From bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 9 Sep 2014 18:07:48 +0200
Subject: Add OpenSSL-Support (Client<->Proxy)

---
 proxy.c | 78 +++++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 40 insertions(+), 38 deletions(-)

(limited to 'proxy.c')

diff --git a/proxy.c b/proxy.c
index 5bd9541..c888c2f 100644
--- a/proxy.c
+++ b/proxy.c
@@ -51,12 +51,12 @@ static struct string str_ADUSER;
 
 //
 
-static int proxy_clientBindRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen);
-static int proxy_serverBindResponse(epoll_server_t *server, const unsigned long messageId, const size_t offset, const size_t maxLen);
-static int proxy_clientSearchRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen);
-static int proxy_serverSearchResult(epoll_server_t *server, const unsigned long messageId, const unsigned long type, const size_t offset, const size_t maxLen);
+static BOOL proxy_clientBindRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen);
+static BOOL proxy_serverBindResponse(epoll_server_t *server, const unsigned long messageId, const size_t offset, const size_t maxLen);
+static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen);
+static BOOL proxy_serverSearchResult(epoll_server_t *server, const unsigned long messageId, const unsigned long type, const size_t offset, const size_t maxLen);
 
-static int proxy_localSearchRequest(epoll_client_t *client, const unsigned long messageId, const struct SearchRequest *req);
+static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long messageId, const struct SearchRequest *req);
 
 //
 
@@ -97,12 +97,12 @@ void proxy_init()
 }
 #undef SETSTR
 
-int proxy_fromClient(epoll_client_t *client, const size_t maxLen)
+BOOL proxy_fromClient(epoll_client_t *client, const size_t maxLen)
 {
 	unsigned long messageId, op;
 	size_t len;
 	const size_t res = scan_ldapmessage(client->readBuffer, client->readBuffer + maxLen, &messageId, &op, &len);
-	if (res == 0) return -1;
+	if (res == 0) return FALSE;
 	printf("[C] scan_ldapmessage: Consumed %d, remaining length %d, id %lu, op %lu\n", (int)res, (int)len, messageId, op);
 	// TODO: Caching
 	switch (op) {
@@ -111,9 +111,9 @@ int proxy_fromClient(epoll_client_t *client, const size_t maxLen)
 	case SearchRequest:
 		return proxy_clientSearchRequest(client, messageId, res, maxLen);
 	case UnbindRequest:
-		return 0;
+		return TRUE;
 	}
-	return 0;
+	return TRUE;
 }
 
 void proxy_removeClient(const epoll_client_t *client)
@@ -126,12 +126,12 @@ void proxy_removeClient(const epoll_client_t *client)
 	_pendingCount = lastValid + 1;
 }
 
-int proxy_fromServer(epoll_server_t *server, const size_t maxLen)
+BOOL proxy_fromServer(epoll_server_t *server, const size_t maxLen)
 {
 	unsigned long messageId, op;
 	size_t len;
 	const size_t res = scan_ldapmessage(server->readBuffer, server->readBuffer + maxLen, &messageId, &op, &len);
-	if (res == 0) return -1;
+	if (res == 0) return FALSE;
 	printf("[AD] scan_ldapmessage: Consumed %d, remaining length %d, id %lu, op %lu\n", (int)res, (int)len, messageId, op);
 	switch (op) {
 	case BindResponse:
@@ -141,7 +141,7 @@ int proxy_fromServer(epoll_server_t *server, const size_t maxLen)
 		return proxy_serverSearchResult(server, messageId, op, res, maxLen);
 	}
 	printf("Unsupported op: %lu\n", op);
-	return -1;
+	return FALSE;
 }
 
 //
@@ -491,15 +491,15 @@ static struct PartialAttributeList* response_addPal(struct PartialAttributeList
 
 // -----
 
-static int proxy_clientSearchRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen)
+static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen)
 {
 	struct SearchRequest req;
 	const size_t res = scan_ldapsearchrequest(client->readBuffer + offset, client->readBuffer + maxLen, &req);
-	if (res == 0) return -1;
+	if (res == 0) return FALSE;
 	server_t *server = server_getFromBase(&req.baseObject);
 	if (server == NULL) {
 		printf("scan_ldapsearchrequest: baseObj '%.*s' unknown.\n", (int)req.baseObject.l, req.baseObject.s);
-		return -1;
+		return FALSE;
 	}
 	printf("scan_ldapsearchrequest: baseObj: %.*s, scope: %d, derefAliases: %d\n", (int)req.baseObject.l, req.baseObject.s, req.scope, req.derefAliases);
 	// Try to figure out if this is a lookup for a user/multiple users, or something else (eg. group)
@@ -507,16 +507,17 @@ static int proxy_clientSearchRequest(epoll_client_t *client, const unsigned long
 		// Handle locally
 		printf("Handling local:\n");
 		helper_printfilter(req.filter);
-		const int ret = proxy_localSearchRequest(client, messageId, &req);
+		const BOOL ret = proxy_localSearchRequest(client, messageId, &req);
 		free_ldapsearchrequest(&req);
 		return ret;
 	}
-	//
+	// Forward
+	if (req.sizeLimit == 0 || req.sizeLimit > 500) req.sizeLimit = 500; // TODO: Magic value
 	pending_t *pending = proxy_getFreePendingSlot(client);
 	if (pending == NULL) {
 		printf("No more slots for pending requests\n");
 		free_ldapsearchrequest(&req);
-		return -1;
+		return FALSE;
 	}
 	if (req.attributes == NULL) {
 		memset(&pending->attr, -1, sizeof(pending->attr));
@@ -533,22 +534,23 @@ static int proxy_clientSearchRequest(epoll_client_t *client, const unsigned long
 	pending->serverMessageId = server_searchRequest(server, &req);
 	if (pending->serverMessageId == 0) {
 		// Failed to forward.. TODO: Fail client
+		printf("Failed to forward search request.\n");
 		pending->client = NULL;
 	}
 	free_ldapsearchrequest(&req);
 	//
-	if (pending->client == NULL) return -1;
-	return 0;
+	if (pending->client == NULL) return FALSE;
+	return TRUE;
 }
 
-static int proxy_serverSearchResult(epoll_server_t *server, const unsigned long messageId, const unsigned long type, const size_t offset, const size_t maxLen)
+static BOOL proxy_serverSearchResult(epoll_server_t *server, const unsigned long messageId, const unsigned long type, const size_t offset, const size_t maxLen)
 {
 	static char *bodyBuffer = NULL;
 	if (bodyBuffer == NULL) bodyBuffer = malloc(MAXMSGLEN);
 	pending_t *pending = proxy_getPendingFromServer(messageId);
 	if (pending == NULL) {
 		printf("No client matching server message id %lu\n", messageId);
-		return 0;
+		return TRUE;
 	}
 	printf("ServerID %lu -> ClientID %lu\n", messageId, pending->clientMessageId);
 	const char *body;
@@ -561,18 +563,18 @@ static int proxy_serverSearchResult(epoll_server_t *server, const unsigned long
 		// Transform reply
 		struct SearchResultEntry sre;
 		const size_t res = scan_ldapsearchresultentry(server->readBuffer + offset, server->readBuffer + maxLen, &sre);
-		if (res == 0) return -1;
+		if (res == 0) return FALSE;
 		response_replacePal(server->serverData, &sre.attributes, &pending->attr);
 		bodyLen = fmt_ldapsearchresultentry(NULL, &sre);
 		if (bodyLen == 0) {
 			printf("Error formatting ldapsearchresultentry after transformation\n");
 			free_ldapsearchresultentry(&sre);
-			return -1;
+			return FALSE;
 		}
 		if (bodyLen > MAXMSGLEN) {
 			printf("ldapsearchresultentry too large after transformation\n");
 			free_ldapsearchresultentry(&sre);
-			return -1;
+			return FALSE;
 		}
 		fmt_ldapsearchresultentry(bodyBuffer, &sre);
 		free_ldapsearchresultentry(&sre);
@@ -585,10 +587,10 @@ static int proxy_serverSearchResult(epoll_server_t *server, const unsigned long
 	client_send(pending->client, buffer, headerLen, TRUE);
 	client_send(pending->client, body, bodyLen, FALSE);
 	if (type == SearchResultDone) pending->client = NULL;
-	return 0;
+	return TRUE;
 }
 
-static int proxy_clientBindRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen)
+static BOOL proxy_clientBindRequest(epoll_client_t *client, const unsigned long messageId, const size_t offset, const size_t maxLen)
 {
 	unsigned long version, method;
 	struct string name, password;
@@ -596,7 +598,7 @@ static int proxy_clientBindRequest(epoll_client_t *client, const unsigned long m
 	char *bufoff = buffer + 100;
 	size_t bodyLen;
 	const size_t res = scan_ldapbindrequest(client->readBuffer + offset, client->readBuffer + maxLen, &version, &name, &method);
-	if (res == 0) return -1; // Parsing request failed
+	if (res == 0) return FALSE; // Parsing request failed
 	if (method != 0) {
 		// Other than simple bind - currently not supported
 		printf("Unsupported bind method: %lu\n", method);
@@ -628,41 +630,41 @@ static int proxy_clientBindRequest(epoll_client_t *client, const unsigned long m
 					// Request queued, client needs to wait
 					pending->clientMessageId = messageId;
 					pending->serverMessageId = smid;
-					return 0;
+					return TRUE;
 				}
 			}
 		}
 	}
 	const size_t headerLen = fmt_ldapmessage(NULL, messageId, BindResponse, bodyLen);
-	if (headerLen > 100) return -1; // Too long - don't care
+	if (headerLen > 100) return FALSE; // Too long - don't care
 	fmt_ldapmessage(bufoff - headerLen, messageId, BindResponse, bodyLen);
 	return client_send(client, bufoff - headerLen, bodyLen + headerLen, FALSE);
 }
 
-static int proxy_serverBindResponse(epoll_server_t *server, const unsigned long messageId, const size_t offset, const size_t maxLen)
+static BOOL proxy_serverBindResponse(epoll_server_t *server, const unsigned long messageId, const size_t offset, const size_t maxLen)
 {
 	unsigned long result;
 	struct string binddn, error, refer;
 	const size_t res = scan_ldapbindresponse(server->readBuffer + offset, server->readBuffer + maxLen, &result, &binddn, &error, &refer);
-	if (res == 0) return -1; // Parsing request failed
+	if (res == 0) return FALSE; // Parsing request failed
 	printf("scan_ldapbindresponse: Consumed %d, result: %lu, binddn: %.*s, error: %.*s, referral: %.*s\n", (int)res, result, (int)binddn.l, binddn.s, (int)error.l, error.s, (int)refer.l, refer.s);
 	if (result == success) server->bound = TRUE;
-	if (messageId <= 1) return 0;
+	if (messageId <= 1) return TRUE;
 	// Was a forwarded auth
 	pending_t *pending = proxy_getPendingFromServer(messageId);
-	if (pending == NULL) return 0;
+	if (pending == NULL) return FALSE;
 	const size_t headerLen = fmt_ldapmessage(NULL, pending->clientMessageId, BindResponse, res);
 	char buffer[headerLen];
 	fmt_ldapmessage(buffer, pending->clientMessageId, BindResponse, res);
 	client_send(pending->client, buffer, headerLen, TRUE);
-	client_send(pending->client, server->readBuffer + offset, maxLen, FALSE);
+	client_send(pending->client, server->readBuffer + offset, res, FALSE);
 	pending->client = NULL;
-	return -1;
+	return FALSE; // Return FALSE here so server.c will kill off this server connection
 }
 
 // ---- Local handling ----
 
-static int proxy_localSearchRequest(epoll_client_t *client, const unsigned long messageId, const struct SearchRequest *req)
+static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long messageId, const struct SearchRequest *req)
 {
 	struct string name;
 	uint32_t number = 2;
@@ -729,6 +731,6 @@ static int proxy_localSearchRequest(epoll_client_t *client, const unsigned long
 		fmt_ldapmessage(buffer, messageId, SearchResultDone, doneLen);
 		return client_send(client, buffer, doneHeaderLen + doneLen, FALSE);
 	}
-	return -1;
+	return FALSE;
 }
 
-- 
cgit v1.2.3-55-g7522