The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
base.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: 9d12db58e54501b5d96b3bfef31d9e8819126705 $
19  * @file src/process/ldap_sync/base.c
20  * @brief LDAP sync process module
21  *
22  * @copyright 2022 NetworkRADIUS SARL (legal@networkradius.com)
23  */
24 #define LOG_PREFIX "process_ldap_sync"
25 
26 #include <freeradius-devel/server/protocol.h>
27 #include <freeradius-devel/util/debug.h>
28 #include <freeradius-devel/ldap/sync.h>
29 
30 static fr_dict_t const *dict_ldap_sync;
31 
32 extern fr_dict_autoload_t process_ldap_sync_dict[];
33 fr_dict_autoload_t process_ldap_sync_dict[] = {
34  { .out = &dict_ldap_sync, .proto = "ldap" },
35  { NULL }
36 };
37 
38 static fr_dict_attr_t const *attr_packet_type;
39 
40 extern fr_dict_attr_autoload_t process_ldap_sync_dict_attr[];
41 fr_dict_attr_autoload_t process_ldap_sync_dict_attr[] = {
42  { .out = &attr_packet_type, .name = "Packet-Type", .type= FR_TYPE_UINT32, .dict = &dict_ldap_sync },
43 
44  { NULL }
45 };
46 
47 static char const *ldap_sync_message_types[FR_LDAP_SYNC_CODE_MAX] = {
48  "", //!< 0
49  "Present",
50  "Add",
51  "Modify",
52  "Delete",
53  "Entry-Response",
54  "Cookie-Load",
55  "Cookie-Load-Response",
56  "Cookie-Store",
57  "Cookie-Store-Response",
58 };
59 
60 static void ldap_sync_packet_debug(request_t *request, fr_packet_t *packet, fr_pair_list_t *list, bool received)
61 {
62 
63  if (!packet) return;
64  if (!RDEBUG_ENABLED) return;
65 
66  log_request(L_DBG, L_DBG_LVL_1, request, __FILE__, __LINE__, "%s %s",
67  received ? "Received" : "Sending",
68  ldap_sync_message_types[packet->code]
69  );
70 
71  if (received) {
72  log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
73  } else {
74  /*
75  * At higher debug levels, log returned data as well.
76  */
77  log_request_pair_list(L_DBG_LVL_2, request, NULL, list, NULL);
78  }
79 
80 }
81 
82 typedef struct {
83  uint64_t nothing; // so that the next field isn't at offset 0
84 
85  CONF_SECTION *load_cookie;
86  CONF_SECTION *store_cookie;
87  CONF_SECTION *recv_add;
88  CONF_SECTION *recv_present;
89  CONF_SECTION *recv_delete;
90  CONF_SECTION *recv_modify;
91 } process_ldap_sync_sections_t;
92 
93 typedef struct {
94  process_ldap_sync_sections_t sections;
95 } process_ldap_sync_t;
96 
97 #define PROCESS_PACKET_TYPE fr_ldap_sync_packet_code_t
98 #define PROCESS_CODE_MAX FR_LDAP_SYNC_CODE_MAX
99 #define PROCESS_PACKET_CODE_VALID FR_LDAP_SYNC_PACKET_CODE_VALID
100 #define PROCESS_INST process_ldap_sync_t
101 #include <freeradius-devel/server/process.h>
102 
103 
104 static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
105 {
106  fr_process_state_t const *state;
107 
108  (void) talloc_get_type_abort_const(mctx->mi->data, process_ldap_sync_t);
109 
110  PROCESS_TRACE;
111 
112  fr_assert(FR_LDAP_SYNC_PACKET_CODE_VALID(request->packet->code));
113 
114  request->component = "ldap_sync";
115  request->module = NULL;
116  fr_assert(request->dict == dict_ldap_sync);
117 
118  UPDATE_STATE(packet);
119 
120  ldap_sync_packet_debug(request, request->packet, &request->request_pairs, true);
121 
122  return state->recv(p_result, mctx, request);
123 }
124 
125 static fr_process_state_t const process_state[] = {
126  [ FR_LDAP_SYNC_CODE_PRESENT ] = {
127  .default_reply = FR_LDAP_SYNC_CODE_ENTRY_RESPONSE,
128  .rcode = RLM_MODULE_NOOP,
129  .recv = recv_generic,
130  .resume = resume_recv_generic,
131  .section_offset = offsetof(process_ldap_sync_sections_t, recv_present),
132  },
133  [ FR_LDAP_SYNC_CODE_ADD ] = {
134  .default_reply = FR_LDAP_SYNC_CODE_ENTRY_RESPONSE,
135  .rcode = RLM_MODULE_NOOP,
136  .recv = recv_generic,
137  .resume = resume_recv_generic,
138  .section_offset = offsetof(process_ldap_sync_sections_t, recv_add)
139  },
140  [ FR_LDAP_SYNC_CODE_DELETE ] = {
141  .default_reply = FR_LDAP_SYNC_CODE_ENTRY_RESPONSE,
142  .rcode = RLM_MODULE_NOOP,
143  .recv = recv_generic,
144  .resume = resume_recv_generic,
145  .section_offset = offsetof(process_ldap_sync_sections_t, recv_delete),
146  },
147  [ FR_LDAP_SYNC_CODE_MODIFY ] = {
148  .default_reply = FR_LDAP_SYNC_CODE_ENTRY_RESPONSE,
149  .rcode = RLM_MODULE_NOOP,
150  .recv = recv_generic,
151  .resume = resume_recv_generic,
152  .section_offset = offsetof(process_ldap_sync_sections_t, recv_modify),
153  },
154  [ FR_LDAP_SYNC_CODE_ENTRY_RESPONSE ] = {
155  .rcode = RLM_MODULE_NOOP,
156  .send = send_generic,
157  .resume = resume_send_generic,
158  },
159  [ FR_LDAP_SYNC_CODE_COOKIE_LOAD ] = {
160  .packet_type = {
161  [RLM_MODULE_FAIL] = FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL,
162  [RLM_MODULE_INVALID] = FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL,
163  [RLM_MODULE_REJECT] = FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL,
164  [RLM_MODULE_DISALLOW] = FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL
165  },
166  .default_reply = FR_LDAP_SYNC_CODE_COOKIE_LOAD_RESPONSE,
167  .rcode = RLM_MODULE_NOOP,
168  .recv = recv_generic,
169  .resume = resume_recv_generic,
170  .section_offset = offsetof(process_ldap_sync_sections_t, load_cookie),
171  },
172  [ FR_LDAP_SYNC_CODE_COOKIE_LOAD_RESPONSE ] = {
173  .rcode = RLM_MODULE_NOOP,
174  .send = send_generic,
175  .resume = resume_send_generic,
176  },
177  [ FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL ] = {
178  .rcode = RLM_MODULE_NOOP,
179  .send = send_generic,
180  .resume = resume_send_generic
181  },
182  [ FR_LDAP_SYNC_CODE_COOKIE_STORE ] = {
183  .default_reply = FR_LDAP_SYNC_CODE_COOKIE_STORE_RESPONSE,
184  .rcode = RLM_MODULE_NOOP,
185  .recv = recv_generic,
186  .resume = resume_recv_generic,
187  .section_offset = offsetof(process_ldap_sync_sections_t, store_cookie),
188  },
189  [ FR_LDAP_SYNC_CODE_COOKIE_STORE_RESPONSE ] = {
190  .rcode = RLM_MODULE_NOOP,
191  .send = send_generic,
192  .resume = resume_send_generic,
193  }
194 };
195 
196 static virtual_server_compile_t const compile_list[] = {
197  {
198  .section = SECTION_NAME("load", "Cookie"),
199  .actions = &mod_actions_authorize,
200  .offset = PROCESS_CONF_OFFSET(load_cookie)
201  },
202  {
203  .section = SECTION_NAME("store", "Cookie"),
204  .actions = &mod_actions_authorize,
205  .offset = PROCESS_CONF_OFFSET(store_cookie)
206  },
207  {
208  .section = SECTION_NAME("recv", "Add"),
209  .actions = &mod_actions_authorize,
210  .offset = PROCESS_CONF_OFFSET(recv_add)
211  },
212  {
213  .section = SECTION_NAME("recv", "Present"),
214  .actions = &mod_actions_authorize,
215  .offset = PROCESS_CONF_OFFSET(recv_present)
216  },
217  {
218  .section = SECTION_NAME("recv", "Delete"),
219  .actions = &mod_actions_authorize,
220  .offset = PROCESS_CONF_OFFSET(recv_delete)
221  },
222  {
223  .section = SECTION_NAME("recv", "Modify"),
224  .actions = &mod_actions_authorize,
225  .offset = PROCESS_CONF_OFFSET(recv_modify)
226  },
227 
228  COMPILE_TERMINATOR
229 };
230 
231 extern fr_process_module_t process_ldap_sync;
232 fr_process_module_t process_ldap_sync = {
233  .common = {
234  .magic = MODULE_MAGIC_INIT,
235  .name = "process_ldap_sync",
236  .inst_size = sizeof(process_ldap_sync_t),
237  },
238 
239  .process = mod_process,
240  .compile_list = compile_list,
241  .dict = &dict_ldap_sync,
242 };
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:267
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:280
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:266
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:279
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
attr_packet_type
fr_dict_attr_t const * attr_packet_type
Definition: base.c:91
log_request
void log_request(fr_log_type_t type, fr_log_lvl_t lvl, request_t *request, char const *file, int line, char const *fmt,...)
Marshal variadic log arguments into a va_list and pass to normal logging functions.
Definition: log.c:612
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition: log.c:830
L_DBG_LVL_1
@ L_DBG_LVL_1
Highest priority debug messages (-x).
Definition: log.h:70
L_DBG_LVL_2
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
Definition: log.h:71
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition: log.h:59
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
fr_dict_attr_t
Definition: merged_model.c:133
fr_dict_t
Definition: merged_model.c:198
request_t
Definition: merged_model.c:210
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition: mod_action.c:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition: module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41
process_ldap_sync_sections_t::recv_delete
CONF_SECTION * recv_delete
Definition: base.c:89
mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: base.c:104
compile_list
static virtual_server_compile_t const compile_list[]
Definition: base.c:196
process_ldap_sync_dict
fr_dict_autoload_t process_ldap_sync_dict[]
Definition: base.c:33
dict_ldap_sync
static fr_dict_t const * dict_ldap_sync
Definition: base.c:30
process_ldap_sync_sections_t::recv_modify
CONF_SECTION * recv_modify
Definition: base.c:90
process_ldap_sync_t::sections
process_ldap_sync_sections_t sections
Definition: base.c:94
process_ldap_sync_dict_attr
fr_dict_attr_autoload_t process_ldap_sync_dict_attr[]
Definition: base.c:41
process_state
static fr_process_state_t const process_state[]
Definition: base.c:125
ldap_sync_message_types
static char const * ldap_sync_message_types[FR_LDAP_SYNC_CODE_MAX]
Definition: base.c:47
process_ldap_sync_sections_t::recv_add
CONF_SECTION * recv_add
Definition: base.c:87
ldap_sync_packet_debug
static void ldap_sync_packet_debug(request_t *request, fr_packet_t *packet, fr_pair_list_t *list, bool received)
Definition: base.c:60
process_ldap_sync_sections_t::store_cookie
CONF_SECTION * store_cookie
Definition: base.c:86
process_ldap_sync
fr_process_module_t process_ldap_sync
Definition: base.c:232
process_ldap_sync_sections_t::recv_present
CONF_SECTION * recv_present
Definition: base.c:88
process_ldap_sync_sections_t::load_cookie
CONF_SECTION * load_cookie
Definition: base.c:85
process_ldap_sync_sections_t::nothing
uint64_t nothing
Definition: base.c:83
process_ldap_sync_sections_t
Definition: base.c:82
process_ldap_sync_t
Definition: base.c:93
PROCESS_TRACE
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition: process.h:65
fr_process_module_s::common
module_t common
Common fields for all loadable modules.
Definition: process.h:55
fr_process_module_s
Common public symbol definition for all process modules.
Definition: process.h:54
RDEBUG_ENABLED
#define RDEBUG_ENABLED()
Definition: radclient.h:49
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition: rcode.h:45
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition: rcode.h:42
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition: rcode.h:46
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition: rcode.h:41
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition: rcode.h:48
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition: section.h:40
module_instance_s::data
void * data
Module's instance data.
Definition: module.h:271
fr_assert
fr_assert(0)
pair_list_s
Definition: pair.h:52
FR_LDAP_SYNC_PACKET_CODE_VALID
#define FR_LDAP_SYNC_PACKET_CODE_VALID(_code)
Definition: sync.h:58
FR_LDAP_SYNC_CODE_PRESENT
@ FR_LDAP_SYNC_CODE_PRESENT
LDAP server indicates a particular object is present and unchanged.
Definition: sync.h:33
FR_LDAP_SYNC_CODE_COOKIE_STORE_RESPONSE
@ FR_LDAP_SYNC_CODE_COOKIE_STORE_RESPONSE
Response to storing the new cookie.
Definition: sync.h:52
FR_LDAP_SYNC_CODE_ENTRY_RESPONSE
@ FR_LDAP_SYNC_CODE_ENTRY_RESPONSE
Response packet to present / add / modify / delete.
Definition: sync.h:42
FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL
@ FR_LDAP_SYNC_CODE_COOKIE_LOAD_FAIL
Response when coolie load fails.
Definition: sync.h:48
FR_LDAP_SYNC_CODE_ADD
@ FR_LDAP_SYNC_CODE_ADD
Object has been added to the LDAP directory.
Definition: sync.h:36
FR_LDAP_SYNC_CODE_COOKIE_STORE
@ FR_LDAP_SYNC_CODE_COOKIE_STORE
The server has sent a new cookie.
Definition: sync.h:50
FR_LDAP_SYNC_CODE_COOKIE_LOAD_RESPONSE
@ FR_LDAP_SYNC_CODE_COOKIE_LOAD_RESPONSE
Response with the returned cookie.
Definition: sync.h:46
FR_LDAP_SYNC_CODE_DELETE
@ FR_LDAP_SYNC_CODE_DELETE
Object has been deleted.
Definition: sync.h:40
FR_LDAP_SYNC_CODE_COOKIE_LOAD
@ FR_LDAP_SYNC_CODE_COOKIE_LOAD
Before the sync starts, request any previously stored cookie.
Definition: sync.h:44
FR_LDAP_SYNC_CODE_MAX
@ FR_LDAP_SYNC_CODE_MAX
Definition: sync.h:54
FR_LDAP_SYNC_CODE_MODIFY
@ FR_LDAP_SYNC_CODE_MODIFY
Object has been modified.
Definition: sync.h:38
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:282
fr_packet_t::code
unsigned int code
Packet code (type).
Definition: packet.h:61
fr_packet_t
Definition: packet.h:56
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition: virtual_servers.h:111
virtual_server_compile_t::section
section_name_t const * section
Identifier for the section.
Definition: virtual_servers.h:101
virtual_server_compile_t
Processing sections which are allowed in this virtual server.
Definition: virtual_servers.h:100
Generated by   doxygen 1.9.1