The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Functions | Variables
rlm_winbind.c File Reference

Authenticates against Active Directory or Samba using winbind. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/util/debug.h>
#include "rlm_winbind.h"
#include "auth_wbclient_pap.h"
#include <grp.h>
#include <wbclient.h>
+ Include dependency graph for rlm_winbind.c:

Go to the source code of this file.

Data Structures

struct  winbind_autz_call_env_t
 
struct  winbind_group_xlat_call_env_t
 

Functions

static int _mod_conn_free (struct wbcContext **wb_ctx)
 Free connection pool winbind context. More...
 
static int domain_call_env_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED char const *section_name1, UNUSED char const *section_name2, UNUSED void const *data, UNUSED call_env_parser_t const *rule)
 
static unlang_action_t mod_authenticate (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Authenticate the user via libwbclient and winbind. More...
 
static unlang_action_t mod_authorize (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Authorize for libwbclient/winbind authentication. More...
 
static int mod_bootstrap (module_inst_ctx_t const *mctx)
 Bootstrap this module. More...
 
static void * mod_conn_create (TALLOC_CTX *ctx, UNUSED void *instance, UNUSED fr_time_delta_t timeout)
 Create connection pool winbind context. More...
 
static int mod_detach (module_detach_ctx_t const *mctx)
 Tidy up module instance. More...
 
static int mod_instantiate (module_inst_ctx_t const *mctx)
 Instantiate this module. More...
 
static bool winbind_check_group (rlm_winbind_t const *inst, request_t *request, char const *name, winbind_group_xlat_call_env_t *env)
 Group comparison for Winbind-Group. More...
 
static xlat_action_t winbind_group_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Check if the user is a member of a particular winbind group. More...
 

Variables

static fr_dict_attr_t const * attr_auth_type
 
static fr_dict_attr_t const * attr_expr_bool_enum
 
static fr_dict_t const * dict_freeradius
 
static const conf_parser_t group_config []
 
static const conf_parser_t module_config []
 
module_rlm_t rlm_winbind
 
fr_dict_autoload_t rlm_winbind_dict []
 
fr_dict_attr_autoload_t rlm_winbind_dict_attr []
 
static const call_env_method_t winbind_auth_method_env
 
static const call_env_method_t winbind_autz_method_env
 
static xlat_arg_parser_t const winbind_group_xlat_arg []
 
static const call_env_method_t winbind_group_xlat_call_env
 

Detailed Description

Authenticates against Active Directory or Samba using winbind.

Id
c9a1063ae88f86d36e16888e7e630f38cfd7549b
Author
Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)
Copyright
2016 The FreeRADIUS server project
2016 Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)

Definition in file rlm_winbind.c.

Data Structure Documentation

◆ winbind_autz_call_env_t

struct winbind_autz_call_env_t

Definition at line 68 of file rlm_winbind.c.

+ Collaboration diagram for winbind_autz_call_env_t:
Data Fields
tmpl_t * password

◆ winbind_group_xlat_call_env_t

struct winbind_group_xlat_call_env_t

Definition at line 72 of file rlm_winbind.c.

+ Collaboration diagram for winbind_group_xlat_call_env_t:
Data Fields
fr_value_box_t domain
fr_value_box_t username

Function Documentation

◆ _mod_conn_free()

static int _mod_conn_free ( struct wbcContext **  wb_ctx)
static

Free connection pool winbind context.

Parameters
[in]wb_ctxlibwbclient context
Returns
0

Definition at line 267 of file rlm_winbind.c.

+ Here is the caller graph for this function:

◆ domain_call_env_parse()

static int domain_call_env_parse ( TALLOC_CTX *  ctx,
void *  out,
tmpl_rules_t const *  t_rules,
CONF_ITEM ci,
UNUSED char const *  section_name1,
UNUSED char const *  section_name2,
UNUSED void const *  data,
UNUSED call_env_parser_t const *  rule 
)
static

Definition at line 440 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ mod_authenticate()

static unlang_action_t mod_authenticate ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Authenticate the user via libwbclient and winbind.

Parameters
[out]p_resultThe result of the module call.
[in]mctxModule instance data.
[in]requestThe current request

Definition at line 396 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Authorize for libwbclient/winbind authentication.

Checks there is a password available so we can authenticate against winbind and, if so, sets Auth-Type to ourself.

Parameters
[out]p_resultThe result of the module call:
[in]mctxModule instance data.
[in]requestThe current request.

Definition at line 365 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx)
static

Bootstrap this module.

Parameters
[in]mctxdata for this module
Returns
  • 0 success
  • -1 failure

Definition at line 538 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ mod_conn_create()

static void* mod_conn_create ( TALLOC_CTX *  ctx,
UNUSED void *  instance,
UNUSED fr_time_delta_t  timeout 
)
static

Create connection pool winbind context.

Parameters
[in]ctxtalloc context
[in]instanceModule instance (unused)
[in]timeoutConnection timeout
Returns
pointer to libwbclient context

Definition at line 283 of file rlm_winbind.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_detach()

static int mod_detach ( module_detach_ctx_t const *  mctx)
static

Tidy up module instance.

Frees up the libwbclient connection pool.

Parameters
[in]mctxdata for this module
Returns
0

Definition at line 344 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx)
static

Instantiate this module.

Parameters
[in]mctxdata for this module
Returns
  • 0 instantiation succeeded
  • -1 instantiation failed

Definition at line 316 of file rlm_winbind.c.

+ Here is the call graph for this function:

◆ winbind_check_group()

static bool winbind_check_group ( rlm_winbind_t const *  inst,
request_t request,
char const *  name,
winbind_group_xlat_call_env_t env 
)
static

Group comparison for Winbind-Group.

Parameters
instInstance of this module
requestThe current request
nameGroup name to be searched
envGroup check xlat call_env
Returns
  • 0 user is in group
  • 1 failure or user is not in group

Definition at line 88 of file rlm_winbind.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type
static

Definition at line 58 of file rlm_winbind.c.

◆ attr_expr_bool_enum

fr_dict_attr_t const* attr_expr_bool_enum
static

Definition at line 59 of file rlm_winbind.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius
static

Definition at line 50 of file rlm_winbind.c.

◆ group_config

const conf_parser_t group_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("add_domain", rlm_winbind_t, group_add_domain), .dflt = "yes" },
CONF_PARSER_TERMINATOR
}
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:626
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
rlm_winbind_t
Definition: rlm_winbind.h:11

Definition at line 40 of file rlm_winbind.c.

◆ module_config

const conf_parser_t module_config[]
static
Initial value:
= {
{ FR_CONF_POINTER("group", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) group_config },
CONF_PARSER_TERMINATOR
}
FR_CONF_POINTER
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
CONF_FLAG_SUBSECTION
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:400
group_config
static const conf_parser_t group_config[]
Definition: rlm_winbind.c:40

Definition at line 45 of file rlm_winbind.c.

◆ rlm_winbind

module_rlm_t rlm_winbind
Initial value:
= {
.common = {
.magic = MODULE_MAGIC_INIT,
.name = "winbind",
.inst_size = sizeof(rlm_winbind_t),
.config = module_config,
.instantiate = mod_instantiate,
.bootstrap = mod_bootstrap,
.detach = mod_detach
},
.method_names = (module_method_name_t[]){
{ .name1 = "recv", .name2 = CF_IDENT_ANY, .method = mod_authorize,
.method_env = &winbind_autz_method_env },
{ .name1 = "authenticate", .name2 = CF_IDENT_ANY, .method = mod_authenticate,
.method_env = &winbind_auth_method_env },
MODULE_NAME_TERMINATOR
}
}
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition: cf_util.h:78
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:65
module_method_name_t
Specifies a module method identifier.
Definition: module_method.c:36
config
static const conf_parser_t config[]
Definition: base.c:188
instantiate
static int instantiate(module_inst_ctx_t const *mctx)
Definition: rlm_rest.c:1312
mod_detach
static int mod_detach(module_detach_ctx_t const *mctx)
Tidy up module instance.
Definition: rlm_winbind.c:344
winbind_autz_method_env
static const call_env_method_t winbind_autz_method_env
Definition: rlm_winbind.c:431
winbind_auth_method_env
static const call_env_method_t winbind_auth_method_env
Definition: rlm_winbind.c:504
mod_authenticate
static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Authenticate the user via libwbclient and winbind.
Definition: rlm_winbind.c:396
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Bootstrap this module.
Definition: rlm_winbind.c:538
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Authorize for libwbclient/winbind authentication.
Definition: rlm_winbind.c:365
module_config
static const conf_parser_t module_config[]
Definition: rlm_winbind.c:45
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Instantiate this module.
Definition: rlm_winbind.c:316
MODULE_NAME_TERMINATOR
#define MODULE_NAME_TERMINATOR
Definition: module.h:135

Definition at line 571 of file rlm_winbind.c.

◆ rlm_winbind_dict

fr_dict_autoload_t rlm_winbind_dict
Initial value:
= {
{ .out = &dict_freeradius, .proto = "freeradius" },
{ NULL }
}
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition: rlm_winbind.c:50

Definition at line 53 of file rlm_winbind.c.

◆ rlm_winbind_dict_attr

fr_dict_attr_autoload_t rlm_winbind_dict_attr
Initial value:
= {
{ .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
{ .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
{ NULL }
}
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition: merged_model.c:95
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition: rlm_winbind.c:59
attr_auth_type
static fr_dict_attr_t const * attr_auth_type
Definition: rlm_winbind.c:58

Definition at line 62 of file rlm_winbind.c.

◆ winbind_auth_method_env

const call_env_method_t winbind_auth_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(winbind_auth_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_auth_call_env_t, username) },
{ FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_auth_call_env_t, domain),
.pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
{ FR_CALL_ENV_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_SECRET, winbind_auth_call_env_t, password),
.pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
CALL_ENV_TERMINATOR
}
}
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition: call_env.h:212
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition: call_env.h:216
CALL_ENV_FLAG_SECRET
@ CALL_ENV_FLAG_SECRET
The value is a secret, and should not be logged.
Definition: call_env.h:89
CALL_ENV_FLAG_NONE
@ CALL_ENV_FLAG_NONE
Definition: call_env.h:72
CALL_ENV_FLAG_REQUIRED
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition: call_env.h:73
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition: call_env.h:316
call_env_parser_s
Per method call config.
Definition: call_env.h:171
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition: merged_model.c:83
username
username
Definition: rlm_securid.c:420
domain_call_env_parse
static int domain_call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED char const *section_name1, UNUSED char const *section_name2, UNUSED void const *data, UNUSED call_env_parser_t const *rule)
Definition: rlm_winbind.c:440
winbind_auth_call_env_t
Definition: rlm_winbind.h:19
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition: token.h:122
T_BARE_WORD
@ T_BARE_WORD
Definition: token.h:120

Definition at line 504 of file rlm_winbind.c.

◆ winbind_autz_method_env

const call_env_method_t winbind_autz_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(winbind_autz_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_PARSE_ONLY, winbind_autz_call_env_t, password),
.pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
CALL_ENV_TERMINATOR
}
}
CALL_ENV_FLAG_ATTRIBUTE
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl must contain an attribute reference.
Definition: call_env.h:84
CALL_ENV_FLAG_PARSE_ONLY
@ CALL_ENV_FLAG_PARSE_ONLY
The result of parsing will not be evaluated at runtime.
Definition: call_env.h:83
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition: call_env.h:365
winbind_autz_call_env_t
Definition: rlm_winbind.c:68

Definition at line 431 of file rlm_winbind.c.

◆ winbind_group_xlat_arg

xlat_arg_parser_t const winbind_group_xlat_arg[]
static
Initial value:
= {
{ .required = true, .type = FR_TYPE_STRING, .concat = true },
XLAT_ARG_PARSER_TERMINATOR
}
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition: xlat.h:166

Definition at line 302 of file rlm_winbind.c.

◆ winbind_group_xlat_call_env

const call_env_method_t winbind_group_xlat_call_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(winbind_group_xlat_call_env_t),
.env = (call_env_parser_t[]) {
{ FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_group_xlat_call_env_t, domain),
.pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
{ FR_CALL_ENV_SUBSECTION("group", CF_IDENT_ANY, CALL_ENV_FLAG_NONE,
((call_env_parser_t[]) {
{FR_CALL_ENV_OFFSET("search_username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_group_xlat_call_env_t, username) },
CALL_ENV_TERMINATOR
}))},
CALL_ENV_TERMINATOR
}
}
FR_CALL_ENV_SUBSECTION
#define FR_CALL_ENV_SUBSECTION(_name, _ident2, _flags, _subcs)
Specify a call_env_parser_t which defines a nested subsection.
Definition: call_env.h:378
winbind_group_xlat_call_env_t
Definition: rlm_winbind.c:72

Definition at line 516 of file rlm_winbind.c.

Generated by   doxygen 1.9.1