1 /* nssov.h - NSS overlay header file */ 2 /* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */ 3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2008 The OpenLDAP Foundation. 6 * Portions Copyright 2008 Howard Chu. 7 */ 8 9 #ifndef NSSOV_H 10 #define NSSOV_H 11 12 #ifndef NSLCD_SOCKET 13 #define NSLCD_SOCKET "/var/run/nslcd/socket" 14 #endif 15 16 #include <stdio.h> 17 18 #include "nslcd.h" 19 #include "nslcd-common.h" 20 #include "common/tio.h" 21 #include "compat/attrs.h" 22 23 #undef PACKAGE_BUGREPORT 24 #undef PACKAGE_NAME 25 #undef PACKAGE_STRING 26 #undef PACKAGE_TARNAME 27 #undef PACKAGE_VERSION 28 29 #include "portable.h" 30 #include "slap.h" 31 #include <ac/string.h> 32 33 /* selectors for different maps */ 34 enum nssov_map_selector 35 { 36 NM_alias, 37 NM_ether, 38 NM_group, 39 NM_host, 40 NM_netgroup, 41 NM_network, 42 NM_passwd, 43 NM_protocol, 44 NM_rpc, 45 NM_service, 46 NM_shadow, 47 NM_NONE 48 }; 49 50 typedef struct nssov_mapinfo { 51 struct berval mi_base; 52 int mi_scope; 53 struct berval mi_filter0; 54 struct berval mi_filter; 55 struct berval *mi_attrkeys; 56 AttributeName *mi_attrs; 57 } nssov_mapinfo; 58 59 typedef struct nssov_info 60 { 61 /* search timelimit */ 62 int ni_timelimit; 63 struct nssov_mapinfo ni_maps[NM_NONE]; 64 int ni_socket; 65 Connection *ni_conn; 66 BackendDB *ni_db; 67 } nssov_info; 68 69 /* Read the default configuration file. */ 70 void nssov_cfg_init(nssov_info *ni,const char *fname); 71 72 /* macros for basic read and write operations, the following 73 ERROR_OUT* marcos define the action taken on errors 74 the stream is not closed because the caller closes the 75 stream */ 76 77 #define ERROR_OUT_WRITEERROR(fp) \ 78 Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \ 79 return -1; 80 81 #define ERROR_OUT_READERROR(fp) \ 82 Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \ 83 return -1; 84 85 #define ERROR_OUT_BUFERROR(fp) \ 86 Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \ 87 return -1; 88 89 #define WRITE_BERVAL(fp,bv) \ 90 DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \ 91 if ((bv)==NULL) \ 92 { \ 93 WRITE_INT32(fp,0); \ 94 } \ 95 else \ 96 { \ 97 WRITE_INT32(fp,(bv)->bv_len); \ 98 if (tmpint32>0) \ 99 { WRITE(fp,(bv)->bv_val,tmpint32); } \ 100 } 101 102 #define WRITE_BVARRAY(fp,arr) \ 103 /* first determine length of array */ \ 104 for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \ 105 /*nothing*/ ; \ 106 /* write number of strings */ \ 107 DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \ 108 WRITE_TYPE(fp,tmp3int32,int32_t); \ 109 /* write strings */ \ 110 for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \ 111 { \ 112 WRITE_BERVAL(fp,&(arr)[tmp2int32]); \ 113 } 114 115 /* This tries to get the user password attribute from the entry. 116 It will try to return an encrypted password as it is used in /etc/passwd, 117 /etc/group or /etc/shadow depending upon what is in the directory. 118 This function will return NULL if no passwd is found and will return the 119 literal value in the directory if conversion is not possible. */ 120 void get_userpassword(struct berval *attr, struct berval *pw); 121 122 /* write out an address, parsing the addr value */ 123 int write_address(TFILE *fp,struct berval *addr); 124 125 /* a helper macro to write out addresses and bail out on errors */ 126 #define WRITE_ADDRESS(fp,addr) \ 127 if (write_address(fp,addr)) \ 128 return -1; 129 130 /* read an address from the stream */ 131 int read_address(TFILE *fp,char *addr,int *addrlen,int *af); 132 133 /* helper macro to read an address from the stream */ 134 #define READ_ADDRESS(fp,addr,len,af) \ 135 len=(int)sizeof(addr); \ 136 if (read_address(fp,addr,&(len),&(af))) \ 137 return -1; 138 139 /* checks to see if the specified string is a valid username */ 140 int isvalidusername(struct berval *name); 141 142 /* transforms the DN info a uid doing an LDAP lookup if needed */ 143 int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid); 144 145 /* transforms the uid into a DN by doing an LDAP lookup */ 146 int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn); 147 148 /* Escapes characters in a string for use in a search filter. */ 149 int nssov_escape(struct berval *src,struct berval *dst); 150 151 int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf); 152 int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf); 153 154 void nssov_alias_init(nssov_info *ni); 155 void nssov_ether_init(nssov_info *ni); 156 void nssov_group_init(nssov_info *ni); 157 void nssov_host_init(nssov_info *ni); 158 void nssov_netgroup_init(nssov_info *ni); 159 void nssov_network_init(nssov_info *ni); 160 void nssov_passwd_init(nssov_info *ni); 161 void nssov_protocol_init(nssov_info *ni); 162 void nssov_rpc_init(nssov_info *ni); 163 void nssov_service_init(nssov_info *ni); 164 void nssov_shadow_init(nssov_info *ni); 165 166 /* these are the different functions that handle the database 167 specific actions, see nslcd.h for the action descriptions */ 168 int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op); 169 int nssov_alias_all(nssov_info *ni,TFILE *fp,Operation *op); 170 int nssov_ether_byname(nssov_info *ni,TFILE *fp,Operation *op); 171 int nssov_ether_byether(nssov_info *ni,TFILE *fp,Operation *op); 172 int nssov_ether_all(nssov_info *ni,TFILE *fp,Operation *op); 173 int nssov_group_byname(nssov_info *ni,TFILE *fp,Operation *op); 174 int nssov_group_bygid(nssov_info *ni,TFILE *fp,Operation *op); 175 int nssov_group_bymember(nssov_info *ni,TFILE *fp,Operation *op); 176 int nssov_group_all(nssov_info *ni,TFILE *fp,Operation *op); 177 int nssov_host_byname(nssov_info *ni,TFILE *fp,Operation *op); 178 int nssov_host_byaddr(nssov_info *ni,TFILE *fp,Operation *op); 179 int nssov_host_all(nssov_info *ni,TFILE *fp,Operation *op); 180 int nssov_netgroup_byname(nssov_info *ni,TFILE *fp,Operation *op); 181 int nssov_network_byname(nssov_info *ni,TFILE *fp,Operation *op); 182 int nssov_network_byaddr(nssov_info *ni,TFILE *fp,Operation *op); 183 int nssov_network_all(nssov_info *ni,TFILE *fp,Operation *op); 184 int nssov_passwd_byname(nssov_info *ni,TFILE *fp,Operation *op); 185 int nssov_passwd_byuid(nssov_info *ni,TFILE *fp,Operation *op); 186 int nssov_passwd_all(nssov_info *ni,TFILE *fp,Operation *op); 187 int nssov_protocol_byname(nssov_info *ni,TFILE *fp,Operation *op); 188 int nssov_protocol_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 189 int nssov_protocol_all(nssov_info *ni,TFILE *fp,Operation *op); 190 int nssov_rpc_byname(nssov_info *ni,TFILE *fp,Operation *op); 191 int nssov_rpc_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 192 int nssov_rpc_all(nssov_info *ni,TFILE *fp,Operation *op); 193 int nssov_service_byname(nssov_info *ni,TFILE *fp,Operation *op); 194 int nssov_service_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 195 int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op); 196 int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op); 197 int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op); 198 199 /* config initialization */ 200 #define NSSOV_INIT(db) \ 201 void nssov_##db##_init(nssov_info *ni) \ 202 { \ 203 nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \ 204 int i; \ 205 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \ 206 i++; \ 207 mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \ 208 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \ 209 mi->mi_attrs[i].an_name = db##_keys[i]; \ 210 mi->mi_attrs[i].an_desc = NULL; \ 211 } \ 212 mi->mi_scope = LDAP_SCOPE_DEFAULT; \ 213 mi->mi_filter0 = db##_filter; \ 214 ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \ 215 mi->mi_filter = db##_filter; \ 216 mi->mi_attrkeys = db##_keys; \ 217 BER_BVZERO(&mi->mi_base); \ 218 } 219 220 /* param structure for search callback */ 221 #define NSSOV_CBPRIV(db,parms) \ 222 typedef struct nssov_##db##_cbp { \ 223 nssov_mapinfo *mi; \ 224 TFILE *fp; \ 225 Operation *op; \ 226 parms \ 227 } nssov_##db##_cbp 228 229 /* callback for writing search results */ 230 #define NSSOV_CB(db) \ 231 static int nssov_##db##_cb(Operation *op, SlapReply *rs) \ 232 { \ 233 if ( rs->sr_type == REP_SEARCH ) { \ 234 nssov_##db##_cbp *cbp = op->o_callback->sc_private; \ 235 if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \ 236 } \ 237 return LDAP_SUCCESS; \ 238 } \ 239 240 /* macro for generating service handling code */ 241 #define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \ 242 int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \ 243 { \ 244 /* define common variables */ \ 245 int32_t tmpint32; \ 246 int rc; \ 247 nssov_##db##_cbp cbp; \ 248 slap_callback cb = {0}; \ 249 SlapReply rs = {REP_RESULT}; \ 250 cbp.mi = &ni->ni_maps[NM_##db]; \ 251 cbp.fp = fp; \ 252 cbp.op = op; \ 253 /* read request parameters */ \ 254 readfn; \ 255 /* log call */ \ 256 logcall; \ 257 /* write the response header */ \ 258 WRITE_INT32(fp,NSLCD_VERSION); \ 259 WRITE_INT32(fp,action); \ 260 /* prepare the search filter */ \ 261 if (mkfilter) \ 262 { \ 263 Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \ 264 return -1; \ 265 } \ 266 cb.sc_private = &cbp; \ 267 op->o_callback = &cb; \ 268 cb.sc_response = nssov_##db##_cb; \ 269 slap_op_time( &op->o_time, &op->o_tincr ); \ 270 op->o_req_dn = cbp.mi->mi_base; \ 271 op->o_req_ndn = cbp.mi->mi_base; \ 272 op->ors_scope = cbp.mi->mi_scope; \ 273 op->ors_filterstr = filter; \ 274 op->ors_filter = str2filter_x( op, filter.bv_val ); \ 275 op->ors_attrs = cbp.mi->mi_attrs; \ 276 op->ors_tlimit = SLAP_NO_LIMIT; \ 277 op->ors_slimit = SLAP_NO_LIMIT; \ 278 /* do the internal search */ \ 279 op->o_bd->be_search( op, &rs ); \ 280 filter_free_x( op, op->ors_filter ); \ 281 return 0; \ 282 } 283 284 #endif /* NSSOV_H */ 285