2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2004
5 Copyright (C) Stefan Metzmacher 2004
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "auth/auth.h"
24 #include "dlinklist.h"
28 close the socket and shutdown a server_context
30 static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason)
32 server_terminate_connection(ldap_conn->connection, reason);
36 add a socket address to the list of events, one event per port
38 static void add_socket(struct server_service *service,
39 const struct model_ops *model_ops,
40 struct ipv4_addr *ifip)
42 struct server_socket *srv_sock;
44 char *ip_str = talloc_strdup(service, sys_inet_ntoa(*ifip));
46 srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port);
49 srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port);
54 /****************************************************************************
55 Open the socket communication.
56 ****************************************************************************/
57 static void ldapsrv_init(struct server_service *service,
58 const struct model_ops *model_ops)
60 struct ldapsrv_service *ldap_service;
61 struct ldapsrv_partition *part;
63 DEBUG(10,("ldapsrv_init\n"));
65 ldap_service = talloc_p(service, struct ldapsrv_service);
67 DEBUG(0,("talloc_p(service, struct ldapsrv_service) failed\n"));
70 ZERO_STRUCTP(ldap_service);
72 part = talloc_p(ldap_service, struct ldapsrv_partition);
74 DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n"));
77 part->base_dn = ""; /* RootDSE */
78 part->ops = ldapsrv_get_rootdse_partition_ops();
80 ldap_service->rootDSE = part;
81 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
83 part = talloc_p(ldap_service, struct ldapsrv_partition);
85 DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n"));
88 part->base_dn = "*"; /* default partition */
89 part->ops = ldapsrv_get_sldb_partition_ops();
91 ldap_service->default_partition = part;
92 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
94 service->private_data = ldap_service;
96 if (lp_interfaces() && lp_bind_interfaces_only()) {
97 int num_interfaces = iface_count();
100 /* We have been given an interfaces line, and been
101 told to only bind to those interfaces. Create a
102 socket per interface and bind to only these.
104 for(i = 0; i < num_interfaces; i++) {
105 struct ipv4_addr *ifip = iface_n_ip(i);
108 DEBUG(0,("ldapsrv_init: interface %d has NULL "
109 "IP address !\n", i));
113 add_socket(service, model_ops, ifip);
116 struct ipv4_addr ifip;
118 /* Just bind to lp_socket_address() (usually 0.0.0.0) */
119 ifip = interpret_addr2(lp_socket_address());
120 add_socket(service, model_ops, &ifip);
124 /* This rw-buf api is made to avoid memcpy. For now do that like mad... The
125 idea is to write into a circular list of buffers where the ideal case is
126 that a read(2) holds a complete request that is then thrown away
129 void ldapsrv_consumed_from_buf(struct rw_buffer *buf,
132 memcpy(buf->data, buf->data+length, buf->length-length);
133 buf->length -= length;
136 static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out,
140 *out_length = buf->length;
143 BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length)
145 buf->data = realloc(buf->data, buf->length+length);
147 if (buf->data == NULL)
150 memcpy(buf->data+buf->length, data, length);
152 buf->length += length;
156 static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf)
163 tmp_blob = data_blob_talloc(sock, NULL, 1024);
164 if (tmp_blob.data == NULL) {
168 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
169 if (NT_STATUS_IS_ERR(status)) {
170 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
171 talloc_free(tmp_blob.data);
175 ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length);
177 talloc_free(tmp_blob.data);
182 static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn)
189 int buf_length, sasl_length;
190 struct socket_context *sock = conn->connection->socket;
194 if (!conn->gensec || !conn->session_info ||
195 !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
196 gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
197 return read_into_buf(sock, &conn->in_buffer);
200 mem_ctx = talloc(conn, 0);
202 DEBUG(0,("no memory\n"));
206 tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024);
207 if (tmp_blob.data == NULL) {
208 talloc_free(mem_ctx);
212 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
213 if (NT_STATUS_IS_ERR(status)) {
214 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
215 talloc_free(mem_ctx);
218 tmp_blob.length = nread;
220 ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length);
222 talloc_free(mem_ctx);
226 peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length);
228 if (buf_length < 4) {
230 talloc_free(mem_ctx);
234 sasl_length = RIVAL(buf, 0);
236 if (buf_length < (4 + sasl_length)) {
238 talloc_free(mem_ctx);
242 creds.data = buf + 4;
243 creds.length = gensec_sig_size(conn->gensec);
245 if (creds.length > sasl_length) {
246 /* invalid packet? */
247 talloc_free(mem_ctx);
251 tmp_blob.data = buf + (4 + creds.length);
252 tmp_blob.length = (4 + sasl_length) - (4 + creds.length);
254 if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
255 status = gensec_unseal_packet(conn->gensec, mem_ctx,
256 tmp_blob.data, tmp_blob.length,
257 tmp_blob.data, tmp_blob.length,
259 if (!NT_STATUS_IS_OK(status)) {
260 DEBUG(0,("gensec_unseal_packet: %s\n",nt_errstr(status)));
261 talloc_free(mem_ctx);
265 status = gensec_check_packet(conn->gensec, mem_ctx,
266 tmp_blob.data, tmp_blob.length,
267 tmp_blob.data, tmp_blob.length,
269 if (!NT_STATUS_IS_OK(status)) {
270 DEBUG(0,("gensec_check_packet: %s\n",nt_errstr(status)));
271 talloc_free(mem_ctx);
276 ret = ldapsrv_append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length);
278 talloc_free(mem_ctx);
282 ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length);
284 talloc_free(mem_ctx);
288 static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf)
294 tmp_blob.data = buf->data;
295 tmp_blob.length = buf->length;
297 status = socket_send(sock, &tmp_blob, &sendlen, 0);
298 if (!NT_STATUS_IS_OK(status)) {
299 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
303 ldapsrv_consumed_from_buf(buf, sendlen);
308 static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn)
316 struct socket_context *sock = conn->connection->socket;
319 if (!conn->gensec || !conn->session_info ||
320 !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
321 gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
322 return write_from_buf(sock, &conn->out_buffer);
325 mem_ctx = talloc(conn, 0);
327 DEBUG(0,("no memory\n"));
331 tmp_blob.data = conn->out_buffer.data;
332 tmp_blob.length = conn->out_buffer.length;
334 if (tmp_blob.length == 0) {
338 if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
339 status = gensec_seal_packet(conn->gensec, mem_ctx,
340 tmp_blob.data, tmp_blob.length,
341 tmp_blob.data, tmp_blob.length,
343 if (!NT_STATUS_IS_OK(status)) {
344 DEBUG(0,("gensec_seal_packet: %s\n",nt_errstr(status)));
345 talloc_free(mem_ctx);
349 status = gensec_sign_packet(conn->gensec, mem_ctx,
350 tmp_blob.data, tmp_blob.length,
351 tmp_blob.data, tmp_blob.length,
353 if (!NT_STATUS_IS_OK(status)) {
354 DEBUG(0,("gensec_sign_packet: %s\n",nt_errstr(status)));
355 talloc_free(mem_ctx);
360 sasl = data_blob_talloc(mem_ctx, NULL, 4 + creds.length + tmp_blob.length);
362 DEBUG(0,("no memory\n"));
363 talloc_free(mem_ctx);
367 RSIVAL(sasl.data, 0, creds.length + tmp_blob.length);
368 memcpy(sasl.data + 4, creds.data, creds.length);
369 memcpy(sasl.data + 4 + creds.length, tmp_blob.data, tmp_blob.length);
371 ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length);
373 talloc_free(mem_ctx);
376 ldapsrv_consumed_from_buf(&conn->out_buffer, tmp_blob.length);
378 tmp_blob.data = conn->sasl_out_buffer.data;
379 tmp_blob.length = conn->sasl_out_buffer.length;
381 status = socket_send(sock, &tmp_blob, &sendlen, 0);
382 if (!NT_STATUS_IS_OK(status)) {
383 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
384 talloc_free(mem_ctx);
388 ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen);
390 talloc_free(mem_ctx);
395 static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf)
400 if (!ldap_encode(msg, &blob))
403 res = ldapsrv_append_to_buf(buf, blob.data, blob.length);
405 data_blob_free(&blob);
409 NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn)
411 struct ldapsrv_call *call, *next_call = NULL;
412 struct ldapsrv_reply *reply, *next_reply = NULL;
414 for (call=conn->calls; call; call=next_call) {
415 for (reply=call->replies; reply; reply=next_reply) {
416 if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) {
417 return NT_STATUS_FOOBAR;
419 next_reply = reply->next;
420 DLIST_REMOVE(call->replies, reply);
421 reply->state = LDAPSRV_REPLY_STATE_SEND;
424 next_call = call->next;
425 DLIST_REMOVE(conn->calls, call);
426 call->state = LDAPSRV_CALL_STATE_COMPLETE;
433 NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn)
439 called when a LDAP socket becomes readable
441 static void ldapsrv_recv(struct server_connection *conn, time_t t,
444 struct ldapsrv_connection *ldap_conn = conn->private_data;
446 int buf_length, msg_length;
448 struct asn1_data data;
449 struct ldapsrv_call *call;
452 DEBUG(10,("ldapsrv_recv\n"));
454 if (!ldapsrv_read_buf(ldap_conn)) {
455 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed");
459 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
461 while (buf_length > 0) {
462 /* LDAP Messages are always SEQUENCES */
464 if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0),
466 ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed");
470 if (buf_length < msg_length) {
475 /* We've got a complete LDAP request in the in-buffer, convert
476 * that to a ldap_message and put it into the incoming
480 blob.length = msg_length;
482 if (!asn1_load(&data, blob)) {
483 ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed");
487 call = talloc_p(ldap_conn, struct ldapsrv_call);
489 ldapsrv_terminate_connection(ldap_conn, "no memory");
494 call->state = LDAPSRV_CALL_STATE_NEW;
495 call->conn = ldap_conn;
496 call->request.mem_ctx = call;
498 if (!ldap_decode(&data, &call->request)) {
499 dump_data(0,buf, msg_length);
501 ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed");
507 DLIST_ADD_END(ldap_conn->calls, call,
508 struct ldapsrv_call *);
510 ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length);
512 status = ldapsrv_do_call(call);
513 if (!NT_STATUS_IS_OK(status)) {
514 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed");
518 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
521 status = ldapsrv_do_responses(ldap_conn);
522 if (!NT_STATUS_IS_OK(status)) {
523 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed");
527 if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) {
528 conn->event.fde->flags |= EVENT_FD_WRITE;
535 called when a LDAP socket becomes writable
537 static void ldapsrv_send(struct server_connection *conn, time_t t,
540 struct ldapsrv_connection *ldap_conn = conn->private_data;
542 DEBUG(10,("ldapsrv_send\n"));
544 if (!ldapsrv_write_buf(ldap_conn)) {
545 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed");
549 if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) {
550 conn->event.fde->flags &= ~EVENT_FD_WRITE;
557 called when connection is idle
559 static void ldapsrv_idle(struct server_connection *conn, time_t t)
561 DEBUG(10,("ldapsrv_idle: not implemented!\n"));
565 static void ldapsrv_close(struct server_connection *conn, const char *reason)
571 initialise a server_context from a open socket and register a event handler
572 for reading from that socket
574 static void ldapsrv_accept(struct server_connection *conn)
576 struct ldapsrv_connection *ldap_conn;
578 DEBUG(10, ("ldapsrv_accept\n"));
580 ldap_conn = talloc_p(conn, struct ldapsrv_connection);
582 if (ldap_conn == NULL)
585 ZERO_STRUCTP(ldap_conn);
586 ldap_conn->connection = conn;
587 ldap_conn->service = talloc_reference(ldap_conn, conn->service->private_data);
589 conn->private_data = ldap_conn;
595 called on a fatal error that should cause this server to terminate
597 static void ldapsrv_exit(struct server_service *service, const char *reason)
599 DEBUG(10,("ldapsrv_exit\n"));
603 static const struct server_service_ops ldap_server_ops = {
605 .service_init = ldapsrv_init,
606 .accept_connection = ldapsrv_accept,
607 .recv_handler = ldapsrv_recv,
608 .send_handler = ldapsrv_send,
609 .idle_handler = ldapsrv_idle,
610 .close_connection = ldapsrv_close,
611 .service_exit = ldapsrv_exit,
614 const struct server_service_ops *ldapsrv_get_ops(void)
616 return &ldap_server_ops;
619 NTSTATUS server_service_ldap_init(void)