]>
Commit | Line | Data |
---|---|---|
b1218840 AJ |
1 | /* |
2 | * ----------------------------------------------------------------------------- | |
3 | * | |
4 | * Author: Markus Moeller (markus_moeller at compuserve.com) | |
5 | * | |
6 | * Copyright (C) 2007 Markus Moeller. All rights reserved. | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation; either version 2 of the License, or | |
11 | * (at your option) any later version. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. | |
21 | * | |
22 | * ----------------------------------------------------------------------------- | |
23 | */ | |
24 | ||
f7f3304a | 25 | #include "squid.h" |
b1218840 AJ |
26 | #include "util.h" |
27 | ||
28 | #ifdef HAVE_LDAP | |
29 | ||
30 | #include "support.h" | |
31 | ||
32 | int | |
33 | check_memberof(struct main_args *margs, char *user, char *domain) | |
34 | { | |
35 | ||
2e881a6f | 36 | /* |
b1218840 AJ |
37 | * Check order: |
38 | * | |
39 | * 1. Check domain against list of groups per domain | |
40 | * 1a. If domain does not exist in list try default domain | |
2e881a6f | 41 | * 1b. If default domain does not exist use default group against ldap url with user/password |
b1218840 | 42 | * 1c. If default group does not exist exit with error. |
2e881a6f | 43 | * 2. Query ldap membership |
b1218840 AJ |
44 | * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab |
45 | * 2b. Use username/password with TLS | |
46 | * | |
47 | */ | |
48 | struct gdstruct *gr; | |
49 | int found = 0; | |
50 | ||
51 | ||
52 | /* Check users domain */ | |
53 | ||
54 | gr = margs->groups; | |
55 | while (gr && domain) { | |
2e881a6f A |
56 | debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL"); |
57 | if (gr->domain && !strcasecmp(gr->domain, domain)) { | |
58 | debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain); | |
59 | /* query ldap */ | |
60 | if (get_memberof(margs, user, domain, gr->group)) { | |
61 | if (debug_enabled) | |
62 | debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
63 | else | |
64 | log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
65 | found++; | |
66 | break; | |
67 | } else { | |
68 | if (debug_enabled) | |
69 | debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
70 | else | |
71 | log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
72 | } | |
73 | } | |
74 | gr = gr->next; | |
b1218840 AJ |
75 | } |
76 | ||
77 | if (found) | |
2e881a6f | 78 | return (1); |
b1218840 AJ |
79 | |
80 | /* Check default domain */ | |
81 | ||
82 | gr = margs->groups; | |
83 | while (gr && domain) { | |
2e881a6f A |
84 | debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL"); |
85 | if (gr->domain && !strcasecmp(gr->domain, "")) { | |
86 | debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain); | |
87 | /* query ldap */ | |
88 | if (get_memberof(margs, user, domain, gr->group)) { | |
89 | if (debug_enabled) | |
90 | debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
91 | else | |
92 | log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
93 | found++; | |
94 | break; | |
95 | } else { | |
96 | if (debug_enabled) | |
97 | debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
98 | else | |
99 | log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain); | |
100 | } | |
101 | } | |
102 | gr = gr->next; | |
b1218840 AJ |
103 | } |
104 | ||
105 | if (found) | |
2e881a6f | 106 | return (1); |
b1218840 AJ |
107 | |
108 | /* Check default group with ldap url */ | |
109 | ||
110 | gr = margs->groups; | |
111 | while (gr) { | |
2e881a6f A |
112 | debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL"); |
113 | if (!gr->domain) { | |
114 | debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL"); | |
115 | /* query ldap */ | |
116 | if (get_memberof(margs, user, domain, gr->group)) { | |
117 | if (debug_enabled) | |
118 | debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL"); | |
119 | else | |
120 | log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL"); | |
121 | found++; | |
122 | break; | |
123 | } else { | |
124 | if (debug_enabled) | |
125 | debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL"); | |
126 | else | |
127 | log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL"); | |
128 | } | |
129 | } | |
130 | gr = gr->next; | |
b1218840 AJ |
131 | } |
132 | ||
133 | if (found) | |
2e881a6f | 134 | return (1); |
b1218840 AJ |
135 | |
136 | return (0); | |
137 | } | |
138 | #endif |