GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/ldapd/ldapd.h Lines: 0 1 0.0 %
Date: 2017-11-13 Branches: 0 4 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ldapd.h,v 1.28 2017/02/24 14:28:31 gsoares Exp $ */
2
3
/*
4
 * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18
19
#ifndef _LDAPD_H
20
#define _LDAPD_H
21
22
#include <sys/queue.h>
23
#include <sys/socket.h>
24
#include <sys/tree.h>
25
#include <sys/types.h>
26
#include <sys/uio.h>
27
28
#include <event.h>
29
#include <imsg.h>
30
#include <limits.h>
31
#include <pwd.h>
32
#include <stdarg.h>
33
#include <tls.h>
34
35
#include "aldap.h"
36
#include "schema.h"
37
#include "btree.h"
38
#include "imsgev.h"
39
#include "evbuffer_tls.h"
40
41
#define CONFFILE		 "/etc/ldapd.conf"
42
#define LDAPD_USER		 "_ldapd"
43
#define LDAPD_SOCKET		 "/var/run/ldapd.sock"
44
#define DATADIR			 "/var/db/ldap"
45
#define LDAP_PORT		 389
46
#define LDAPS_PORT		 636
47
#define LDAPD_SESSION_TIMEOUT	 30
48
#define MAX_LISTEN		 64
49
#define FD_RESERVE		 8 /* 5 overhead, 2 for db, 1 accept */
50
51
#define F_STARTTLS		 0x01
52
#define F_LDAPS			 0x02
53
#define F_SSL			(F_LDAPS|F_STARTTLS)
54
55
#define F_SECURE		 0x04
56
57
#define F_SCERT			 0x01
58
59
struct conn;
60
61
struct aci {
62
	SIMPLEQ_ENTRY(aci)	 entry;
63
#define ACI_DENY		 0
64
#define ACI_ALLOW		 1
65
	int			 type;
66
#define ACI_READ		 0x01
67
#define ACI_WRITE		 0x02
68
#define ACI_COMPARE		 0x04
69
#define ACI_CREATE		 0x08
70
#define ACI_BIND		 0x10
71
#define ACI_ALL			 0x1F
72
	int			 rights;
73
	enum scope		 scope;		/* base, onelevel or subtree */
74
	char			*attribute;
75
	char			*target;
76
	char			*subject;
77
	char			*filter;
78
};
79
SIMPLEQ_HEAD(acl, aci);
80
81
/* An LDAP request.
82
 */
83
struct request {
84
	TAILQ_ENTRY(request)	 next;
85
	unsigned long		 type;
86
	long long		 msgid;
87
	struct ber_element	*root;
88
	struct ber_element	*op;
89
	struct conn		*conn;
90
	int			 replayed;	/* true if replayed request */
91
};
92
TAILQ_HEAD(request_queue, request);
93
94
enum index_type {
95
	INDEX_NONE,
96
	INDEX_EQUAL	= 1,
97
	INDEX_APPROX	= 1,
98
	INDEX_PRESENCE	= 1,
99
	INDEX_SUBSTR
100
};
101
102
struct attr_index {
103
	TAILQ_ENTRY(attr_index)	 next;
104
	char			*attr;
105
	enum index_type		 type;
106
};
107
TAILQ_HEAD(attr_index_list, attr_index);
108
109
struct referral {
110
	SLIST_ENTRY(referral)	 next;
111
	char			*url;
112
};
113
SLIST_HEAD(referrals, referral);
114
115
struct namespace {
116
	TAILQ_ENTRY(namespace)	 next;
117
	char			*suffix;
118
	struct referrals	 referrals;
119
	char			*rootdn;
120
	char			*rootpw;
121
	char			*data_path;
122
	char			*indx_path;
123
	struct btree		*data_db;
124
	struct btree		*indx_db;
125
	struct btree_txn	*data_txn;
126
	struct btree_txn	*indx_txn;
127
	int			 sync;		/* 1 = fsync after commit */
128
	struct attr_index_list	 indices;
129
	unsigned int		 cache_size;
130
	unsigned int		 index_cache_size;
131
	struct request_queue	 request_queue;
132
	struct event		 ev_queue;
133
	unsigned int		 queued_requests;
134
	struct acl		 acl;
135
	int			 relax;		/* relax schema validation */
136
	int			 compression_level;	/* 0-9, 0 = disabled */
137
};
138
139
TAILQ_HEAD(namespace_list, namespace);
140
141
struct index
142
{
143
	TAILQ_ENTRY(index)	 next;
144
	char			*prefix;
145
};
146
147
/* A query plan.
148
 */
149
struct plan
150
{
151
	TAILQ_ENTRY(plan)	 next;
152
	TAILQ_HEAD(, plan)	 args;
153
	TAILQ_HEAD(, index)	 indices;
154
	struct attr_type	*at;
155
	char			*adesc;
156
	union {
157
		char			*value;
158
		struct ber_element	*substring;
159
	} assert;
160
	int			 op;
161
	int			 indexed;
162
	int			 undefined;
163
};
164
165
/* For OR filters using multiple indices, matches are not unique. Remember
166
 * all DNs sent to the client to make them unique.
167
 */
168
struct uniqdn {
169
	RB_ENTRY(uniqdn)	 link;
170
	struct btval		 key;
171
};
172
RB_HEAD(dn_tree, uniqdn);
173
RB_PROTOTYPE(dn_tree, uniqdn, link, uniqdn_cmp);
174
175
/* An LDAP search request.
176
 */
177
struct search {
178
	TAILQ_ENTRY(search)	 next;
179
	int			 init;		/* 1 if cursor initiated */
180
	struct conn		*conn;
181
	struct request		*req;
182
	struct namespace	*ns;
183
	struct btree_txn	*data_txn;
184
	struct btree_txn	*indx_txn;
185
	struct cursor		*cursor;
186
	unsigned int		 nscanned, nmatched, ndups;
187
	time_t			 started_at;
188
	long long		 szlim, tmlim;	/* size and time limits */
189
	int			 typesonly;	/* not implemented */
190
	long long		 scope;
191
	long long		 deref;		/* not implemented */
192
	char			*basedn;
193
	struct ber_element	*filter, *attrlist;
194
	struct plan		*plan;
195
	struct index		*cindx;		/* current index */
196
	struct dn_tree		 uniqdns;
197
};
198
199
struct listener {
200
	unsigned int		 flags;		/* F_STARTTLS or F_LDAPS */
201
	struct sockaddr_storage	 ss;
202
	int			 port;
203
	int			 fd;
204
	struct event		 ev;
205
	struct event		 evt;
206
	char			 ssl_cert_name[PATH_MAX];
207
	struct ssl		*ssl;
208
	struct tls		*tls;
209
	TAILQ_ENTRY(listener)	 entry;
210
};
211
TAILQ_HEAD(listenerlist, listener);
212
213
/* An LDAP client connection.
214
 */
215
struct conn {
216
	TAILQ_ENTRY(conn)	 next;
217
	int			 fd;
218
	struct bufferevent	*bev;
219
	struct ber		 ber;
220
	int			 disconnect;
221
	struct request		*bind_req;	/* ongoing bind request */
222
	char			*binddn;
223
	char			*pending_binddn;
224
	TAILQ_HEAD(, search)	 searches;
225
	struct listener		*listener;	/* where it connected from */
226
227
	/* SSL support */
228
	struct tls		*tls;
229
	struct buffertls	 buftls;
230
	unsigned int		 s_flags;
231
};
232
TAILQ_HEAD(conn_list, conn)	 conn_list;
233
234
struct ssl {
235
	SPLAY_ENTRY(ssl)	 ssl_nodes;
236
	char			 ssl_name[PATH_MAX];
237
	uint8_t			*ssl_cert;
238
	size_t			 ssl_cert_len;
239
	uint8_t			*ssl_key;
240
	size_t			 ssl_key_len;
241
	uint8_t			 flags;
242
	struct tls_config	*config;
243
};
244
245
struct ldapd_config
246
{
247
	struct namespace_list		 namespaces;
248
	struct listenerlist		 listeners;
249
	SPLAY_HEAD(ssltree, ssl)	*sc_ssl;
250
	struct referrals		 referrals;
251
	struct acl			 acl;
252
	struct schema			*schema;
253
	char				*rootdn;
254
	char				*rootpw;
255
};
256
257
struct ldapd_stats
258
{
259
	time_t			 started_at;	/* time of daemon startup */
260
	unsigned long long	 requests;	/* total number of requests */
261
	unsigned long long	 req_search;	/* search requests */
262
	unsigned long long	 req_bind;	/* bind requests */
263
	unsigned long long	 req_mod;	/* add/mod/del requests */
264
	unsigned long long	 timeouts;	/* search timeouts */
265
	unsigned long long	 unindexed;	/* unindexed searches */
266
	unsigned int		 conns;		/* active connections */
267
	unsigned int		 searches;	/* active searches */
268
};
269
270
struct auth_req
271
{
272
	int			 fd;
273
	long long		 msgid;
274
	char			 name[128];
275
	char			 password[128];
276
};
277
278
struct auth_res
279
{
280
	int			 ok;
281
	int			 fd;
282
	long long		 msgid;
283
};
284
285
struct open_req {
286
	char			 path[PATH_MAX+1];
287
	unsigned int		 rdonly;
288
};
289
290
enum imsg_type {
291
	IMSG_NONE,
292
	IMSG_CTL_OK,
293
	IMSG_CTL_FAIL,
294
	IMSG_CTL_END,
295
	IMSG_CTL_STATS,
296
	IMSG_CTL_NSSTATS,
297
	IMSG_CTL_LOG_VERBOSE,
298
299
	IMSG_LDAPD_AUTH,
300
	IMSG_LDAPD_AUTH_RESULT,
301
	IMSG_LDAPD_OPEN,
302
	IMSG_LDAPD_OPEN_RESULT,
303
};
304
305
struct ns_stat {
306
	char			 suffix[256];
307
	struct btree_stat	 data_stat;
308
	struct btree_stat	 indx_stat;
309
};
310
311
struct ctl_conn {
312
	TAILQ_ENTRY(ctl_conn)	 entry;
313
	u_int8_t		 flags;
314
#define CTL_CONN_NOTIFY		 0x01
315
#define CTL_CONN_LOCKED		 0x02		/* restricted mode */
316
	struct imsgev		 iev;
317
};
318
TAILQ_HEAD(ctl_connlist, ctl_conn);
319
extern  struct ctl_connlist ctl_conns;
320
321
322
struct control_sock {
323
	const char		*cs_name;
324
	struct event		 cs_ev;
325
	struct event		 cs_evt;
326
	int			 cs_fd;
327
	int			 cs_restricted;
328
};
329
330
enum ldapd_process {
331
	PROC_MAIN_AUTH,
332
	PROC_LDAP_SERVER
333
};
334
335
#define PROC_PARENT_SOCK_FILENO	 3
336
337
/* ldapd.c */
338
extern struct ldapd_stats	 stats;
339
extern struct ldapd_config	*conf;
340
341
void			 imsg_event_add(struct imsgev *iev);
342
int			 imsg_compose_event(struct imsgev *iev, u_int16_t type,
343
			    u_int32_t peerid, pid_t pid, int fd, void *data,
344
			    u_int16_t datalen);
345
int			 imsg_event_handle(struct imsgev *iev, short event);
346
347
/* conn.c */
348
extern struct conn_list	 conn_list;
349
struct conn		*conn_by_fd(int fd);
350
void			 conn_read(struct bufferevent *bev, void *data);
351
void			 conn_write(struct bufferevent *bev, void *data);
352
void			 conn_err(struct bufferevent *bev, short w, void *data);
353
void			 conn_accept(int fd, short why, void *data);
354
void			 conn_close(struct conn *conn);
355
int			 conn_close_any(void);
356
void			 conn_disconnect(struct conn *conn);
357
void			 request_dispatch(struct request *req);
358
void			 request_free(struct request *req);
359
360
/* ldape.c */
361
void			 ldape(int, int, char *);
362
int			 ldap_abandon(struct request *req);
363
int			 ldap_unbind(struct request *req);
364
int			 ldap_compare(struct request *req);
365
int			 ldap_extended(struct request *req);
366
367
void			 send_ldap_result(struct conn *conn, int msgid,
368
				unsigned long type, long long result_code);
369
int			 ldap_respond(struct request *req, int code);
370
int			 ldap_refer(struct request *req, const char *basedn,
371
			     struct search *search, struct referrals *refs);
372
373
/* namespace.c
374
 */
375
struct namespace	*namespace_new(const char *suffix);
376
int			 namespace_open(struct namespace *ns);
377
int			 namespace_reopen_data(struct namespace *ns);
378
int			 namespace_reopen_indx(struct namespace *ns);
379
int			 namespace_set_data_fd(struct namespace *ns, int fd);
380
int			 namespace_set_indx_fd(struct namespace *ns, int fd);
381
struct namespace	*namespace_init(const char *suffix, const char *dir);
382
void			 namespace_close(struct namespace *ns);
383
void			 namespace_remove(struct namespace *ns);
384
struct ber_element	*namespace_get(struct namespace *ns, char *dn);
385
int			 namespace_exists(struct namespace *ns, char *dn);
386
int			 namespace_add(struct namespace *ns, char *dn,
387
				struct ber_element *root);
388
int			 namespace_update(struct namespace *ns, char *dn,
389
				struct ber_element *root);
390
int			 namespace_del(struct namespace *ns, char *dn);
391
struct namespace	*namespace_lookup_base(const char *basedn,
392
				int include_referrals);
393
struct namespace	*namespace_for_base(const char *basedn);
394
int			 namespace_has_referrals(struct namespace *ns);
395
struct referrals	*namespace_referrals(const char *basedn);
396
int			 namespace_has_index(struct namespace *ns,
397
				const char *attr, enum index_type type);
398
int			 namespace_begin_txn(struct namespace *ns,
399
				struct btree_txn **data_txn,
400
				struct btree_txn **indx_txn, int rdonly);
401
int			 namespace_begin(struct namespace *ns);
402
int			 namespace_commit(struct namespace *ns);
403
void			 namespace_abort(struct namespace *ns);
404
int			 namespace_queue_request(struct namespace *ns,
405
				struct request *req);
406
void			 namespace_queue_schedule(struct namespace *ns,
407
				unsigned int usec);
408
void			 namespace_cancel_conn(struct conn *conn);
409
int			 namespace_conn_queue_count(struct conn *conn);
410
411
int			 namespace_ber2db(struct namespace *ns,
412
				struct ber_element *root, struct btval *val);
413
struct ber_element	*namespace_db2ber(struct namespace *ns,
414
				struct btval *val);
415
416
/* attributes.c */
417
struct ber_element	*ldap_get_attribute(struct ber_element *root,
418
				const char *attr);
419
struct ber_element	*ldap_find_attribute(struct ber_element *entry,
420
				struct attr_type *at);
421
struct ber_element	*ldap_find_value(struct ber_element *elm,
422
				const char *value);
423
struct ber_element	*ldap_add_attribute(struct ber_element *root,
424
				const char *attr, struct ber_element *vals);
425
int			 ldap_set_values(struct ber_element *elm,
426
				struct ber_element *vals);
427
int			 ldap_merge_values(struct ber_element *elm,
428
				struct ber_element *vals);
429
int			 ldap_del_attribute(struct ber_element *entry,
430
				const char *attrdesc);
431
int			 ldap_del_values(struct ber_element *elm,
432
				struct ber_element *vals);
433
char			*ldap_strftime(time_t tm);
434
char			*ldap_now(void);
435
436
/* control.c */
437
void			 control_init(struct control_sock *);
438
void			 control_listen(struct control_sock *);
439
void			 control_accept(int, short, void *);
440
void			 control_dispatch_imsg(int, short, void *);
441
void			 control_cleanup(struct control_sock *);
442
int			 control_close_any(struct control_sock *);
443
444
/* filter.c */
445
int			 ldap_matches_filter(struct ber_element *root,
446
				struct plan *plan);
447
448
/* search.c */
449
int			 ldap_search(struct request *req);
450
void			 conn_search(struct search *search);
451
void			 search_close(struct search *search);
452
int			 is_child_of(struct btval *key, const char *base);
453
454
/* modify.c */
455
int			 ldap_add(struct request *req);
456
int			 ldap_delete(struct request *req);
457
int			 ldap_modify(struct request *req);
458
459
/* auth.c */
460
extern struct imsgev	*iev_ldapd;
461
int			 ldap_bind(struct request *req);
462
void			 ldap_bind_continue(struct conn *conn, int ok);
463
int			 authorized(struct conn *conn, struct namespace *ns,
464
				int rights, char *dn, int scope);
465
466
/* parse.y */
467
int			 parse_config(char *filename);
468
int			 cmdline_symset(char *s);
469
int			 ssl_cmp(struct ssl *, struct ssl *);
470
SPLAY_PROTOTYPE(ssltree, ssl, ssl_nodes, ssl_cmp);
471
472
473
/* logmsg.c */
474
const char		*print_host(struct sockaddr_storage *ss, char *buf,
475
				size_t len);
476
void			 hexdump(void *data, size_t len, const char *fmt, ...);
477
void			 ldap_debug_elements(struct ber_element *root,
478
			    int context, const char *fmt, ...);
479
/* util.c */
480
int			 bsnprintf(char *str, size_t size,
481
				const char *format, ...);
482
int			 has_suffix(struct btval *key, const char *suffix);
483
int			 has_prefix(struct btval *key, const char *prefix);
484
void			 normalize_dn(char *dn);
485
int			 ber2db(struct ber_element *root, struct btval *val,
486
			    int compression_level);
487
struct ber_element	*db2ber(struct btval *val, int compression_level);
488
int			 accept_reserve(int sockfd, struct sockaddr *addr,
489
			    socklen_t *addrlen, int reserve);
490
491
/* index.c */
492
int			 index_entry(struct namespace *ns, struct btval *dn,
493
				struct ber_element *elm);
494
int			 unindex_entry(struct namespace *ns, struct btval *dn,
495
				struct ber_element *elm);
496
int			 index_to_dn(struct namespace *ns, struct btval *indx,
497
				struct btval *dn);
498
499
/* validate.c */
500
int	validate_entry(const char *dn, struct ber_element *entry, int relax);
501
502
#endif /* _LDAPD_H */
503