1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#ifndef _TYPES_H_
#define _TYPES_H_
#include "asn1.h"
#include <stddef.h>
#include <stdint.h>
#include <time.h>
#include <openssl/ssl.h>
#define ADDRLEN 40
#define BINDLEN 250
#define PWLEN 40
#define BASELEN 250
#define SIDLEN 28
#define MOUNTLEN 100
#define FINGERPRINTLEN 20
#define MAXPATH 200
#define REQLEN 4000
#define MAXMSGLEN 100000
#define BOOL uint8_t
#define TRUE (1)
#define FALSE (0)
typedef struct _server_t_ server_t;
typedef struct _epoll_client_t_ epoll_client_t;
typedef struct _epoll_server_t_ epoll_server_t;
/**
* General epoll struct, to be implemented by every epoll struct.
*/
typedef struct {
void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
int fd;
} epoll_item_t;
/**
* epoll struct for listening sockets.
*/
typedef struct {
void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
int fd;
//
SSL_CTX *sslContext; // Listening for SSL connections, NULL otherwise
} epoll_listen_t;
/**
* epoll struct for a client we're serving.
*/
struct _epoll_client_t_ {
void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
int fd;
//
BOOL bound; // Client did successful ldap bind
BOOL sslAccepted; // SSL_accept done?
BOOL kill; // Should the connection be killed?
BOOL writeBlocked; // An SSL_write returned WANT_*, so we must not reallocate the current send buffer
// Send buffer (me to client)
size_t sbPos, sbFill, sbLen;
SSL *ssl; // NULL if not encrypted
char *sendBuffer; // Dynamically allocated, might or might not get huge
epoll_server_t *fixedServer; // If client performed explicit bind, tie to server connection
// Recv buffer (client's request)
size_t rbPos;
char readBuffer[REQLEN]; // Static, queries > 4000 bytes simply not supported
};
/**
* epoll struct for a connection to AD.
*/
struct _epoll_server_t_ {
void (*callback)(void *data, int haveIn, int haveOut, int doCleanup);
int fd;
//
// Send buffer (me to server)
size_t sbPos, sbFill, sbLen;
SSL *ssl; // NULL if not encrypted
char *sendBuffer; // Dynamically allocated, might or might not get huge
char bindBuffer[BINDLEN]; // Used for the bind request. We need this to prevent sending any requests before the server acknowledged the bind request
int bindLen; // Length of buffered bind request
epoll_client_t *fixedClient; // If client performed explicit bind, this is the client belonging to this connection
// Recv buffer (server's response)
size_t rbPos;
char readBuffer[MAXMSGLEN];
BOOL bound; // Already bound to server?
BOOL dynamic;
BOOL sslConnected;
BOOL kill; // Should the connection be killed?
BOOL writeBlocked; // An SSL_write returned WANT_*, so we must not reallocate the current send buffer
time_t lastActive;
server_t *serverData;
};
/**
* Struct for mapping attribute names/values
*/
typedef struct {
struct string uid; // AD: sAMAccountName
struct string homemount; // AD: homeDirectory
struct string localhome; // AD: none, LDAP: homeDirectory
struct string posixAccount; // AD: user
struct string shadowAccount; // AD: user
struct string uidnumber; // AD: objectSid
} attr_map_t;
/**
* Configuration data for an ADS we're proxying.
*/
struct _server_t_ {
size_t baseLen;
char ip[4];
time_t lastLookup;
char addr[ADDRLEN];
char bind[BINDLEN];
char password[PWLEN];
char base[BASELEN];
char sid[SIDLEN];
char homeTemplate[MOUNTLEN];
unsigned char fingerprint[FINGERPRINTLEN];
char cabundle[MAXPATH];
BOOL plainLdap;
uint16_t port;
SSL_CTX *sslContext;
epoll_server_t con;
attr_map_t map;
};
#endif
|
