rlm_winbind.c File Reference

Authenticates against Active Directory or Samba using winbind. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/unlang/call_env.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/util/debug.h>
#include "rlm_winbind.h"
#include "auth_wbclient_pap.h"
#include <grp.h>
#include <wbclient.h>

Include dependency graph for rlm_winbind.c:

Go to the source code of this file.

Data Structures
struct	winbind_autz_call_env_t
struct	winbind_group_xlat_call_env_t

Functions
static int	_mod_ctx_free (winbind_ctx_t *wbctx)
static int	domain_call_env_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
static unlang_action_t	mod_authenticate (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
	Authenticate the user via libwbclient and winbind.
static unlang_action_t	mod_authorize (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
	Authorize for libwbclient/winbind authentication.
static int	mod_bootstrap (module_inst_ctx_t const *mctx)
	Bootstrap this module.
static int	mod_instantiate (module_inst_ctx_t const *mctx)
	Instantiate this module.
static int	mod_thread_detach (module_thread_inst_ctx_t const *mctx)
static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)
static bool	winbind_check_group (rlm_winbind_t const *inst, request_t *request, char const *name, winbind_group_xlat_call_env_t *env, rlm_winbind_thread_t *t)
	Group comparison for Winbind-Group.
static int	winbind_ctx_alloc (winbind_ctx_t *wbctx, UNUSED void *uctx)
static xlat_action_t	winbind_group_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Check if the user is a member of a particular winbind group.

Variables
static fr_dict_attr_t const *	attr_auth_type
static fr_dict_attr_t const *	attr_expr_bool_enum
static fr_dict_t const *	dict_freeradius
static const conf_parser_t	group_config []
static const conf_parser_t	module_config []
static conf_parser_t	reuse_winbind_config []
module_rlm_t	rlm_winbind
fr_dict_autoload_t	rlm_winbind_dict []
fr_dict_attr_autoload_t	rlm_winbind_dict_attr []
static const call_env_method_t	winbind_auth_method_env
static const call_env_method_t	winbind_autz_method_env
static xlat_arg_parser_t const	winbind_group_xlat_arg []
static const call_env_method_t	winbind_group_xlat_call_env

Detailed Description

Authenticates against Active Directory or Samba using winbind.

Id

3992d7d7edaeb41b78556cc77873c1030c9dd0ca

Author

Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)

Copyright

2016 The FreeRADIUS server project

2016 Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)

Definition in file rlm_winbind.c.

---

Data Structure Documentation

winbind_autz_call_env_t

struct winbind_autz_call_env_t

Definition at line 74 of file rlm_winbind.c.

Collaboration diagram for winbind_autz_call_env_t:

Data Fields
tmpl_t *	password

winbind_group_xlat_call_env_t

struct winbind_group_xlat_call_env_t

Definition at line 78 of file rlm_winbind.c.

Collaboration diagram for winbind_group_xlat_call_env_t:

Data Fields
fr_value_box_t	domain
fr_value_box_t	username

Function Documentation

_mod_ctx_free()

static int _mod_ctx_free ( winbind_ctx_t *  wbctx )

static

Definition at line 274 of file rlm_winbind.c.

Here is the caller graph for this function:

domain_call_env_parse()

static int domain_call_env_parse ( TALLOC_CTX *  ctx, void *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, UNUSED call_env_ctx_t const *  cec, UNUSED call_env_parser_t const *  rule  )

static

Definition at line 408 of file rlm_winbind.c.

Here is the call graph for this function:

mod_authenticate()

static unlang_action_t mod_authenticate ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Authenticate the user via libwbclient and winbind.

Parameters

[out]	p_result	The result of the module call.
[in]	mctx	Module instance data.
[in]	request	The current request

Definition at line 364 of file rlm_winbind.c.

Here is the call graph for this function:

mod_authorize()

static unlang_action_t mod_authorize ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Authorize for libwbclient/winbind authentication.

Checks there is a password available so we can authenticate against winbind and, if so, sets Auth-Type to ourself.

Parameters

[out]	p_result	The result of the module call: RLM_MODULE_NOOP unable to use winbind authentication RLM_MODULE_OK Auth-Type has been set to winbind
[in]	mctx	Module instance data.
[in]	request	The current request.

Definition at line 333 of file rlm_winbind.c.

Here is the call graph for this function:

mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx )

static

Bootstrap this module.

Parameters

[in]

mctx

data for this module

Returns

• 0 success
• -1 failure

Definition at line 505 of file rlm_winbind.c.

Here is the call graph for this function:

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Instantiate this module.

Parameters

[in]

mctx

data for this module

Returns

• 0 instantiation succeeded
• -1 instantiation failed

Definition at line 308 of file rlm_winbind.c.

Here is the call graph for this function:

mod_thread_detach()

static int mod_thread_detach ( module_thread_inst_ctx_t const *  mctx )

static

Definition at line 541 of file rlm_winbind.c.

Here is the call graph for this function:

mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Definition at line 527 of file rlm_winbind.c.

Here is the call graph for this function:

winbind_check_group()

static bool winbind_check_group ( rlm_winbind_t const *  inst, request_t *  request, char const *  name, winbind_group_xlat_call_env_t *  env, rlm_winbind_thread_t *  t  )

static

Group comparison for Winbind-Group.

Parameters

inst	Instance of this module
request	The current request
name	Group name to be searched
env	Group check xlat call_env

Returns

• 0 user is in group
• 1 failure or user is not in group

Definition at line 94 of file rlm_winbind.c.

Here is the call graph for this function:

Here is the caller graph for this function:

winbind_ctx_alloc()

static int winbind_ctx_alloc ( winbind_ctx_t *  wbctx, UNUSED void *  uctx  )

static

Definition at line 283 of file rlm_winbind.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

attr_auth_type

fr_dict_attr_t const* attr_auth_type

static

Definition at line 64 of file rlm_winbind.c.

attr_expr_bool_enum

fr_dict_attr_t const* attr_expr_bool_enum

static

Definition at line 65 of file rlm_winbind.c.

dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 56 of file rlm_winbind.c.

group_config

const conf_parser_t group_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("add_domain", rlm_winbind_t, group_add_domain), .dflt = "yes" },
        CONF_PARSER_TERMINATOR
}

Definition at line 40 of file rlm_winbind.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_POINTER("group", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) group_config },
        { FR_CONF_OFFSET_SUBSECTION("reuse", 0, rlm_winbind_t, reuse, reuse_winbind_config) },
        CONF_PARSER_TERMINATOR
}

Definition at line 50 of file rlm_winbind.c.

reuse_winbind_config

conf_parser_t reuse_winbind_config[]

static

Initial value:

= {
        FR_SLAB_CONFIG_CONF_PARSER
        CONF_PARSER_TERMINATOR
}

Definition at line 45 of file rlm_winbind.c.

rlm_winbind

module_rlm_t rlm_winbind

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "winbind",
                .inst_size      = sizeof(rlm_winbind_t),
                .config         = module_config,
                .instantiate    = mod_instantiate,
                .bootstrap      = mod_bootstrap,
                .thread_inst_size       = sizeof(rlm_winbind_thread_t),
                .thread_instantiate     = mod_thread_instantiate,
                .thread_detach          = mod_thread_detach,
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &winbind_auth_method_env },
                        { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &winbind_autz_method_env },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 558 of file rlm_winbind.c.

rlm_winbind_dict

fr_dict_autoload_t rlm_winbind_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { NULL }
}

Definition at line 59 of file rlm_winbind.c.

rlm_winbind_dict_attr

fr_dict_attr_autoload_t rlm_winbind_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
        { NULL }
}

Definition at line 68 of file rlm_winbind.c.

winbind_auth_method_env

const call_env_method_t winbind_auth_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_auth_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_auth_call_env_t, username) },
                { FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_auth_call_env_t, domain),
                        .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
                { FR_CALL_ENV_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_SECRET, winbind_auth_call_env_t, password),
                        .pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 471 of file rlm_winbind.c.

winbind_autz_method_env

const call_env_method_t winbind_autz_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_autz_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_PARSE_ONLY_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_PARSE_ONLY, winbind_autz_call_env_t, password),
                        .pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 399 of file rlm_winbind.c.

winbind_group_xlat_arg

xlat_arg_parser_t const winbind_group_xlat_arg[]

static

Initial value:

= {
        { .required = true, .type = FR_TYPE_STRING, .concat = true },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 294 of file rlm_winbind.c.

winbind_group_xlat_call_env

const call_env_method_t winbind_group_xlat_call_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_group_xlat_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_group_xlat_call_env_t, domain),
                        .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
                { FR_CALL_ENV_SUBSECTION("group", CF_IDENT_ANY, CALL_ENV_FLAG_NONE,
                        ((call_env_parser_t[]) {
                                {FR_CALL_ENV_OFFSET("search_username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_group_xlat_call_env_t, username) },
                                CALL_ENV_TERMINATOR
                        }))},
                CALL_ENV_TERMINATOR
        }
}

Definition at line 483 of file rlm_winbind.c.