]> git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/kerberos_ldap_group/support_member.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / helpers / external_acl / kerberos_ldap_group / support_member.cc
1 /*
2 * -----------------------------------------------------------------------------
3 *
4 * Author: Markus Moeller (markus_moeller at compuserve.com)
5 *
6 * Copyright (C) 2007 Markus Moeller. All rights reserved.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
21 *
22 * -----------------------------------------------------------------------------
23 */
24
25 #include "squid.h"
26 #include "util.h"
27
28 #ifdef HAVE_LDAP
29
30 #include "support.h"
31
32 int
33 check_memberof(struct main_args *margs, char *user, char *domain)
34 {
35
36 /*
37 * Check order:
38 *
39 * 1. Check domain against list of groups per domain
40 * 1a. If domain does not exist in list try default domain
41 * 1b. If default domain does not exist use default group against ldap url with user/password
42 * 1c. If default group does not exist exit with error.
43 * 2. Query ldap membership
44 * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab
45 * 2b. Use username/password with TLS
46 *
47 */
48 struct gdstruct *gr;
49 int found = 0;
50
51 /* Check users domain */
52
53 gr = margs->groups;
54 while (gr && domain) {
55 debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
56 if (gr->domain && !strcasecmp(gr->domain, domain)) {
57 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain);
58 /* query ldap */
59 if (get_memberof(margs, user, domain, gr->group)) {
60 if (debug_enabled)
61 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
62 else
63 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
64 ++found;
65 break;
66 } else {
67 if (debug_enabled)
68 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
69 else
70 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
71 }
72 }
73 gr = gr->next;
74 }
75
76 if (found)
77 return (1);
78
79 /* Check default domain */
80
81 gr = margs->groups;
82 while (gr && domain) {
83 debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
84 if (gr->domain && !strcasecmp(gr->domain, "")) {
85 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain);
86 /* query ldap */
87 if (get_memberof(margs, user, domain, gr->group)) {
88 if (debug_enabled)
89 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
90 else
91 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
92 ++found;
93 break;
94 } else {
95 if (debug_enabled)
96 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
97 else
98 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
99 }
100 }
101 gr = gr->next;
102 }
103
104 if (found)
105 return (1);
106
107 /* Check default group with ldap url */
108
109 gr = margs->groups;
110 while (gr) {
111 debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
112 if (!gr->domain) {
113 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
114 /* query ldap */
115 if (get_memberof(margs, user, domain, gr->group)) {
116 if (debug_enabled)
117 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
118 else
119 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
120 ++found;
121 break;
122 } else {
123 if (debug_enabled)
124 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
125 else
126 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
127 }
128 }
129 gr = gr->next;
130 }
131
132 if (found)
133 return (1);
134
135 return (0);
136 }
137 #endif
Mirror of https://github.com/squid-cache/squid.git