fixed compiler warnings; minor refactoring
[public/netxms.git] / src / server / include / nms_users.h
CommitLineData
d9177dd1 1/*
5039dede 2** NetXMS - Network Management System
6f3674b7 3** Copyright (C) 2003-2014 Victor Kirhenshtein
5039dede
AK
4**
5** This program is free software; you can redistribute it and/or modify
6** it under the terms of the GNU General Public License as published by
7** the Free Software Foundation; either version 2 of the License, or
8** (at your option) any later version.
9**
10** This program is distributed in the hope that it will be useful,
11** but WITHOUT ANY WARRANTY; without even the implied warranty of
12** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13** GNU General Public License for more details.
14**
15** You should have received a copy of the GNU General Public License
16** along with this program; if not, write to the Free Software
17** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18**
19** File: nms_users.h
20**
21**/
22
2cfe4482 23#if WITH_LDAP
d95c3dad 24
4b70cb26 25#if !defined(__hpux)
b00236dd 26#define LDAP_DEPRECATED 1
4b70cb26 27#endif
d95c3dad 28
6c352bb5 29#ifdef _WIN32
d95c3dad 30
6c352bb5
VK
31#include <winldap.h>
32#include <winber.h>
d95c3dad
A
33
34#else /* _WIN32 */
35
6c352bb5 36#include <ldap.h>
d95c3dad
A
37#if HAVE_LDAP_SSL_H
38#include <ldap_ssl.h>
6c352bb5 39#endif
d95c3dad
A
40
41#if !HAVE_BER_INT_T
42typedef int ber_int_t;
d9177dd1 43#endif
2cfe4482 44
d95c3dad
A
45#endif /* _WIN32 */
46
47#endif /* WITH_LDAP */
48
d9177dd1 49/**
2cfe4482 50 * LDAP entry (object)
d9177dd1 51 */
d9177dd1 52class Entry
53{
54public:
55 UINT32 m_type;
56 TCHAR* m_loginName;
57 TCHAR* m_fullName;
58 TCHAR* m_description;
bad2c02e 59 TCHAR* m_id;
e2579e2e 60 StringSet *m_memberList;
2cfe4482 61
d9177dd1 62 Entry();
63 ~Entry();
64};
65
8b5f96b2 66#if WITH_LDAP
a2fb825b
VK
67
68// Defines to handle string encoding difference between Windows and other systems
8b5f96b2 69#ifdef _WIN32
70
71#define LDAP_CHAR TCHAR
72#define ldap_strchr _tcschr
73#define ldap_strstr _tcsstr
74#define ldap_strrchr _tcsrchr
75#define ldap_strcpy _tcscpy
76#define ldap_strcat _tcscat
77#define ldap_strlen _tcslen
ec3b867d 78#define ldap_timeval l_timeval
550cab4c 79#define ldap_strdup _tcsdup
a2fb825b 80#define ldap_snprintf _sntprintf
8b5f96b2 81#define LdapConfigRead ConfigReadStr
82#define _TLDAP(x) _T(x)
8e2ec4ae 83#define LDAP_TFMT _T("%s")
8b5f96b2 84
85#else
86
87#define LDAP_CHAR char
88#define ldap_strchr strchr
89#define ldap_strstr strstr
90#define ldap_strrchr strrchr
91#define ldap_strcpy strcpy
92#define ldap_strcat strcat
93#define ldap_strlen strlen
94#define ldap_timeval timeval
550cab4c 95#define ldap_strdup strdup
a2fb825b 96#define ldap_snprintf snprintf
8b5f96b2 97#define LdapConfigRead ConfigReadStrUTF8
98#define _TLDAP(x) x
8e2ec4ae 99#define LDAP_TFMT _T("%hs")
8b5f96b2 100
101#endif // _WIN32
102#endif // WITH_LDAP
103
2cfe4482
VK
104/**
105 * LDAP connector
106 */
d9177dd1 107class LDAPConnection
108{
109private:
2cfe4482 110#if WITH_LDAP
d9177dd1 111 LDAP *m_ldapConn;
8b5f96b2 112 LDAP_CHAR m_connList[MAX_CONFIG_VALUE];
113 LDAP_CHAR m_searchBase[MAX_CONFIG_VALUE];
114 LDAP_CHAR m_searchFilter[MAX_CONFIG_VALUE];
115 LDAP_CHAR m_userDN[MAX_CONFIG_VALUE];
116 LDAP_CHAR m_userPassword[MAX_PASSWORD];
c2519c1b 117 char m_ldapFullNameAttr[MAX_CONFIG_VALUE];
118 char m_ldapLoginNameAttr[MAX_CONFIG_VALUE];
119 char m_ldapDescriptionAttr[MAX_CONFIG_VALUE];
bad2c02e 120 char m_ldapUsreIdAttr[MAX_CONFIG_VALUE];
121 char m_ldapGroupIdAttr[MAX_CONFIG_VALUE];
c2519c1b 122 TCHAR m_userClass[MAX_CONFIG_VALUE];
123 TCHAR m_groupClass[MAX_CONFIG_VALUE];
d9177dd1 124 int m_action;
daa828ee 125 int m_secure;
b00236dd 126 int m_pageSize;
d9177dd1 127
d9177dd1 128 void closeLDAPConnection();
129 void initLDAP();
130 UINT32 loginLDAP();
131 TCHAR *getErrorString(int code);
132 void getAllSyncParameters();
bad2c02e 133 void compareGroupList();
134 void compareUserLists();
6c352bb5 135 TCHAR *getAttrValue(LDAPMessage *entry, const char *attr, UINT32 i = 0);
bad2c02e 136 TCHAR *getIdAttrValue(LDAPMessage *entry, const char *attr);
8b5f96b2 137 void prepareStringForInit(LDAP_CHAR *connectionLine);
bad2c02e 138 int readInPages(LDAP_CHAR *base);
139 void fillLists(LDAPMessage *searchResult);
8b5f96b2 140 TCHAR *ldap_internal_get_dn(LDAP *conn, LDAPMessage *entry);
e2579e2e 141 void updateMembers(StringSet *memberList, const char *firstAttr, LDAPMessage *firstEntry, const LDAP_CHAR *dn);
b00236dd 142#endif // WITH_LDAP
2cfe4482
VK
143
144public:
145#if WITH_LDAP
146 LDAPConnection();
147 ~LDAPConnection();
b00236dd 148#endif // WITH_LDAP
2cfe4482
VK
149
150 void syncUsers();
151 UINT32 ldapUserLogin(const TCHAR *name, const TCHAR *password);
d9177dd1 152};
153
5039dede
AK
154#ifndef _nms_users_h_
155#define _nms_users_h_
156
88b51c0e
VK
157/**
158 * Maximum number of grace logins allowed for user
159 */
5039dede
AK
160#define MAX_GRACE_LOGINS 5
161
88b51c0e 162/**
244c65ef
VK
163 * Maximum length of XMPP ID
164 */
165#define MAX_XMPP_ID_LEN 128
166
167/**
88b51c0e
VK
168 * Authentication methods
169 */
170enum UserAuthMethod
171{
172 AUTH_NETXMS_PASSWORD = 0,
173 AUTH_RADIUS = 1,
174 AUTH_CERTIFICATE = 2,
175 AUTH_CERT_OR_PASSWD = 3,
176 AUTH_CERT_OR_RADIUS = 4
177};
5039dede 178
88b51c0e
VK
179/**
180 * Generic user database object
181 */
a50eaebe 182class NXCORE_EXPORTABLE UserDatabaseObject
5039dede 183{
a50eaebe 184protected:
967893bb 185 UINT32 m_id;
de4af576 186 uuid m_guid;
a50eaebe
VK
187 TCHAR m_name[MAX_USER_NAME];
188 TCHAR m_description[MAX_USER_DESCR];
f4d8fe18 189 UINT64 m_systemRights;
967893bb 190 UINT32 m_flags;
a50eaebe 191 StringMap m_attributes; // Custom attributes
7cdeb1cf 192 TCHAR *m_ldapDn;
bad2c02e 193 TCHAR *m_ldapId;
8d4fd499 194 time_t m_created;
a50eaebe 195
c45e0213
VK
196 bool loadCustomAttributes(DB_HANDLE hdb);
197 bool saveCustomAttributes(DB_HANDLE hdb);
198
a50eaebe
VK
199public:
200 UserDatabaseObject();
9bd1bace 201 UserDatabaseObject(DB_HANDLE hdb, DB_RESULT hResult, int row);
967893bb 202 UserDatabaseObject(UINT32 id, const TCHAR *name);
a50eaebe
VK
203 virtual ~UserDatabaseObject();
204
205 virtual bool saveToDatabase(DB_HANDLE hdb);
206 virtual bool deleteFromDatabase(DB_HANDLE hdb);
207
b368969c
VK
208 virtual void fillMessage(NXCPMessage *msg);
209 virtual void modifyFromMessage(NXCPMessage *msg);
88e14cac
VK
210
211 virtual json_t *toJson() const;
a50eaebe 212
e2579e2e
VK
213 UINT32 getId() const { return m_id; }
214 const TCHAR *getName() const { return m_name; }
215 const TCHAR *getDescription() const { return m_description; }
216 UINT64 getSystemRights() const { return m_systemRights; }
217 UINT32 getFlags() const { return m_flags; }
218 TCHAR *getGuidAsText(TCHAR *buffer) const { return m_guid.toString(buffer); }
7cdeb1cf 219 const TCHAR *getDn() const { return m_ldapDn; }
bad2c02e 220 const TCHAR *getLdapId() const { return m_ldapId; }
e2579e2e
VK
221
222 bool isGroup() const { return (m_id & GROUP_FLAG) != 0; }
223 bool isDeleted() const { return (m_flags & UF_DELETED) ? true : false; }
224 bool isDisabled() const { return (m_flags & UF_DISABLED) ? true : false; }
225 bool isModified() const { return (m_flags & UF_MODIFIED) ? true : false; }
226 bool isLDAPUser() const { return (m_flags & UF_LDAP_USER) ? true : false; }
a50eaebe
VK
227
228 void setDeleted() { m_flags |= UF_DELETED; }
d9177dd1 229 void enable();
230 void disable();
231 void setFlags(UINT32 flags) { m_flags = flags; }
232 void removeSyncException();
a50eaebe 233
fb986055 234 const TCHAR *getAttribute(const TCHAR *name) { return m_attributes.get(name); }
967893bb 235 UINT32 getAttributeAsULong(const TCHAR *name);
fb986055 236 void setAttribute(const TCHAR *name, const TCHAR *value) { m_attributes.set(name, value); m_flags |= UF_MODIFIED; }
d9177dd1 237 void setName(const TCHAR *name);
238 void setDescription(const TCHAR *description);
88e14cac 239
d9177dd1 240 void setDn(const TCHAR *dn);
bad2c02e 241 void setLdapId(const TCHAR *id);
88e14cac 242 void detachLdapUser();
a50eaebe 243};
5039dede 244
88b51c0e 245/**
981d246a
VK
246 * Hash types
247 */
248enum PasswordHashType
249{
250 PWD_HASH_SHA1 = 0,
251 PWD_HASH_SHA256 = 1
252};
253
254/**
255 * Password salt length
256 */
257#define PASSWORD_SALT_LENGTH 8
258
259/**
260 * Password hash size
261 */
262#define PWD_HASH_SIZE(t) ((t == PWD_HASH_SHA256) ? SHA256_DIGEST_SIZE : ((t == PWD_HASH_SHA1) ? SHA1_DIGEST_SIZE : 0))
263
264/**
265 * Hashed password
266 */
267struct PasswordHash
268{
269 PasswordHashType hashType;
270 BYTE hash[SHA256_DIGEST_SIZE];
271 BYTE salt[PASSWORD_SALT_LENGTH];
272};
273
274/**
88b51c0e
VK
275 * User object
276 */
a50eaebe 277class NXCORE_EXPORTABLE User : public UserDatabaseObject
5039dede 278{
a50eaebe
VK
279protected:
280 TCHAR m_fullName[MAX_USER_FULLNAME];
981d246a 281 PasswordHash m_password;
a50eaebe
VK
282 int m_graceLogins;
283 int m_authMethod;
284 int m_certMappingMethod;
285 TCHAR *m_certMappingData;
ab185583
VK
286 time_t m_disabledUntil;
287 time_t m_lastPasswordChange;
288 time_t m_lastLogin;
289 int m_minPasswordLength;
290 int m_authFailures;
244c65ef 291 TCHAR m_xmppId[MAX_XMPP_ID_LEN];
a50eaebe
VK
292
293public:
294 User();
9bd1bace 295 User(DB_HANDLE hdb, DB_RESULT hResult, int row);
967893bb 296 User(UINT32 id, const TCHAR *name);
a50eaebe
VK
297 virtual ~User();
298
299 virtual bool saveToDatabase(DB_HANDLE hdb);
300 virtual bool deleteFromDatabase(DB_HANDLE hdb);
301
b368969c
VK
302 virtual void fillMessage(NXCPMessage *msg);
303 virtual void modifyFromMessage(NXCPMessage *msg);
a50eaebe 304
88e14cac
VK
305 virtual json_t *toJson() const;
306
a50eaebe
VK
307 const TCHAR *getFullName() { return m_fullName; }
308 int getGraceLogins() { return m_graceLogins; }
309 int getAuthMethod() { return m_authMethod; }
310 int getCertMappingMethod() { return m_certMappingMethod; }
ab185583
VK
311 time_t getLastLoginTime() { return m_lastLogin; }
312 time_t getPasswordChangeTime() { return m_lastPasswordChange; }
a50eaebe 313 const TCHAR *getCertMappingData() { return m_certMappingData; }
ab185583 314 bool isIntruderLockoutActive() { return (m_flags & UF_INTRUDER_LOCKOUT) != 0; }
c64596b7 315 bool canChangePassword() { return (m_flags & UF_CANNOT_CHANGE_PASSWORD) == 0; }
ab185583
VK
316 int getMinMasswordLength() { return m_minPasswordLength; }
317 time_t getReEnableTime() { return m_disabledUntil; }
244c65ef 318 const TCHAR *getXmppId() { return m_xmppId; }
a50eaebe
VK
319
320 bool validatePassword(const TCHAR *password);
ab185583
VK
321 void decreaseGraceLogins() { if (m_graceLogins > 0) m_graceLogins--; m_flags |= UF_MODIFIED; }
322 void setPassword(const TCHAR *password, bool clearChangePasswdFlag);
323 void increaseAuthFailures();
324 void resetAuthFailures() { m_authFailures = 0; m_flags |= UF_MODIFIED; }
325 void updateLastLogin() { m_lastLogin = time(NULL); m_flags |= UF_MODIFIED; }
326 void updatePasswordChangeTime() { m_lastPasswordChange = time(NULL); m_flags |= UF_MODIFIED; }
d9177dd1 327 void setFullName(const TCHAR *fullName);
ab185583 328 void enable();
a50eaebe
VK
329};
330
88b51c0e
VK
331/**
332 * Group object
333 */
a50eaebe
VK
334class NXCORE_EXPORTABLE Group : public UserDatabaseObject
335{
336protected:
337 int m_memberCount;
967893bb 338 UINT32 *m_members;
a50eaebe
VK
339
340public:
341 Group();
9bd1bace 342 Group(DB_HANDLE hdb, DB_RESULT hResult, int row);
967893bb 343 Group(UINT32 id, const TCHAR *name);
a50eaebe
VK
344 virtual ~Group();
345
b368969c
VK
346 virtual void fillMessage(NXCPMessage *msg);
347 virtual void modifyFromMessage(NXCPMessage *msg);
a50eaebe
VK
348
349 virtual bool saveToDatabase(DB_HANDLE hdb);
350 virtual bool deleteFromDatabase(DB_HANDLE hdb);
351
88e14cac
VK
352 virtual json_t *toJson() const;
353
967893bb
VK
354 void addUser(UINT32 userId);
355 void deleteUser(UINT32 userId);
32bc32af 356 bool isMember(UINT32 userId, IntegerArray<UINT32> *searchPath = NULL);
d9177dd1 357 int getMembers(UINT32 **members);
a50eaebe 358};
5039dede 359
88b51c0e
VK
360/**
361 * Access list element structure
362 */
5039dede
AK
363typedef struct
364{
967893bb
VK
365 UINT32 dwUserId;
366 UINT32 dwAccessRights;
5039dede
AK
367} ACL_ELEMENT;
368
88b51c0e
VK
369/**
370 * Access list class
371 */
5039dede
AK
372class AccessList
373{
374private:
19a2cd39
VK
375 int m_size;
376 int m_allocated;
377 ACL_ELEMENT *m_elements;
5039dede
AK
378
379public:
380 AccessList();
381 ~AccessList();
382
967893bb
VK
383 bool getUserRights(UINT32 dwUserId, UINT32 *pdwAccessRights);
384 void addElement(UINT32 dwUserId, UINT32 dwAccessRights);
385 bool deleteElement(UINT32 dwUserId);
88b51c0e 386 void deleteAll();
5039dede 387
967893bb 388 void enumerateElements(void (* pHandler)(UINT32, UINT32, void *), void *pArg);
5039dede 389
b368969c 390 void fillMessage(NXCPMessage *pMsg);
6336bba3
VK
391
392 json_t *toJson();
5039dede
AK
393};
394
88b51c0e
VK
395/**
396 * Functions
397 */
ab185583 398BOOL LoadUsers();
83b1c107 399void SaveUsers(DB_HANDLE hdb, UINT32 watchdogId);
967893bb 400void SendUserDBUpdate(int code, UINT32 id, UserDatabaseObject *object);
10e1e9b5 401void SendUserDBUpdate(int code, UINT32 id);
b95f153a 402UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, size_t sigLen, void *pCert,
f4d8fe18 403 BYTE *pChallenge, UINT32 *pdwId, UINT64 *pdwSystemRights,
d888bc1c
VK
404 bool *pbChangePasswd, bool *pbIntruderLockout, bool *closeOtherSessions,
405 bool ssoAuth, UINT32 *graceLogins);
244c65ef
VK
406bool AuthenticateUserForXMPPCommands(const char *xmppId);
407bool AuthenticateUserForXMPPSubscription(const char *xmppId);
79c2061c 408
77a08c86 409UINT32 NXCORE_EXPORTABLE ValidateUserPassword(UINT32 userId, const TCHAR *login, const TCHAR *password, bool *isValid);
967893bb 410UINT32 NXCORE_EXPORTABLE SetUserPassword(UINT32 id, const TCHAR *newPassword, const TCHAR *oldPassword, bool changeOwnPassword);
32bc32af 411bool CheckUserMembershipInternal(UINT32 userId, UINT32 groupId, IntegerArray<UINT32> *searchPath);
e2579e2e 412bool NXCORE_EXPORTABLE CheckUserMembership(UINT32 userId, UINT32 groupId);
845a510c 413UINT32 NXCORE_EXPORTABLE DeleteUserDatabaseObject(UINT32 id, bool alreadyLocked = false);
e2579e2e 414UINT32 NXCORE_EXPORTABLE CreateNewUser(const TCHAR *name, bool isGroup, UINT32 *id);
0f42cad1 415UINT32 NXCORE_EXPORTABLE ModifyUserDatabaseObject(NXCPMessage *msg, json_t **oldData, json_t **newData);
2d8d8ea2 416UINT32 NXCORE_EXPORTABLE DetachLdapUser(UINT32 id);
e2579e2e
VK
417Iterator<UserDatabaseObject> NXCORE_EXPORTABLE *OpenUserDatabase();
418void NXCORE_EXPORTABLE CloseUserDatabase(Iterator<UserDatabaseObject> *it);
967893bb
VK
419const TCHAR NXCORE_EXPORTABLE *GetUserDbObjectAttr(UINT32 id, const TCHAR *name);
420UINT32 NXCORE_EXPORTABLE GetUserDbObjectAttrAsULong(UINT32 id, const TCHAR *name);
421void NXCORE_EXPORTABLE SetUserDbObjectAttr(UINT32 id, const TCHAR *name, const TCHAR *value);
422bool NXCORE_EXPORTABLE ResolveUserId(UINT32 id, TCHAR *buffer, int bufSize);
e2579e2e 423void UpdateLDAPUser(const TCHAR* dn, Entry *obj);
bad2c02e 424void RemoveDeletedLDAPEntries(StringObjectMap<Entry> *entryListDn, StringObjectMap<Entry> *entryListId, UINT32 m_action, bool isUser);
e2579e2e 425void UpdateLDAPGroup(const TCHAR* dn, Entry *obj);
d9177dd1 426THREAD_RESULT THREAD_CALL SyncLDAPUsers(void *arg);
b368969c 427void FillGroupMembershipInfo(NXCPMessage *msg, UINT32 userId);
10e1e9b5 428void UpdateGroupMembership(UINT32 userId, int numGroups, UINT32 *groups);
5039dede 429void DumpUsers(CONSOLE_CTX pCtx);
5039dede 430
958a9397
VK
431/**
432 * CAS API
433 */
434void CASReadSettings();
435bool CASAuthenticate(const char *ticket, TCHAR *loginName);
436
5039dede 437#endif