From 0cb3f6098d959479a96c26a92d91becc2110b30d Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 11 Jun 2008 21:48:27 +0000 Subject: Support getting groups from the server and limiting access based on LDAP groups. See #112 --- daemon/pgsql.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'daemon/pgsql.c') diff --git a/daemon/pgsql.c b/daemon/pgsql.c index 0306cbf..f19624a 100644 --- a/daemon/pgsql.c +++ b/daemon/pgsql.c @@ -25,10 +25,17 @@ #include "sha1.h" #include "bd.h" +#define __USE_XOPEN +#include + #include /* Postgresql library */ +#ifdef HAVE_LIBPQ_FE_H #include +#else +#include +#endif /* ------------------------------------------------------------------------------- * Structures @@ -66,8 +73,8 @@ typedef struct pgsql_context pgsql_context_t; /* Forward declarations for callbacks */ -static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg); -static int validate_basic(ha_request_t* rq, const char* user, const char* password); +static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg, char ***groups); +static int validate_basic(ha_request_t* rq, const char* user, const char* password, char ***groups); static void escape_pgsql(const ha_request_t* rq, ha_buffer_t* buf, const char* value); /* The defaults for the context */ @@ -136,7 +143,7 @@ static int dec_pgsql_binary(const ha_request_t* rq, const char* enc, } /* Raw binary postgres encoded */ - d = PQunescapeBytea(enc, &enclen); + d = PQunescapeBytea((const unsigned char*)enc, &enclen); if(d != NULL) { if(enclen == len) @@ -170,7 +177,6 @@ static int validate_ha1(ha_request_t* rq, pgsql_context_t* ctx, const char* user { unsigned char dbha1[MD5_LEN]; unsigned char ha1[MD5_LEN]; - const char* p; int r = dec_pgsql_binary(rq, dbpw, dbha1, MD5_LEN); @@ -383,7 +389,7 @@ static void discard_pgsql_connection(const ha_request_t* rq, pgsql_context_t* ct static void save_pgsql_connection(const ha_request_t* rq, pgsql_context_t* ctx, PGconn* pg) { - int i, e; + int i; ASSERT(ctx); @@ -518,14 +524,14 @@ finally: return ret; } -static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg) +static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg, char ***groups) { pgsql_context_t* ctx = (pgsql_context_t*)rq->context->ctx_data; PGresult* res = NULL; int ret = HA_FALSE; int pw_column = -1; int ha1_column = -1; - int r, i, foundany = 0; + int i, foundany = 0; ASSERT(rq && user && dg); @@ -554,7 +560,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* { foundany = 1; - digest_makeha1(dg->ha1, user, rq->context->realm, PQgetvalue(res, i, pw_column)); + digest_makeha1(dg->server_ha1, user, rq->context->realm, PQgetvalue(res, i, pw_column)); ha_messagex(rq, LOG_DEBUG, "testing clear text password for digest auth"); /* Run the actual check */ @@ -569,7 +575,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* { if(!PQgetisnull(res, i, ha1_column)) { - ret = dec_pgsql_binary(rq, PQgetvalue(res, i, ha1_column), dg->ha1, MD5_LEN); + ret = dec_pgsql_binary(rq, PQgetvalue(res, i, ha1_column), dg->server_ha1, MD5_LEN); if(ret < 0) RETURN(ret) else if(ret == HA_FALSE) @@ -596,7 +602,7 @@ finally: return ret; } -static int validate_basic(ha_request_t* rq, const char* user, const char* password) +static int validate_basic(ha_request_t* rq, const char* user, const char* password, char ***groups) { pgsql_context_t* ctx = (pgsql_context_t*)rq->context->ctx_data; PGresult* res = NULL; -- cgit v1.2.3