]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/kerberos_ldap_group/support_member.cc
2 * -----------------------------------------------------------------------------
4 * Author: Markus Moeller (markus_moeller at compuserve.com)
6 * Copyright (C) 2007 Markus Moeller. All rights reserved.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22 * -----------------------------------------------------------------------------
33 check_memberof(struct main_args
*margs
, char *user
, char *domain
)
39 * 1. Check domain against list of groups per domain
40 * 1a. If domain does not exist in list try default domain
41 * 1b. If default domain does not exist use default group against ldap url with user/password
42 * 1c. If default group does not exist exit with error.
43 * 2. Query ldap membership
44 * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab
45 * 2b. Use username/password with TLS
51 /* Check users domain */
54 while (gr
&& domain
) {
55 debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
56 if (gr
->domain
&& !strcasecmp(gr
->domain
, domain
)) {
57 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
59 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
61 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
63 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
68 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
70 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
79 /* Check default domain */
82 while (gr
&& domain
) {
83 debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
84 if (gr
->domain
&& !strcasecmp(gr
->domain
, "")) {
85 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
87 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
89 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
91 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
96 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
98 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
107 /* Check default group with ldap url */
111 debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
113 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
115 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
117 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
119 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
124 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
126 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");