support_member.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * -----------------------------------------------------------------------------
11 *
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
13 *
14 * Copyright (C) 2007 Markus Moeller. All rights reserved.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29 *
30 * -----------------------------------------------------------------------------
31 */
32
33#include "squid.h"
34#include "util.h"
35
36#if HAVE_LDAP
37
38#include "support.h"
39
40int
41check_memberof(struct main_args *margs, char *user, char *domain)
42{
43
44 /*
45 * Check order:
46 *
47 * 1. Check domain against list of groups per domain
48 * 1a. If domain does not exist in list try default domain
49 * 1b. If default domain does not exist use default group against ldap url with user/password
50 * 1c. If default group does not exist exit with error.
51 * 2. Query ldap membership
52 * 2a. Use GSSAPI/SASL with HTTP/fqdn@DOMAIN credentials from keytab
53 * 2b. Use username/password with TLS
54 *
55 */
56 struct gdstruct *gr;
57 int found = 0;
58
59 /* Check users domain */
60
61 gr = margs->groups;
62 while (gr && domain) {
63 debug((char *) "%s| %s: DEBUG: User domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
64 if (gr->domain && !strcasecmp(gr->domain, domain)) {
65 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain);
66 /* query ldap */
67 if (get_memberof(margs, user, domain, gr->group)) {
68 if (debug_enabled)
69 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
70 else
71 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
72 ++found;
73 break;
74 } else {
75 if (debug_enabled)
76 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
77 else
78 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
79 }
80 }
81 gr = gr->next;
82 }
83
84 if (found)
85 return (1);
86
87 /* Check default domain */
88
89 gr = margs->groups;
90 while (gr && domain) {
91 debug((char *) "%s| %s: DEBUG: Default domain loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
92 if (gr->domain && !strcasecmp(gr->domain, "")) {
93 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain);
94 /* query ldap */
95 if (get_memberof(margs, user, domain, gr->group)) {
96 if (debug_enabled)
97 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
98 else
99 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
100 ++found;
101 break;
102 } else {
103 if (debug_enabled)
104 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
105 else
106 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain);
107 }
108 }
109 gr = gr->next;
110 }
111
112 if (found)
113 return (1);
114
115 /* Check default group with ldap url */
116
117 gr = margs->groups;
118 while (gr) {
119 debug((char *) "%s| %s: DEBUG: Default group loop: group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
120 if (!gr->domain) {
121 debug((char *) "%s| %s: DEBUG: Found group@domain %s@%s\n", LogTime(), PROGRAM, gr->group, gr->domain ? gr->domain : "NULL");
122 /* query ldap */
123 if (get_memberof(margs, user, domain, gr->group)) {
124 if (debug_enabled)
125 debug((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
126 else
127 log((char *) "%s| %s: INFO: User %s is member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
128 ++found;
129 break;
130 } else {
131 if (debug_enabled)
132 debug((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
133 else
134 log((char *) "%s| %s: INFO: User %s is not member of group@domain %s@%s\n", LogTime(), PROGRAM, user, gr->group, gr->domain ? gr->domain : "NULL");
135 }
136 }
137 gr = gr->next;
138 }
139
140 if (found)
141 return (1);
142
143 return (0);
144}
145#endif
146
void log(char *format,...)
#define PROGRAM
Definition: support.h:166
int get_memberof(struct main_args *margs, char *user, char *domain, char *group)
const char * LogTime(void)
int check_memberof(struct main_args *margs, char *user, char *domain)
int debug_enabled
Definition: debug.cc:13
void debug(const char *format,...)
Definition: debug.cc:19
struct gdstruct * next
Definition: support.h:58
char * group
Definition: support.h:56
char * domain
Definition: support.h:57
struct gdstruct * groups
Definition: support.h:87

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors