acl_2external_2kerberos__ldap__group_2support_8h_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


/*

 * -----------------------------------------------------------------------------

 *

 * Author: Markus Moeller (markus_moeller at compuserve.com)

 *

 * Copyright (C) 2007 Markus Moeller. All rights reserved.

 *

 *   This program is free software; you can redistribute it and/or modify

 *   it under the terms of the GNU General Public License as published by

 *   the Free Software Foundation; either version 2 of the License, or

 *   (at your option) any later version.

 *

 *   This program is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *   GNU General Public License for more details.

 *

 *   You should have received a copy of the GNU General Public License

 *   along with this program; if not, write to the Free Software

 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.

 *

 * -----------------------------------------------------------------------------

 */


#ifndef SQUID_SRC_ACL_EXTERNAL_KERBEROS_LDAP_GROUP_SUPPORT_H

#define SQUID_SRC_ACL_EXTERNAL_KERBEROS_LDAP_GROUP_SUPPORT_H


#define KERBEROS_LDAP_GROUP_VERSION "1.4.0sq"


#include "compat/krb5.h"


#include <cstring>

#if HAVE_COM_ERR_H

#include <com_err.h>

#endif /* HAVE_COM_ERR_H */

#define LDAP_DEPRECATED 1

#if HAVE_LDAP_REBIND_FUNCTION

#define LDAP_REFERRALS

#endif

#if HAVE_LBER_H

#include <lber.h>

#endif

#if HAVE_LDAP_H

#include <ldap.h>

#endif

#if HAVE_MOZLDAP_LDAP_H

#include <mozldap/ldap.h>

#endif


struct gdstruct {

    char *group;

    char *domain;

    struct gdstruct *next;

};


struct ndstruct {

    char *netbios;

    char *domain;

    struct ndstruct *next;

};


struct lsstruct {

    char *lserver;

    char *domain;

    struct lsstruct *next;

};


struct main_args {

    char *glist;

    char *ulist;

    char *tlist;

    char *nlist;

    char *llist;

    char *luser;

    char *lpass;

    char *lbind;

    char *lurl;

    char *ssl;

    int rc_allow;

    int AD;

    int mdepth;

    int nokerberos;

    char *ddomain;

    struct gdstruct *groups;

    struct ndstruct *ndoms;

    struct lsstruct *lservs;

    char *principal;

};


extern int log_enabled;


/* the macro overload style is really a gcc-ism */

#ifdef __GNUC__


#define log(X...) \

                     if (log_enabled) { \

                         fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \

                         fprintf(stderr,X); \

                     } else (void)0


#define error(X...) \

                     fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \

                     fprintf(stderr,X); \


#define warn(X...) \

                     fprintf(stderr, "%s(%d): pid=%ld :", __FILE__, __LINE__, (long)getpid() ); \

                     fprintf(stderr,X); \


#else /* __GNUC__ */


/* non-GCC compilers can't do the above macro define yet. */

void log(char *format,...);

void error(char *format,...);

void warn(char *format,...);

#endif


struct hstruct {

    char *host;

    int port;

    int priority;

    int weight;

};


struct ldap_creds {

    char *dn;

    char *pw;

};


void init_args(struct main_args *margs);

void clean_args(struct main_args *margs);

const char *LogTime(void);


int check_memberof(struct main_args *margs, char *user, char *domain);

int get_memberof(struct main_args *margs, char *user, char *domain, char *group);


char *get_netbios_name(struct main_args *margs, char *netbios);


int create_gd(struct main_args *margs);

int create_nd(struct main_args *margs);

int create_ls(struct main_args *margs);


size_t get_ldap_hostname_list(struct main_args *margs, struct hstruct **hlist, size_t nhosts, char *domain);

size_t get_hostname_list(struct hstruct **hlist, size_t nhosts, char *name);

size_t free_hostname_list(struct hstruct **hlist, size_t nhosts);


#if HAVE_SASL_H || HAVE_SASL_SASL_H

int tool_sasl_bind(LDAP * ld, char *binddn, char *ssl);

#endif


#if HAVE_KRB5

#define MAX_DOMAINS 16

#define MAX_SKEW 300

struct kstruct {

    krb5_context context;

    krb5_ccache cc[MAX_DOMAINS];

    char* mem_ccache[MAX_DOMAINS];

    int ncache;

};

int krb5_create_cache(char *domain, char* princ);

void krb5_cleanup(void);

#endif


#define PROGRAM "kerberos_ldap_group"


#endif /* SQUID_SRC_ACL_EXTERNAL_KERBEROS_LDAP_GROUP_SUPPORT_H */


create_gd
int create_gd(struct main_args *margs)

log
void log(char *format,...)

error
void error(char *format,...)

get_hostname_list
size_t get_hostname_list(struct hstruct **hlist, size_t nhosts, char *name)

warn
void warn(char *format,...)

log_enabled
int log_enabled

get_memberof
int get_memberof(struct main_args *margs, char *user, char *domain, char *group)

create_nd
int create_nd(struct main_args *margs)

LogTime
const char * LogTime(void)
Definition negotiate_kerberos.h:94

clean_args
void clean_args(struct main_args *margs)

free_hostname_list
size_t free_hostname_list(struct hstruct **hlist, size_t nhosts)

create_ls
int create_ls(struct main_args *margs)

get_ldap_hostname_list
size_t get_ldap_hostname_list(struct main_args *margs, struct hstruct **hlist, size_t nhosts, char *domain)

get_netbios_name
char * get_netbios_name(struct main_args *margs, char *netbios)

check_memberof
int check_memberof(struct main_args *margs, char *user, char *domain)

init_args
void init_args(struct main_args *margs)

ld
static LDAP * ld
Definition ldap_backend.cc:57

binddn
static const char * binddn
Definition ext_ldap_group_acl.cc:104

krb5.h

gdstruct
Definition support.h:58

gdstruct::next
struct gdstruct * next
Definition support.h:61

gdstruct::group
char * group
Definition support.h:59

gdstruct::domain
char * domain
Definition support.h:60

hstruct
Definition support.h:123

hstruct::port
int port
Definition support.h:125

hstruct::host
char * host
Definition support.h:124

hstruct::priority
int priority
Definition support.h:126

hstruct::weight
int weight
Definition support.h:127

ldap_creds
Definition support.h:130

ldap_creds::dn
char * dn
Definition support.h:131

ldap_creds::pw
char * pw
Definition support.h:132

lsstruct
Definition support.h:68

lsstruct::next
struct lsstruct * next
Definition support.h:71

lsstruct::domain
char * domain
Definition support.h:70

lsstruct::lserver
char * lserver
Definition support.h:69

main_args
Definition support.h:74

main_args::ulist
char * ulist
Definition support.h:76

main_args::lservs
struct lsstruct * lservs
Definition support.h:92

main_args::ndoms
struct ndstruct * ndoms
Definition support.h:91

main_args::ddomain
char * ddomain
Definition support.h:89

main_args::ssl
char * ssl
Definition support.h:84

main_args::nlist
char * nlist
Definition support.h:78

main_args::glist
char * glist
Definition support.h:75

main_args::AD
int AD
Definition support.h:86

main_args::mdepth
int mdepth
Definition support.h:87

main_args::llist
char * llist
Definition support.h:79

main_args::rc_allow
int rc_allow
Definition support.h:85

main_args::luser
char * luser
Definition support.h:80

main_args::lpass
char * lpass
Definition support.h:81

main_args::principal
char * principal
Definition support.h:93

main_args::lurl
char * lurl
Definition support.h:83

main_args::tlist
char * tlist
Definition support.h:77

main_args::groups
struct gdstruct * groups
Definition support.h:90

main_args::lbind
char * lbind
Definition support.h:82

main_args::nokerberos
int nokerberos
Definition support.h:88

ndstruct
Definition support.h:63

ndstruct::domain
char * domain
Definition support.h:65

ndstruct::netbios
char * netbios
Definition support.h:64

ndstruct::next
struct ndstruct * next
Definition support.h:66