diff options
Diffstat (limited to 'source3/nsswitch/winbindd_ldap.c')
-rw-r--r-- | source3/nsswitch/winbindd_ldap.c | 646 |
1 files changed, 0 insertions, 646 deletions
diff --git a/source3/nsswitch/winbindd_ldap.c b/source3/nsswitch/winbindd_ldap.c deleted file mode 100644 index cd0214ff45..0000000000 --- a/source3/nsswitch/winbindd_ldap.c +++ /dev/null @@ -1,646 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - winbind ldap proxy code - - Copyright (C) Volker Lendecke - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" - -/* This rw-buf api is made to avoid memcpy. For now do that like mad... The - idea is to write into a circular list of buffers where the ideal case is - that a read(2) holds a complete request that is then thrown away - completely. */ - -struct ldap_message_queue { - struct ldap_message_queue *prev, *next; - struct ldap_message *msg; -}; - -struct rw_buffer { - uint8 *data; - size_t ofs, length; -}; - -struct winbind_ldap_client { - struct winbind_ldap_client *next, *prev; - int sock; - BOOL finished; - struct rw_buffer in_buffer, out_buffer; -}; - -static struct winbind_ldap_client *ldap_clients; - -struct winbind_ldap_server { - struct winbind_ldap_server *next, *prev; - int sock; - BOOL ready; /* Bind successful? */ - BOOL finished; - struct rw_buffer in_buffer, out_buffer; - int messageid; -}; - -static struct winbind_ldap_server *ldap_servers; - -struct pending_ldap_message { - struct pending_ldap_message *next, *prev; - struct ldap_message *msg; /* The message the client sent us */ - int our_msgid; /* The messageid we used */ - struct winbind_ldap_client *client; -}; - -struct pending_ldap_message *pending_messages; - -static BOOL append_to_buf(struct rw_buffer *buf, uint8 *data, size_t length) -{ - buf->data = SMB_REALLOC(buf->data, buf->length+length); - - if (buf->data == NULL) - return False; - - memcpy(buf->data+buf->length, data, length); - - buf->length += length; - return True; -} - -static BOOL read_into_buf(int fd, struct rw_buffer *buf) -{ - char tmp_buf[1024]; - int len; - - len = read(fd, tmp_buf, sizeof(tmp_buf)); - if (len == 0) - return False; - - return append_to_buf(buf, tmp_buf, len); -} - -static void peek_into_buf(struct rw_buffer *buf, uint8 **out, - size_t *out_length) -{ - *out = buf->data; - *out_length = buf->length; -} - -static void consumed_from_buf(struct rw_buffer *buf, size_t length) -{ - uint8 *new = memdup(buf->data+length, buf->length-length); - free(buf->data); - buf->data = new; - buf->length -= length; -} - -static BOOL write_out_of_buf(int fd, struct rw_buffer *buf) -{ - uint8 *tmp; - size_t tmp_length, written; - - peek_into_buf(buf, &tmp, &tmp_length); - if (tmp_length == 0) - return True; - - written = write(fd, tmp, tmp_length); - if (written < 0) - return False; - - consumed_from_buf(buf, written); - return True; -} - -static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) -{ - DATA_BLOB blob; - BOOL res; - - if (!ldap_encode(msg, &blob)) - return False; - - res = append_to_buf(buf, blob.data, blob.length); - - data_blob_free(&blob); - return res; -} - -static void new_ldap_client(int listen_sock) -{ - struct sockaddr_un sunaddr; - struct winbind_ldap_client *client; - socklen_t len; - int sock; - - /* Accept connection */ - - len = sizeof(sunaddr); - - do { - sock = accept(listen_sock, (struct sockaddr *)&sunaddr, &len); - } while (sock == -1 && errno == EINTR); - - if (sock == -1) - return; - - DEBUG(6,("accepted socket %d\n", sock)); - - /* Create new connection structure */ - - client = SMB_MALLOC_P(struct winbind_ldap_client); - - if (client == NULL) - return; - - ZERO_STRUCTP(client); - - client->sock = sock; - client->finished = False; - - DLIST_ADD(ldap_clients, client); -} - -static struct ldap_message *get_msg_from_buf(struct rw_buffer *buffer, - BOOL *error) -{ - uint8 *buf; - int buf_length, msg_length; - DATA_BLOB blob; - ASN1_DATA data; - struct ldap_message *msg; - - DEBUG(10,("ldapsrv_recv\n")); - - *error = False; - - peek_into_buf(buffer, &buf, &buf_length); - - if (buf_length < 8) { - /* Arbitrary heuristics: ldap messages are longer than eight - * bytes, and their tag length fits into the eight bytes */ - return NULL; - } - - /* LDAP Messages are always SEQUENCES */ - - if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0), - &msg_length)) - goto disconnect; - - if (buf_length < msg_length) { - /* Not enough yet */ - return NULL; - } - - /* We've got a complete LDAP request in the in-buffer */ - - blob.data = buf; - blob.length = msg_length; - - if (!asn1_load(&data, blob)) - goto disconnect; - - msg = new_ldap_message(); - - if ((msg == NULL) || !ldap_decode(&data, msg)) { - asn1_free(&data); - goto disconnect; - } - - asn1_free(&data); - - consumed_from_buf(buffer, msg_length); - - return msg; - - disconnect: - - *error = True; - return NULL; -} - -static int send_msg_to_server(struct ldap_message *msg, - struct winbind_ldap_server *server) -{ - int cli_messageid; - - cli_messageid = msg->messageid; - msg->messageid = ldap_servers->messageid; - - if (!ldap_append_to_buf(msg, &ldap_servers->out_buffer)) - return -1; - - msg->messageid = cli_messageid; - return ldap_servers->messageid++; -} - -static int send_msg(struct ldap_message *msg) -{ - /* This is the scheduling routine that should decide where to send - * stuff. The first attempt is easy: We only have one server. This - * will change once we handle referrals etc. */ - - SMB_ASSERT(ldap_servers != NULL); - - if (!ldap_servers->ready) - return -1; - - return send_msg_to_server(msg, ldap_servers); -} - -static void fake_bind_response(struct winbind_ldap_client *client, - int messageid) -{ - struct ldap_message *msg = new_ldap_message(); - - if (msg == NULL) { - client->finished = True; - return; - } - - msg->messageid = messageid; - msg->type = LDAP_TAG_BindResponse; - msg->r.BindResponse.response.resultcode = 0; - msg->r.BindResponse.response.dn = ""; - msg->r.BindResponse.response.dn = ""; - msg->r.BindResponse.response.errormessage = ""; - msg->r.BindResponse.response.referral = ""; - ldap_append_to_buf(msg, &client->out_buffer); - destroy_ldap_message(msg); -} - -static int open_ldap_socket(void) -{ - static int fd = -1; - - if (fd >= 0) - return fd; - - fd = create_pipe_sock(get_winbind_priv_pipe_dir(), "ldapi", 0750); - return fd; -} - -static BOOL do_sigterm = False; - -static void ldap_termination_handler(int signum) -{ - do_sigterm = True; - sys_select_signal(); -} - -static BOOL handled_locally(struct ldap_message *msg, - struct winbind_ldap_server *server) -{ - struct ldap_Result *r = &msg->r.BindResponse.response; - - if (msg->type != LDAP_TAG_BindResponse) - return False; - - if (r->resultcode != 0) { - destroy_ldap_message(msg); - server->finished = True; - } - destroy_ldap_message(msg); - server->ready = True; - return True; -} - -static void client_has_data(struct winbind_ldap_client *client) -{ - - struct ldap_message *msg; - - if (!read_into_buf(client->sock, &client->in_buffer)) { - client->finished = True; - return; - } - - while ((msg = get_msg_from_buf(&client->in_buffer, - &client->finished))) { - struct pending_ldap_message *pending; - - if (msg->type == LDAP_TAG_BindRequest) { - fake_bind_response(client, msg->messageid); - destroy_ldap_message(msg); - continue; - } - - if (msg->type == LDAP_TAG_UnbindRequest) { - destroy_ldap_message(msg); - client->finished = True; - break; - } - - pending = SMB_MALLOC_P(struct pending_ldap_message); - if (pending == NULL) - continue; - - pending->msg = msg; - pending->client = client; - pending->our_msgid = send_msg(msg); - - if (pending->our_msgid < 0) { - /* could not send */ - client->finished = True; - free(pending); - } - DLIST_ADD(pending_messages, pending); - } -} - -static struct ldap_Result *ldap_msg2result(struct ldap_message *msg) -{ - switch(msg->type) { - case LDAP_TAG_BindResponse: - return &msg->r.BindResponse.response; - case LDAP_TAG_SearchResultDone: - return &msg->r.SearchResultDone; - case LDAP_TAG_ModifyResponse: - return &msg->r.ModifyResponse; - case LDAP_TAG_AddResponse: - return &msg->r.AddResponse; - case LDAP_TAG_DelResponse: - return &msg->r.DelResponse; - case LDAP_TAG_ModifyDNResponse: - return &msg->r.ModifyDNResponse; - case LDAP_TAG_CompareResponse: - return &msg->r.CompareResponse; - case LDAP_TAG_ExtendedResponse: - return &msg->r.ExtendedResponse.response; - } - return NULL; -} - -static void server_has_data(struct winbind_ldap_server *server) -{ - struct ldap_message *msg; - - if (!read_into_buf(server->sock, &server->in_buffer)) { - server->finished = True; - return; - } - - while ((msg = get_msg_from_buf(&server->in_buffer, - &server->finished))) { - struct pending_ldap_message *pending; - struct rw_buffer *buf; - struct ldap_Result *res; - - if (handled_locally(msg, server)) - continue; - - res = ldap_msg2result(msg); - - if ( (res != NULL) && (res->resultcode == 10) ) - DEBUG(5, ("Got Referral %s\n", res->referral)); - - for (pending = pending_messages; - pending != NULL; - pending = pending->next) { - if (pending->our_msgid == msg->messageid) - break; - } - - if (pending == NULL) { - talloc_destroy(msg->mem_ctx); - continue; - } - - msg->messageid = pending->msg->messageid; - - buf = &pending->client->out_buffer; - ldap_append_to_buf(msg, buf); - - if ( (msg->type != LDAP_TAG_SearchResultEntry) && - (msg->type != LDAP_TAG_SearchResultReference) ) { - destroy_ldap_message(pending->msg); - DLIST_REMOVE(pending_messages, - pending); - SAFE_FREE(pending); - } - destroy_ldap_message(msg); - } -} - -static void process_ldap_loop(void) -{ - struct winbind_ldap_client *client; - struct winbind_ldap_server *server; - fd_set r_fds, w_fds; - int maxfd, listen_sock, selret; - struct timeval timeout; - - /* Free up temporary memory */ - - lp_TALLOC_FREE(); - main_loop_TALLOC_FREE(); - - if (do_sigterm) { -#if 0 - TALLOC_CTX *mem_ctx = talloc_init("describe"); - DEBUG(0, ("%s\n", talloc_describe_all(mem_ctx))); - talloc_destroy(mem_ctx); -#endif - exit(0); - } - - /* Initialise fd lists for select() */ - - listen_sock = open_ldap_socket(); - - if (listen_sock == -1) { - perror("open_ldap_socket"); - exit(1); - } - - maxfd = listen_sock; - - FD_ZERO(&r_fds); - FD_ZERO(&w_fds); - FD_SET(listen_sock, &r_fds); - - timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; - timeout.tv_usec = 0; - - /* Set up client readers and writers */ - - client = ldap_clients; - - while (client != NULL) { - - if (client->finished) { - struct winbind_ldap_client *next = client->next; - DLIST_REMOVE(ldap_clients, client); - close(client->sock); - SAFE_FREE(client->in_buffer.data); - SAFE_FREE(client->out_buffer.data); - SAFE_FREE(client); - client = next; - continue; - } - - if (client->sock > maxfd) - maxfd = client->sock; - - FD_SET(client->sock, &r_fds); - - if (client->out_buffer.length > 0) - FD_SET(client->sock, &w_fds); - - client = client->next; - } - - /* And now the servers */ - - server = ldap_servers; - - while (server != NULL) { - - if (server->finished) { - struct winbind_ldap_server *next = server->next; - DLIST_REMOVE(ldap_servers, server); - close(server->sock); - SAFE_FREE(server); - server = next; - continue; - } - - if (server->sock > maxfd) - maxfd = server->sock; - - FD_SET(server->sock, &r_fds); - - if (server->out_buffer.length > 0) - FD_SET(server->sock, &w_fds); - - server = server->next; - } - - selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout); - - if (selret == 0) - return; - - if (selret == -1 && errno != EINTR) { - perror("select"); - exit(1); - } - - if (FD_ISSET(listen_sock, &r_fds)) - new_ldap_client(listen_sock); - - for (client = ldap_clients; client != NULL; client = client->next) { - - if (FD_ISSET(client->sock, &r_fds)) - client_has_data(client); - - if ((!client->finished) && FD_ISSET(client->sock, &w_fds)) - write_out_of_buf(client->sock, &client->out_buffer); - } - - for (server = ldap_servers; server != NULL; server = server->next) { - - if (FD_ISSET(server->sock, &r_fds)) - server_has_data(server); - - if (!server->finished && FD_ISSET(server->sock, &w_fds)) - write_out_of_buf(server->sock, &server->out_buffer); - } -} - -static BOOL setup_ldap_serverconn(void) -{ - char *host; - uint16 port; - BOOL ldaps; - struct hostent *hp; - struct in_addr ip; - TALLOC_CTX *mem_ctx = talloc_init("server"); - struct ldap_message *msg; - char *dn, *pw; - - ldap_servers = SMB_MALLOC_P(struct winbind_ldap_server); - - if ((ldap_servers == NULL) || (mem_ctx == NULL)) - return False; - - if (!ldap_parse_basic_url(mem_ctx, "ldap://192.168.234.1:3899/", - &host, &port, &ldaps)) - return False; - - hp = sys_gethostbyname(host); - - if ((hp == NULL) || (hp->h_addr == NULL)) - return False; - - putip((char *)&ip, (char *)hp->h_addr); - - ZERO_STRUCTP(ldap_servers); - ldap_servers->sock = open_socket_out(SOCK_STREAM, &ip, port, 10000); - ldap_servers->messageid = 1; - - if (!fetch_ldap_pw(&dn, &pw)) - return False; - - msg = new_ldap_simple_bind_msg(dn, pw); - - SAFE_FREE(dn); - SAFE_FREE(pw); - - if (msg == NULL) - return False; - - msg->messageid = ldap_servers->messageid++; - - ldap_append_to_buf(msg, &ldap_servers->out_buffer); - - destroy_ldap_message(msg); - - return (ldap_servers->sock >= 0); -} - -void do_ldap_proxy(void) -{ - int ldap_child; - - ldap_child = sys_fork(); - - if (ldap_child != 0) - return; - - /* tdb needs special fork handling */ - if (tdb_reopen_all() == -1) { - DEBUG(0,("tdb_reopen_all failed.\n")); - _exit(0); - } - - if (!message_init()) { - DEBUG(0, ("message_init failed\n")); - _exit(0); - } - - CatchSignal(SIGINT, ldap_termination_handler); - CatchSignal(SIGQUIT, ldap_termination_handler); - CatchSignal(SIGTERM, ldap_termination_handler); - - if (!setup_ldap_serverconn()) - return; - - while (1) - process_ldap_loop(); - - return; -} |