]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/external/kerberos_ldap_group/support_member.cc
2 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 * -----------------------------------------------------------------------------
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
14 * Copyright (C) 2007 Markus Moeller. All rights reserved.
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
30 * -----------------------------------------------------------------------------
41 check_memberof(struct main_args
*margs
, char *user
, char *domain
)
47 * 1. Check domain against list of groups per domain
48 * 1a. If domain does not exist in list try default domain
49 * 1b. If default domain does not exist use default group against ldap url with user/password
50 * 1c. If default group does not exist exit with error.
51 * 2. Query ldap membership
52 * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab
53 * 2b. Use username/password with TLS
59 /* Check users domain */
62 while (gr
&& domain
) {
63 debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
64 if (gr
->domain
&& !strcasecmp(gr
->domain
, domain
)) {
65 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
67 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
69 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
71 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
76 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
78 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
87 /* Check default domain */
90 while (gr
&& domain
) {
91 debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
92 if (gr
->domain
&& !strcasecmp(gr
->domain
, "")) {
93 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
);
95 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
97 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
99 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
104 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
106 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
);
115 /* Check default group with ldap url */
119 debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
121 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
123 if (get_memberof(margs
, user
, domain
, gr
->group
)) {
125 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
127 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
132 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");
134 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM
, user
, gr
->group
, gr
->domain
? gr
->domain
: "NULL");