2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2004
5 Copyright (C) Stefan Metzmacher 2004
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "lib/events/events.h"
24 #include "auth/auth.h"
25 #include "dlinklist.h"
27 #include "ldap_server/ldap_server.h"
28 #include "smbd/service_stream.h"
29 #include "lib/socket/socket.h"
32 close the socket and shutdown a server_context
34 static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason)
36 stream_terminate_connection(ldap_conn->connection, reason);
39 /* This rw-buf api is made to avoid memcpy. For now do that like mad... The
40 idea is to write into a circular list of buffers where the ideal case is
41 that a read(2) holds a complete request that is then thrown away
44 void ldapsrv_consumed_from_buf(struct rw_buffer *buf,
47 memmove(buf->data, buf->data+length, buf->length-length);
48 buf->length -= length;
51 static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out,
55 *out_length = buf->length;
58 BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length)
60 buf->data = realloc(buf->data, buf->length+length);
62 if (buf->data == NULL)
65 memcpy(buf->data+buf->length, data, length);
67 buf->length += length;
71 static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf)
78 tmp_blob = data_blob_talloc(sock, NULL, 1024);
79 if (tmp_blob.data == NULL) {
83 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
84 if (NT_STATUS_IS_ERR(status)) {
85 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
86 talloc_free(tmp_blob.data);
89 tmp_blob.length = nread;
91 ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length);
93 talloc_free(tmp_blob.data);
98 static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn)
106 size_t buf_length, sasl_length;
107 struct socket_context *sock = conn->connection->socket;
112 return read_into_buf(sock, &conn->in_buffer);
114 if (!conn->session_info) {
115 return read_into_buf(sock, &conn->in_buffer);
117 if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) ||
118 gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
119 return read_into_buf(sock, &conn->in_buffer);
122 mem_ctx = talloc_new(conn);
124 DEBUG(0,("no memory\n"));
128 tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024);
129 if (tmp_blob.data == NULL) {
130 talloc_free(mem_ctx);
134 status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0);
135 if (NT_STATUS_IS_ERR(status)) {
136 DEBUG(10,("socket_recv: %s\n",nt_errstr(status)));
137 talloc_free(mem_ctx);
140 tmp_blob.length = nread;
142 ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length);
144 talloc_free(mem_ctx);
148 peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length);
150 if (buf_length < 4) {
152 talloc_free(mem_ctx);
156 sasl_length = RIVAL(buf, 0);
158 if ((buf_length - 4) < sasl_length) {
160 talloc_free(mem_ctx);
164 wrapped.data = buf + 4;
165 wrapped.length = sasl_length;
167 status = gensec_unwrap(conn->gensec, mem_ctx,
170 if (!NT_STATUS_IS_OK(status)) {
171 DEBUG(0,("gensec_unwrap: %s\n",nt_errstr(status)));
172 talloc_free(mem_ctx);
176 ret = ldapsrv_append_to_buf(&conn->in_buffer, unwrapped.data, unwrapped.length);
178 talloc_free(mem_ctx);
182 ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length);
184 talloc_free(mem_ctx);
188 static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf)
194 tmp_blob.data = buf->data;
195 tmp_blob.length = buf->length;
197 status = socket_send(sock, &tmp_blob, &sendlen, 0);
198 if (!NT_STATUS_IS_OK(status)) {
199 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
203 ldapsrv_consumed_from_buf(buf, sendlen);
208 static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn)
216 struct socket_context *sock = conn->connection->socket;
221 return write_from_buf(sock, &conn->out_buffer);
223 if (!conn->session_info) {
224 return write_from_buf(sock, &conn->out_buffer);
226 if (conn->sasl_out_buffer.length == 0 &&
227 !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) ||
228 gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
229 return write_from_buf(sock, &conn->out_buffer);
232 mem_ctx = talloc_new(conn);
234 DEBUG(0,("no memory\n"));
238 if (conn->out_buffer.length == 0) {
242 tmp_blob.data = conn->out_buffer.data;
243 tmp_blob.length = conn->out_buffer.length;
244 status = gensec_wrap(conn->gensec, mem_ctx,
247 if (!NT_STATUS_IS_OK(status)) {
248 DEBUG(0,("gensec_wrap: %s\n",nt_errstr(status)));
249 talloc_free(mem_ctx);
253 sasl = data_blob_talloc(mem_ctx, NULL, 4 + wrapped.length);
255 DEBUG(0,("no memory\n"));
256 talloc_free(mem_ctx);
260 RSIVAL(sasl.data, 0, wrapped.length);
261 memcpy(sasl.data + 4, wrapped.data, wrapped.length);
263 ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length);
265 talloc_free(mem_ctx);
268 ldapsrv_consumed_from_buf(&conn->out_buffer, conn->out_buffer.length);
270 tmp_blob.data = conn->sasl_out_buffer.data;
271 tmp_blob.length = conn->sasl_out_buffer.length;
273 status = socket_send(sock, &tmp_blob, &sendlen, 0);
274 if (!NT_STATUS_IS_OK(status)) {
275 DEBUG(10,("socket_send() %s\n",nt_errstr(status)));
276 talloc_free(mem_ctx);
280 ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen);
282 talloc_free(mem_ctx);
287 static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf)
292 if (!ldap_encode(msg, &blob))
295 res = ldapsrv_append_to_buf(buf, blob.data, blob.length);
297 data_blob_free(&blob);
301 NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn)
303 struct ldapsrv_call *call, *next_call = NULL;
304 struct ldapsrv_reply *reply, *next_reply = NULL;
306 for (call=conn->calls; call; call=next_call) {
307 for (reply=call->replies; reply; reply=next_reply) {
308 if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) {
309 return NT_STATUS_FOOBAR;
311 next_reply = reply->next;
312 DLIST_REMOVE(call->replies, reply);
313 reply->state = LDAPSRV_REPLY_STATE_SEND;
316 next_call = call->next;
317 DLIST_REMOVE(conn->calls, call);
318 call->state = LDAPSRV_CALL_STATE_COMPLETE;
325 NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn)
331 called when a LDAP socket becomes readable
333 static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags)
335 struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection);
337 size_t buf_length, msg_length;
339 struct asn1_data data;
340 struct ldapsrv_call *call;
343 DEBUG(10,("ldapsrv_recv\n"));
345 if (!ldapsrv_read_buf(ldap_conn)) {
346 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed");
350 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
352 while (buf_length > 0) {
353 /* LDAP Messages are always SEQUENCES */
355 if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0),
357 ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed");
361 if (buf_length < msg_length) {
366 /* We've got a complete LDAP request in the in-buffer, convert
367 * that to a ldap_message and put it into the incoming
371 blob.length = msg_length;
373 if (!asn1_load(&data, blob)) {
374 ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed");
378 call = talloc(ldap_conn, struct ldapsrv_call);
380 ldapsrv_terminate_connection(ldap_conn, "no memory");
385 call->state = LDAPSRV_CALL_STATE_NEW;
386 call->conn = ldap_conn;
387 call->request.mem_ctx = call;
389 if (!ldap_decode(&data, &call->request)) {
390 dump_data(0,buf, msg_length);
392 ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed");
398 DLIST_ADD_END(ldap_conn->calls, call,
399 struct ldapsrv_call *);
401 ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length);
403 status = ldapsrv_do_call(call);
404 if (!NT_STATUS_IS_OK(status)) {
405 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed");
409 peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length);
412 status = ldapsrv_do_responses(ldap_conn);
413 if (!NT_STATUS_IS_OK(status)) {
414 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed");
418 if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) {
419 EVENT_FD_WRITEABLE(conn->event.fde);
426 called when a LDAP socket becomes writable
428 static void ldapsrv_send(struct stream_connection *conn, uint16_t flags)
430 struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection);
432 DEBUG(10,("ldapsrv_send\n"));
434 if (!ldapsrv_write_buf(ldap_conn)) {
435 ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed");
439 if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) {
440 EVENT_FD_NOT_WRITEABLE(conn->event.fde);
447 initialise a server_context from a open socket and register a event handler
448 for reading from that socket
450 static void ldapsrv_accept(struct stream_connection *conn)
452 struct ldapsrv_connection *ldap_conn;
454 DEBUG(10, ("ldapsrv_accept\n"));
456 ldap_conn = talloc_zero(conn, struct ldapsrv_connection);
458 if (ldap_conn == NULL)
461 ldap_conn->connection = conn;
462 ldap_conn->service = talloc_get_type(conn->private, struct ldapsrv_service);
463 conn->private = ldap_conn;
466 static const struct stream_server_ops ldap_stream_ops = {
468 .accept_connection = ldapsrv_accept,
469 .recv_handler = ldapsrv_recv,
470 .send_handler = ldapsrv_send,
474 add a socket address to the list of events, one event per port
476 static NTSTATUS add_socket(struct event_context *event_context, const struct model_ops *model_ops,
477 const char *address, struct ldapsrv_service *ldap_service)
482 status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops,
483 "ipv4", address, &port, ldap_service);
484 NT_STATUS_NOT_OK_RETURN(status);
488 return stream_setup_socket(event_context, model_ops, &ldap_stream_ops,
489 "ipv4", address, &port, ldap_service);
493 open the ldap server sockets
495 static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct model_ops *model_ops)
497 struct ldapsrv_service *ldap_service;
498 struct ldapsrv_partition *rootDSE_part;
499 struct ldapsrv_partition *part;
502 DEBUG(10,("ldapsrv_init\n"));
504 ldap_service = talloc_zero(event_context, struct ldapsrv_service);
505 NT_STATUS_HAVE_NO_MEMORY(ldap_service);
507 rootDSE_part = talloc(ldap_service, struct ldapsrv_partition);
508 NT_STATUS_HAVE_NO_MEMORY(rootDSE_part);
510 rootDSE_part->base_dn = ""; /* RootDSE */
511 rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops();
513 ldap_service->rootDSE = rootDSE_part;
514 DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *);
516 part = talloc(ldap_service, struct ldapsrv_partition);
517 NT_STATUS_HAVE_NO_MEMORY(part);
519 part->base_dn = "*"; /* default partition */
520 if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) {
521 part->ops = ldapsrv_get_hldb_partition_ops();
523 part->ops = ldapsrv_get_sldb_partition_ops();
526 ldap_service->default_partition = part;
527 DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *);
529 if (lp_interfaces() && lp_bind_interfaces_only()) {
530 int num_interfaces = iface_count();
533 /* We have been given an interfaces line, and been
534 told to only bind to those interfaces. Create a
535 socket per interface and bind to only these.
537 for(i = 0; i < num_interfaces; i++) {
538 const char *address = iface_n_ip(i);
539 status = add_socket(event_context, model_ops, address, ldap_service);
540 NT_STATUS_NOT_OK_RETURN(status);
543 status = add_socket(event_context, model_ops, lp_socket_address(), ldap_service);
544 NT_STATUS_NOT_OK_RETURN(status);
551 NTSTATUS server_service_ldap_init(void)
553 return register_server_service("ldap", ldapsrv_init);