rlm_ldap.c File Reference

LDAP authorization and authentication module. More...

#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/table.h>
#include <freeradius-devel/util/uri.h>
#include <freeradius-devel/ldap/conf.h>
#include <freeradius-devel/server/map_proc.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/unlang/map.h>
#include "rlm_ldap.h"

Include dependency graph for rlm_ldap.c:

Go to the source code of this file.

Data Structures
struct	ldap_auth_call_env_t
struct	ldap_auth_ctx_t
	Holds state of in progress async authentication. More...
struct	ldap_map_ctx_t
	Holds state of in progress LDAP map. More...
struct	ldap_mod_tmpl_t
struct	ldap_update_rules_t
	Parameters to allow ldap_update_section_parse to be reused. More...
struct	ldap_user_modify_ctx_t
	Holds state of in progress ldap user modifications. More...
struct	ldap_usermod_call_env_t
struct	ldap_xlat_profile_call_env_t
	Call environment used in the profile xlat. More...
struct	ldap_xlat_profile_ctx_t
struct	rlm_ldap_boot_t

Macros
#define	CHECK_EXPANDED_SPACE(_expanded)   fr_assert((size_t)_expanded->count < (NUM_ELEMENTS(_expanded->attrs) - 1));
#define	LDAP_URI_SAFE_FOR   (fr_value_box_safe_for_t)fr_ldap_uri_escape_func
	This is the common function that actually ends up doing all the URI escaping.
#define	REPEAT_LDAP_MEMBEROF_XLAT_RESULTS
#define	REPEAT_MOD_AUTHORIZE_RESUME
#define	SSS_CONTROL_BUILD(_obj)
#define	USER_CALL_ENV_COMMON(_struct)
#define	USERMOD_ENV(_section)

Enumerations
enum	ldap_schemes_t {   LDAP_SCHEME_UNIX = 0 ,   LDAP_SCHEME_TCP ,   LDAP_SCHEME_TCP_SSL }

Functions
static int	autz_ctx_free (ldap_autz_ctx_t *autz_ctx)
	Ensure authorization context is properly cleared up.
static char *	host_uri_canonify (request_t *request, LDAPURLDesc *url_parsed, fr_value_box_t *url_in)
	Produce canonical LDAP host URI for finding trunks.
static int	ldap_group_filter_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
static int	ldap_group_filter_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, UNUSED CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
static xlat_action_t	ldap_group_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Check for a user being in a LDAP group.
static void	ldap_group_xlat_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx)
	Cancel an in-progress query for the LDAP group membership xlat.
static unlang_action_t	ldap_group_xlat_results (unlang_result_t *p_result, request_t *request, void *uctx)
	Run the state machine for the LDAP membership xlat.
static xlat_action_t	ldap_group_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, UNUSED fr_value_box_list_t *in)
	Process the results of evaluating LDAP group membership.
static unlang_action_t	ldap_group_xlat_user_find (UNUSED unlang_result_t *p_result, request_t *request, void *uctx)
	User object lookup as part of group membership xlat.
static int	ldap_map_verify (CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst, tmpl_t const *src, UNUSED map_list_t const *maps)
static int	ldap_mod_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
static int	ldap_mod_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
static xlat_action_t	ldap_profile_xlat (UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Expand an LDAP URL into a query, applying the results using the user update map.
static xlat_action_t	ldap_profile_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, UNUSED fr_value_box_list_t *in)
	Return whether evaluating the profile was successful.
static void	ldap_query_timeout (UNUSED fr_timer_list_t *tl, UNUSED fr_time_t now, void *uctx)
	Callback when LDAP query times out.
static int	ldap_update_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, call_env_parser_t const *rule)
static int	ldap_update_section_parse (TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED call_env_ctx_t const *cec, call_env_parser_t const *rule)
static xlat_action_t	ldap_uri_escape_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Escape LDAP string.
static int	ldap_uri_part_escape (fr_value_box_t *vb, UNUSED void *uctx)
	Escape function for a part of an LDAP URI.
static xlat_action_t	ldap_uri_unescape_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Unescape LDAP string.
static xlat_action_t	ldap_xlat (UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Expand an LDAP URL into a query, and return a string result from that query.
static int	ldap_xlat_profile_ctx_free (ldap_xlat_profile_ctx_t *to_free)
static xlat_action_t	ldap_xlat_resume (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
	Callback when resuming after async ldap query is completed.
static void	ldap_xlat_signal (xlat_ctx_t const *xctx, request_t *request, UNUSED fr_signal_t action)
	Callback for signalling async ldap query.
static xlat_action_t	ldap_xlat_uri_attr_option (TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Modify an LDAP URI to append an option to all attributes.
static int	ldap_xlat_uri_parse (LDAPURLDesc **uri_parsed, char **host_out, bool *free_host_out, request_t *request, char *host_default, fr_value_box_t *uri_in)
	Utility function for parsing LDAP URLs.
static int	map_ctx_free (ldap_map_ctx_t *map_ctx)
	Ensure map context is properly cleared up.
static unlang_action_t	mod_authenticate (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static unlang_action_t	mod_authorize (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static void	mod_authorize_cancel (module_ctx_t const *mctx, UNUSED request_t *request, UNUSED fr_signal_t action)
	Clear up when cancelling a mod_authorize call.
static unlang_action_t	mod_authorize_resume (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
	Resume function called after each potential yield in LDAP authorization.
static int	mod_bootstrap (module_inst_ctx_t const *mctx)
	Bootstrap the module.
static int	mod_detach (module_detach_ctx_t const *mctx)
	Detach from the LDAP server and cleanup internal state.
static int	mod_instantiate (module_inst_ctx_t const *mctx)
	Instantiate the module.
static int	mod_load (void)
static unlang_action_t	mod_map_proc (unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request, fr_value_box_list_t *url, map_list_t const *maps)
	Perform a search and map the result of the search to server attributes.
static unlang_action_t	mod_map_resume (unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request, UNUSED fr_value_box_list_t *url, UNUSED map_list_t const *maps)
	Process the results of an LDAP map query.
static unlang_action_t	mod_modify (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
	Modify user's object in LDAP.
static int	mod_thread_detach (module_thread_inst_ctx_t const *mctx)
	Clean up thread specific data structure.
static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)
	Initialise thread specific data structure.
static void	mod_unload (void)
static void	user_modify_cancel (module_ctx_t const *mctx, UNUSED request_t *request, UNUSED fr_signal_t action)
	Cancel an in progress user modification.
static unlang_action_t	user_modify_final (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
	Handle results of user modification.
static unlang_action_t	user_modify_mod_build_resume (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static unlang_action_t	user_modify_resume (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
	Take the retrieved user DN and launch the async tmpl expansion of mod_values.
	USERMOD_ENV (accounting)
	USERMOD_ENV (send)

Variables
fr_dict_attr_t const *	attr_cleartext_password
fr_dict_attr_t const *	attr_crypt_password
static fr_dict_attr_t const *	attr_expr_bool_enum
fr_dict_attr_t const *	attr_nt_password
fr_dict_attr_t const *	attr_password
fr_dict_attr_t const *	attr_password_with_header
static const call_env_method_t	authenticate_method_env
static const call_env_method_t	authorize_method_env
static fr_dict_t const *	dict_freeradius
static conf_parser_t	group_config []
static fr_uri_part_t const	ldap_dn_parts []
static xlat_arg_parser_t const	ldap_group_xlat_arg []
static xlat_arg_parser_t const	ldap_safe_xlat_arg []
static xlat_arg_parser_t const	ldap_uri_attr_option_xlat_arg []
static xlat_arg_parser_t const	ldap_uri_escape_xlat_arg []
static fr_uri_part_t const	ldap_uri_parts []
static fr_table_num_sorted_t const	ldap_uri_scheme_table []
static size_t	ldap_uri_scheme_table_len = NUM_ELEMENTS(ldap_uri_scheme_table)
static xlat_arg_parser_t const	ldap_uri_unescape_xlat_arg []
static xlat_arg_parser_t const	ldap_xlat_arg []
static const conf_parser_t	module_config []
static conf_parser_t	profile_config []
module_rlm_t	rlm_ldap
fr_dict_autoload_t	rlm_ldap_dict []
fr_dict_attr_autoload_t	rlm_ldap_dict_attr []
global_lib_autoinst_t const *	rlm_ldap_lib []
static const call_env_parser_t	sasl_call_env []
static conf_parser_t	user_config []
static const call_env_method_t	xlat_memberof_method_env
static const call_env_method_t	xlat_profile_method_env

Detailed Description

LDAP authorization and authentication module.

Id

103099f4a9c2061ef3d98f516261fee7502a3e17

Author

Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

Copyright

2012,2015 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

2013,2015 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

2012 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

1999-2013 The FreeRADIUS Server Project.

Id

fb3deee6d4235c1dc2df7782ffb0a7ebb8426f23

Author

Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

Copyright

2012,2015 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

2013,2015 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

2012 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

1999-2013 The FreeRADIUS Server Project.

Definition in file rlm_ldap.c.

---

Data Structure Documentation

ldap_auth_call_env_t

struct ldap_auth_call_env_t

Definition at line 54 of file rlm_ldap.c.

Collaboration diagram for ldap_auth_call_env_t:

Data Fields
fr_value_box_t	password
tmpl_t const *	password_tmpl
fr_value_box_t	user_sasl_authname
fr_value_box_t	user_sasl_mech
fr_value_box_t	user_sasl_proxy
fr_value_box_t	user_sasl_realm

ldap_auth_ctx_t

struct ldap_auth_ctx_t

Holds state of in progress async authentication.

Definition at line 350 of file rlm_ldap.c.

Collaboration diagram for ldap_auth_ctx_t:

Data Fields
ldap_auth_call_env_t *	call_env
char const *	dn
rlm_ldap_t const *	inst
char const *	password
fr_ldap_thread_t *	thread

ldap_map_ctx_t

struct ldap_map_ctx_t

Holds state of in progress LDAP map.

Definition at line 378 of file rlm_ldap.c.

Collaboration diagram for ldap_map_ctx_t:

Data Fields
fr_ldap_map_exp_t	expanded
LDAPURLDesc *	ldap_url
map_list_t const *	maps
fr_ldap_query_t *	query
LDAPControl *	serverctrls[LDAP_MAX_CONTROLS]

ldap_mod_tmpl_t

struct ldap_mod_tmpl_t

Definition at line 63 of file rlm_ldap.c.

Collaboration diagram for ldap_mod_tmpl_t:

Data Fields
char const *	attr
fr_token_t	op
tmpl_t const *	tmpl

ldap_update_rules_t

struct ldap_update_rules_t

Parameters to allow ldap_update_section_parse to be reused.

Definition at line 206 of file rlm_ldap.c.

Data Fields
ssize_t	expect_password_offset
size_t	map_offset

ldap_user_modify_ctx_t

struct ldap_user_modify_ctx_t

Holds state of in progress ldap user modifications.

Definition at line 361 of file rlm_ldap.c.

Collaboration diagram for ldap_user_modify_ctx_t:

Data Fields
ldap_usermod_call_env_t *	call_env
size_t	current_mod
char const *	dn
fr_value_box_list_t	expanded
size_t	expanded_mods
rlm_ldap_t const *	inst
LDAPMod **	mod_p
LDAPMod *	mod_s
size_t	num_mods
fr_ldap_query_t *	query
fr_ldap_thread_trunk_t *	ttrunk

ldap_usermod_call_env_t

struct ldap_usermod_call_env_t

Definition at line 68 of file rlm_ldap.c.

Collaboration diagram for ldap_usermod_call_env_t:

Data Fields
ldap_mod_tmpl_t **	mod
fr_value_box_t	user_base
fr_value_box_t	user_filter

ldap_xlat_profile_call_env_t

struct ldap_xlat_profile_call_env_t

Call environment used in the profile xlat.

Definition at line 76 of file rlm_ldap.c.

Collaboration diagram for ldap_xlat_profile_call_env_t:

Data Fields
fr_value_box_t	profile_filter	Filter to use when searching for users.
map_list_t *	profile_map	List of maps to apply to the profile.

ldap_xlat_profile_ctx_t

struct ldap_xlat_profile_ctx_t

Definition at line 1141 of file rlm_ldap.c.

Collaboration diagram for ldap_xlat_profile_ctx_t:

Data Fields
int	applied
fr_ldap_map_exp_t	expanded
fr_ldap_result_code_t	ret
LDAPURLDesc *	url

rlm_ldap_boot_t

struct rlm_ldap_boot_t

Definition at line 48 of file rlm_ldap.c.

Collaboration diagram for rlm_ldap_boot_t:

Data Fields
fr_dict_attr_t const *	cache_da
fr_dict_attr_t const *	group_da
fr_dict_attr_t const *	user_da

Macro Definition Documentation

CHECK_EXPANDED_SPACE

#define CHECK_EXPANDED_SPACE

(

_expanded

)

fr_assert((size_t)_expanded->count < (NUM_ELEMENTS(_expanded->attrs) - 1));

LDAP_URI_SAFE_FOR

#define LDAP_URI_SAFE_FOR   (fr_value_box_safe_for_t)fr_ldap_uri_escape_func

This is the common function that actually ends up doing all the URI escaping.

Definition at line 401 of file rlm_ldap.c.

REPEAT_LDAP_MEMBEROF_XLAT_RESULTS

#define REPEAT_LDAP_MEMBEROF_XLAT_RESULTS

Value:

        if (unlang_function_repeat_set(request, ldap_group_xlat_results) < 0) do { \
                RETURN_UNLANG_FAIL; \
        } while (0)

Definition at line 964 of file rlm_ldap.c.

REPEAT_MOD_AUTHORIZE_RESUME

#define REPEAT_MOD_AUTHORIZE_RESUME

Value:

        if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) do { \
                p_result->rcode = RLM_MODULE_FAIL; \
                goto finish; \
        } while (0)

Definition at line 1617 of file rlm_ldap.c.

SSS_CONTROL_BUILD

#define SSS_CONTROL_BUILD

(

_obj

)

Value:

                if (inst->_obj.obj_sort_by) { \
                LDAPSortKey     **keys; \
                int             ret; \
                ret = ldap_create_sort_keylist(&keys, UNCONST(char *, inst->_obj.obj_sort_by)); \
                if (ret != LDAP_SUCCESS) { \
                        cf_log_err(conf, "Invalid " STRINGIFY(_obj) ".sort_by value \"%s\": %s", \
                                      inst->_obj.obj_sort_by, ldap_err2string(ret)); \
                        return -1; \
                } \
                /* \
                 *      Always set the control as critical, if it's not needed \
                 *      the user can comment it out... \
                 */ \
                ret = ldap_create_sort_control(ldap_global_handle, keys, 1, &inst->_obj.obj_sort_ctrl); \
                ldap_free_sort_keylist(keys); \
                if (ret != LDAP_SUCCESS) { \
                        ERROR("Failed creating server sort control: %s", ldap_err2string(ret)); \
                        return -1; \
                } \
        }

USER_CALL_ENV_COMMON

#define USER_CALL_ENV_COMMON

(

_struct

)

Value:

        { FR_CALL_ENV_OFFSET("base_dn", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_CONCAT, _struct, user_base), .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING }, \
        { FR_CALL_ENV_OFFSET("filter", FR_TYPE_STRING, CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT, _struct, user_filter), .pair.dflt = "(&)", .pair.dflt_quote = T_SINGLE_QUOTED_STRING }

Definition at line 184 of file rlm_ldap.c.

USERMOD_ENV

#define USERMOD_ENV

(

_section

)

Value:

        static const call_env_method_t _section ## _usermod_method_env = { \
        FR_CALL_ENV_METHOD_OUT(ldap_usermod_call_env_t), \
        .env = (call_env_parser_t[]) { \
                { FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED, \
                                         ((call_env_parser_t[]) { \
                                                USER_CALL_ENV_COMMON(ldap_usermod_call_env_t), CALL_ENV_TERMINATOR \
                                         })) }, \
                { FR_CALL_ENV_SUBSECTION_FUNC(STRINGIFY(_section), CF_IDENT_ANY, CALL_ENV_FLAG_SUBSECTION | CALL_ENV_FLAG_PARSE_MISSING, ldap_mod_section_parse) }, \
                CALL_ENV_TERMINATOR \
        } \
}

Definition at line 252 of file rlm_ldap.c.

Enumeration Type Documentation

ldap_schemes_t

enum ldap_schemes_t

Enumerator
LDAP_SCHEME_UNIX
LDAP_SCHEME_TCP
LDAP_SCHEME_TCP_SSL

Definition at line 386 of file rlm_ldap.c.

Function Documentation

autz_ctx_free()

static int autz_ctx_free ( ldap_autz_ctx_t *  autz_ctx )

static

Ensure authorization context is properly cleared up.

Definition at line 1921 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

host_uri_canonify()

static char * host_uri_canonify ( request_t *  request, LDAPURLDesc *  url_parsed, fr_value_box_t *  url_in  )

inlinestatic

Produce canonical LDAP host URI for finding trunks.

Definition at line 751 of file rlm_ldap.c.

Here is the caller graph for this function:

ldap_group_filter_parse() [1/2]

static int ldap_group_filter_parse ( TALLOC_CTX *  ctx, void *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, call_env_ctx_t const *  cec, UNUSED call_env_parser_t const *  rule  )

static

ldap_group_filter_parse() [2/2]

static int ldap_group_filter_parse ( TALLOC_CTX *  ctx, void *  out, tmpl_rules_t const *  t_rules, UNUSED CONF_ITEM *  ci, call_env_ctx_t const *  cec, UNUSED call_env_parser_t const *  rule  )

static

Definition at line 2478 of file rlm_ldap.c.

Here is the call graph for this function:

ldap_group_xlat_cancel()

static void ldap_group_xlat_cancel ( UNUSED request_t *  request, UNUSED fr_signal_t  action, void *  uctx  )

static

Cancel an in-progress query for the LDAP group membership xlat.

Definition at line 955 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_group_xlat_results()

static unlang_action_t ldap_group_xlat_results ( unlang_result_t *  p_result, request_t *  request, void *  uctx  )

static

Run the state machine for the LDAP membership xlat.

This is called after each async lookup is completed

Will stop early, and set p_result to unlang_result

Definition at line 975 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_group_xlat_resume()

static xlat_action_t ldap_group_xlat_resume ( TALLOC_CTX *  ctx, fr_dcursor_t *  out, xlat_ctx_t const *  xctx, UNUSED request_t *  request, UNUSED fr_value_box_list_t *  in  )

static

Process the results of evaluating LDAP group membership.

Definition at line 1026 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_group_xlat_user_find()

static unlang_action_t ldap_group_xlat_user_find ( UNUSED unlang_result_t *  p_result, request_t *  request, void *  uctx  )

static

User object lookup as part of group membership xlat.

Called if the ldap membership xlat is used and the user DN is not already known

Definition at line 937 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_map_verify()

static int ldap_map_verify ( CONF_SECTION *  cs, UNUSED void const *  mod_inst, UNUSED void *  proc_inst, tmpl_t const *  src, UNUSED map_list_t const *  maps  )

static

Definition at line 1308 of file rlm_ldap.c.

Here is the caller graph for this function:

ldap_mod_section_parse() [1/2]

static int ldap_mod_section_parse ( TALLOC_CTX *  ctx, call_env_parsed_head_t *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, call_env_ctx_t const *  cec, call_env_parser_t const *  rule  )

static

ldap_mod_section_parse() [2/2]

static int ldap_mod_section_parse ( TALLOC_CTX *  ctx, call_env_parsed_head_t *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, call_env_ctx_t const *  cec, UNUSED call_env_parser_t const *  rule  )

static

Definition at line 2381 of file rlm_ldap.c.

Here is the call graph for this function:

ldap_profile_xlat_resume()

static xlat_action_t ldap_profile_xlat_resume ( TALLOC_CTX *  ctx, fr_dcursor_t *  out, xlat_ctx_t const *  xctx, UNUSED request_t *  request, UNUSED fr_value_box_list_t *  in  )

static

Return whether evaluating the profile was successful.

Definition at line 1151 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_query_timeout()

static void ldap_query_timeout ( UNUSED fr_timer_list_t *  tl, UNUSED fr_time_t  now, void *  uctx  )

static

Callback when LDAP query times out.

Definition at line 546 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_update_section_parse() [1/2]

static int ldap_update_section_parse ( TALLOC_CTX *  ctx, call_env_parsed_head_t *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, call_env_ctx_t const *  cec, call_env_parser_t const *  rule  )

static

ldap_update_section_parse() [2/2]

static int ldap_update_section_parse ( TALLOC_CTX *  ctx, call_env_parsed_head_t *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, UNUSED call_env_ctx_t const *  cec, call_env_parser_t const *  rule  )

static

Definition at line 2302 of file rlm_ldap.c.

Here is the call graph for this function:

ldap_uri_part_escape()

static int ldap_uri_part_escape ( fr_value_box_t *  vb, UNUSED void *  uctx  )

static

Escape function for a part of an LDAP URI.

Definition at line 517 of file rlm_ldap.c.

Here is the call graph for this function:

ldap_xlat_profile_ctx_free()

static int ldap_xlat_profile_ctx_free ( ldap_xlat_profile_ctx_t *  to_free )

static

Definition at line 1164 of file rlm_ldap.c.

Here is the caller graph for this function:

ldap_xlat_resume()

static xlat_action_t ldap_xlat_resume ( TALLOC_CTX *  ctx, fr_dcursor_t *  out, xlat_ctx_t const *  xctx, request_t *  request, UNUSED fr_value_box_list_t *  in  )

static

Callback when resuming after async ldap query is completed.

Definition at line 660 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_xlat_signal()

static void ldap_xlat_signal ( xlat_ctx_t const *  xctx, request_t *  request, UNUSED fr_signal_t  action  )

static

Callback for signalling async ldap query.

Definition at line 707 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_xlat_uri_parse()

static int ldap_xlat_uri_parse ( LDAPURLDesc **  uri_parsed, char **  host_out, bool *  free_host_out, request_t *  request, char *  host_default, fr_value_box_t *  uri_in  )

static

Utility function for parsing LDAP URLs.

All LDAP xlat functions that work with LDAP URLs should call this function to parse the URL.

Parameters

[out]	uri_parsed	LDAP URL parsed. Must be freed with ldap_url_desc_free.
[out]	host_out	host name to use for the query. Must be freed with ldap_mem_free if free_host_out is true.
[out]	free_host_out	True if host_out should be freed.
[in]	request	Request being processed.
[in]	host_default	Default host to use if the URL does not specify a host.
[in]	uri_in	URI to parse.

Returns

• 0 on success.
• -1 on failure.

Definition at line 782 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

map_ctx_free()

static int map_ctx_free ( ldap_map_ctx_t *  map_ctx )

static

Ensure map context is properly cleared up.

Definition at line 1429 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_authenticate()

static unlang_action_t mod_authenticate ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 1542 of file rlm_ldap.c.

Here is the call graph for this function:

mod_authorize()

static unlang_action_t mod_authorize ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 1928 of file rlm_ldap.c.

Here is the call graph for this function:

mod_authorize_cancel()

static void mod_authorize_cancel ( module_ctx_t const *  mctx, UNUSED request_t *  request, UNUSED fr_signal_t  action  )

static

Clear up when cancelling a mod_authorize call.

Definition at line 1911 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_authorize_resume()

static unlang_action_t mod_authorize_resume ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Resume function called after each potential yield in LDAP authorization.

Some operations may or may not yield. E.g. if group membership is read from an attribute returned with the user object and is already in the correct form, that will not yield. Hence, each state may fall through to the next.

Parameters

p_result	Result of current authorization.
mctx	Module context.
request	Current request.

Returns

An rcode.

Definition at line 1635 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx )

static

Bootstrap the module.

Define attributes.

Parameters

[in]

mctx

configuration data.

Returns

• 0 on success.
• < 0 on failure.

Definition at line 2793 of file rlm_ldap.c.

Here is the call graph for this function:

mod_detach()

static int mod_detach ( module_detach_ctx_t const *  mctx )

static

Detach from the LDAP server and cleanup internal state.

Definition at line 2292 of file rlm_ldap.c.

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Instantiate the module.

Creates a new instance of the module reading parameters from a configuration section.

Parameters

[in]

mctx

configuration data.

Returns

• 0 on success.
• < 0 on failure.

Definition at line 2559 of file rlm_ldap.c.

Here is the call graph for this function:

mod_load()

static int mod_load ( void  )

static

Definition at line 2874 of file rlm_ldap.c.

mod_map_proc()

static unlang_action_t mod_map_proc ( unlang_result_t *  p_result, map_ctx_t const *  mpctx, request_t *  request, fr_value_box_list_t *  url, map_list_t const *  maps  )

static

Perform a search and map the result of the search to server attributes.

Unlike LDAP xlat, this can be used to process attributes from multiple entries.

Todo:

For xlat expansions we need to parse the raw URL first, and then apply different escape functions to the different parts.

Parameters

[out]	p_result	Result of map expansion: RLM_MODULE_NOOP no rows were returned. RLM_MODULE_UPDATED if one or more fr_pair_t were added to the request_t. RLM_MODULE_FAIL if an error occurred.
[in]	mpctx	module map ctx.
[in,out]	request	The current request.
[in]	url	LDAP url specifying base DN and filter.
[in]	maps	Head of the map list.

Returns

UNLANG_ACTION_CALCULATE_RESULT

Definition at line 1458 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_map_resume()

static unlang_action_t mod_map_resume ( unlang_result_t *  p_result, map_ctx_t const *  mpctx, request_t *  request, UNUSED fr_value_box_list_t *  url, UNUSED map_list_t const *  maps  )

static

Process the results of an LDAP map query.

Parameters

[out]	p_result	Result of map expansion: RLM_MODULE_NOOP no rows were returned. RLM_MODULE_UPDATED if one or more fr_pair_t were added to the request_t. RLM_MODULE_FAIL if an error occurred.
[in]	mpctx	module map ctx.
[in,out]	request	The current request.
[in]	url	LDAP url specifying base DN and filter.
[in]	maps	Head of the map list.

Returns

One of UNLANG_ACTION_*

Definition at line 1332 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_modify()

static unlang_action_t mod_modify ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Modify user's object in LDAP.

Process a modification map to update a user object in the LDAP directory.

The module method called in "accouting" and "send" sections.

Definition at line 2224 of file rlm_ldap.c.

Here is the call graph for this function:

mod_thread_detach()

static int mod_thread_detach ( module_thread_inst_ctx_t const *  mctx )

static

Clean up thread specific data structure.

Definition at line 2494 of file rlm_ldap.c.

Here is the call graph for this function:

mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Initialise thread specific data structure.

Definition at line 2512 of file rlm_ldap.c.

Here is the call graph for this function:

mod_unload()

static void mod_unload ( void  )

static

Definition at line 2899 of file rlm_ldap.c.

user_modify_cancel()

static void user_modify_cancel ( module_ctx_t const *  mctx, UNUSED request_t *  request, UNUSED fr_signal_t  action  )

static

Cancel an in progress user modification.

Definition at line 2005 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

user_modify_final()

static unlang_action_t user_modify_final ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Handle results of user modification.

Definition at line 2017 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

user_modify_mod_build_resume()

static unlang_action_t user_modify_mod_build_resume ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 2046 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

user_modify_resume()

static unlang_action_t user_modify_resume ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Take the retrieved user DN and launch the async tmpl expansion of mod_values.

Definition at line 2187 of file rlm_ldap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

USERMOD_ENV() [1/2]

USERMOD_ENV

(

accounting

)

USERMOD_ENV() [2/2]

USERMOD_ENV

(

send

)

Variable Documentation

attr_cleartext_password

fr_dict_attr_t const* attr_cleartext_password

Definition at line 323 of file rlm_ldap.c.

attr_crypt_password

fr_dict_attr_t const* attr_crypt_password

Definition at line 324 of file rlm_ldap.c.

attr_expr_bool_enum

fr_dict_attr_t const* attr_expr_bool_enum

static

Definition at line 327 of file rlm_ldap.c.

attr_nt_password

fr_dict_attr_t const* attr_nt_password

Definition at line 325 of file rlm_ldap.c.

attr_password

fr_dict_attr_t const* attr_password

Definition at line 322 of file rlm_ldap.c.

attr_password_with_header

fr_dict_attr_t const* attr_password_with_header

Definition at line 326 of file rlm_ldap.c.

authenticate_method_env

const call_env_method_t authenticate_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(ldap_auth_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED,
                                         ((call_env_parser_t[]) {
                                                { FR_CALL_ENV_PARSE_OFFSET("password_attribute", FR_TYPE_STRING,
                                                                          CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_BARE_WORD_ATTRIBUTE,
                                                                          ldap_auth_call_env_t, password, password_tmpl),
                                                                          .pair.dflt = "User-Password", .pair.dflt_quote = T_BARE_WORD },
                                                { FR_CALL_ENV_SUBSECTION("sasl", NULL, CALL_ENV_FLAG_NONE, sasl_call_env) },
                                                CALL_ENV_TERMINATOR
                                         })) },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 188 of file rlm_ldap.c.

authorize_method_env

const call_env_method_t authorize_method_env

static

Definition at line 211 of file rlm_ldap.c.

dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 314 of file rlm_ldap.c.

group_config

conf_parser_t group_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("filter", rlm_ldap_t, group.obj_filter) },
        { FR_CONF_OFFSET("scope", rlm_ldap_t, group.obj_scope), .dflt = "sub",
          .func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len }  },
 
        { FR_CONF_OFFSET("name_attribute", rlm_ldap_t, group.obj_name_attr), .dflt = "cn" },
        { FR_CONF_OFFSET("membership_attribute", rlm_ldap_t, group.userobj_membership_attr) },
        { FR_CONF_OFFSET_FLAGS("membership_filter", CONF_FLAG_XLAT, rlm_ldap_t, group.obj_membership_filter) },
        { FR_CONF_OFFSET("cacheable_name", rlm_ldap_t, group.cacheable_name), .dflt = "no" },
        { FR_CONF_OFFSET("cacheable_dn", rlm_ldap_t, group.cacheable_dn), .dflt = "no" },
        { FR_CONF_OFFSET("cache_attribute", rlm_ldap_t, group.cache_attr_str) },
        { FR_CONF_OFFSET("group_attribute", rlm_ldap_t, group.attribute) },
        { FR_CONF_OFFSET("allow_dangling_group_ref", rlm_ldap_t, group.allow_dangling_refs), .dflt = "no" },
        { FR_CONF_OFFSET("skip_on_suspend", rlm_ldap_t, group.skip_on_suspend), .dflt = "yes"},
        CONF_PARSER_TERMINATOR
}

Definition at line 126 of file rlm_ldap.c.

ldap_dn_parts

fr_uri_part_t const ldap_dn_parts[]

static

Initial value:

= {
        { .name = "dn", .safe_for = LDAP_URI_SAFE_FOR , .func = ldap_uri_part_escape },
        XLAT_URI_PART_TERMINATOR
}

Definition at line 737 of file rlm_ldap.c.

ldap_group_xlat_arg

xlat_arg_parser_t const ldap_group_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING, .safe_for = LDAP_URI_SAFE_FOR },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 1039 of file rlm_ldap.c.

ldap_safe_xlat_arg

xlat_arg_parser_t const ldap_safe_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 408 of file rlm_ldap.c.

ldap_uri_attr_option_xlat_arg

xlat_arg_parser_t const ldap_uri_attr_option_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 569 of file rlm_ldap.c.

ldap_uri_escape_xlat_arg

xlat_arg_parser_t const ldap_uri_escape_xlat_arg[]

static

Initial value:

= {
        { .required=true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 403 of file rlm_ldap.c.

ldap_uri_parts

fr_uri_part_t const ldap_uri_parts[]

static

Initial value:

= {
        { .name = "scheme", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L(":")), .part_adv = { [':'] = 1 }, .extra_skip = 2 },
        { .name = "host", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L(":"), L("/")), .part_adv = { [':'] = 1, ['/'] = 2 } },
        { .name = "port", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("/")), .part_adv = { ['/'] = 1 } },
        { .name = "dn", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }, .func = ldap_uri_part_escape },
        { .name = "attrs", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }},
        { .name = "scope", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1 }, .func = ldap_uri_part_escape },
        { .name = "filter", .safe_for = LDAP_URI_SAFE_FOR, .terminals = &FR_SBUFF_TERMS(L("?")), .part_adv = { ['?'] = 1}, .func = ldap_uri_part_escape },
        { .name = "exts", .safe_for = LDAP_URI_SAFE_FOR, .func = ldap_uri_part_escape },
        XLAT_URI_PART_TERMINATOR
}

Definition at line 725 of file rlm_ldap.c.

ldap_uri_scheme_table

fr_table_num_sorted_t const ldap_uri_scheme_table[]

static

Initial value:

= {
        { L("ldap://"),         LDAP_SCHEME_UNIX        },
        { L("ldapi://"),        LDAP_SCHEME_TCP         },
        { L("ldaps://"),        LDAP_SCHEME_TCP_SSL     },
}

Definition at line 392 of file rlm_ldap.c.

ldap_uri_scheme_table_len

size_t ldap_uri_scheme_table_len = NUM_ELEMENTS(ldap_uri_scheme_table)

static

Definition at line 397 of file rlm_ldap.c.

ldap_uri_unescape_xlat_arg

xlat_arg_parser_t const ldap_uri_unescape_xlat_arg[]

static

Initial value:

= {
        { .required = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 466 of file rlm_ldap.c.

ldap_xlat_arg

xlat_arg_parser_t const ldap_xlat_arg[]

static

Initial value:

= {
        { .required = true, .type = FR_TYPE_STRING, .safe_for = LDAP_URI_SAFE_FOR, .will_escape = true, },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 742 of file rlm_ldap.c.

module_config

const conf_parser_t module_config[]

static

Definition at line 143 of file rlm_ldap.c.

profile_config

conf_parser_t profile_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("scope", rlm_ldap_t, profile.obj_scope), .dflt = "base",
          .func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } },
        { FR_CONF_OFFSET("attribute", rlm_ldap_t, profile.attr) },
        { FR_CONF_OFFSET("attribute_suspend", rlm_ldap_t, profile.attr_suspend) },
        { FR_CONF_OFFSET("check_attribute", rlm_ldap_t, profile.check_attr) },
        { FR_CONF_OFFSET("sort_by", rlm_ldap_t, profile.obj_sort_by) },
        { FR_CONF_OFFSET("fallthrough_attribute", rlm_ldap_t, profile.fallthrough_attr) },
        { FR_CONF_OFFSET("fallthrough_default", rlm_ldap_t, profile.fallthrough_def), .dflt = "yes" },
        CONF_PARSER_TERMINATOR
}

Definition at line 94 of file rlm_ldap.c.

rlm_ldap

module_rlm_t rlm_ldap

Initial value:

= {
        .common = {
                .magic                  = MODULE_MAGIC_INIT,
                .name                   = "ldap",
                .flags                  = 0,
                MODULE_BOOT(rlm_ldap_boot_t),
                MODULE_INST(rlm_ldap_t),
                .config                 = module_config,
                .onload                 = mod_load,
                .unload                 = mod_unload,
                .bootstrap              = mod_bootstrap,
                .instantiate            = mod_instantiate,
                .detach                 = mod_detach,
                MODULE_THREAD_INST(fr_ldap_thread_t),
                .thread_instantiate     = mod_thread_instantiate,
                .thread_detach          = mod_thread_detach,
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        
                        { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_modify, .method_env = &accounting_usermod_method_env },
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &authenticate_method_env },
                        { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
 
                        { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
                        { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_modify, .method_env = &send_usermod_method_env },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 2908 of file rlm_ldap.c.

rlm_ldap_dict

fr_dict_autoload_t rlm_ldap_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 317 of file rlm_ldap.c.

rlm_ldap_dict_attr

fr_dict_attr_autoload_t rlm_ldap_dict_attr

Initial value:

= {
        { .out = &attr_password, .name = "Password", .type = FR_TYPE_TLV, .dict = &dict_freeradius },
        { .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_crypt_password, .name = "Password.Crypt", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_nt_password, .name = "Password.NT", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
        { .out = &attr_password_with_header, .name = "Password.With-Header", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
 
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 330 of file rlm_ldap.c.

rlm_ldap_lib

global_lib_autoinst_t const * rlm_ldap_lib

Initial value:

= {
        &fr_libldap_global_config,
        GLOBAL_LIB_TERMINATOR
}

Definition at line 342 of file rlm_ldap.c.

sasl_call_env

const call_env_parser_t sasl_call_env[]

static

Initial value:

= {
        { FR_CALL_ENV_OFFSET("mech", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_mech) },
        { FR_CALL_ENV_OFFSET("authname", FR_TYPE_STRING, CALL_ENV_FLAG_BARE_WORD_ATTRIBUTE, ldap_auth_call_env_t, user_sasl_authname) },
        { FR_CALL_ENV_OFFSET("proxy", FR_TYPE_STRING, CALL_ENV_FLAG_BARE_WORD_ATTRIBUTE, ldap_auth_call_env_t, user_sasl_proxy) },
        { FR_CALL_ENV_OFFSET("realm", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, ldap_auth_call_env_t, user_sasl_realm) },
        CALL_ENV_TERMINATOR
}

Definition at line 86 of file rlm_ldap.c.

user_config

conf_parser_t user_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("scope", rlm_ldap_t, user.obj_scope), .dflt = "sub",
          .func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } },
        { FR_CONF_OFFSET("sort_by", rlm_ldap_t, user.obj_sort_by) },
 
        { FR_CONF_OFFSET("access_attribute", rlm_ldap_t, user.obj_access_attr) },
        { FR_CONF_OFFSET("access_positive", rlm_ldap_t, user.access_positive), .dflt = "yes" },
        { FR_CONF_OFFSET("access_value_negate", rlm_ldap_t, user.access_value_negate), .dflt = "false" },
        { FR_CONF_OFFSET("access_value_suspend", rlm_ldap_t, user.access_value_suspend), .dflt = "suspended" },
        { FR_CONF_OFFSET("dn_attribute", rlm_ldap_t, user.dn_attr_str), .dflt = "LDAP-UserDN" },
        { FR_CONF_OFFSET_IS_SET("expect_password", FR_TYPE_BOOL, 0, rlm_ldap_t, user.expect_password) },
        CONF_PARSER_TERMINATOR
}

Definition at line 109 of file rlm_ldap.c.

xlat_memberof_method_env

const call_env_method_t xlat_memberof_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(ldap_xlat_memberof_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_SUBSECTION("user", NULL, CALL_ENV_FLAG_REQUIRED,
                                         ((call_env_parser_t[]) {
                                                USER_CALL_ENV_COMMON(ldap_xlat_memberof_call_env_t),
                                                CALL_ENV_TERMINATOR
                                         })) },
                { FR_CALL_ENV_SUBSECTION("group", NULL, CALL_ENV_FLAG_NONE,
                                         ((call_env_parser_t[]) {
                                                { FR_CALL_ENV_OFFSET("base_dn", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_memberof_call_env_t, group_base) },
                                                { FR_CALL_ENV_PARSE_ONLY_OFFSET("membership_filter", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_memberof_call_env_t, group_filter),
                                                  .pair.func = ldap_group_filter_parse,
                                                  .pair.escape = {
                                                          .box_escape = {
                                                                  .func = fr_ldap_box_escape,
                                                                  .safe_for = (fr_value_box_safe_for_t)fr_ldap_box_escape,
                                                                  .always_escape = false,
                                                          },
                                                        .mode = TMPL_ESCAPE_PRE_CONCAT
                                                  },
                                                  .pair.literals_safe_for = (fr_value_box_safe_for_t)fr_ldap_box_escape,
                                                },
                                                CALL_ENV_TERMINATOR
                                         })) },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 267 of file rlm_ldap.c.

xlat_profile_method_env

const call_env_method_t xlat_profile_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(ldap_xlat_profile_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_SUBSECTION_FUNC("update", CF_IDENT_ANY, CALL_ENV_FLAG_PARSE_MISSING, ldap_update_section_parse),
                                              .uctx = &(ldap_update_rules_t){
                                                .map_offset = offsetof(ldap_xlat_profile_call_env_t, profile_map),
                                                .expect_password_offset = -1
                                              } },
                { FR_CALL_ENV_SUBSECTION("profile", NULL, CALL_ENV_FLAG_NONE,
                                         ((call_env_parser_t[])  {
                                                { FR_CALL_ENV_OFFSET("filter", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, ldap_xlat_profile_call_env_t, profile_filter),
                                                                     .pair.dflt = "(&)", .pair.dflt_quote = T_SINGLE_QUOTED_STRING }, 
                                                CALL_ENV_TERMINATOR
                                         })) },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 296 of file rlm_ldap.c.