2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2004
5 Copyright (C) Stefan Metzmacher 2004
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "lib/events/events.h"
24 #include "auth/auth.h"
25 #include "dlinklist.h"
27 #include "ldap_server/ldap_server.h"
28 #include "smbd/service_stream.h"
31 close the socket and shutdown a server_context
33 static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason)
35 stream_terminate_connection(ldap_conn->connection, reason);
38 /* This rw-buf api is made to avoid memcpy. For now do that like mad... The
39 idea is to write into a circular list of buffers where the ideal case is
40 that a read(2) holds a complete request that is then thrown away
43 void ldapsrv_consumed_from_buf(struct rw_buffer *buf,
46 memmove(buf->data, buf->data+length, buf->length-length);
47 buf->length -= length;
50 static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out,
54 *out_length = buf->length;
57 BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length)
59 buf->data = realloc(buf->data, buf->length+length);
61 if (buf->data == NULL)
64 memcpy(buf->data+buf->length, data, length);
66 buf->length += length;
70 static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf)
77 tmp_blob = data_blob_talloc(sock, NULL, 1024);
78 if (tmp_blob.data == NULL) {
82 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
83 if (NT_STATUS_IS_ERR(status)) {
84 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
85 talloc_free(tmp_blob.data);
88 tmp_blob.length = nread;
90 ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length);
92 talloc_free(tmp_blob.data);
97 static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn)
105 size_t buf_length, sasl_length;
106 struct socket_context *sock = conn->connection->socket;
111 return read_into_buf(sock, &conn->in_buffer);
113 if (!conn->session_info) {
114 return read_into_buf(sock, &conn->in_buffer);
116 if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) ||
117 gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
118 return read_into_buf(sock, &conn->in_buffer);
121 mem_ctx = talloc_new(conn);
123 DEBUG(0,("no memory\n"));
127 tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024);
128 if (tmp_blob.data == NULL) {
129 talloc_free(mem_ctx);
133 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
134 if (NT_STATUS_IS_ERR(status)) {
135 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
136 talloc_free(mem_ctx);
139 tmp_blob.length = nread;
141 ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length);
143 talloc_free(mem_ctx);
147 peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length);
149 if (buf_length < 4) {
151 talloc_free(mem_ctx);
155 sasl_length = RIVAL(buf, 0);
157 if ((buf_length - 4) < sasl_length) {
159 talloc_free(mem_ctx);
163 wrapped.data = buf + 4;
164 wrapped.length = sasl_length;
166 status = gensec_unwrap(conn->gensec, mem_ctx,
169 if (!NT_STATUS_IS_OK(status)) {
170 DEBUG(0,("gensec_unwrap: %s\n",nt_errstr(status)));
171 talloc_free(mem_ctx);
175 ret = ldapsrv_append_to_buf(&conn->in_buffer, unwrapped.data, unwrapped.length);
177 talloc_free(mem_ctx);
181 ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length);
183 talloc_free(mem_ctx);
187 static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf)
193 tmp_blob.data = buf->data;
194 tmp_blob.length = buf->length;
196 status = socket_send(sock, &tmp_blob, &sendlen, 0);
197 if (!NT_STATUS_IS_OK(status)) {
198 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
202 ldapsrv_consumed_from_buf(buf, sendlen);
207 static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn)
215 struct socket_context *sock = conn->connection->socket;
220 return write_from_buf(sock, &conn->out_buffer);
222 if (!conn->session_info) {
223 return write_from_buf(sock, &conn->out_buffer);
225 if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) ||
226 gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
227 return write_from_buf(sock, &conn->out_buffer);
230 mem_ctx = talloc_new(conn);
232 DEBUG(0,("no memory\n"));
236 if (conn->out_buffer.length == 0) {
240 tmp_blob.data = conn->out_buffer.data;
241 tmp_blob.length = conn->out_buffer.length;
242 status = gensec_wrap(conn->gensec, mem_ctx,
245 if (!NT_STATUS_IS_OK(status)) {
246 DEBUG(0,("gensec_wrap: %s\n",nt_errstr(status)));
247 talloc_free(mem_ctx);
251 sasl = data_blob_talloc(mem_ctx, NULL, 4 + wrapped.length);
253 DEBUG(0,("no memory\n"));
254 talloc_free(mem_ctx);
258 RSIVAL(sasl.data, 0, wrapped.length);
259 memcpy(sasl.data + 4, wrapped.data, wrapped.length);
261 ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length);
263 talloc_free(mem_ctx);
266 ldapsrv_consumed_from_buf(&conn->out_buffer, conn->out_buffer.length);
268 tmp_blob.data = conn->sasl_out_buffer.data;
269 tmp_blob.length = conn->sasl_out_buffer.length;
271 status = socket_send(sock, &tmp_blob, &sendlen, 0);
272 if (!NT_STATUS_IS_OK(status)) {
273 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
274 talloc_free(mem_ctx);
278 ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen);
280 talloc_free(mem_ctx);
285 static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf)
290 if (!ldap_encode(msg, &blob))
293 res = ldapsrv_append_to_buf(buf, blob.data, blob.length);
295 data_blob_free(&blob);
299 NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn)
301 struct ldapsrv_call *call, *next_call = NULL;
302 struct ldapsrv_reply *reply, *next_reply = NULL;
304 for (call=conn->calls; call; call=next_call) {
305 for (reply=call->replies; reply; reply=next_reply) {
306 if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) {
307 return NT_STATUS_FOOBAR;
309 next_reply = reply->next;
310 DLIST_REMOVE(call->replies, reply);
311 reply->state = LDAPSRV_REPLY_STATE_SEND;
314 next_call = call->next;
315 DLIST_REMOVE(conn->calls, call);
316 call->state = LDAPSRV_CALL_STATE_COMPLETE;
323 NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn)
329 called when a LDAP socket becomes readable
331 static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags)
333 struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection);
335 size_t buf_length, msg_length;
337 struct asn1_data data;
338 struct ldapsrv_call *call;
341 DEBUG(10,("ldapsrv_recv\n"));
343 if (!ldapsrv_read_buf(ldap_conn)) {
344 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed");
348 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
350 while (buf_length > 0) {
351 /* LDAP Messages are always SEQUENCES */
353 if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0),
355 ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed");
359 if (buf_length < msg_length) {
364 /* We've got a complete LDAP request in the in-buffer, convert
365 * that to a ldap_message and put it into the incoming
369 blob.length = msg_length;
371 if (!asn1_load(&data, blob)) {
372 ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed");
376 call = talloc(ldap_conn, struct ldapsrv_call);
378 ldapsrv_terminate_connection(ldap_conn, "no memory");
383 call->state = LDAPSRV_CALL_STATE_NEW;
384 call->conn = ldap_conn;
385 call->request.mem_ctx = call;
387 if (!ldap_decode(&data, &call->request)) {
388 dump_data(0,buf, msg_length);
390 ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed");
396 DLIST_ADD_END(ldap_conn->calls, call,
397 struct ldapsrv_call *);
399 ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length);
401 status = ldapsrv_do_call(call);
402 if (!NT_STATUS_IS_OK(status)) {
403 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed");
407 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
410 status = ldapsrv_do_responses(ldap_conn);
411 if (!NT_STATUS_IS_OK(status)) {
412 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed");
416 if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) {
417 EVENT_FD_WRITEABLE(conn->event.fde);
424 called when a LDAP socket becomes writable
426 static void ldapsrv_send(struct stream_connection *conn, uint16_t flags)
428 struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection);
430 DEBUG(10,("ldapsrv_send\n"));
432 if (!ldapsrv_write_buf(ldap_conn)) {
433 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed");
437 if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) {
438 EVENT_FD_NOT_WRITEABLE(conn->event.fde);
445 initialise a server_context from a open socket and register a event handler
446 for reading from that socket
448 static void ldapsrv_accept(struct stream_connection *conn)
450 struct ldapsrv_connection *ldap_conn;
452 DEBUG(10, ("ldapsrv_accept\n"));
454 ldap_conn = talloc_zero(conn, struct ldapsrv_connection);
456 if (ldap_conn == NULL)
459 ldap_conn->connection = conn;
460 ldap_conn->service = talloc_get_type(conn->private, struct ldapsrv_service);
461 conn->private = ldap_conn;
464 static const struct stream_server_ops ldap_stream_ops = {
466 .accept_connection = ldapsrv_accept,
467 .recv_handler = ldapsrv_recv,
468 .send_handler = ldapsrv_send,
472 add a socket address to the list of events, one event per port
474 static NTSTATUS add_socket(struct event_context *event_context, const struct model_ops *model_ops,
475 const char *address, struct ldapsrv_service *ldap_service)
480 status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops,
481 "ipv4", address, &port, ldap_service);
482 NT_STATUS_NOT_OK_RETURN(status);
486 return stream_setup_socket(event_context, model_ops, &ldap_stream_ops,
487 "ipv4", address, &port, ldap_service);
491 open the ldap server sockets
493 static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct model_ops *model_ops)
495 struct ldapsrv_service *ldap_service;
496 struct ldapsrv_partition *rootDSE_part;
497 struct ldapsrv_partition *part;
500 DEBUG(10,("ldapsrv_init\n"));
502 ldap_service = talloc_zero(event_context, struct ldapsrv_service);
503 NT_STATUS_HAVE_NO_MEMORY(ldap_service);
505 rootDSE_part = talloc(ldap_service, struct ldapsrv_partition);
506 NT_STATUS_HAVE_NO_MEMORY(rootDSE_part);
508 rootDSE_part->base_dn = ""; /* RootDSE */
509 rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops();
511 ldap_service->rootDSE = rootDSE_part;
512 DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *);
514 part = talloc(ldap_service, struct ldapsrv_partition);
515 NT_STATUS_HAVE_NO_MEMORY(part);
517 part->base_dn = "*"; /* default partition */
518 if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) {
519 part->ops = ldapsrv_get_hldb_partition_ops();
521 part->ops = ldapsrv_get_sldb_partition_ops();
524 ldap_service->default_partition = part;
525 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
527 if (lp_interfaces() && lp_bind_interfaces_only()) {
528 int num_interfaces = iface_count();
531 /* We have been given an interfaces line, and been
532 told to only bind to those interfaces. Create a
533 socket per interface and bind to only these.
535 for(i = 0; i < num_interfaces; i++) {
536 const char *address = iface_n_ip(i);
537 status = add_socket(event_context, model_ops, address, ldap_service);
538 NT_STATUS_NOT_OK_RETURN(status);
541 status = add_socket(event_context, model_ops, lp_socket_address(), ldap_service);
542 NT_STATUS_NOT_OK_RETURN(status);
549 NTSTATUS server_service_ldap_init(void)
551 return register_server_service("ldap", ldapsrv_init);