Account Storage Interface
The [infinoted](Dedicated Server) by default stores its user accounts in a file called accounts.xml in its root directory. However, it is possible to override this behaviour and instead read (and optionally write) user accounts to/from a different data source. This allows integration of already existing user databases with Gobby, such as MySQL databases or LDAP.
In order to provide such an interface, a infinoted plugin needs to be developed. At the moment, Gobby does not ship with any such plugin.
The implementation of the plugin itself is rather simple. The plugin needs to contain a GObject class that implements the InfdAccountStorage interface, and then set it on the server's InfdDirectory with
g_object_set(G_OBJECT(directory), "account-storage", my_storage, NULL);
Internally, a user account is identified by the InfAclAccountId type, which is basically just an interned string. The string is normally not user-visible, and the implementation of the account storage interface should make sure that it is unique. Also when a user is deleted and added again later with the same name, the user ID should be different for security reasons. It does not strictly have to be, but if it is not, then permissions set for the old account might apply for the new one as well. Permissions are mapped to users by their InfAclAccountId.
The InfAclAccount structure contains the account ID, but also a human-readable account name.
In the following, the virtual functions of the InfdAccountStorage interface are explained. Not all of these functions need to be implemented.
-
get_support: This function should return a bitfield of operations supported by the plugin. The possible values are listed here. If the
INFD_ACCOUNT_STORAGE_SUPPORT_NOTIFICATIONflag is set, it means that the"account-added"and"account-removed"signals must be emitted by the implementation whenever an account is added or removed from the database. If the flag is not set, these signals do not have to be emitted, and are also allowed to only be emitted unreliably. -
lookup_accounts: This function should look up the human-readable account name given a list of
InfAclAccountIds. This function must be supported by all plugins. -
lookup_account_by_name: This function does the reverse lookup: Given an account name, it lists all
InfAclAccountIds with that name. This function must also be supported by all plugins. -
list_accounts: This function returns a list of all accounts currently available in the storage. This must only be implemented if
get_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_LIST_ACCOUNTSflag set. For user databases that are expected to be large (more than 100-1000 users), this function should not be supported. -
add_account: This function adds a new account to the storage and returns the
InfAclAccountIdchosen by the implementation. This function must only be implemented ifget_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_ADD_ACCOUNTflag set. -
remove_account: This function removes an account from the storage. This function must only be implemented if
get_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_REMOVE_ACCOUNTflag set. -
login_by_certificate: This function should return the
InfAclAccountIdof the account that belongs to the given certificate. This function must only be implemented ifget_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_CERTIFICATE_LOGINflag set. -
login_by_password: This function should return the
InfAclAccountIdof the account that belongs to the given username, if the password is correct for that user. This function must only be implemented ifget_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_PASSWORD_LOGINflag set. -
set_certificate: This function should change the certificate(s) associated to the account with the given
InfAclAccountId. This function must only be implemented ifget_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_CERTIFICATE_CHANGEflag set. -
set_password: This function should change the password of the account with the given
InfAclAccountId. This function must only be implemented ifget_supporthas theINFD_ACCOUNT_STORAGE_SUPPORT_PASSWORD_CHANGEflag set.
.