path: root/types.h

#ifndef _TYPES_H_
#define _TYPES_H_

#include "asn1.h"
#include <stddef.h>
#include <stdint.h>
#include <time.h>
#include <openssl/ssl.h>

#define ADDRLEN 40
#define BINDLEN 250
#define PWLEN 40
#define BASELEN 250
#define SIDLEN 28
#define MOUNTLEN 100
#define FINGERPRINTLEN 20
#define MAXPATH 200

#define REQLEN 4000
#define MAXMSGLEN 500000

#define BOOL uint8_t
#define TRUE (1)
#define FALSE (0)

typedef struct _server_t_ server_t;
typedef struct _epoll_client_t_ epoll_client_t;
typedef struct _epoll_server_t_ epoll_server_t;

/**
 * General epoll struct, to be implemented by every epoll struct.
 */
typedef struct {
	void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
	int fd;
} epoll_item_t;

/**
 * epoll struct for listening sockets.
 */
typedef struct {
	void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
	int fd;
	//
	SSL_CTX *sslContext; // Listening for SSL connections, NULL otherwise
} epoll_listen_t;

/**
 * epoll struct for a client we're serving.
 */
struct _epoll_client_t_ {
	void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
	int fd;
	//
	BOOL bound; // Client did successful ldap bind
	BOOL sslAccepted; // SSL_accept done?
	BOOL kill; // Should the connection be killed?
	BOOL writeBlocked; // An SSL_write returned WANT_*, so we must not reallocate the current send buffer
	// Send buffer (me to client)
	size_t sbPos, sbFill, sbLen;
	SSL *ssl; // NULL if not encrypted
	char *sendBuffer; // Dynamically allocated, might or might not get huge
	epoll_server_t *fixedServer; // If client performed explicit bind, tie to server connection
	// Recv buffer (client's request)
	size_t rbPos;
	char readBuffer[REQLEN]; // Static, queries > 4000 bytes simply not supported
};

/**
 * epoll struct for a connection to AD.
 */
struct _epoll_server_t_ {
	void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
	int fd;
	//
	// Send buffer (me to server)
	size_t sbPos, sbFill, sbLen;
	SSL *ssl; // NULL if not encrypted
	char *sendBuffer; // Dynamically allocated, might or might not get huge
	char bindBuffer[BINDLEN]; // Used for the bind request. We need this to prevent sending any requests before the server acknowledged the bind request
	int bindLen; // Length of buffered bind request
	epoll_client_t *fixedClient; // If client performed explicit bind, this is the client belonging to this connection
	// Recv buffer (server's response)
	size_t rbPos;
	char readBuffer[MAXMSGLEN];
	BOOL bound; // Already bound to server?
	BOOL dynamic;
	BOOL sslConnected;
	uint32_t startTlsId; // Whether STARTTLS request was already sent (>0)
	BOOL kill; // Should the connection be killed?
	BOOL writeBlocked; // An SSL_write returned WANT_*, so we must not reallocate the current send buffer
	time_t lastActive;
	server_t *serverData;
};

/**
 * Struct for mapping attribute names/values
 */
typedef struct {
	struct string uid; // AD: sAMAccountName
	struct string homemount; // AD: homeDirectory
	struct string localhome; // AD: none, LDAP: homeDirectory
	struct string posixAccount; // AD: user
	struct string shadowAccount; // AD: user
	struct string uidnumber; // AD: objectSid
} attr_map_t;

struct hashmap;
struct uidmap {
	const char *fileName;
	struct hashmap *nameToNum;
	struct hashmap *numToName;
};

/**
 * Configuration data for an ADS we're proxying.
 */
struct _server_t_ {
	size_t baseLen;
	char ip[4];
	time_t lastLookup;
	char addr[ADDRLEN];
	char bind[BINDLEN];
	char password[PWLEN];
	char base[BASELEN];
	char sid[SIDLEN];
	char homeTemplate[MOUNTLEN];
	unsigned char fingerprint[FINGERPRINTLEN];
	char cabundle[MAXPATH];
	BOOL plainLdap;
	BOOL fixNumeric; // prefix numeric account names with an 's'
	BOOL genUidNumber; // generate uidNumber attribute locally (and keep track)
	BOOL useStartTls; // Establish plain connection, then upgrade via STARTTLS
	uint16_t port;
	SSL_CTX *sslContext;
	epoll_server_t con;
	attr_map_t map;
	struct uidmap uidmap;
};

#endif