]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/kerberos_ldap_group/support_member.cc
2 * -----------------------------------------------------------------------------
4 * Author: Markus Moeller (markus_moeller at compuserve.com)
6 * Copyright (C) 2007 Markus Moeller. All rights reserved.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22 * -----------------------------------------------------------------------------
33 check_memberof(struct main_args
*margs
, char *user
, char *domain
)
39 * 1. Check domain against list of groups per domain
40 * 1a. If domain does not exist in list try default domain
41 * 1b. If default domain does not exist use default group against ldap url with user/password
42 * 1c. If default group does not exist exit with error.
43 * 2. Query ldap membership
44 * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab
45 * 2b. Use username/password with TLS
52 /* Check users domain */
55 while (gr
&& domain
) {
56 debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
57 if (gr
->domain
&& !strcasecmp(gr
->domain
, domain
)) {
58 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
60 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
62 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
64 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
69 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
71 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
80 /* Check default domain */
83 while (gr
&& domain
) {
84 debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
85 if (gr
->domain
&& !strcasecmp(gr
->domain
, "")) {
86 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
88 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
90 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
92 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
97 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
99 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
108 /* Check default group with ldap url */
112 debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
114 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
116 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
118 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
120 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
125 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
127 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");