1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*/
/** BEGIN COPYRIGHT BLOCK
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation;
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef __PS_AUTH_H__
#define __PS_AUTH_H__
#ifdef HAVE_CONFIG_H
#ifndef AUTOTOOLS_CONFIG_H
#define AUTOTOOLS_CONFIG_H
/* Eliminate warnings when using Autotools */
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
#undef PACKAGE_STRING
#undef PACKAGE_TARNAME
#undef PACKAGE_VERSION
#include <config.h>
#endif /* AUTOTOOLS_CONFIG_H */
#endif /* HAVE_CONFIG_H */
#include "ldap.h"
class PSConfig;
class Pool;
class PoolNode;
/**
* Utility classes for authentication and authorization
*
* @author rweltman@netscape.com
* @version 1.0
*/
/**
* Maintains a pool of LDAP connections; not yet implemented as a pool
*/
class LDAPConnectionPool {
public:
LDAPConnectionPool( const char *host, int port, int poolSize );
virtual ~LDAPConnectionPool() {}
int Initialize();
PoolNode *GetConnection();
PoolNode *GetAuthenticatedConnection( const char *binddn,
const char *bindpwd );
void ReleaseConnection( PoolNode *node );
protected:
private:
const char* m_host;
int m_port;
int m_size;
Pool *m_pool;
bool m_initialized;
};
/**
* Produces an authenticator for an auth domain and authenticates
*/
class EXPORT_DECL Authenticator {
public:
virtual int Authenticate( const char *username,
const char *password,
char *&actualID ) = 0;
static Authenticator *GetAuthenticator( const char *domain );
};
class EXPORT_DECL LDAPAuthenticator:public Authenticator {
public:
LDAPAuthenticator();
virtual ~LDAPAuthenticator();
virtual int Authenticate( const char *username,
const char *password,
char *&dn );
protected:
static int GetHashSize();
char *CheckCache( const char *username,
const char *password );
void UpdateCache( const char *username,
const char *dn,
const char *password );
char *CreateHash( const char *password,
char *hash,
int maxChars );
/**
* Returns the DN corresponding to a username, if any
*
* @param username The user name to look up
* @param status The status of an LDAP search, if any
* @return The corresponding DN, or NULL if no DN found
*/
char *GetUserDN( const char *username, int& status );
private:
LDAPConnectionPool *m_pool;
const char* m_host;
int m_port;
const char* m_binddn;
const char* m_bindpassword;
const char* m_basedn;
const char* m_searchfilter;
const char* m_searchscope;
int m_nsearchscope;
char* m_attrs[2];
StringKeyCache *m_cache;
};
class EXPORT_DECL LDAPAuthorizer {
public:
LDAPAuthorizer();
virtual ~LDAPAuthorizer();
static LDAPAuthorizer *GetAuthorizer();
virtual int Authorize( const char *dn,
const char *pwd,
const char *methodName );
protected:
int GetLdapConnection( LDAP** ld );
int CheckCache( const char *username,
const char *methodName );
void UpdateCache( const char *username,
const char *methodName );
private:
LDAPConnectionPool *m_pool;
const char* m_binddn;
const char* m_bindpassword;
const char* m_basedn;
const char* m_searchfilter;
const char* m_searchscope;
int m_nsearchscope;
char* m_attrs[2];
StringKeyCache *m_cache;
};
#endif // __PS_HELPER_H__
|
