Back to index

openldap  2.4.31
nssov.h
Go to the documentation of this file.
00001 /* nssov.h - NSS overlay header file */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 2008-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2008 Howard Chu.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in the file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 
00018 #ifndef NSSOV_H
00019 #define NSSOV_H
00020 
00021 #ifndef NSLCD_PATH
00022 #define       NSLCD_PATH    "/var/run/nslcd"
00023 #endif
00024 
00025 #ifndef NSLCD_SOCKET
00026 #define NSLCD_SOCKET NSLCD_PATH "/socket"
00027 #endif
00028 
00029 #include <stdio.h>
00030 
00031 #include "nslcd.h"
00032 #include "nslcd-prot.h"
00033 #include "tio.h"
00034 #include "attrs.h"
00035 
00036 #undef PACKAGE_BUGREPORT
00037 #undef PACKAGE_NAME
00038 #undef PACKAGE_STRING
00039 #undef PACKAGE_TARNAME
00040 #undef PACKAGE_VERSION
00041 
00042 #include "portable.h"
00043 #include "slap.h"
00044 #include <ac/string.h>
00045 
00046 /* selectors for different maps */
00047 enum nssov_map_selector
00048 {
00049   NM_alias,
00050   NM_ether,
00051   NM_group,
00052   NM_host,
00053   NM_netgroup,
00054   NM_network,
00055   NM_passwd,
00056   NM_protocol,
00057   NM_rpc,
00058   NM_service,
00059   NM_shadow,
00060   NM_NONE
00061 };
00062 
00063 typedef struct nssov_mapinfo {
00064        struct berval mi_base;
00065        int mi_scope;
00066        struct berval mi_filter0;
00067        struct berval mi_filter;
00068        struct berval *mi_attrkeys;
00069        AttributeName *mi_attrs;
00070 } nssov_mapinfo;
00071 
00072 typedef struct nssov_info
00073 {
00074        /* search timelimit */
00075        int ni_timelimit;
00076        struct nssov_mapinfo ni_maps[NM_NONE];
00077        int ni_socket;
00078        Connection *ni_conn;
00079        BackendDB *ni_db;
00080 
00081        /* PAM authz support... */
00082        slap_mask_t ni_pam_opts;
00083        struct berval ni_pam_group_dn;
00084        AttributeDescription *ni_pam_group_ad;
00085        int ni_pam_min_uid;
00086        int ni_pam_max_uid;
00087        AttributeDescription *ni_pam_template_ad;
00088        struct berval ni_pam_template;
00089        struct berval ni_pam_defhost;
00090        struct berval *ni_pam_sessions;
00091 } nssov_info;
00092 
00093 #define NI_PAM_USERHOST            1      /* old style host checking */
00094 #define NI_PAM_USERSVC             2      /* old style service checking */
00095 #define NI_PAM_USERGRP             4      /* old style group checking */
00096 #define NI_PAM_HOSTSVC             8      /* new style authz checking */
00097 #define NI_PAM_SASL2DN             0x10   /* use sasl2dn */
00098 #define NI_PAM_UID2DN              0x20   /* use uid2dn */
00099 
00100 #define       NI_PAM_OLD    (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
00101 #define       NI_PAM_NEW    NI_PAM_HOSTSVC
00102 
00103 extern AttributeDescription *nssov_pam_host_ad;
00104 extern AttributeDescription *nssov_pam_svc_ad;
00105 
00106 /* Read the default configuration file. */
00107 void nssov_cfg_init(nssov_info *ni,const char *fname);
00108 
00109 /* macros for basic read and write operations, the following
00110    ERROR_OUT* marcos define the action taken on errors
00111    the stream is not closed because the caller closes the
00112    stream */
00113 
00114 #define ERROR_OUT_WRITEERROR(fp) \
00115   Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \
00116   return -1;
00117 
00118 #define ERROR_OUT_READERROR(fp) \
00119   Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \
00120   return -1;
00121 
00122 #define ERROR_OUT_BUFERROR(fp) \
00123   Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \
00124   return -1;
00125 
00126 #define WRITE_BERVAL(fp,bv) \
00127   DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \
00128   if ((bv)==NULL) \
00129   { \
00130     WRITE_INT32(fp,0); \
00131   } \
00132   else \
00133   { \
00134     WRITE_INT32(fp,(bv)->bv_len); \
00135     if (tmpint32>0) \
00136       { WRITE(fp,(bv)->bv_val,tmpint32); } \
00137   }
00138 
00139 #define WRITE_BVARRAY(fp,arr) \
00140   /* first determine length of array */ \
00141   for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \
00142     /*nothing*/ ; \
00143   /* write number of strings */ \
00144   DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \
00145   WRITE_TYPE(fp,tmp3int32,int32_t); \
00146   /* write strings */ \
00147   for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \
00148   { \
00149     WRITE_BERVAL(fp,&(arr)[tmp2int32]); \
00150   }
00151 
00152 /* This tries to get the user password attribute from the entry.
00153    It will try to return an encrypted password as it is used in /etc/passwd,
00154    /etc/group or /etc/shadow depending upon what is in the directory.
00155    This function will return NULL if no passwd is found and will return the
00156    literal value in the directory if conversion is not possible. */
00157 void get_userpassword(struct berval *attr, struct berval *pw);
00158 
00159 /* write out an address, parsing the addr value */
00160 int write_address(TFILE *fp,struct berval *addr);
00161 
00162 /* a helper macro to write out addresses and bail out on errors */
00163 #define WRITE_ADDRESS(fp,addr) \
00164   if (write_address(fp,addr)) \
00165     return -1;
00166 
00167 /* read an address from the stream */
00168 int read_address(TFILE *fp,char *addr,int *addrlen,int *af);
00169 
00170 /* helper macro to read an address from the stream */
00171 #define READ_ADDRESS(fp,addr,len,af) \
00172   len=(int)sizeof(addr); \
00173   if (read_address(fp,addr,&(len),&(af))) \
00174     return -1;
00175 
00176 /* checks to see if the specified string is a valid username */
00177 int isvalidusername(struct berval *name);
00178 
00179 /* transforms the DN into a uid doing an LDAP lookup if needed */
00180 int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid);
00181 
00182 /* transforms the uid into a DN by doing an LDAP lookup */
00183 int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn);
00184 int nssov_name2dn_cb(Operation *op, SlapReply *rs);
00185 
00186 /* Escapes characters in a string for use in a search filter. */
00187 int nssov_escape(struct berval *src,struct berval *dst);
00188 
00189 int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf);
00190 int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf);
00191 
00192 void nssov_alias_init(nssov_info *ni);
00193 void nssov_ether_init(nssov_info *ni);
00194 void nssov_group_init(nssov_info *ni);
00195 void nssov_host_init(nssov_info *ni);
00196 void nssov_netgroup_init(nssov_info *ni);
00197 void nssov_network_init(nssov_info *ni);
00198 void nssov_passwd_init(nssov_info *ni);
00199 void nssov_protocol_init(nssov_info *ni);
00200 void nssov_rpc_init(nssov_info *ni);
00201 void nssov_service_init(nssov_info *ni);
00202 void nssov_shadow_init(nssov_info *ni);
00203 
00204 int nssov_pam_init(void);
00205 
00206 /* these are the different functions that handle the database
00207    specific actions, see nslcd.h for the action descriptions */
00208 int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op);
00209 int nssov_alias_all(nssov_info *ni,TFILE *fp,Operation *op);
00210 int nssov_ether_byname(nssov_info *ni,TFILE *fp,Operation *op);
00211 int nssov_ether_byether(nssov_info *ni,TFILE *fp,Operation *op);
00212 int nssov_ether_all(nssov_info *ni,TFILE *fp,Operation *op);
00213 int nssov_group_byname(nssov_info *ni,TFILE *fp,Operation *op);
00214 int nssov_group_bygid(nssov_info *ni,TFILE *fp,Operation *op);
00215 int nssov_group_bymember(nssov_info *ni,TFILE *fp,Operation *op);
00216 int nssov_group_all(nssov_info *ni,TFILE *fp,Operation *op);
00217 int nssov_host_byname(nssov_info *ni,TFILE *fp,Operation *op);
00218 int nssov_host_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
00219 int nssov_host_all(nssov_info *ni,TFILE *fp,Operation *op);
00220 int nssov_netgroup_byname(nssov_info *ni,TFILE *fp,Operation *op);
00221 int nssov_network_byname(nssov_info *ni,TFILE *fp,Operation *op);
00222 int nssov_network_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
00223 int nssov_network_all(nssov_info *ni,TFILE *fp,Operation *op);
00224 int nssov_passwd_byname(nssov_info *ni,TFILE *fp,Operation *op);
00225 int nssov_passwd_byuid(nssov_info *ni,TFILE *fp,Operation *op);
00226 int nssov_passwd_all(nssov_info *ni,TFILE *fp,Operation *op);
00227 int nssov_protocol_byname(nssov_info *ni,TFILE *fp,Operation *op);
00228 int nssov_protocol_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
00229 int nssov_protocol_all(nssov_info *ni,TFILE *fp,Operation *op);
00230 int nssov_rpc_byname(nssov_info *ni,TFILE *fp,Operation *op);
00231 int nssov_rpc_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
00232 int nssov_rpc_all(nssov_info *ni,TFILE *fp,Operation *op);
00233 int nssov_service_byname(nssov_info *ni,TFILE *fp,Operation *op);
00234 int nssov_service_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
00235 int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op);
00236 int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op);
00237 int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op);
00238 int pam_authc(nssov_info *ni,TFILE *fp,Operation *op);
00239 int pam_authz(nssov_info *ni,TFILE *fp,Operation *op);
00240 int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op);
00241 int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op);
00242 int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op);
00243 
00244 /* config initialization */
00245 #define NSSOV_INIT(db) \
00246  void nssov_##db##_init(nssov_info *ni) \
00247  { \
00248        nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \
00249        int i; \
00250        for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \
00251        i++; \
00252        mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \
00253        for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \
00254               mi->mi_attrs[i].an_name = db##_keys[i]; \
00255               mi->mi_attrs[i].an_desc = NULL; \
00256        } \
00257        mi->mi_scope = LDAP_SCOPE_DEFAULT; \
00258        mi->mi_filter0 = db##_filter; \
00259        ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \
00260        mi->mi_filter = db##_filter; \
00261        mi->mi_attrkeys = db##_keys; \
00262        BER_BVZERO(&mi->mi_base); \
00263  }
00264 
00265 /* param structure for search callback */
00266 #define NSSOV_CBPRIV(db,parms) \
00267   typedef struct nssov_##db##_cbp { \
00268        nssov_mapinfo *mi; \
00269        TFILE *fp; \
00270        Operation *op; \
00271        parms \
00272   } nssov_##db##_cbp
00273 
00274 /* callback for writing search results */
00275 #define NSSOV_CB(db) \
00276   static int nssov_##db##_cb(Operation *op, SlapReply *rs) \
00277   { \
00278     if ( rs->sr_type == REP_SEARCH ) { \
00279     nssov_##db##_cbp *cbp = op->o_callback->sc_private; \
00280        if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \
00281   } \
00282   return LDAP_SUCCESS; \
00283   } \
00284 
00285 /* macro for generating service handling code */
00286 #define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \
00287   int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \
00288   { \
00289     /* define common variables */ \
00290     int32_t tmpint32; \
00291     int rc; \
00292        nssov_##db##_cbp cbp; \
00293        slap_callback cb = {0}; \
00294        SlapReply rs = {REP_RESULT}; \
00295        cbp.mi = &ni->ni_maps[NM_##db]; \
00296        cbp.fp = fp; \
00297        cbp.op = op; \
00298     /* read request parameters */ \
00299     readfn; \
00300     /* log call */ \
00301     logcall; \
00302     /* write the response header */ \
00303     WRITE_INT32(fp,NSLCD_VERSION); \
00304     WRITE_INT32(fp,action); \
00305     /* prepare the search filter */ \
00306     if (mkfilter) \
00307     { \
00308       Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \
00309       return -1; \
00310     } \
00311        cb.sc_private = &cbp; \
00312        op->o_callback = &cb; \
00313        cb.sc_response = nssov_##db##_cb; \
00314        slap_op_time( &op->o_time, &op->o_tincr ); \
00315        op->o_req_dn = cbp.mi->mi_base; \
00316        op->o_req_ndn = cbp.mi->mi_base; \
00317        op->ors_scope = cbp.mi->mi_scope; \
00318        op->ors_filterstr = filter; \
00319        op->ors_filter = str2filter_x( op, filter.bv_val ); \
00320        op->ors_attrs = cbp.mi->mi_attrs; \
00321        op->ors_tlimit = SLAP_NO_LIMIT; \
00322        op->ors_slimit = SLAP_NO_LIMIT; \
00323     /* do the internal search */ \
00324        op->o_bd->be_search( op, &rs ); \
00325        filter_free_x( op, op->ors_filter, 1 ); \
00326        WRITE_INT32(fp,NSLCD_RESULT_END); \
00327     return 0; \
00328   }
00329 
00330 #endif /* NSSOV_H */