1 /* $NetBSD: nssov.h,v 1.1.1.3 2010/12/12 15:19:09 adam Exp $ */ 2 3 /* nssov.h - NSS overlay header file */ 4 /* OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.8 2010/04/15 21:32:56 quanah Exp */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2008-2010 The OpenLDAP Foundation. 8 * Portions Copyright 2008 Howard Chu. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 20 #ifndef NSSOV_H 21 #define NSSOV_H 22 23 #ifndef NSLCD_PATH 24 #define NSLCD_PATH "/var/run/nslcd" 25 #endif 26 27 #ifndef NSLCD_SOCKET 28 #define NSLCD_SOCKET NSLCD_PATH "/socket" 29 #endif 30 31 #include <stdio.h> 32 33 #include "nslcd.h" 34 #include "nslcd-prot.h" 35 #include "tio.h" 36 #include "attrs.h" 37 38 #undef PACKAGE_BUGREPORT 39 #undef PACKAGE_NAME 40 #undef PACKAGE_STRING 41 #undef PACKAGE_TARNAME 42 #undef PACKAGE_VERSION 43 44 #include "portable.h" 45 #include "slap.h" 46 #include <ac/string.h> 47 48 /* selectors for different maps */ 49 enum nssov_map_selector 50 { 51 NM_alias, 52 NM_ether, 53 NM_group, 54 NM_host, 55 NM_netgroup, 56 NM_network, 57 NM_passwd, 58 NM_protocol, 59 NM_rpc, 60 NM_service, 61 NM_shadow, 62 NM_NONE 63 }; 64 65 typedef struct nssov_mapinfo { 66 struct berval mi_base; 67 int mi_scope; 68 struct berval mi_filter0; 69 struct berval mi_filter; 70 struct berval *mi_attrkeys; 71 AttributeName *mi_attrs; 72 } nssov_mapinfo; 73 74 typedef struct nssov_info 75 { 76 /* search timelimit */ 77 int ni_timelimit; 78 struct nssov_mapinfo ni_maps[NM_NONE]; 79 int ni_socket; 80 Connection *ni_conn; 81 BackendDB *ni_db; 82 83 /* PAM authz support... */ 84 slap_mask_t ni_pam_opts; 85 struct berval ni_pam_group_dn; 86 AttributeDescription *ni_pam_group_ad; 87 int ni_pam_min_uid; 88 int ni_pam_max_uid; 89 AttributeDescription *ni_pam_template_ad; 90 struct berval ni_pam_template; 91 struct berval ni_pam_defhost; 92 struct berval *ni_pam_sessions; 93 } nssov_info; 94 95 #define NI_PAM_USERHOST 1 /* old style host checking */ 96 #define NI_PAM_USERSVC 2 /* old style service checking */ 97 #define NI_PAM_USERGRP 4 /* old style group checking */ 98 #define NI_PAM_HOSTSVC 8 /* new style authz checking */ 99 #define NI_PAM_SASL2DN 0x10 /* use sasl2dn */ 100 #define NI_PAM_UID2DN 0x20 /* use uid2dn */ 101 102 #define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP) 103 #define NI_PAM_NEW NI_PAM_HOSTSVC 104 105 extern AttributeDescription *nssov_pam_host_ad; 106 extern AttributeDescription *nssov_pam_svc_ad; 107 108 /* Read the default configuration file. */ 109 void nssov_cfg_init(nssov_info *ni,const char *fname); 110 111 /* macros for basic read and write operations, the following 112 ERROR_OUT* marcos define the action taken on errors 113 the stream is not closed because the caller closes the 114 stream */ 115 116 #define ERROR_OUT_WRITEERROR(fp) \ 117 Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \ 118 return -1; 119 120 #define ERROR_OUT_READERROR(fp) \ 121 Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \ 122 return -1; 123 124 #define ERROR_OUT_BUFERROR(fp) \ 125 Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \ 126 return -1; 127 128 #define WRITE_BERVAL(fp,bv) \ 129 DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \ 130 if ((bv)==NULL) \ 131 { \ 132 WRITE_INT32(fp,0); \ 133 } \ 134 else \ 135 { \ 136 WRITE_INT32(fp,(bv)->bv_len); \ 137 if (tmpint32>0) \ 138 { WRITE(fp,(bv)->bv_val,tmpint32); } \ 139 } 140 141 #define WRITE_BVARRAY(fp,arr) \ 142 /* first determine length of array */ \ 143 for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \ 144 /*nothing*/ ; \ 145 /* write number of strings */ \ 146 DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \ 147 WRITE_TYPE(fp,tmp3int32,int32_t); \ 148 /* write strings */ \ 149 for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \ 150 { \ 151 WRITE_BERVAL(fp,&(arr)[tmp2int32]); \ 152 } 153 154 /* This tries to get the user password attribute from the entry. 155 It will try to return an encrypted password as it is used in /etc/passwd, 156 /etc/group or /etc/shadow depending upon what is in the directory. 157 This function will return NULL if no passwd is found and will return the 158 literal value in the directory if conversion is not possible. */ 159 void get_userpassword(struct berval *attr, struct berval *pw); 160 161 /* write out an address, parsing the addr value */ 162 int write_address(TFILE *fp,struct berval *addr); 163 164 /* a helper macro to write out addresses and bail out on errors */ 165 #define WRITE_ADDRESS(fp,addr) \ 166 if (write_address(fp,addr)) \ 167 return -1; 168 169 /* read an address from the stream */ 170 int read_address(TFILE *fp,char *addr,int *addrlen,int *af); 171 172 /* helper macro to read an address from the stream */ 173 #define READ_ADDRESS(fp,addr,len,af) \ 174 len=(int)sizeof(addr); \ 175 if (read_address(fp,addr,&(len),&(af))) \ 176 return -1; 177 178 /* checks to see if the specified string is a valid username */ 179 int isvalidusername(struct berval *name); 180 181 /* transforms the DN into a uid doing an LDAP lookup if needed */ 182 int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid); 183 184 /* transforms the uid into a DN by doing an LDAP lookup */ 185 int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn); 186 int nssov_name2dn_cb(Operation *op, SlapReply *rs); 187 188 /* Escapes characters in a string for use in a search filter. */ 189 int nssov_escape(struct berval *src,struct berval *dst); 190 191 int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf); 192 int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf); 193 194 void nssov_alias_init(nssov_info *ni); 195 void nssov_ether_init(nssov_info *ni); 196 void nssov_group_init(nssov_info *ni); 197 void nssov_host_init(nssov_info *ni); 198 void nssov_netgroup_init(nssov_info *ni); 199 void nssov_network_init(nssov_info *ni); 200 void nssov_passwd_init(nssov_info *ni); 201 void nssov_protocol_init(nssov_info *ni); 202 void nssov_rpc_init(nssov_info *ni); 203 void nssov_service_init(nssov_info *ni); 204 void nssov_shadow_init(nssov_info *ni); 205 206 int nssov_pam_init(void); 207 208 /* these are the different functions that handle the database 209 specific actions, see nslcd.h for the action descriptions */ 210 int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op); 211 int nssov_alias_all(nssov_info *ni,TFILE *fp,Operation *op); 212 int nssov_ether_byname(nssov_info *ni,TFILE *fp,Operation *op); 213 int nssov_ether_byether(nssov_info *ni,TFILE *fp,Operation *op); 214 int nssov_ether_all(nssov_info *ni,TFILE *fp,Operation *op); 215 int nssov_group_byname(nssov_info *ni,TFILE *fp,Operation *op); 216 int nssov_group_bygid(nssov_info *ni,TFILE *fp,Operation *op); 217 int nssov_group_bymember(nssov_info *ni,TFILE *fp,Operation *op); 218 int nssov_group_all(nssov_info *ni,TFILE *fp,Operation *op); 219 int nssov_host_byname(nssov_info *ni,TFILE *fp,Operation *op); 220 int nssov_host_byaddr(nssov_info *ni,TFILE *fp,Operation *op); 221 int nssov_host_all(nssov_info *ni,TFILE *fp,Operation *op); 222 int nssov_netgroup_byname(nssov_info *ni,TFILE *fp,Operation *op); 223 int nssov_network_byname(nssov_info *ni,TFILE *fp,Operation *op); 224 int nssov_network_byaddr(nssov_info *ni,TFILE *fp,Operation *op); 225 int nssov_network_all(nssov_info *ni,TFILE *fp,Operation *op); 226 int nssov_passwd_byname(nssov_info *ni,TFILE *fp,Operation *op); 227 int nssov_passwd_byuid(nssov_info *ni,TFILE *fp,Operation *op); 228 int nssov_passwd_all(nssov_info *ni,TFILE *fp,Operation *op); 229 int nssov_protocol_byname(nssov_info *ni,TFILE *fp,Operation *op); 230 int nssov_protocol_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 231 int nssov_protocol_all(nssov_info *ni,TFILE *fp,Operation *op); 232 int nssov_rpc_byname(nssov_info *ni,TFILE *fp,Operation *op); 233 int nssov_rpc_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 234 int nssov_rpc_all(nssov_info *ni,TFILE *fp,Operation *op); 235 int nssov_service_byname(nssov_info *ni,TFILE *fp,Operation *op); 236 int nssov_service_bynumber(nssov_info *ni,TFILE *fp,Operation *op); 237 int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op); 238 int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op); 239 int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op); 240 int pam_authc(nssov_info *ni,TFILE *fp,Operation *op); 241 int pam_authz(nssov_info *ni,TFILE *fp,Operation *op); 242 int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op); 243 int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op); 244 int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op); 245 246 /* config initialization */ 247 #define NSSOV_INIT(db) \ 248 void nssov_##db##_init(nssov_info *ni) \ 249 { \ 250 nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \ 251 int i; \ 252 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \ 253 i++; \ 254 mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \ 255 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \ 256 mi->mi_attrs[i].an_name = db##_keys[i]; \ 257 mi->mi_attrs[i].an_desc = NULL; \ 258 } \ 259 mi->mi_scope = LDAP_SCOPE_DEFAULT; \ 260 mi->mi_filter0 = db##_filter; \ 261 ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \ 262 mi->mi_filter = db##_filter; \ 263 mi->mi_attrkeys = db##_keys; \ 264 BER_BVZERO(&mi->mi_base); \ 265 } 266 267 /* param structure for search callback */ 268 #define NSSOV_CBPRIV(db,parms) \ 269 typedef struct nssov_##db##_cbp { \ 270 nssov_mapinfo *mi; \ 271 TFILE *fp; \ 272 Operation *op; \ 273 parms \ 274 } nssov_##db##_cbp 275 276 /* callback for writing search results */ 277 #define NSSOV_CB(db) \ 278 static int nssov_##db##_cb(Operation *op, SlapReply *rs) \ 279 { \ 280 if ( rs->sr_type == REP_SEARCH ) { \ 281 nssov_##db##_cbp *cbp = op->o_callback->sc_private; \ 282 if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \ 283 } \ 284 return LDAP_SUCCESS; \ 285 } \ 286 287 /* macro for generating service handling code */ 288 #define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \ 289 int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \ 290 { \ 291 /* define common variables */ \ 292 int32_t tmpint32; \ 293 int rc; \ 294 nssov_##db##_cbp cbp; \ 295 slap_callback cb = {0}; \ 296 SlapReply rs = {REP_RESULT}; \ 297 cbp.mi = &ni->ni_maps[NM_##db]; \ 298 cbp.fp = fp; \ 299 cbp.op = op; \ 300 /* read request parameters */ \ 301 readfn; \ 302 /* log call */ \ 303 logcall; \ 304 /* write the response header */ \ 305 WRITE_INT32(fp,NSLCD_VERSION); \ 306 WRITE_INT32(fp,action); \ 307 /* prepare the search filter */ \ 308 if (mkfilter) \ 309 { \ 310 Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \ 311 return -1; \ 312 } \ 313 cb.sc_private = &cbp; \ 314 op->o_callback = &cb; \ 315 cb.sc_response = nssov_##db##_cb; \ 316 slap_op_time( &op->o_time, &op->o_tincr ); \ 317 op->o_req_dn = cbp.mi->mi_base; \ 318 op->o_req_ndn = cbp.mi->mi_base; \ 319 op->ors_scope = cbp.mi->mi_scope; \ 320 op->ors_filterstr = filter; \ 321 op->ors_filter = str2filter_x( op, filter.bv_val ); \ 322 op->ors_attrs = cbp.mi->mi_attrs; \ 323 op->ors_tlimit = SLAP_NO_LIMIT; \ 324 op->ors_slimit = SLAP_NO_LIMIT; \ 325 /* do the internal search */ \ 326 op->o_bd->be_search( op, &rs ); \ 327 filter_free_x( op, op->ors_filter, 1 ); \ 328 WRITE_INT32(fp,NSLCD_RESULT_END); \ 329 return 0; \ 330 } 331 332 #endif /* NSSOV_H */ 333