[thirdparty/squid.git] / helpers / external_acl / kerberos_ldap_group / support.h

/*
 * -----------------------------------------------------------------------------
 *
 * Author: Markus Moeller (markus_moeller at compuserve.com)
 *
 * Copyright (C) 2007 Markus Moeller. All rights reserved.
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
 *
 * -----------------------------------------------------------------------------
 */

#define KERBEROS_LDAP_GROUP_VERSION "1.2.2sq"

#ifdef HAVE_STRING_H
#include <string.h>
#endif

#ifdef HAVE_HEIMDAL_KERBEROS
#ifdef HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif defined(HAVE_GSSAPI_H)
#include <gssapi.h>
#endif
#ifdef HAVE_KRB5_H
#include <krb5.h>
#endif
#ifdef HAVE_COM_ERR_H
#include <com_err.h>
#else
#define error_message(code) krb5_get_err_text(kparam.context,code)
#endif
#else /*MIT */
#ifdef HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif defined(HAVE_GSSAPI_H)
#include <gssapi.h>
#endif
#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
#include <gssapi/gssapi_krb5.h>
#endif
#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
#include <gssapi/gssapi_generic.h>
#endif
#ifdef HAVE_GSSAPI_GSSAPI_EXT_H
#include <gssapi/gssapi_ext.h>
#endif
#ifdef HAVE_KRB5_H
#if HAVE_BROKEN_SOLARIS_KRB5_H
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#endif
#include <krb5.h>
#endif
#ifdef HAVE_COM_ERR_H
#include <com_err.h>
#endif
#endif
#ifndef gss_nt_service_name
#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
#endif

#define LDAP_DEPRECATED 1
#ifdef HAVE_LDAP_REBIND_FUNCTION
#define LDAP_REFERRALS
#endif
#ifdef HAVE_LBER_H
#include <lber.h>
#endif
#ifdef HAVE_LDAP_H
#include <ldap.h>
#endif
#ifdef HAVE_MOZLDAP_LDAP_H
#include <mozldap/ldap.h>
#endif

struct gdstruct {
    char *group;
    char *domain;
    struct gdstruct *next;
};
struct ndstruct {
    char *netbios;
    char *domain;
    struct ndstruct *next;
};

struct main_args {
    char *glist;
    char *ulist;
    char *tlist;
    char *nlist;
    char *luser;
    char *lpass;
    char *lbind;
    char *lurl;
    char *ssl;
    int rc_allow;
    int AD;
    int mdepth;
    char *ddomain;
    struct gdstruct *groups;
    struct ndstruct *ndoms;
};

SQUIDCEXTERN int log_enabled;

/* the macro overload style is really a gcc-ism */
#ifdef __GNUC__


#define log(X...) \
                     if (log_enabled) { \
                         fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
                         fprintf(stderr,X); \
                     } else (void)0

#define error(X...) \
                     fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
                     fprintf(stderr,X); \

#define warn(X...) \
                     fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
                     fprintf(stderr,X); \

#else /* __GNUC__ */

/* non-GCC compilers can't do the above macro define yet. */
void log(char *format,...);
void error(char *format,...);
void warn(char *format,...);
#endif


struct hstruct {
    char *host;
    int port;
    int priority;
    int weight;
};

struct ldap_creds {
    char *dn;
    char *pw;
};


void init_args(struct main_args *margs);
void clean_args(struct main_args *margs);
const char *LogTime(void);

int check_memberof(struct main_args *margs, char *user, char *domain);
int get_memberof(struct main_args *margs, char *user, char *domain, char *group);

char *get_netbios_name(struct main_args *margs, char *netbios);

int create_gd(struct main_args *margs);
int create_nd(struct main_args *margs);

int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);

int get_ldap_hostname_list(struct main_args *margs, struct hstruct **hlist, int nhosts, char *domain);
int get_hostname_list(struct main_args *margs, struct hstruct **hlist, int nhosts, char *name);
int free_hostname_list(struct hstruct **hlist, int nhosts);

#if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN)
int tool_sasl_bind(LDAP * ld, char *binddn, char *ssl);
#endif

#define PROGRAM "kerberos_ldap_group"
Commit	Line	Data
b1218840 AJ	1	/*
	2	* -----------------------------------------------------------------------------
	3	*
	4	* Author: Markus Moeller (markus_moeller at compuserve.com)
	5	*
	6	* Copyright (C) 2007 Markus Moeller. All rights reserved.
	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
	21	*
	22	* -----------------------------------------------------------------------------
	23	*/
	24
	25	#define KERBEROS_LDAP_GROUP_VERSION "1.2.2sq"
	26
	27	#ifdef HAVE_STRING_H
	28	#include <string.h>
	29	#endif
	30
	31	#ifdef HAVE_HEIMDAL_KERBEROS
	32	#ifdef HAVE_GSSAPI_GSSAPI_H
	33	#include <gssapi/gssapi.h>
	34	#elif defined(HAVE_GSSAPI_H)
	35	#include <gssapi.h>
	36	#endif
	37	#ifdef HAVE_KRB5_H
	38	#include <krb5.h>
	39	#endif
	40	#ifdef HAVE_COM_ERR_H
	41	#include <com_err.h>
	42	#else
	43	#define error_message(code) krb5_get_err_text(kparam.context,code)
	44	#endif
	45	#else /MIT /
	46	#ifdef HAVE_GSSAPI_GSSAPI_H
	47	#include <gssapi/gssapi.h>
	48	#elif defined(HAVE_GSSAPI_H)
	49	#include <gssapi.h>
	50	#endif
	51	#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
	52	#include <gssapi/gssapi_krb5.h>
	53	#endif
	54	#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
	55	#include <gssapi/gssapi_generic.h>
	56	#endif
	57	#ifdef HAVE_GSSAPI_GSSAPI_EXT_H
	58	#include <gssapi/gssapi_ext.h>
	59	#endif
	60	#ifdef HAVE_KRB5_H
	61	#if HAVE_BROKEN_SOLARIS_KRB5_H
	62	#if defined(__cplusplus)
	63	#define KRB5INT_BEGIN_DECLS extern "C" {
	64	#define KRB5INT_END_DECLS
65	KRB5INT_BEGIN_DECLS
66	#endif
67	#endif
68	#include <krb5.h>
69	#endif
70	#ifdef HAVE_COM_ERR_H
71	#include <com_err.h>
72	#endif
73	#endif
74	#ifndef gss_nt_service_name
75	#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
76	#endif
77
78	#define LDAP_DEPRECATED 1
79	#ifdef HAVE_LDAP_REBIND_FUNCTION
80	#define LDAP_REFERRALS
81	#endif
82	#ifdef HAVE_LBER_H
83	#include <lber.h>
84	#endif
85	#ifdef HAVE_LDAP_H
86	#include <ldap.h>
87	#endif
88	#ifdef HAVE_MOZLDAP_LDAP_H
89	#include <mozldap/ldap.h>
90	#endif
91
92	struct gdstruct {
93	char *group;
94	char *domain;
95	struct gdstruct *next;
96	};
97	struct ndstruct {
98	char *netbios;
99	char *domain;
100	struct ndstruct *next;
101	};
102
103	struct main_args {
104	char *glist;
105	char *ulist;
106	char *tlist;
107	char *nlist;
108	char *luser;
109	char *lpass;
110	char *lbind;
111	char *lurl;
112	char *ssl;
113	int rc_allow;
114	int AD;
115	int mdepth;
116	char *ddomain;
117	struct gdstruct *groups;
118	struct ndstruct *ndoms;
119	};
120
121	SQUIDCEXTERN int log_enabled;
122
123	/* the macro overload style is really a gcc-ism */
124	#ifdef __GNUC__
125
126
127	#define log(X...) \
128	if (log_enabled) { \
129	fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
130	fprintf(stderr,X); \
131	} else (void)0
132
133	#define error(X...) \
134	fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
135	fprintf(stderr,X); \
136
137	#define warn(X...) \
138	fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \
139	fprintf(stderr,X); \
140
141	#else /* __GNUC__ */
142
143	/* non-GCC compilers can't do the above macro define yet. */
144	void log(char *format,...);
145	void error(char *format,...);
146	void warn(char *format,...);
147	#endif
148
149
150	struct hstruct {
151	char *host;
152	int port;
153	int priority;
154	int weight;
155	};
156
157	struct ldap_creds {
158	char *dn;
159	char *pw;
160	};
161
162
163	void init_args(struct main_args *margs);
164	void clean_args(struct main_args *margs);
165	const char *LogTime(void);
166
167	int check_memberof(struct main_args margs, char user, char *domain);
168	int get_memberof(struct main_args margs, char user, char domain, char group);
169
170	char get_netbios_name(struct main_args margs, char *netbios);
171
172	int create_gd(struct main_args *margs);
173	int create_nd(struct main_args *margs);
174
175	int krb5_create_cache(struct main_args margs, char domain);
176	void krb5_cleanup(void);
177
178	int get_ldap_hostname_list(struct main_args margs, struct hstruct hlist, int nhosts, char domain);
179	int get_hostname_list(struct main_args margs, struct hstruct hlist, int nhosts, char name);
180	int free_hostname_list(struct hstruct **hlist, int nhosts);
181
182	#if defined(HAVE_SASL_H) \|\| defined(HAVE_SASL_SASL_H) \|\| defined(HAVE_SASL_DARWIN)
183	int tool_sasl_bind(LDAP * ld, char binddn, char ssl);
184	#endif
185
186	#define PROGRAM "kerberos_ldap_group"