user.c File Reference

#include <freeradius-devel/util/debug.h>
#include "rlm_ldap.h"

Include dependency graph for user.c:

Go to the source code of this file.

Data Structures
struct	ldap_user_find_ctx_t
	Holds state of user searches in progress. More...

Macros
#define	LOG_PREFIX   mctx->mi->name

Functions
static void	ldap_find_user_async_cancel (UNUSED request_t *request, UNUSED fr_signal_t action, void *uctx)
	Cancel a user search. More...
static unlang_action_t	ldap_find_user_async_result (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
	Process the results of an async user lookup. More...
ldap_access_state_t	rlm_ldap_check_access (rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry)
	Check for presence of access attribute in result. More...
void	rlm_ldap_check_reply (request_t *request, rlm_ldap_t const *inst, char const *inst_name, bool expect_password, fr_ldap_thread_trunk_t const *ttrunk)
	Verify we got a password from the search. More...
unlang_action_t	rlm_ldap_find_user_async (TALLOC_CTX *ctx, rlm_ldap_t const *inst, request_t *request, fr_value_box_t *base, fr_value_box_t *filter, fr_ldap_thread_trunk_t *ttrunk, char const *attrs[], fr_ldap_query_t **query_out)
	Initiate asynchronous retrieval of the DN of a user object. More...

---

Data Structure Documentation

ldap_user_find_ctx_t

struct ldap_user_find_ctx_t

Holds state of user searches in progress.

Definition at line 40 of file user.c.

Collaboration diagram for ldap_user_find_ctx_t:

Data Fields
char const *const *	attrs
char const *	base_dn
char const *	filter
rlm_ldap_t const *	inst
fr_ldap_query_t **	out
fr_ldap_query_t *	query
fr_ldap_thread_trunk_t *	ttrunk

Macro Definition Documentation

LOG_PREFIX

#define LOG_PREFIX   mctx->mi->name

Definition at line 33 of file user.c.

Function Documentation

ldap_find_user_async_cancel()

static void ldap_find_user_async_cancel ( UNUSED request_t *  request, UNUSED fr_signal_t  action, void *  uctx  )

static

Cancel a user search.

Definition at line 125 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ldap_find_user_async_result()

static unlang_action_t ldap_find_user_async_result ( rlm_rcode_t *  p_result, UNUSED int *  priority, request_t *  request, void *  uctx  )

static

Process the results of an async user lookup.

Definition at line 53 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

rlm_ldap_check_access()

ldap_access_state_t rlm_ldap_check_access	(	rlm_ldap_t const *	inst,
		request_t *	request,
		LDAPMessage *	entry
	)

Check for presence of access attribute in result.

Parameters

[in]	inst	rlm_ldap configuration.
[in]	request	Current request.
[in]	entry	retrieved by rlm_ldap_find_user or fr_ldap_search.

Returns

• RLM_MODULE_DISALLOW if the user was denied access.
• RLM_MODULE_OK otherwise.

Definition at line 199 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

rlm_ldap_check_reply()

void rlm_ldap_check_reply	(	request_t *	request,
		rlm_ldap_t const *	inst,
		char const *	inst_name,
		bool	expect_password,
		fr_ldap_thread_trunk_t const *	ttrunk
	)

Verify we got a password from the search.

Checks to see if after the LDAP to RADIUS mapping has been completed that a reference password.

Parameters

[in]	request	Current request.
[in]	inst	Current LDAP instance.
[in]	inst_name	Name of LDAP module instance for debug messages.
[in]	expect_password	Whether we should be expecting a password.
[in]	ttrunk	the connection thread trunk.

Definition at line 251 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function:

rlm_ldap_find_user_async()

unlang_action_t rlm_ldap_find_user_async	(	TALLOC_CTX *	ctx,
		rlm_ldap_t const *	inst,
		request_t *	request,
		fr_value_box_t *	base,
		fr_value_box_t *	filter,
		fr_ldap_thread_trunk_t *	ttrunk,
		char const *	attrs[],
		fr_ldap_query_t **	query_out
	)

Initiate asynchronous retrieval of the DN of a user object.

Retrieves the DN of a user and adds it to the control list as LDAP-UserDN. Will also retrieve any attributes passed.

This potentially allows for all authorization and authentication checks to be performed in one ldap search operation, which is a big bonus given the number of crappy, slow cough*AD*cough LDAP directory servers out there.

Parameters

[in]	ctx	in which to allocate the query.
[in]	inst	rlm_ldap configuration.
[in]	request	Current request.
[in]	base	DN to search in.
[in]	filter	to use in LDAP search.
[in]	ttrunk	LDAP thread trunk to use.
[in]	attrs	Additional attributes to retrieve, may be NULL.
[in]	query_out	Where to put a pointer to the LDAP query structure - for extracting extra returned attributes, may be NULL.

Returns

• UNLANG_ACTION_PUSHED_CHILD on success.
• UNLANG_ACTION_FAIL on failure.

Definition at line 159 of file user.c.

Here is the call graph for this function:

Here is the caller graph for this function: