The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Macros | Functions | Variables
rfc4533.c File Reference

LDAP sync callback functions for RFC 4533 servers. More...

#include "rfc4533.h"
#include <freeradius-devel/util/debug.h>
+ Include dependency graph for rfc4533.c:

Go to the source code of this file.

Macros

#define LOG_PREFIX   "ldap_sync_rfc4533"
 

Functions

int rfc4533_sync_init (fr_ldap_connection_t *conn, size_t sync_no, proto_ldap_sync_t const *inst, uint8_t const *cookie)
 Allocate and initialise RFC 4533 sync queries. More...
 
int rfc4533_sync_intermediate (sync_state_t *sync, LDAPMessage *msg, UNUSED LDAPControl **ctrls)
 Handle a LDAP_RES_INTERMEDIATE (SyncInfo) response. More...
 
int rfc4533_sync_refresh_required (sync_state_t *sync, LDAPMessage *msg, LDAPControl **ctrls)
 Handle result code of e-syncRefreshRequired. More...
 
int rfc4533_sync_search_entry (sync_state_t *sync, LDAPMessage *msg, LDAPControl **ctrls)
 Handle a SearchResultEntry or SearchResultReference response from an RFC 4533 server. More...
 
static int sync_new_cookie (bool *new_cookie, sync_state_t *sync, BerElement *ber)
 Check for the presence of a cookie in a ber value. More...
 

Variables

static fr_table_num_sorted_t const sync_info_tag_table []
 Types of Sync Info messages. More...
 
static size_t const sync_info_tag_table_len = NUM_ELEMENTS(sync_info_tag_table)
 
static fr_table_num_sorted_t const sync_phase_table []
 Phases of an RFC 4533 sync. More...
 
static size_t const sync_phase_table_len = NUM_ELEMENTS(sync_phase_table)
 

Detailed Description

LDAP sync callback functions for RFC 4533 servers.

Id
05e8afe2833cdf4c19cc2f6d32350ba1d1821860
Copyright
2022 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rfc4533.c.

Macro Definition Documentation

◆ LOG_PREFIX

#define LOG_PREFIX   "ldap_sync_rfc4533"

Definition at line 25 of file rfc4533.c.

Function Documentation

◆ rfc4533_sync_init()

int rfc4533_sync_init ( fr_ldap_connection_t conn,
size_t  sync_no,
proto_ldap_sync_t const *  inst,
uint8_t const *  cookie 
)

Allocate and initialise RFC 4533 sync queries.

The Sync Request Control is an LDAP Control [RFC4511] where the controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.1 and the controlValue, an OCTET STRING, contains a BER-encoded syncRequestValue.

syncRequestValue ::= SEQUENCE { mode ENUMERATED { – 0 unused refreshOnly (1), – 2 reserved refreshAndPersist (3) }, cookie syncCookie OPTIONAL, reloadHint BOOLEAN DEFAULT FALSE }

reloadHint specifies whether we prefer a complete directory load or an eSyncRefreshRequired response when the provided cookie does not give the server a point in its change log from which it can send suitable changes to bring the client into sync. We always send 'false' since we handle eSyncRefreshRequired.

The Sync Request Control is only applicable to the SearchRequest Message.

Definition at line 74 of file rfc4533.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ rfc4533_sync_intermediate()

int rfc4533_sync_intermediate ( sync_state_t sync,
LDAPMessage *  msg,
UNUSED LDAPControl **  ctrls 
)

Handle a LDAP_RES_INTERMEDIATE (SyncInfo) response.

These allow the LDAP server to communicate sync state to clients

The Sync Info Message is an LDAP Intermediate Response Message [RFC4511] where responseName is the object identifier 1.3.6.1.4.1.4203.1.9.1.4 and responseValue contains a BER-encoded syncInfoValue.

syncInfoValue ::= CHOICE { newcookie [0] syncCookie, refreshDelete [1] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, refreshPresent [2] SEQUENCE { cookie syncCookie OPTIONAL, refreshDone BOOLEAN DEFAULT TRUE }, syncIdSet [3] SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE, syncUUIDs SET OF syncUUID } }

Parameters
[in]syncmessage was associated with.
[in]msgcontaining an entry to process.
[in]ctrlsassociated with the msg.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 452 of file rfc4533.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ rfc4533_sync_refresh_required()

int rfc4533_sync_refresh_required ( sync_state_t sync,
LDAPMessage *  msg,
LDAPControl **  ctrls 
)

Handle result code of e-syncRefreshRequired.

If the server wishes to indicate that a refresh is required, it sends a searchResultDone message with the result code e-syncRefreshRequired result code. Any cookie provided should be used on a query to re-start the sync. If no cookie is provided, the new query should be performed without a cookie to get a full refresh.

Parameters
[in]syncmessage was associated with.
[in]msgrequesting the refresh.
[in]ctrlsassociated with the msg.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 717 of file rfc4533.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ rfc4533_sync_search_entry()

int rfc4533_sync_search_entry ( sync_state_t sync,
LDAPMessage *  msg,
LDAPControl **  ctrls 
)

Handle a SearchResultEntry or SearchResultReference response from an RFC 4533 server.

Upon receipt of a search request containing the syncControl the server provides the initial content using zero or more SearchResultEntries followed by a SearchResultdone.

Each SearchResultEntry includes a Sync State control with state set to add, an entryUUID containing the entry's UUID, and no cookie.

For refreshAndPersist operations SearchResultEntries are also used after the refresh phase to inform clients of changes to entries within the scope of the search request.

The Sync State Control is an LDAP Control where the controlType is the object identifier 1.3.6.1.4.1.4203.1.9.1.2 and the controlValue, an OCTET STRING. It contains a BER-encoded syncStateValue.

syncStateValue ::= SEQUENCE { state ENUMERATED { present (0), add (1), modify (2), delete (3) }, entryUUID syncUUID, cookie syncCookie OPTIONAL }

The Sync State Control is only included in SearchResultEntry and SearchResultReference Messages.

Parameters
[in]syncmessage was associated with.
[in]msgcontaining an entry to process.
[in]ctrlsassociated with the msg.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 260 of file rfc4533.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ sync_new_cookie()

static int sync_new_cookie ( bool new_cookie,
sync_state_t sync,
BerElement *  ber 
)
static

Check for the presence of a cookie in a ber value.

If a new cookie is found, the sync state will be updated.

Parameters
[out]new_cookieWhether we got a new cookie value.
[in]syncwhich the message was associated with.
[in]bervalue possibly containing a cookie tag (will be advanced).
Returns
  • 0 success, a cookie was parsed successfully.
  • -1 parse error.
  • -2 same as existing cookie.

Definition at line 176 of file rfc4533.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ sync_info_tag_table

fr_table_num_sorted_t const sync_info_tag_table[]
static
Initial value:
= {
{ L("newCookie"), LDAP_TAG_SYNC_NEW_COOKIE },
{ L("refreshDelete"), LDAP_TAG_SYNC_REFRESH_DELETE },
{ L("refreshIDSet"), LDAP_TAG_SYNC_ID_SET },
{ L("refreshPresent"), LDAP_TAG_SYNC_REFRESH_PRESENT }
}
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition: build.h:207

Types of Sync Info messages.

Definition at line 32 of file rfc4533.c.

◆ sync_info_tag_table_len

size_t const sync_info_tag_table_len = NUM_ELEMENTS(sync_info_tag_table)
static

Definition at line 38 of file rfc4533.c.

◆ sync_phase_table

fr_table_num_sorted_t const sync_phase_table[]
static
Initial value:
= {
{ L("delete"), SYNC_PHASE_DELETE },
{ L("done"), SYNC_PHASE_DONE },
{ L("init"), SYNC_PHASE_INIT },
{ L("present"), SYNC_PHASE_PRESENT },
}
SYNC_PHASE_DELETE
@ SYNC_PHASE_DELETE
Currently in the delete phase.
Definition: proto_ldap_sync_ldap.h:38
SYNC_PHASE_DONE
@ SYNC_PHASE_DONE
Refresh phase is complete.
Definition: proto_ldap_sync_ldap.h:39
SYNC_PHASE_INIT
@ SYNC_PHASE_INIT
We haven't entered any of the refresh phases.
Definition: proto_ldap_sync_ldap.h:36
SYNC_PHASE_PRESENT
@ SYNC_PHASE_PRESENT
Currently in the present phase.
Definition: proto_ldap_sync_ldap.h:37

Phases of an RFC 4533 sync.

Definition at line 42 of file rfc4533.c.

◆ sync_phase_table_len

size_t const sync_phase_table_len = NUM_ELEMENTS(sync_phase_table)
static

Definition at line 48 of file rfc4533.c.

Generated by   doxygen 1.9.1