2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2004
5 Copyright (C) Stefan Metzmacher 2004
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "auth/auth.h"
25 #include "dlinklist.h"
27 #include "ldap_server/ldap_server.h"
30 close the socket and shutdown a server_context
32 static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason)
34 server_terminate_connection(ldap_conn->connection, reason);
38 add a socket address to the list of events, one event per port
40 static void add_socket(struct server_service *service,
41 const struct model_ops *model_ops,
42 struct ipv4_addr *ifip)
44 struct server_socket *srv_sock;
46 char *ip_str = talloc_strdup(service, sys_inet_ntoa(*ifip));
48 srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port);
51 srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port);
56 /****************************************************************************
57 Open the socket communication.
58 ****************************************************************************/
59 static void ldapsrv_init(struct server_service *service,
60 const struct model_ops *model_ops)
62 struct ldapsrv_service *ldap_service;
63 struct ldapsrv_partition *part;
65 DEBUG(10,("ldapsrv_init\n"));
67 ldap_service = talloc_p(service, struct ldapsrv_service);
69 DEBUG(0,("talloc_p(service, struct ldapsrv_service) failed\n"));
72 ZERO_STRUCTP(ldap_service);
74 part = talloc_p(ldap_service, struct ldapsrv_partition);
76 DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n"));
79 part->base_dn = ""; /* RootDSE */
80 part->ops = ldapsrv_get_rootdse_partition_ops();
82 ldap_service->rootDSE = part;
83 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
85 part = talloc_p(ldap_service, struct ldapsrv_partition);
87 DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n"));
90 part->base_dn = "*"; /* default partition */
91 part->ops = ldapsrv_get_sldb_partition_ops();
93 ldap_service->default_partition = part;
94 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
96 service->private_data = ldap_service;
98 if (lp_interfaces() && lp_bind_interfaces_only()) {
99 int num_interfaces = iface_count();
102 /* We have been given an interfaces line, and been
103 told to only bind to those interfaces. Create a
104 socket per interface and bind to only these.
106 for(i = 0; i < num_interfaces; i++) {
107 struct ipv4_addr *ifip = iface_n_ip(i);
110 DEBUG(0,("ldapsrv_init: interface %d has NULL "
111 "IP address !\n", i));
115 add_socket(service, model_ops, ifip);
118 struct ipv4_addr ifip;
120 /* Just bind to lp_socket_address() (usually 0.0.0.0) */
121 ifip = interpret_addr2(lp_socket_address());
122 add_socket(service, model_ops, &ifip);
126 /* This rw-buf api is made to avoid memcpy. For now do that like mad... The
127 idea is to write into a circular list of buffers where the ideal case is
128 that a read(2) holds a complete request that is then thrown away
131 void ldapsrv_consumed_from_buf(struct rw_buffer *buf,
134 memcpy(buf->data, buf->data+length, buf->length-length);
135 buf->length -= length;
138 static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out,
142 *out_length = buf->length;
145 BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length)
147 buf->data = realloc(buf->data, buf->length+length);
149 if (buf->data == NULL)
152 memcpy(buf->data+buf->length, data, length);
154 buf->length += length;
158 static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf)
165 tmp_blob = data_blob_talloc(sock, NULL, 1024);
166 if (tmp_blob.data == NULL) {
170 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
171 if (NT_STATUS_IS_ERR(status)) {
172 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
173 talloc_free(tmp_blob.data);
177 ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length);
179 talloc_free(tmp_blob.data);
184 static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn)
191 int buf_length, sasl_length;
192 struct socket_context *sock = conn->connection->socket;
196 if (!conn->gensec || !conn->session_info ||
197 !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
198 gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
199 return read_into_buf(sock, &conn->in_buffer);
202 mem_ctx = talloc(conn, 0);
204 DEBUG(0,("no memory\n"));
208 tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024);
209 if (tmp_blob.data == NULL) {
210 talloc_free(mem_ctx);
214 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
215 if (NT_STATUS_IS_ERR(status)) {
216 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
217 talloc_free(mem_ctx);
220 tmp_blob.length = nread;
222 ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length);
224 talloc_free(mem_ctx);
228 peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length);
230 if (buf_length < 4) {
232 talloc_free(mem_ctx);
236 sasl_length = RIVAL(buf, 0);
238 if (buf_length < (4 + sasl_length)) {
240 talloc_free(mem_ctx);
244 creds.data = buf + 4;
245 creds.length = gensec_sig_size(conn->gensec);
247 if (creds.length > sasl_length) {
248 /* invalid packet? */
249 talloc_free(mem_ctx);
253 tmp_blob.data = buf + (4 + creds.length);
254 tmp_blob.length = (4 + sasl_length) - (4 + creds.length);
256 if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
257 status = gensec_unseal_packet(conn->gensec, mem_ctx,
258 tmp_blob.data, tmp_blob.length,
259 tmp_blob.data, tmp_blob.length,
261 if (!NT_STATUS_IS_OK(status)) {
262 DEBUG(0,("gensec_unseal_packet: %s\n",nt_errstr(status)));
263 talloc_free(mem_ctx);
267 status = gensec_check_packet(conn->gensec, mem_ctx,
268 tmp_blob.data, tmp_blob.length,
269 tmp_blob.data, tmp_blob.length,
271 if (!NT_STATUS_IS_OK(status)) {
272 DEBUG(0,("gensec_check_packet: %s\n",nt_errstr(status)));
273 talloc_free(mem_ctx);
278 ret = ldapsrv_append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length);
280 talloc_free(mem_ctx);
284 ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length);
286 talloc_free(mem_ctx);
290 static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf)
296 tmp_blob.data = buf->data;
297 tmp_blob.length = buf->length;
299 status = socket_send(sock, &tmp_blob, &sendlen, 0);
300 if (!NT_STATUS_IS_OK(status)) {
301 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
305 ldapsrv_consumed_from_buf(buf, sendlen);
310 static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn)
318 struct socket_context *sock = conn->connection->socket;
321 if (!conn->gensec || !conn->session_info ||
322 !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
323 gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
324 return write_from_buf(sock, &conn->out_buffer);
327 mem_ctx = talloc(conn, 0);
329 DEBUG(0,("no memory\n"));
333 tmp_blob.data = conn->out_buffer.data;
334 tmp_blob.length = conn->out_buffer.length;
336 if (tmp_blob.length == 0) {
340 if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
341 status = gensec_seal_packet(conn->gensec, mem_ctx,
342 tmp_blob.data, tmp_blob.length,
343 tmp_blob.data, tmp_blob.length,
345 if (!NT_STATUS_IS_OK(status)) {
346 DEBUG(0,("gensec_seal_packet: %s\n",nt_errstr(status)));
347 talloc_free(mem_ctx);
351 status = gensec_sign_packet(conn->gensec, mem_ctx,
352 tmp_blob.data, tmp_blob.length,
353 tmp_blob.data, tmp_blob.length,
355 if (!NT_STATUS_IS_OK(status)) {
356 DEBUG(0,("gensec_sign_packet: %s\n",nt_errstr(status)));
357 talloc_free(mem_ctx);
362 sasl = data_blob_talloc(mem_ctx, NULL, 4 + creds.length + tmp_blob.length);
364 DEBUG(0,("no memory\n"));
365 talloc_free(mem_ctx);
369 RSIVAL(sasl.data, 0, creds.length + tmp_blob.length);
370 memcpy(sasl.data + 4, creds.data, creds.length);
371 memcpy(sasl.data + 4 + creds.length, tmp_blob.data, tmp_blob.length);
373 ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length);
375 talloc_free(mem_ctx);
378 ldapsrv_consumed_from_buf(&conn->out_buffer, tmp_blob.length);
380 tmp_blob.data = conn->sasl_out_buffer.data;
381 tmp_blob.length = conn->sasl_out_buffer.length;
383 status = socket_send(sock, &tmp_blob, &sendlen, 0);
384 if (!NT_STATUS_IS_OK(status)) {
385 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
386 talloc_free(mem_ctx);
390 ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen);
392 talloc_free(mem_ctx);
397 static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf)
402 if (!ldap_encode(msg, &blob))
405 res = ldapsrv_append_to_buf(buf, blob.data, blob.length);
407 data_blob_free(&blob);
411 NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn)
413 struct ldapsrv_call *call, *next_call = NULL;
414 struct ldapsrv_reply *reply, *next_reply = NULL;
416 for (call=conn->calls; call; call=next_call) {
417 for (reply=call->replies; reply; reply=next_reply) {
418 if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) {
419 return NT_STATUS_FOOBAR;
421 next_reply = reply->next;
422 DLIST_REMOVE(call->replies, reply);
423 reply->state = LDAPSRV_REPLY_STATE_SEND;
426 next_call = call->next;
427 DLIST_REMOVE(conn->calls, call);
428 call->state = LDAPSRV_CALL_STATE_COMPLETE;
435 NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn)
441 called when a LDAP socket becomes readable
443 static void ldapsrv_recv(struct server_connection *conn, time_t t,
446 struct ldapsrv_connection *ldap_conn = conn->private_data;
448 int buf_length, msg_length;
450 struct asn1_data data;
451 struct ldapsrv_call *call;
454 DEBUG(10,("ldapsrv_recv\n"));
456 if (!ldapsrv_read_buf(ldap_conn)) {
457 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed");
461 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
463 while (buf_length > 0) {
464 /* LDAP Messages are always SEQUENCES */
466 if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0),
468 ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed");
472 if (buf_length < msg_length) {
477 /* We've got a complete LDAP request in the in-buffer, convert
478 * that to a ldap_message and put it into the incoming
482 blob.length = msg_length;
484 if (!asn1_load(&data, blob)) {
485 ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed");
489 call = talloc_p(ldap_conn, struct ldapsrv_call);
491 ldapsrv_terminate_connection(ldap_conn, "no memory");
496 call->state = LDAPSRV_CALL_STATE_NEW;
497 call->conn = ldap_conn;
498 call->request.mem_ctx = call;
500 if (!ldap_decode(&data, &call->request)) {
501 dump_data(0,buf, msg_length);
503 ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed");
509 DLIST_ADD_END(ldap_conn->calls, call,
510 struct ldapsrv_call *);
512 ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length);
514 status = ldapsrv_do_call(call);
515 if (!NT_STATUS_IS_OK(status)) {
516 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed");
520 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
523 status = ldapsrv_do_responses(ldap_conn);
524 if (!NT_STATUS_IS_OK(status)) {
525 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed");
529 if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) {
530 conn->event.fde->flags |= EVENT_FD_WRITE;
537 called when a LDAP socket becomes writable
539 static void ldapsrv_send(struct server_connection *conn, time_t t,
542 struct ldapsrv_connection *ldap_conn = conn->private_data;
544 DEBUG(10,("ldapsrv_send\n"));
546 if (!ldapsrv_write_buf(ldap_conn)) {
547 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed");
551 if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) {
552 conn->event.fde->flags &= ~EVENT_FD_WRITE;
559 called when connection is idle
561 static void ldapsrv_idle(struct server_connection *conn, time_t t)
563 DEBUG(10,("ldapsrv_idle: not implemented!\n"));
567 static void ldapsrv_close(struct server_connection *conn, const char *reason)
573 initialise a server_context from a open socket and register a event handler
574 for reading from that socket
576 static void ldapsrv_accept(struct server_connection *conn)
578 struct ldapsrv_connection *ldap_conn;
580 DEBUG(10, ("ldapsrv_accept\n"));
582 ldap_conn = talloc_p(conn, struct ldapsrv_connection);
584 if (ldap_conn == NULL)
587 ZERO_STRUCTP(ldap_conn);
588 ldap_conn->connection = conn;
589 ldap_conn->service = talloc_reference(ldap_conn, conn->service->private_data);
591 conn->private_data = ldap_conn;
597 called on a fatal error that should cause this server to terminate
599 static void ldapsrv_exit(struct server_service *service, const char *reason)
601 DEBUG(10,("ldapsrv_exit\n"));
605 static const struct server_service_ops ldap_server_ops = {
607 .service_init = ldapsrv_init,
608 .accept_connection = ldapsrv_accept,
609 .recv_handler = ldapsrv_recv,
610 .send_handler = ldapsrv_send,
611 .idle_handler = ldapsrv_idle,
612 .close_connection = ldapsrv_close,
613 .service_exit = ldapsrv_exit,
616 const struct server_service_ops *ldapsrv_get_ops(void)
618 return &ldap_server_ops;
621 NTSTATUS server_service_ldap_init(void)