root/source4/cldap_server/cldap_server.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. cldapd_request_handler
  2. cldapd_add_socket
  3. cldapd_startup_interfaces
  4. cldapd_task_init
  5. server_service_cldapd_init

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    CLDAP server task
   5 
   6    Copyright (C) Andrew Tridgell        2005
   7    
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12    
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17    
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 
  22 #include "includes.h"
  23 #include "libcli/ldap/ldap.h"
  24 #include "lib/socket/socket.h"
  25 #include "lib/messaging/irpc.h"
  26 #include "smbd/service_task.h"
  27 #include "smbd/service.h"
  28 #include "cldap_server/cldap_server.h"
  29 #include "system/network.h"
  30 #include "lib/socket/netif.h"
  31 #include "lib/ldb/include/ldb.h"
  32 #include "lib/ldb/include/ldb_errors.h"
  33 #include "dsdb/samdb/samdb.h"
  34 #include "ldb_wrap.h"
  35 #include "auth/auth.h"
  36 #include "param/param.h"
  37 
  38 /*
  39   handle incoming cldap requests
  40 */
  41 static void cldapd_request_handler(struct cldap_socket *cldap, 
     /* [<][>][^][v][top][bottom][index][help] */
  42                                    struct ldap_message *ldap_msg, 
  43                                    struct socket_address *src)
  44 {
  45         struct ldap_SearchRequest *search;
  46         if (ldap_msg->type != LDAP_TAG_SearchRequest) {
  47                 DEBUG(0,("Invalid CLDAP request type %d from %s:%d\n", 
  48                          ldap_msg->type, src->addr, src->port));
  49                 cldap_error_reply(cldap, ldap_msg->messageid, src,
  50                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP request");
  51                 return;
  52         }
  53 
  54         search = &ldap_msg->r.SearchRequest;
  55 
  56         if (strcmp("", search->basedn) != 0) {
  57                 DEBUG(0,("Invalid CLDAP basedn '%s' from %s:%d\n", 
  58                          search->basedn, src->addr, src->port));
  59                 cldap_error_reply(cldap, ldap_msg->messageid, src,
  60                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP basedn");
  61                 return;
  62         }
  63 
  64         if (search->scope != LDAP_SEARCH_SCOPE_BASE) {
  65                 DEBUG(0,("Invalid CLDAP scope %d from %s:%d\n", 
  66                          search->scope, src->addr, src->port));
  67                 cldap_error_reply(cldap, ldap_msg->messageid, src,
  68                                   LDAP_OPERATIONS_ERROR, "Invalid CLDAP scope");
  69                 return;
  70         }
  71 
  72         if (search->num_attributes == 1 &&
  73             strcasecmp(search->attributes[0], "netlogon") == 0) {
  74                 cldapd_netlogon_request(cldap, ldap_msg->messageid,
  75                                         search->tree, src);
  76                 return;
  77         }
  78 
  79         cldapd_rootdse_request(cldap, ldap_msg->messageid,
  80                                search, src);
  81 }
  82 
  83 
  84 /*
  85   start listening on the given address
  86 */
  87 static NTSTATUS cldapd_add_socket(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
  88                                   const char *address)
  89 {
  90         struct cldap_socket *cldapsock;
  91         struct socket_address *socket_address;
  92         NTSTATUS status;
  93 
  94         /* listen for unicasts on the CLDAP port (389) */
  95         cldapsock = cldap_socket_init(cldapd, cldapd->task->event_ctx, lp_iconv_convenience(cldapd->task->lp_ctx));
  96         NT_STATUS_HAVE_NO_MEMORY(cldapsock);
  97 
  98         socket_address = socket_address_from_strings(cldapsock, cldapsock->sock->backend_name, 
  99                                                      address, lp_cldap_port(lp_ctx));
 100         if (!socket_address) {
 101                 talloc_free(cldapsock);
 102                 return NT_STATUS_NO_MEMORY;
 103         }
 104 
 105         status = socket_listen(cldapsock->sock, socket_address, 0, 0);
 106         if (!NT_STATUS_IS_OK(status)) {
 107                 DEBUG(0,("Failed to bind to %s:%d - %s\n", 
 108                          address, lp_cldap_port(lp_ctx), nt_errstr(status)));
 109                 talloc_free(cldapsock);
 110                 return status;
 111         }
 112 
 113         talloc_free(socket_address);
 114 
 115         cldap_set_incoming_handler(cldapsock, cldapd_request_handler, cldapd);
 116 
 117         return NT_STATUS_OK;
 118 }
 119 
 120 
 121 /*
 122   setup our listening sockets on the configured network interfaces
 123 */
 124 static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 125                                           struct interface *ifaces)
 126 {
 127         int num_interfaces;
 128         TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
 129         NTSTATUS status;
 130         int i;
 131 
 132         num_interfaces = iface_count(ifaces);
 133 
 134         /* if we are allowing incoming packets from any address, then
 135            we need to bind to the wildcard address */
 136         if (!lp_bind_interfaces_only(lp_ctx)) {
 137                 status = cldapd_add_socket(cldapd, lp_ctx, "0.0.0.0");
 138                 NT_STATUS_NOT_OK_RETURN(status);
 139         }
 140 
 141         /* now we have to also listen on the specific interfaces,
 142            so that replies always come from the right IP */
 143         for (i=0; i<num_interfaces; i++) {
 144                 const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
 145                 status = cldapd_add_socket(cldapd, lp_ctx, address);
 146                 NT_STATUS_NOT_OK_RETURN(status);
 147         }
 148 
 149         talloc_free(tmp_ctx);
 150 
 151         return NT_STATUS_OK;
 152 }
 153 
 154 /*
 155   startup the cldapd task
 156 */
 157 static void cldapd_task_init(struct task_server *task)
     /* [<][>][^][v][top][bottom][index][help] */
 158 {
 159         struct cldapd_server *cldapd;
 160         NTSTATUS status;
 161         struct interface *ifaces;
 162         
 163         load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces);
 164 
 165         if (iface_count(ifaces) == 0) {
 166                 task_server_terminate(task, "cldapd: no network interfaces configured");
 167                 return;
 168         }
 169 
 170         switch (lp_server_role(task->lp_ctx)) {
 171         case ROLE_STANDALONE:
 172                 task_server_terminate(task, "cldap_server: no CLDAP server required in standalone configuration");
 173                 return;
 174         case ROLE_DOMAIN_MEMBER:
 175                 task_server_terminate(task, "cldap_server: no CLDAP server required in member server configuration");
 176                 return;
 177         case ROLE_DOMAIN_CONTROLLER:
 178                 /* Yes, we want an CLDAP server */
 179                 break;
 180         }
 181 
 182         task_server_set_title(task, "task[cldapd]");
 183 
 184         cldapd = talloc(task, struct cldapd_server);
 185         if (cldapd == NULL) {
 186                 task_server_terminate(task, "cldapd: out of memory");
 187                 return;
 188         }
 189 
 190         cldapd->task = task;
 191         cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx));
 192         if (cldapd->samctx == NULL) {
 193                 task_server_terminate(task, "cldapd failed to open samdb");
 194                 return;
 195         }
 196 
 197         /* start listening on the configured network interfaces */
 198         status = cldapd_startup_interfaces(cldapd, task->lp_ctx, ifaces);
 199         if (!NT_STATUS_IS_OK(status)) {
 200                 task_server_terminate(task, "cldapd failed to setup interfaces");
 201                 return;
 202         }
 203 
 204         irpc_add_name(task->msg_ctx, "cldap_server");
 205 }
 206 
 207 
 208 /*
 209   register ourselves as a available server
 210 */
 211 NTSTATUS server_service_cldapd_init(void)
     /* [<][>][^][v][top][bottom][index][help] */
 212 {
 213         return register_server_service("cldap", cldapd_task_init);
 214 }

/* [<][>][^][v][top][bottom][index][help] */