rlm_winbind.c File Reference

Authenticates against Active Directory or Samba using winbind. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/unlang/call_env.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/util/debug.h>
#include "rlm_winbind.h"
#include "auth_wbclient_pap.h"
#include <grp.h>
#include <wbclient.h>

Include dependency graph for rlm_winbind.c:

Go to the source code of this file.

Data Structures
struct	winbind_autz_call_env_t
struct	winbind_group_xlat_call_env_t

Functions
static int	_mod_conn_free (struct wbcContext **wb_ctx)
	Free connection pool winbind context. More...
static int	domain_call_env_parse (TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, UNUSED call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
static unlang_action_t	mod_authenticate (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
	Authenticate the user via libwbclient and winbind. More...
static unlang_action_t	mod_authorize (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
	Authorize for libwbclient/winbind authentication. More...
static int	mod_bootstrap (module_inst_ctx_t const *mctx)
	Bootstrap this module. More...
static void *	mod_conn_create (TALLOC_CTX *ctx, UNUSED void *instance, UNUSED fr_time_delta_t timeout)
	Create connection pool winbind context. More...
static int	mod_detach (module_detach_ctx_t const *mctx)
	Tidy up module instance. More...
static int	mod_instantiate (module_inst_ctx_t const *mctx)
	Instantiate this module. More...
static bool	winbind_check_group (rlm_winbind_t const *inst, request_t *request, char const *name, winbind_group_xlat_call_env_t *env)
	Group comparison for Winbind-Group. More...
static xlat_action_t	winbind_group_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Check if the user is a member of a particular winbind group. More...

Variables
static fr_dict_attr_t const *	attr_auth_type
static fr_dict_attr_t const *	attr_expr_bool_enum
static fr_dict_t const *	dict_freeradius
static const conf_parser_t	group_config []
static const conf_parser_t	module_config []
module_rlm_t	rlm_winbind
fr_dict_autoload_t	rlm_winbind_dict []
fr_dict_attr_autoload_t	rlm_winbind_dict_attr []
static const call_env_method_t	winbind_auth_method_env
static const call_env_method_t	winbind_autz_method_env
static xlat_arg_parser_t const	winbind_group_xlat_arg []
static const call_env_method_t	winbind_group_xlat_call_env

Detailed Description

Authenticates against Active Directory or Samba using winbind.

Id

95d0fc72d8239a9a221c94699b25fb9503152dc2

Author

Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)

Copyright

2016 The FreeRADIUS server project

2016 Matthew Newton (matth.nosp@m.ew@n.nosp@m.ewton.nosp@m.comp.nosp@m.uting.nosp@m..co..nosp@m.uk)

Definition in file rlm_winbind.c.

---

Data Structure Documentation

winbind_autz_call_env_t

struct winbind_autz_call_env_t

Definition at line 68 of file rlm_winbind.c.

Collaboration diagram for winbind_autz_call_env_t:

Data Fields
tmpl_t *	password

winbind_group_xlat_call_env_t

struct winbind_group_xlat_call_env_t

Definition at line 72 of file rlm_winbind.c.

Collaboration diagram for winbind_group_xlat_call_env_t:

Data Fields
fr_value_box_t	domain
fr_value_box_t	username

Function Documentation

_mod_conn_free()

static int _mod_conn_free ( struct wbcContext **  wb_ctx )

static

Free connection pool winbind context.

Parameters

[in]

wb_ctx

libwbclient context

Returns

0

Definition at line 267 of file rlm_winbind.c.

Here is the caller graph for this function:

domain_call_env_parse()

static int domain_call_env_parse ( TALLOC_CTX *  ctx, void *  out, tmpl_rules_t const *  t_rules, CONF_ITEM *  ci, UNUSED call_env_ctx_t const *  cec, UNUSED call_env_parser_t const *  rule  )

static

Definition at line 440 of file rlm_winbind.c.

Here is the call graph for this function:

mod_authenticate()

static unlang_action_t mod_authenticate ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Authenticate the user via libwbclient and winbind.

Parameters

[out]	p_result	The result of the module call.
[in]	mctx	Module instance data.
[in]	request	The current request

Definition at line 396 of file rlm_winbind.c.

Here is the call graph for this function:

mod_authorize()

static unlang_action_t mod_authorize ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Authorize for libwbclient/winbind authentication.

Checks there is a password available so we can authenticate against winbind and, if so, sets Auth-Type to ourself.

Parameters

[out]	p_result	The result of the module call: RLM_MODULE_NOOP unable to use winbind authentication RLM_MODULE_OK Auth-Type has been set to winbind
[in]	mctx	Module instance data.
[in]	request	The current request.

Definition at line 365 of file rlm_winbind.c.

Here is the call graph for this function:

mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx )

static

Bootstrap this module.

Parameters

[in]

mctx

data for this module

Returns

• 0 success
• -1 failure

Definition at line 537 of file rlm_winbind.c.

Here is the call graph for this function:

mod_conn_create()

static void* mod_conn_create ( TALLOC_CTX *  ctx, UNUSED void *  instance, UNUSED fr_time_delta_t  timeout  )

static

Create connection pool winbind context.

Parameters

[in]	ctx	talloc context
[in]	instance	Module instance (unused)
[in]	timeout	Connection timeout

Returns

pointer to libwbclient context

Definition at line 283 of file rlm_winbind.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_detach()

static int mod_detach ( module_detach_ctx_t const *  mctx )

static

Tidy up module instance.

Frees up the libwbclient connection pool.

Parameters

[in]

mctx

data for this module

Returns

0

Definition at line 344 of file rlm_winbind.c.

Here is the call graph for this function:

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Instantiate this module.

Parameters

[in]

mctx

data for this module

Returns

• 0 instantiation succeeded
• -1 instantiation failed

Definition at line 316 of file rlm_winbind.c.

Here is the call graph for this function:

winbind_check_group()

static bool winbind_check_group ( rlm_winbind_t const *  inst, request_t *  request, char const *  name, winbind_group_xlat_call_env_t *  env  )

static

Group comparison for Winbind-Group.

Parameters

inst	Instance of this module
request	The current request
name	Group name to be searched
env	Group check xlat call_env

Returns

• 0 user is in group
• 1 failure or user is not in group

Definition at line 88 of file rlm_winbind.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

attr_auth_type

fr_dict_attr_t const* attr_auth_type

static

Definition at line 58 of file rlm_winbind.c.

attr_expr_bool_enum

fr_dict_attr_t const* attr_expr_bool_enum

static

Definition at line 59 of file rlm_winbind.c.

dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 50 of file rlm_winbind.c.

group_config

const conf_parser_t group_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("add_domain", rlm_winbind_t, group_add_domain), .dflt = "yes" },
        CONF_PARSER_TERMINATOR
}

Definition at line 40 of file rlm_winbind.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_POINTER("group", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) group_config },
        CONF_PARSER_TERMINATOR
}

Definition at line 45 of file rlm_winbind.c.

rlm_winbind

module_rlm_t rlm_winbind

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "winbind",
                .inst_size      = sizeof(rlm_winbind_t),
                .config         = module_config,
                .instantiate    = mod_instantiate,
                .bootstrap      = mod_bootstrap,
                .detach         = mod_detach
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &winbind_auth_method_env },
                        { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &winbind_autz_method_env },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 569 of file rlm_winbind.c.

rlm_winbind_dict

fr_dict_autoload_t rlm_winbind_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { NULL }
}

Definition at line 53 of file rlm_winbind.c.

rlm_winbind_dict_attr

fr_dict_attr_autoload_t rlm_winbind_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
        { NULL }
}

Definition at line 62 of file rlm_winbind.c.

winbind_auth_method_env

const call_env_method_t winbind_auth_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_auth_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_auth_call_env_t, username) },
                { FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_auth_call_env_t, domain),
                        .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
                { FR_CALL_ENV_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_SECRET, winbind_auth_call_env_t, password),
                        .pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 503 of file rlm_winbind.c.

winbind_autz_method_env

const call_env_method_t winbind_autz_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_autz_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_PARSE_ONLY_OFFSET("password", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_PARSE_ONLY, winbind_autz_call_env_t, password),
                        .pair.dflt = "&User-Password", .pair.dflt_quote = T_BARE_WORD },
                CALL_ENV_TERMINATOR
        }
}

Definition at line 431 of file rlm_winbind.c.

winbind_group_xlat_arg

xlat_arg_parser_t const winbind_group_xlat_arg[]

static

Initial value:

= {
        { .required = true, .type = FR_TYPE_STRING, .concat = true },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 302 of file rlm_winbind.c.

winbind_group_xlat_call_env

const call_env_method_t winbind_group_xlat_call_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(winbind_group_xlat_call_env_t),
        .env = (call_env_parser_t[]) {
                { FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, winbind_group_xlat_call_env_t, domain),
                        .pair.dflt = "", .pair.dflt_quote = T_SINGLE_QUOTED_STRING, .pair.func = domain_call_env_parse },
                { FR_CALL_ENV_SUBSECTION("group", CF_IDENT_ANY, CALL_ENV_FLAG_NONE,
                        ((call_env_parser_t[]) {
                                {FR_CALL_ENV_OFFSET("search_username", FR_TYPE_STRING, CALL_ENV_FLAG_REQUIRED, winbind_group_xlat_call_env_t, username) },
                                CALL_ENV_TERMINATOR
                        }))},
                CALL_ENV_TERMINATOR
        }
}

Definition at line 515 of file rlm_winbind.c.