Account Storage Interface
The [infinoted](Dedicated Server) by default stores its user accounts in a file called accounts.xml
in its root directory. However, it is possible to override this behaviour and instead read (and optionally write) user accounts to/from a different data source. This allows integration of already existing user databases with Gobby, such as MySQL databases or LDAP.
In order to provide such an interface, a infinoted plugin needs to be developed. At the moment, Gobby does not ship with any such plugin.
The implementation of the plugin itself is rather simple. The plugin needs to contain a GObject
class that implements the InfdAccountStorage
interface, and then set it on the server's InfdDirectory
with
g_object_set(G_OBJECT(directory), "account-storage", my_storage, NULL);
Internally, a user account is identified by the InfAclAccountId
type, which is basically just an interned string. The string is normally not user-visible, and the implementation of the account storage interface should make sure that it is unique. Also when a user is deleted and added again later with the same name, the user ID should be different for security reasons. It does not strictly have to be, but if it is not, then permissions set for the old account might apply for the new one as well. Permissions are mapped to users by their InfAclAccountId
.
The InfAclAccount
structure contains the account ID, but also a human-readable account name.
In the following, the virtual functions of the InfdAccountStorage
interface are explained. Not all of these functions need to be implemented.
-
get_support: This function should return a bitfield of operations supported by the plugin. The possible values are listed here. If the
INFD_ACCOUNT_STORAGE_SUPPORT_NOTIFICATION
flag is set, it means that the"account-added"
and"account-removed"
signals must be emitted by the implementation whenever an account is added or removed from the database. If the flag is not set, these signals do not have to be emitted, and are also allowed to only be emitted unreliably. -
lookup_accounts: This function should look up the human-readable account name given a list of
InfAclAccountId
s. This function must be supported by all plugins. -
lookup_account_by_name: This function does the reverse lookup: Given an account name, it lists all
InfAclAccountId
s with that name. This function must also be supported by all plugins. -
list_accounts: This function returns a list of all accounts currently available in the storage. This must only be implemented if
get_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_LIST_ACCOUNTS
flag set. For user databases that are expected to be large (more than 100-1000 users), this function should not be supported. -
add_account: This function adds a new account to the storage and returns the
InfAclAccountId
chosen by the implementation. This function must only be implemented ifget_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_ADD_ACCOUNT
flag set. -
remove_account: This function removes an account from the storage. This function must only be implemented if
get_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_REMOVE_ACCOUNT
flag set. -
login_by_certificate: This function should return the
InfAclAccountId
of the account that belongs to the given certificate. This function must only be implemented ifget_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_CERTIFICATE_LOGIN
flag set. -
login_by_password: This function should return the
InfAclAccountId
of the account that belongs to the given username, if the password is correct for that user. This function must only be implemented ifget_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_PASSWORD_LOGIN
flag set. -
set_certificate: This function should change the certificate(s) associated to the account with the given
InfAclAccountId
. This function must only be implemented ifget_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_CERTIFICATE_CHANGE
flag set. -
set_password: This function should change the password of the account with the given
InfAclAccountId
. This function must only be implemented ifget_support
has theINFD_ACCOUNT_STORAGE_SUPPORT_PASSWORD_CHANGE
flag set.
.