  • 0 on success.
  • < 0 on failure.

Definition at line 2461 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_load()

static int mod_load ( void  )
static

Definition at line 2741 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_map_proc()

static unlang_action_t mod_map_proc ( rlm_rcode_t p_result,
void const *  mod_inst,
UNUSED void *  proc_inst,
request_t request,
fr_value_box_list_t *  url,
map_list_t const *  maps 
)
static

Perform a search and map the result of the search to server attributes.

Unlike LDAP xlat, this can be used to process attributes from multiple entries.

Todo:
For xlat expansions we need to parse the raw URL first, and then apply different escape functions to the different parts.
Parameters
[out]p_resultResult of map expansion:
[in]mod_instrlm_ldap_t
[in]proc_instunused.
[in,out]requestThe current request.
[in]urlLDAP url specifying base DN and filter.
[in]mapsHead of the map list.
Returns
UNLANG_ACTION_CALCULATE_RESULT

Definition at line 1332 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_map_resume()

static unlang_action_t mod_map_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Process the results of an LDAP map query.

Parameters
[out]p_resultResult of applying the map.
[in]priorityUnused.
[in]requestCurrent request.
[in]uctxMap context.
Returns
One of UNLANG_ACTION_*

Definition at line 1214 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_modify()

static unlang_action_t mod_modify ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Modify user's object in LDAP.

Process a modification map to update a user object in the LDAP directory.

The module method called in "accouting" and "send" sections.

Definition at line 2146 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_thread_detach()

static int mod_thread_detach ( module_thread_inst_ctx_t const *  mctx)
static

Clean up thread specific data structure.

Definition at line 2398 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx)
static

Initialise thread specific data structure.

Definition at line 2416 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ mod_unload()

static void mod_unload ( void  )
static

Definition at line 2762 of file rlm_ldap.c.

+ Here is the call graph for this function:

◆ user_modify_cancel()

static void user_modify_cancel ( UNUSED request_t request,
UNUSED fr_signal_t  action,
void *  uctx 
)
static

Cancel an in progress user modification.

Definition at line 1932 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ user_modify_final()

static unlang_action_t user_modify_final ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Handle results of user modification.

Definition at line 1944 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ user_modify_mod_build_resume()

static unlang_action_t user_modify_mod_build_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Definition at line 1970 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ user_modify_resume()

static unlang_action_t user_modify_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Take the retrieved user DN and launch the async tmpl expansion of mod_values.

Definition at line 2109 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ user_modify_start()

static unlang_action_t user_modify_start ( UNUSED rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Perform async lookup of user DN if required for user modification.

Definition at line 1920 of file rlm_ldap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ USERMOD_ENV() [1/2]

USERMOD_ENV ( accounting  )

◆ USERMOD_ENV() [2/2]

USERMOD_ENV ( send  )

Variable Documentation

◆ attr_cleartext_password

fr_dict_attr_t const* attr_cleartext_password

Definition at line 318 of file rlm_ldap.c.

◆ attr_crypt_password

fr_dict_attr_t const* attr_crypt_password

Definition at line 319 of file rlm_ldap.c.

◆ attr_expr_bool_enum

fr_dict_attr_t const* attr_expr_bool_enum
static

Definition at line 323 of file rlm_ldap.c.

◆ attr_ldap_userdn

fr_dict_attr_t const* attr_ldap_userdn

Definition at line 320 of file rlm_ldap.c.

◆ attr_nt_password

fr_dict_attr_t const* attr_nt_password

Definition at line 321 of file rlm_ldap.c.

◆ attr_password

fr_dict_attr_t const* attr_password

Definition at line 317 of file rlm_ldap.c.

◆ attr_password_with_header

fr_dict_attr_t const* attr_password_with_header

Definition at line 322 of file rlm_ldap.c.

◆ authenticate_method_env

const call_env_method_t authenticate_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(ldap_auth_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED,
((call_env_parser_t[]) {
USER_CALL_ENV_COMMON(ldap_auth_call_env_t),
{ FR_CALL_ENV_PARSE_OFFSET("password_attribute", FR_TYPE_STRING,
CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
ldap_auth_call_env_t, password, password_tmpl),
.pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
{ FR_CALL_ENV_SUBSECTION("sasl", NULL, CALL_ENV_FLAG_NONE, sasl_call_env) },
CALL_ENV_TERMINATOR
})) },
CALL_ENV_TERMINATOR
}
}
FR_CALL_ENV_PARSE_OFFSET
#define FR_CALL_ENV_PARSE_OFFSET(_name, _cast_type, _flags, _struct, _field, _parse_field)
Specify a call_env_parser_t which writes out runtime results and the result of the parsing phase to t...
Definition call_env.h:360
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition call_env.h:235
CALL_ENV_FLAG_ATTRIBUTE
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl must contain an attribute reference.
Definition call_env.h:86
CALL_ENV_FLAG_NONE
@ CALL_ENV_FLAG_NONE
Definition call_env.h:74
USER_CALL_ENV_COMMON
#define USER_CALL_ENV_COMMON(_struct)
Definition rlm_ldap.c:184
sasl_call_env
static const call_env_parser_t sasl_call_env[]
Definition rlm_ldap.c:91
ldap_auth_call_env_t
Definition rlm_ldap.c:57
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:120

Definition at line 188 of file rlm_ldap.c.

◆ authorize_method_env

const call_env_method_t authorize_method_env
static

Definition at line 212 of file rlm_ldap.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius
static

Definition at line 309 of file rlm_ldap.c.

◆ group_config

conf_parser_t group_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("filter", rlm_ldap_t, group.obj_filter) },
{ FR_CONF_OFFSET("scope", rlm_ldap_t, group.obj_scope), .dflt = "sub",
.func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } },
{ FR_CONF_OFFSET("name_attribute", rlm_ldap_t, group.obj_name_attr), .dflt = "cn" },
{ FR_CONF_OFFSET("membership_attribute", rlm_ldap_t, group.userobj_membership_attr) },
{ FR_CONF_OFFSET_FLAGS("membership_filter", CONF_FLAG_XLAT, rlm_ldap_t, group.obj_membership_filter) },
{ FR_CONF_OFFSET("cacheable_name", rlm_ldap_t, group.cacheable_name), .dflt = "no" },
{ FR_CONF_OFFSET("cacheable_dn", rlm_ldap_t, group.cacheable_dn), .dflt = "no" },
{ FR_CONF_OFFSET("cache_attribute", rlm_ldap_t, group.cache_attribute) },
{ FR_CONF_OFFSET("group_attribute", rlm_ldap_t, group.attribute) },
{ FR_CONF_OFFSET("allow_dangling_group_ref", rlm_ldap_t, group.allow_dangling_refs), .dflt = "no" },
{ FR_CONF_OFFSET("skip_on_suspend", rlm_ldap_t, group.skip_on_suspend), .dflt = "yes"},
CONF_PARSER_TERMINATOR
}
cf_table_parse_int
int cf_table_parse_int(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic function for parsing conf pair values as int.
Definition cf_parse.c:1550
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:642
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:268
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:256
CONF_FLAG_XLAT
@ CONF_FLAG_XLAT
string will be dynamically expanded.
Definition cf_parse.h:429
cf_table_parse_ctx_t
Definition cf_parse.h:637
fr_ldap_scope_len
size_t fr_ldap_scope_len
Definition base.c:75
fr_ldap_scope
fr_table_num_sorted_t const fr_ldap_scope[]
Definition base.c:69
rlm_ldap_t
Definition rlm_ldap.h:20

Definition at line 126 of file rlm_ldap.c.

◆ ldap_dn_parts

fr_uri_part_t const ldap_dn_parts[]
static
Initial value:
= {
{ .name = "dn", .safe_for = LDAP_URI_SAFE_FOR , .func = ldap_uri_part_escape },
XLAT_URI_PART_TERMINATOR
}
ldap_uri_part_escape
static int ldap_uri_part_escape(fr_value_box_t *vb, UNUSED void *uctx)
Escape function for a part of an LDAP URI.
Definition rlm_ldap.c:505
LDAP_URI_SAFE_FOR
#define LDAP_URI_SAFE_FOR
This is the common function that actually ends up doing all the URI escaping.
Definition rlm_ldap.c:397
XLAT_URI_PART_TERMINATOR
#define XLAT_URI_PART_TERMINATOR
Definition uri.h:66

Definition at line 638 of file rlm_ldap.c.

◆ ldap_group_xlat_arg

xlat_arg_parser_t const ldap_group_xlat_arg[]
static
Initial value:
= {
{ .required = true, .concat = true, .type = FR_TYPE_STRING, .safe_for = LDAP_URI_SAFE_FOR },
XLAT_ARG_PARSER_TERMINATOR
}
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:168

Definition at line 931 of file rlm_ldap.c.

◆ ldap_safe_xlat_arg

xlat_arg_parser_t const ldap_safe_xlat_arg[]
static
Initial value:
= {
{ .required = true, .concat = true, .type = FR_TYPE_STRING },
XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 404 of file rlm_ldap.c.

◆ ldap_uri_escape_xlat_arg

xlat_arg_parser_t const ldap_uri_escape_xlat_arg[]
static
Initial value:
= {
{ .required = true, .concat = true, .type = FR_TYPE_STRING, .safe_for = LDAP_URI_SAFE_FOR },
XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 399 of file rlm_ldap.c.

◆ ldap_uri_parts

fr_uri_part_t const ldap_uri_parts[]
static
Initial value:
= {
{ .name = "scheme", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L(":")), .part_adv = { [':'] = 1 }, .extra_skip = 2 },
{ .name = "host", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L(":"), L("/")), .part_adv = { [':'] = 1, ['/'] = 2 } },
{ .name = "port", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("/")), .part_adv = { ['/'] = 1 } },
{ .name = "dn", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }, .func = ldap_uri_part_escape },
{ .name = "attrs", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }},
{ .name = "scope", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }, .func = ldap_uri_part_escape },
{ .name = "filter", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1}, .func = ldap_uri_part_escape },
{ .name = "exts", .safe_for = LDAP_URI_SAFE_FOR, .func = ldap_uri_part_escape },
XLAT_URI_PART_TERMINATOR
}
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
FR_SBUFF_TERMS
#define FR_SBUFF_TERMS(...)
Initialise a terminal structure with a list of sorted strings.
Definition sbuff.h:192

Definition at line 626 of file rlm_ldap.c.

◆ ldap_uri_scheme_table

fr_table_num_sorted_t const ldap_uri_scheme_table[]
static
Initial value:
= {
{ L("ldap://"), LDAP_SCHEME_UNIX },
{ L("ldapi://"), LDAP_SCHEME_TCP },
{ L("ldaps://"), LDAP_SCHEME_TCP_SSL },
}
LDAP_SCHEME_UNIX
@ LDAP_SCHEME_UNIX
Definition rlm_ldap.c:383
LDAP_SCHEME_TCP_SSL
@ LDAP_SCHEME_TCP_SSL
Definition rlm_ldap.c:385
LDAP_SCHEME_TCP
@ LDAP_SCHEME_TCP
Definition rlm_ldap.c:384

Definition at line 388 of file rlm_ldap.c.

◆ ldap_uri_scheme_table_len

size_t ldap_uri_scheme_table_len = NUM_ELEMENTS(ldap_uri_scheme_table)
static

Definition at line 393 of file rlm_ldap.c.

◆ ldap_uri_unescape_xlat_arg

xlat_arg_parser_t const ldap_uri_unescape_xlat_arg[]
static
Initial value:
= {
{ .required = true, .concat = true, .type = FR_TYPE_STRING },
XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 459 of file rlm_ldap.c.

◆ ldap_xlat_arg

xlat_arg_parser_t const ldap_xlat_arg[]
static
Initial value:
= {
{ .required = true, .type = FR_TYPE_STRING, .safe_for = LDAP_URI_SAFE_FOR },
XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 643 of file rlm_ldap.c.

◆ module_config

const conf_parser_t module_config[]
static

Definition at line 143 of file rlm_ldap.c.

◆ profile_config

conf_parser_t profile_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("scope", rlm_ldap_t, profile_scope), .dflt = "base",
.func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } },
{ FR_CONF_OFFSET("attribute", rlm_ldap_t, profile_attr) },
{ FR_CONF_OFFSET("attribute_suspend", rlm_ldap_t, profile_attr_suspend) },
CONF_PARSER_TERMINATOR
}

Definition at line 99 of file rlm_ldap.c.

◆ rlm_ldap

module_rlm_t rlm_ldap

Definition at line 2771 of file rlm_ldap.c.

◆ rlm_ldap_dict

fr_dict_autoload_t rlm_ldap_dict
Initial value:
= {
{ .out = &dict_freeradius, .proto = "freeradius" },
{ NULL }
}
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_ldap.c:309

Definition at line 312 of file rlm_ldap.c.

◆ rlm_ldap_dict_attr

fr_dict_attr_autoload_t rlm_ldap_dict_attr
Initial value:
= {
{ .out = &attr_password, .name = "Password", .type = FR_TYPE_TLV, .dict = &dict_freeradius },
{ .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_crypt_password, .name = "Password.Crypt", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_ldap_userdn, .name = "LDAP-UserDN", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_nt_password, .name = "Password.NT", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
{ .out = &attr_password_with_header, .name = "Password.With-Header", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
{ NULL }
}
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
attr_nt_password
fr_dict_attr_t const * attr_nt_password
Definition rlm_ldap.c:321
attr_ldap_userdn
fr_dict_attr_t const * attr_ldap_userdn
Definition rlm_ldap.c:320
attr_crypt_password
fr_dict_attr_t const * attr_crypt_password
Definition rlm_ldap.c:319
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition rlm_ldap.c:323
attr_password
fr_dict_attr_t const * attr_password
Definition rlm_ldap.c:317
attr_password_with_header
fr_dict_attr_t const * attr_password_with_header
Definition rlm_ldap.c:322
attr_cleartext_password
fr_dict_attr_t const * attr_cleartext_password
Definition rlm_ldap.c:318

Definition at line 326 of file rlm_ldap.c.

◆ rlm_ldap_lib

global_lib_autoinst_t const * rlm_ldap_lib
Initial value:
= {
&fr_libldap_global_config,
GLOBAL_LIB_TERMINATOR
}
GLOBAL_LIB_TERMINATOR
#define GLOBAL_LIB_TERMINATOR
Definition global_lib.h:51
fr_libldap_global_config
global_lib_autoinst_t fr_libldap_global_config
Definition base.c:134

Definition at line 339 of file rlm_ldap.c.

◆ sasl_call_env

const call_env_parser_t sasl_call_env[]
static
Initial value:
= {
{ FR_CALL_ENV_OFFSET("mech", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_mech) },
{ FR_CALL_ENV_OFFSET("authname", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_authname) },
{ FR_CALL_ENV_OFFSET("proxy", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_proxy) },
{ FR_CALL_ENV_OFFSET("realm", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_realm) },
CALL_ENV_TERMINATOR
}

Definition at line 91 of file rlm_ldap.c.

◆ user_config

conf_parser_t user_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("scope", rlm_ldap_t, user.obj_scope), .dflt = "sub",
.func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } },
{ FR_CONF_OFFSET("sort_by", rlm_ldap_t, user.obj_sort_by) },
{ FR_CONF_OFFSET("access_attribute", rlm_ldap_t, user.obj_access_attr) },
{ FR_CONF_OFFSET("access_positive", rlm_ldap_t, user.access_positive), .dflt = "yes" },
{ FR_CONF_OFFSET("access_value_negate", rlm_ldap_t, user.access_value_negate), .dflt = "false" },
{ FR_CONF_OFFSET("access_value_suspend", rlm_ldap_t, user.access_value_suspend), .dflt = "suspended" },
{ FR_CONF_OFFSET_IS_SET("expect_password", FR_TYPE_BOOL, 0, rlm_ldap_t, user.expect_password) },
CONF_PARSER_TERMINATOR
}
FR_CONF_OFFSET_IS_SET
#define FR_CONF_OFFSET_IS_SET(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct,...
Definition cf_parse.h:282

Definition at line 110 of file rlm_ldap.c.

◆ xlat_memberof_method_env

const call_env_method_t xlat_memberof_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(ldap_xlat_memberof_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED,
((call_env_parser_t[]) {
USER_CALL_ENV_COMMON(ldap_xlat_memberof_call_env_t),
CALL_ENV_TERMINATOR
})) },
{ FR_CALL_ENV_SUBSECTION("group", NULL, CALL_ENV_FLAG_NONE,
((call_env_parser_t[]) {
{ FR_CALL_ENV_OFFSET("base_dn", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_memberof_call_env_t, group_base) },
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("membership_filter", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_memberof_call_env_t, group_filter),
.pair.func = ldap_group_filter_parse,
.pair.escape = {
.func = fr_ldap_box_escape,
.safe_for = (fr_value_box_safe_for_t)fr_ldap_box_escape,
.mode = TMPL_ESCAPE_PRE_CONCAT
},
.pair.literals_safe_for = (fr_value_box_safe_for_t)fr_ldap_box_escape,
},
CALL_ENV_TERMINATOR
})) },
CALL_ENV_TERMINATOR
}
}
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition call_env.h:384
fr_ldap_box_escape
int fr_ldap_box_escape(fr_value_box_t *vb, UNUSED void *uctx)
Definition util.c:110
ldap_group_filter_parse
static int ldap_group_filter_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
ldap_xlat_memberof_call_env_t
Call environment used in group membership xlat.
Definition rlm_ldap.h:145
TMPL_ESCAPE_PRE_CONCAT
@ TMPL_ESCAPE_PRE_CONCAT
Pre-concatenation escaping is useful for DSLs where elements of the expansion are static,...
Definition tmpl_escape.h:61
fr_value_box_safe_for_t
uintptr_t fr_value_box_safe_for_t
Escaping that's been applied to a value box.
Definition value.h:155

Definition at line 265 of file rlm_ldap.c.

◆ xlat_profile_method_env

const call_env_method_t xlat_profile_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(ldap_xlat_profile_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_SUBSECTION_FUNC("update", CF_IDENT_ANY, CALL_ENV_FLAG_PARSE_MISSING, ldap_update_section_parse),
.uctx = &(ldap_update_rules_t){
.map_offset = offsetof(ldap_xlat_profile_call_env_t, profile_map),
.expect_password_offset = -1
} },
{ FR_CALL_ENV_SUBSECTION("profile", NULL, CALL_ENV_FLAG_NONE,
((call_env_parser_t[]) {
{ FR_CALL_ENV_OFFSET("filter", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_profile_call_env_t, profile_filter),
.pair.dflt = "(&)", .pair.dflt_quote = T_SINGLE_QUOTED_STRING },
CALL_ENV_TERMINATOR
})) },
CALL_ENV_TERMINATOR
}
}
ldap_update_section_parse
static int ldap_update_section_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
ldap_update_rules_t
Parameters to allow ldap_update_section_parse to be reused.
Definition rlm_ldap.c:207
ldap_xlat_profile_call_env_t
Call environment used in the profile xlat.
Definition rlm_ldap.c:81

Definition at line 291 of file rlm_ldap.c.

Generated by   doxygen 1.9.8