#include <freeradius-devel/util/debug.h>
#include "rlm_ldap.h"

Include dependency graph for user.c:

Data Structures
struct	ldap_user_find_ctx_t
	Holds state of user searches in progress. More...

Macros
#define	LOG_PREFIX mctx->mi->name

Functions
static void	ldap_find_user_async_cancel (UNUSED request_t request, UNUSED fr_signal_t action, void uctx)
	Cancel a user search.

static unlang_action_t	ldap_find_user_async_result (unlang_result_t p_result, request_t request, void *uctx)
	Process the results of an async user lookup.

ldap_access_state_t	rlm_ldap_check_access (rlm_ldap_t const inst, request_t request, LDAPMessage *entry)
	Check for presence of access attribute in result.

void	rlm_ldap_check_reply (request_t request, rlm_ldap_t const inst, char const inst_name, bool expect_password, fr_ldap_thread_trunk_t const ttrunk)
	Verify we got a password from the search.

unlang_action_t	rlm_ldap_find_user_async (TALLOC_CTX ctx, unlang_result_t p_result, rlm_ldap_t const inst, request_t request, fr_value_box_t base, fr_value_box_t filter, fr_ldap_thread_trunk_t ttrunk, char const attrs[], fr_ldap_query_t **query_out)
	Initiate asynchronous retrieval of the DN of a user object.

Data Structure Documentation

◆ ldap_user_find_ctx_t

struct ldap_user_find_ctx_t

Holds state of user searches in progress.

Definition at line 40 of file user.c.

Collaboration diagram for ldap_user_find_ctx_t:

Data Fields
char const const	attrs
char const *	base_dn
char const *	filter
rlm_ldap_t const *	inst
fr_ldap_query_t **	out
fr_ldap_query_t *	query
fr_ldap_thread_trunk_t *	ttrunk

Macro Definition Documentation

◆ LOG_PREFIX

#define LOG_PREFIX mctx->mi->name

Definition at line 33 of file user.c.

Function Documentation

◆ ldap_find_user_async_cancel()

static void ldap_find_user_async_cancel	(	UNUSED request_t *	request,
		UNUSED fr_signal_t	action,
		void *	uctx
	)

static

Cancel a user search.

Definition at line 131 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ ldap_find_user_async_result()

static unlang_action_t ldap_find_user_async_result	(	unlang_result_t *	p_result,
		request_t *	request,
		void *	uctx
	)

static

Process the results of an async user lookup.

Definition at line 53 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rlm_ldap_check_access()

ldap_access_state_t rlm_ldap_check_access	(	rlm_ldap_t const *	inst,
		request_t *	request,
		LDAPMessage *	entry
	)

Check for presence of access attribute in result.

Parameters

[in]	inst	rlm_ldap configuration.
[in]	request	Current request.
[in]	entry	retrieved by rlm_ldap_find_user or fr_ldap_search.

Returns

RLM_MODULE_DISALLOW if the user was denied access.
RLM_MODULE_OK otherwise.

Definition at line 212 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rlm_ldap_check_reply()

void rlm_ldap_check_reply	(	request_t *	request,
		rlm_ldap_t const *	inst,
		char const *	inst_name,
		bool	expect_password,
		fr_ldap_thread_trunk_t const *	ttrunk
	)

Verify we got a password from the search.

Checks to see if after the LDAP to RADIUS mapping has been completed that a reference password.

Parameters

[in]	request	Current request.
[in]	inst	Current LDAP instance.
[in]	inst_name	Name of LDAP module instance for debug messages.
[in]	expect_password	Whether we should be expecting a password.
[in]	ttrunk	the connection thread trunk.

Definition at line 264 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rlm_ldap_find_user_async()

unlang_action_t rlm_ldap_find_user_async	(	TALLOC_CTX *	ctx,
		unlang_result_t *	p_result,
		rlm_ldap_t const *	inst,
		request_t *	request,
		fr_value_box_t *	base,
		fr_value_box_t *	filter,
		fr_ldap_thread_trunk_t *	ttrunk,
		char const *	attrs[],
		fr_ldap_query_t **	query_out
	)

Initiate asynchronous retrieval of the DN of a user object.

Retrieves the DN of a user and adds it to the control list as LDAP-UserDN. Will also retrieve any attributes passed.

This potentially allows for all authorization and authentication checks to be performed in one ldap search operation, which is a big bonus given the number of crappy, slow cough*AD*cough LDAP directory servers out there.

Parameters

[in]	ctx	in which to allocate the query.
[in]	p_result	Where rcode from running the query will be written.
[in]	inst	rlm_ldap configuration.
[in]	request	Current request.
[in]	base	DN to search in.
[in]	filter	to use in LDAP search.
[in]	ttrunk	LDAP thread trunk to use.
[in]	attrs	Additional attributes to retrieve, may be NULL.
[in]	query_out	Where to put a pointer to the LDAP query structure - for extracting extra returned attributes, may be NULL.

Returns

UNLANG_ACTION_PUSHED_CHILD on success.
UNLANG_ACTION_FAIL on failure.

Definition at line 166 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Data Structures

Macros

Functions

Data Structure Documentation

◆ ldap_user_find_ctx_t

Macro Definition Documentation

◆ LOG_PREFIX

Function Documentation

◆ ldap_find_user_async_cancel()

◆ ldap_find_user_async_result()

◆ rlm_ldap_check_access()

◆ rlm_ldap_check_reply()

◆ rlm_ldap_find_user_async()