source4/cldap_server/cldap_server.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    CLDAP server task
   5
   6    Copyright (C) Andrew Tridgell        2005
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include <talloc.h>
  24 #include "lib/messaging/irpc.h"
  25 #include "smbd/service_task.h"
  26 #include "smbd/service.h"
  27 #include "cldap_server/cldap_server.h"
  28 #include "system/network.h"
  29 #include "lib/socket/netif.h"
  30 #include <ldb.h>
  31 #include <ldb_errors.h>
  32 #include "dsdb/samdb/samdb.h"
  33 #include "ldb_wrap.h"
  34 #include "auth/auth.h"
  35 #include "param/param.h"
  36 #include "../lib/tsocket/tsocket.h"
  37 #include "libds/common/roles.h"
  38
  39 NTSTATUS server_service_cldapd_init(TALLOC_CTX *);
  40
  41 /*
  42   handle incoming cldap requests
  43 */
  44 static void cldapd_request_handler(struct cldap_socket *cldap,
  45                                    void *private_data,
  46                                    struct cldap_incoming *in)
  47 {
  48         struct cldapd_server *cldapd = talloc_get_type(private_data,
  49                                        struct cldapd_server);
  50         struct ldap_SearchRequest *search;
  51
  52         if (in->ldap_msg->type == LDAP_TAG_AbandonRequest) {
  53                 DEBUG(10,("Got (and ignoring) CLDAP AbandonRequest from %s.",
  54                           tsocket_address_string(in->src, in)));
  55                 talloc_free(in);
  56                 return;
  57         }
  58
  59         if (in->ldap_msg->type != LDAP_TAG_SearchRequest) {
  60                 DEBUG(0,("Invalid CLDAP request type %d from %s\n",
  61                          in->ldap_msg->type,
  62                          tsocket_address_string(in->src, in)));
  63                 cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
  64                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP request");
  65                 talloc_free(in);
  66                 return;
  67         }
  68
  69         search = &in->ldap_msg->r.SearchRequest;
  70
  71         if (strcmp("", search->basedn) != 0) {
  72                 DEBUG(0,("Invalid CLDAP basedn '%s' from %s\n",
  73                          search->basedn,
  74                          tsocket_address_string(in->src, in)));
  75                 cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
  76                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP basedn");
  77                 talloc_free(in);
  78                 return;
  79         }
  80
  81         if (search->scope != LDAP_SEARCH_SCOPE_BASE) {
  82                 DEBUG(0,("Invalid CLDAP scope %d from %s\n",
  83                          search->scope,
  84                          tsocket_address_string(in->src, in)));
  85                 cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
  86                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP scope");
  87                 talloc_free(in);
  88                 return;
  89         }
  90
  91         cldapd_rootdse_request(cldap, cldapd, in,
  92                                in->ldap_msg->messageid,
  93                                search, in->src);
  94         talloc_free(in);
  95 }
  96
  97
  98 /*
  99   start listening on the given address
 100 */
 101 static NTSTATUS cldapd_add_socket(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
 102                                   const char *address)
 103 {
 104         struct cldap_socket *cldapsock;
 105         struct tsocket_address *socket_address;
 106         NTSTATUS status;
 107         int ret;
 108
 109         ret = tsocket_address_inet_from_strings(cldapd,
 110                                                 "ip",
 111                                                 address,
 112                                                 lpcfg_cldap_port(lp_ctx),
 113                                                 &socket_address);
 114         if (ret != 0) {
 115                 status = map_nt_error_from_unix_common(errno);
 116                 DEBUG(0,("invalid address %s:%d - %s:%s\n",
 117                          address, lpcfg_cldap_port(lp_ctx),
 118                          gai_strerror(ret), nt_errstr(status)));
 119                 return status;
 120         }
 121
 122         /* listen for unicasts on the CLDAP port (389) */
 123         status = cldap_socket_init(cldapd,
 124                                    socket_address,
 125                                    NULL,
 126                                    &cldapsock);
 127         if (!NT_STATUS_IS_OK(status)) {
 128                 DEBUG(0,("Failed to bind to %s - %s\n",
 129                          tsocket_address_string(socket_address, socket_address),
 130                          nt_errstr(status)));
 131                 talloc_free(socket_address);
 132                 return status;
 133         }
 134         talloc_free(socket_address);
 135
 136         cldap_set_incoming_handler(cldapsock, cldapd->task->event_ctx,
 137                                    cldapd_request_handler, cldapd);
 138
 139         return NT_STATUS_OK;
 140 }
 141
 142 /*
 143   setup our listening sockets on the configured network interfaces
 144 */
 145 static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
 146                                           struct interface *ifaces)
 147 {
 148         int i, num_interfaces;
 149         TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
 150         NTSTATUS status;
 151
 152         num_interfaces = iface_list_count(ifaces);
 153
 154         /* if we are allowing incoming packets from any address, then
 155            we need to bind to the wildcard address */
 156         if (!lpcfg_bind_interfaces_only(lp_ctx)) {
 157                 int num_binds = 0;
 158                 char **wcard = iface_list_wildcard(cldapd);
 159                 NT_STATUS_HAVE_NO_MEMORY(wcard);
 160                 for (i=0; wcard[i]; i++) {
 161                         status = cldapd_add_socket(cldapd, lp_ctx, wcard[i]);
 162                         if (NT_STATUS_IS_OK(status)) {
 163                                 num_binds++;
 164                         }
 165                 }
 166                 talloc_free(wcard);
 167                 if (num_binds == 0) {
 168                         return NT_STATUS_INVALID_PARAMETER_MIX;
 169                 }
 170         }
 171
 172         /* now we have to also listen on the specific interfaces,
 173            so that replies always come from the right IP */
 174         for (i=0; i<num_interfaces; i++) {
 175                 const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
 176                 status = cldapd_add_socket(cldapd, lp_ctx, address);
 177                 NT_STATUS_NOT_OK_RETURN(status);
 178         }
 179
 180         talloc_free(tmp_ctx);
 181
 182         return NT_STATUS_OK;
 183 }
 184
 185 /*
 186   startup the cldapd task
 187 */
 188 static void cldapd_task_init(struct task_server *task)
 189 {
 190         struct cldapd_server *cldapd;
 191         NTSTATUS status;
 192         struct interface *ifaces;
 193
 194         load_interface_list(task, task->lp_ctx, &ifaces);
 195
 196         if (iface_list_count(ifaces) == 0) {
 197                 task_server_terminate(task, "cldapd: no network interfaces configured", false);
 198                 return;
 199         }
 200
 201         switch (lpcfg_server_role(task->lp_ctx)) {
 202         case ROLE_STANDALONE:
 203                 task_server_terminate(task, "cldap_server: no CLDAP server required in standalone configuration",
 204                                       false);
 205                 return;
 206         case ROLE_DOMAIN_MEMBER:
 207                 task_server_terminate(task, "cldap_server: no CLDAP server required in member server configuration",
 208                                       false);
 209                 return;
 210         case ROLE_ACTIVE_DIRECTORY_DC:
 211                 /* Yes, we want an CLDAP server */
 212                 break;
 213         }
 214
 215         task_server_set_title(task, "task[cldapd]");
 216
 217         cldapd = talloc(task, struct cldapd_server);
 218         if (cldapd == NULL) {
 219                 task_server_terminate(task, "cldapd: out of memory", true);
 220                 return;
 221         }
 222
 223         cldapd->task = task;
 224         cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx), 0);
 225         if (cldapd->samctx == NULL) {
 226                 task_server_terminate(task, "cldapd failed to open samdb", true);
 227                 return;
 228         }
 229
 230         /* start listening on the configured network interfaces */
 231         status = cldapd_startup_interfaces(cldapd, task->lp_ctx, ifaces);
 232         if (!NT_STATUS_IS_OK(status)) {
 233                 task_server_terminate(task, "cldapd failed to setup interfaces", true);
 234                 return;
 235         }
 236
 237         irpc_add_name(task->msg_ctx, "cldap_server");
 238 }
 239
 240
 241 /*
 242   register ourselves as a available server
 243 */
 244 NTSTATUS server_service_cldapd_init(TALLOC_CTX *ctx)
 245 {
 246         return register_server_service("cldap", cldapd_task_init);
 247 }