Makefile- acl.c
- acl.h
- acldata.c
- acldata.h
- auth.c
- auth.h
- config.c
- config.h
- configmanager.c
- configmanager.h
- error.c
- error.h
- event.c
- event.h
- event_bsd.c
- event_bsd.h
- event_linux.c
- event_linux.h
- event_solaris.c
- event_solaris.h
- func.c
- func.h
- http.c
- http.h
- httplistener.c
- httplistener.h
- httpparser.c
- httpparser.h
- httprequest.c
- httprequest.h
- keyfile_auth.c
- keyfile_auth.h
- ldap_auth.c
- ldap_auth.h
- ldap_resource.c
- ldap_resource.h
- log.c
- log.h
- main.c
- netsite.h
- objs.mk
- protocol.c
- protocol.h
- request.c
- request.h
- resourcepool.c
- resourcepool.h
- session.c
- session.h
- sessionhandler.c
- sessionhandler.h
- srvctrl.c
- srvctrl.h
- threadpools.c
- threadpools.h
- vfs.c
- vfs.h
- vserver.c
- vserver.h
- webserver.c
- webserver.h
- websocket.c
- websocket.h
- ws-fn.c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright 2023 Olaf Wintermann. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef __gnu_linux__
#define _GNU_SOURCE
#endif
#include "ldap_resource.h"
#include "../util/util.h"
static ResourceType ldap_resource_type = {
(resource_pool_init_func)ldap_resourcepool_init,
(resource_pool_destroy_func)ldap_resourcepool_destroy,
(resource_pool_createresource_func)ldap_resourcepool_createresource,
(resource_pool_freeresource_func)ldap_resourcepool_freeresource,
(resource_pool_prepare_func)ldap_resourcepool_prepare,
(resource_pool_finish_func)ldap_resourcepool_finish,
(resource_pool_getresourcedata_func)ldap_resourcepool_getresourcedata
};
ResourceType* ldap_get_resource_type(void) {
return &ldap_resource_type;
}
LDAP* ws_ldap_resource_create_connection(
const char *hostname,
int port,
int ssl,
int ldap_version)
{
LDAP *ld = NULL;
#ifdef SOLARIS
ld = ldap_init(config->hostname, config->port);
#else
char *ldap_uri = NULL;
asprintf(&ldap_uri, "ldap://%s:%d", hostname, port);
ld = ws_ldap_resource_create_uri_connection(ldap_uri, ldap_version);
free(ldap_uri);
#endif
if(ld) {
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
}
return ld;
}
LDAP* ws_ldap_resource_create_uri_connection(
const char *uri,
int ldap_version)
{
#ifdef SOLARIS
log_ereport(LOG_FAILURE, "ldap_resource_create_connection_uri is not implemented on Solaris yet");
return NULL;
#else
LDAP *ld = NULL;
int init_ret = ldap_initialize(&ld, uri);
if(init_ret) {
log_ereport(
LOG_FAILURE,
"ldap_resource_create_connection failed: uri: %s",
uri);
}
return ld;
#endif
}
void ws_ldap_close(LDAP *ldap) {
#ifdef SOLARIS
ldap_unbind(ldap);
#else
ldap_unbind_ext_s(ldap, NULL, NULL);
#endif
}
/*
* Validates settings from the pb pblock
* and creates an LDAPResourcePool object
*
* LDAPResourcePool contains all settings necessary for creating
* ldap connections.
*/
void * ldap_resourcepool_init(pool_handle_t *pool, const char *rpname, pblock *pb) {
char *ldap_uri = pblock_findval("Uri", pb);
char *host = pblock_findval("Host", pb);
char *port = pblock_findval("Port", pb);
char *binddn = pblock_findval("Binddn", pb);
char *bindpw = pblock_findval("Bindpw", pb);
char *bind = pblock_findval("Bind", pb);
log_ereport(
LOG_INFORM,
"create ldap resource pool: name=%s : %s%s%s%s : binddn=%s",
rpname,
ldap_uri ? "uri=" : "host=",
ldap_uri ? ldap_uri : host,
ldap_uri || !port ? "" : ":",
!port ? "" : port,
binddn ? binddn : "''''");
if(!ldap_uri && !host) {
log_ereport(LOG_MISCONFIG, "Resource pool %s: No host or ldap uri specified", rpname);
return NULL;
}
if(ldap_uri && host) {
log_ereport(LOG_MISCONFIG, "Resource pool %s: Either Uri or Host must be specified, not both", rpname);
return NULL;
}
int64_t port_i = 0;
if(host) {
if(port) {
if(util_strtoint(port, &port_i)) {
if(port_i < 1 || port_i > 65535) {
log_ereport(LOG_MISCONFIG, "Resource pool %s: Port %s is out of range", rpname, port);
}
} else {
log_ereport(LOG_MISCONFIG, "Resource pool %s: Port ''%s'' is not a valid number", rpname, port);
}
} else {
port_i = LDAP_PORT;
}
}
LDAPResourcePool *ldap_pool = pool_malloc(pool, sizeof(LDAPResourcePool));
if(!ldap_pool) {
return NULL;
}
ldap_pool->name = rpname;
ldap_pool->pool = pool;
ldap_pool->ldap_uri = ldap_uri;
ldap_pool->host = host;
ldap_pool->port = (int)port_i;
ldap_pool->binddn = binddn;
ldap_pool->bindpw = bindpw;
WSBool bind_def = binddn != NULL;
ldap_pool->bind = bind ? util_getboolean(bind, bind_def) : bind_def;
return ldap_pool;
}
void ldap_resourcepool_destroy(LDAPResourcePool *pool) {
// unused
}
void * ldap_resourcepool_createresource(LDAPResourcePool *respool) {
LDAP *ldap = NULL;
if(respool->ldap_uri) {
ldap = ws_ldap_resource_create_uri_connection(respool->ldap_uri, LDAP_VERSION3);
} else {
ldap = ws_ldap_resource_create_connection(respool->host, respool->port, FALSE, LDAP_VERSION3);
}
if(!ldap) {
log_ereport(
LOG_FAILURE,
"resource pool %s: %s: cannot create LDAP session",
respool->name,
respool->ldap_uri ? respool->ldap_uri : respool->host);
return NULL;
}
if(respool->bind) {
struct berval *server_cred;
int r = ldap_resource_bind(respool, ldap, &server_cred);
if(r != LDAP_SUCCESS) {
log_ereport(LOG_FAILURE, "resource pool %s: bind failed: %s", respool->name, ldap_err2string(r));
ws_ldap_close(ldap);
return NULL;
}
}
LDAPResource *res = pool_malloc(respool->pool, sizeof(LDAPResource));
if(!res) {
ws_ldap_close(ldap);
log_ereport(LOG_CATASTROPHE, "ldap_resourcepool_createresource: OOM");
return NULL;
}
res->ldap = ldap;
res->res_pool = respool;
return res;
}
void ldap_resourcepool_freeresource(LDAPResourcePool *pool, LDAPResource *res) {
if(res->ldap) {
ws_ldap_close(res->ldap);
}
pool_free(pool->pool, res);
}
int ldap_resourcepool_prepare(LDAPResourcePool *pool, LDAPResource *res) {
// unused
return 0;
}
int ldap_resourcepool_finish(LDAPResourcePool *pool, LDAPResource *res) {
// unused
return 0;
}
void * ldap_resourcepool_getresourcedata(LDAPResource *res) {
return res->ldap;
}
int ldap_resource_bind(LDAPResourcePool *respool, LDAP *ldap, struct berval **server_cred) {
if(!respool->binddn) {
return -1;
}
return ws_ldap_bind(ldap, respool->binddn, respool->bindpw, server_cred);
}
int ws_ldap_bind(LDAP *ldap, const char *binddn, const char *bindpw, struct berval **server_cred) {
struct berval cred;
cred.bv_val = (char*)bindpw;
cred.bv_len = strlen(cred.bv_val);
return ldap_sasl_bind_s(
ldap,
binddn,
LDAP_SASL_SIMPLE,
&cred,
NULL,
NULL,
server_cred);
}