1 /* nssov.h - NSS overlay header file */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2008-2009 The OpenLDAP Foundation.
6 * Portions Copyright 2008 Howard Chu.
13 #define NSLCD_PATH "/var/run/nslcd"
17 #define NSLCD_SOCKET NSLCD_PATH "/socket"
23 #include "nslcd-common.h"
24 #include "common/tio.h"
25 #include "compat/attrs.h"
27 #undef PACKAGE_BUGREPORT
30 #undef PACKAGE_TARNAME
31 #undef PACKAGE_VERSION
35 #include <ac/string.h>
37 /* selectors for different maps */
38 enum nssov_map_selector
54 typedef struct nssov_mapinfo {
55 struct berval mi_base;
57 struct berval mi_filter0;
58 struct berval mi_filter;
59 struct berval *mi_attrkeys;
60 AttributeName *mi_attrs;
63 typedef struct nssov_info
65 /* search timelimit */
67 struct nssov_mapinfo ni_maps[NM_NONE];
72 /* PAM authz support... */
73 slap_mask_t ni_pam_opts;
74 struct berval ni_pam_group_dn;
75 AttributeDescription *ni_pam_group_ad;
78 AttributeDescription *ni_pam_template_ad;
79 struct berval ni_pam_template;
80 struct berval ni_pam_defhost;
81 struct berval *ni_pam_sessions;
84 #define NI_PAM_USERHOST 1 /* old style host checking */
85 #define NI_PAM_USERSVC 2 /* old style service checking */
86 #define NI_PAM_USERGRP 4 /* old style group checking */
87 #define NI_PAM_HOSTSVC 8 /* new style authz checking */
88 #define NI_PAM_SASL2DN 0x10 /* use sasl2dn */
89 #define NI_PAM_UID2DN 0x20 /* use uid2dn */
91 #define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
92 #define NI_PAM_NEW NI_PAM_HOSTSVC
94 extern AttributeDescription *nssov_pam_host_ad;
95 extern AttributeDescription *nssov_pam_svc_ad;
97 /* Read the default configuration file. */
98 void nssov_cfg_init(nssov_info *ni,const char *fname);
100 /* macros for basic read and write operations, the following
101 ERROR_OUT* marcos define the action taken on errors
102 the stream is not closed because the caller closes the
105 #define ERROR_OUT_WRITEERROR(fp) \
106 Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \
109 #define ERROR_OUT_READERROR(fp) \
110 Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \
113 #define ERROR_OUT_BUFERROR(fp) \
114 Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \
117 #define WRITE_BERVAL(fp,bv) \
118 DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \
125 WRITE_INT32(fp,(bv)->bv_len); \
127 { WRITE(fp,(bv)->bv_val,tmpint32); } \
130 #define WRITE_BVARRAY(fp,arr) \
131 /* first determine length of array */ \
132 for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \
134 /* write number of strings */ \
135 DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \
136 WRITE_TYPE(fp,tmp3int32,int32_t); \
137 /* write strings */ \
138 for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \
140 WRITE_BERVAL(fp,&(arr)[tmp2int32]); \
143 /* This tries to get the user password attribute from the entry.
144 It will try to return an encrypted password as it is used in /etc/passwd,
145 /etc/group or /etc/shadow depending upon what is in the directory.
146 This function will return NULL if no passwd is found and will return the
147 literal value in the directory if conversion is not possible. */
148 void get_userpassword(struct berval *attr, struct berval *pw);
150 /* write out an address, parsing the addr value */
151 int write_address(TFILE *fp,struct berval *addr);
153 /* a helper macro to write out addresses and bail out on errors */
154 #define WRITE_ADDRESS(fp,addr) \
155 if (write_address(fp,addr)) \
158 /* read an address from the stream */
159 int read_address(TFILE *fp,char *addr,int *addrlen,int *af);
161 /* helper macro to read an address from the stream */
162 #define READ_ADDRESS(fp,addr,len,af) \
163 len=(int)sizeof(addr); \
164 if (read_address(fp,addr,&(len),&(af))) \
167 /* checks to see if the specified string is a valid username */
168 int isvalidusername(struct berval *name);
170 /* transforms the DN into a uid doing an LDAP lookup if needed */
171 int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid);
173 /* transforms the uid into a DN by doing an LDAP lookup */
174 int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn);
175 int nssov_name2dn_cb(Operation *op, SlapReply *rs);
177 /* Escapes characters in a string for use in a search filter. */
178 int nssov_escape(struct berval *src,struct berval *dst);
180 int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf);
181 int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf);
183 void nssov_alias_init(nssov_info *ni);
184 void nssov_ether_init(nssov_info *ni);
185 void nssov_group_init(nssov_info *ni);
186 void nssov_host_init(nssov_info *ni);
187 void nssov_netgroup_init(nssov_info *ni);
188 void nssov_network_init(nssov_info *ni);
189 void nssov_passwd_init(nssov_info *ni);
190 void nssov_protocol_init(nssov_info *ni);
191 void nssov_rpc_init(nssov_info *ni);
192 void nssov_service_init(nssov_info *ni);
193 void nssov_shadow_init(nssov_info *ni);
195 int nssov_pam_init(void);
197 /* these are the different functions that handle the database
198 specific actions, see nslcd.h for the action descriptions */
199 int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op);
200 int nssov_alias_all(nssov_info *ni,TFILE *fp,Operation *op);
201 int nssov_ether_byname(nssov_info *ni,TFILE *fp,Operation *op);
202 int nssov_ether_byether(nssov_info *ni,TFILE *fp,Operation *op);
203 int nssov_ether_all(nssov_info *ni,TFILE *fp,Operation *op);
204 int nssov_group_byname(nssov_info *ni,TFILE *fp,Operation *op);
205 int nssov_group_bygid(nssov_info *ni,TFILE *fp,Operation *op);
206 int nssov_group_bymember(nssov_info *ni,TFILE *fp,Operation *op);
207 int nssov_group_all(nssov_info *ni,TFILE *fp,Operation *op);
208 int nssov_host_byname(nssov_info *ni,TFILE *fp,Operation *op);
209 int nssov_host_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
210 int nssov_host_all(nssov_info *ni,TFILE *fp,Operation *op);
211 int nssov_netgroup_byname(nssov_info *ni,TFILE *fp,Operation *op);
212 int nssov_network_byname(nssov_info *ni,TFILE *fp,Operation *op);
213 int nssov_network_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
214 int nssov_network_all(nssov_info *ni,TFILE *fp,Operation *op);
215 int nssov_passwd_byname(nssov_info *ni,TFILE *fp,Operation *op);
216 int nssov_passwd_byuid(nssov_info *ni,TFILE *fp,Operation *op);
217 int nssov_passwd_all(nssov_info *ni,TFILE *fp,Operation *op);
218 int nssov_protocol_byname(nssov_info *ni,TFILE *fp,Operation *op);
219 int nssov_protocol_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
220 int nssov_protocol_all(nssov_info *ni,TFILE *fp,Operation *op);
221 int nssov_rpc_byname(nssov_info *ni,TFILE *fp,Operation *op);
222 int nssov_rpc_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
223 int nssov_rpc_all(nssov_info *ni,TFILE *fp,Operation *op);
224 int nssov_service_byname(nssov_info *ni,TFILE *fp,Operation *op);
225 int nssov_service_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
226 int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op);
227 int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op);
228 int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op);
229 int pam_authc(nssov_info *ni,TFILE *fp,Operation *op);
230 int pam_authz(nssov_info *ni,TFILE *fp,Operation *op);
231 int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op);
232 int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op);
233 int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op);
235 /* config initialization */
236 #define NSSOV_INIT(db) \
237 void nssov_##db##_init(nssov_info *ni) \
239 nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \
241 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \
243 mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \
244 for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \
245 mi->mi_attrs[i].an_name = db##_keys[i]; \
246 mi->mi_attrs[i].an_desc = NULL; \
248 mi->mi_scope = LDAP_SCOPE_DEFAULT; \
249 mi->mi_filter0 = db##_filter; \
250 ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \
251 mi->mi_filter = db##_filter; \
252 mi->mi_attrkeys = db##_keys; \
253 BER_BVZERO(&mi->mi_base); \
256 /* param structure for search callback */
257 #define NSSOV_CBPRIV(db,parms) \
258 typedef struct nssov_##db##_cbp { \
265 /* callback for writing search results */
266 #define NSSOV_CB(db) \
267 static int nssov_##db##_cb(Operation *op, SlapReply *rs) \
269 if ( rs->sr_type == REP_SEARCH ) { \
270 nssov_##db##_cbp *cbp = op->o_callback->sc_private; \
271 if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \
273 return LDAP_SUCCESS; \
276 /* macro for generating service handling code */
277 #define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \
278 int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \
280 /* define common variables */ \
283 nssov_##db##_cbp cbp; \
284 slap_callback cb = {0}; \
285 SlapReply rs = {REP_RESULT}; \
286 cbp.mi = &ni->ni_maps[NM_##db]; \
289 /* read request parameters */ \
293 /* write the response header */ \
294 WRITE_INT32(fp,NSLCD_VERSION); \
295 WRITE_INT32(fp,action); \
296 /* prepare the search filter */ \
299 Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \
302 cb.sc_private = &cbp; \
303 op->o_callback = &cb; \
304 cb.sc_response = nssov_##db##_cb; \
305 slap_op_time( &op->o_time, &op->o_tincr ); \
306 op->o_req_dn = cbp.mi->mi_base; \
307 op->o_req_ndn = cbp.mi->mi_base; \
308 op->ors_scope = cbp.mi->mi_scope; \
309 op->ors_filterstr = filter; \
310 op->ors_filter = str2filter_x( op, filter.bv_val ); \
311 op->ors_attrs = cbp.mi->mi_attrs; \
312 op->ors_tlimit = SLAP_NO_LIMIT; \
313 op->ors_slimit = SLAP_NO_LIMIT; \
314 /* do the internal search */ \
315 op->o_bd->be_search( op, &rs ); \
316 filter_free_x( op, op->ors_filter, 1 ); \