Merge password sync code from Bozeman Pass

1 files changed, 212 insertions, 96 deletions

diff --git a/ldap/synctools/passwordsync/passsync/syncserv.cpp b/ldap/synctools/passwordsync/passsync/syncserv.cpp
index 00248b50..646fd6fd 100644
--- a/ldap/synctools/passwordsync/passsync/syncserv.cpp
+++ b/ldap/synctools/passwordsync/passsync/syncserv.cpp
@@ -1,147 +1,237 @@
-/* --- BEGIN COPYRIGHT BLOCK ---
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * --- END COPYRIGHT BLOCK --- */
-
 // Created: 2-8-2005
 // Author(s): Scott Bridges
 #include "syncserv.h"
 
+#include "prerror.h"
+static char* certdbh;
+
+char* passwdcb(PK11SlotInfo* info, PRBool retry, void* arg)
+{
+	char* result = NULL;
+	unsigned long resultLen = 0;
+	DWORD type;
+	HKEY regKey;
+
+	if (!retry)
+	{
+		RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", &regKey);
+		RegQueryValueEx(regKey, "Install Path", NULL, &type, NULL, &resultLen);
+		result = (char*)malloc(resultLen);
+		RegQueryValueEx(regKey, "Cert Token", NULL, &type, (unsigned char*)result, &resultLen);
+		RegCloseKey(regKey);
+	}
+
+	return result;
+}
+
 PassSyncService::PassSyncService(const TCHAR *serviceName) : CNTService(serviceName)
 {
+	char sysPath[SYNCSERV_BUF_SIZE];
 	HKEY regKey;
 	DWORD type;
 	unsigned long size;
 
-	passhandEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
+	passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
 
 	pLdapConnection = NULL;
 	results = NULL;
 	currentResult = NULL;
 	lastLdapError = LDAP_SUCCESS;
+	certdbh = NULL;
 
-	dataFilename = "C:\\WINDOWS\\system32\\passhook.dat";
-	logFilename = NULL;
-	multipleModify = true;
-
-	ldapHostName = (char*)malloc(REG_BUF_SIZE);
-	ldpaHostPort = (char*)malloc(REG_BUF_SIZE);
-	ldalAuthUsername = (char*)malloc(REG_BUF_SIZE);
-	ldapAuthPassword = (char*)malloc(REG_BUF_SIZE);
-	ldapSearchBase = (char*)malloc(REG_BUF_SIZE);
-	ldapUsernameField = (char*)malloc(REG_BUF_SIZE);
-	ldapPasswordField = (char*)malloc(REG_BUF_SIZE);
+	multipleModify = SYNCSERV_ALLOW_MULTI_MOD;
+	isRunning = false;
 
 	RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", &regKey);
-	size = REG_BUF_SIZE;
+	size = SYNCSERV_BUF_SIZE;
+	RegQueryValueEx(regKey, "Install Path", NULL, &type, (unsigned char*)installPath, &size);
+	size = SYNCSERV_BUF_SIZE;
 	RegQueryValueEx(regKey, "Host Name", NULL, &type, (unsigned char*)ldapHostName, &size);
-	size = REG_BUF_SIZE;
-	RegQueryValueEx(regKey, "Port Number", NULL, &type, (unsigned char*)ldpaHostPort, &size);
-	size = REG_BUF_SIZE;
-	RegQueryValueEx(regKey, "User Name", NULL, &type, (unsigned char*)ldalAuthUsername, &size);
-	size = REG_BUF_SIZE;
+	size = SYNCSERV_BUF_SIZE;
+	RegQueryValueEx(regKey, "Port Number", NULL, &type, (unsigned char*)ldapHostPort, &size);
+	size = SYNCSERV_BUF_SIZE;
+	RegQueryValueEx(regKey, "User Name", NULL, &type, (unsigned char*)ldapAuthUsername, &size);
+	size = SYNCSERV_BUF_SIZE;
 	RegQueryValueEx(regKey, "Password", NULL, &type, (unsigned char*)ldapAuthPassword, &size);
-	size = REG_BUF_SIZE;
+	size = SYNCSERV_BUF_SIZE;
 	RegQueryValueEx(regKey, "Search Base", NULL, &type, (unsigned char*)ldapSearchBase, &size);
-	size = REG_BUF_SIZE;
+	size = SYNCSERV_BUF_SIZE;
 	RegQueryValueEx(regKey, "User Name Field", NULL, &type, (unsigned char*)ldapUsernameField, &size);
-	size = REG_BUF_SIZE;
+	size = SYNCSERV_BUF_SIZE;
 	RegQueryValueEx(regKey, "Password Field", NULL, &type, (unsigned char*)ldapPasswordField, &size);
 	RegCloseKey(regKey);
+
+	ExpandEnvironmentStrings("%SystemRoot%", sysPath, SYNCSERV_BUF_SIZE);
+	_snprintf(certPath, SYNCSERV_BUF_SIZE, "%s", installPath);
+	_snprintf(logPath, SYNCSERV_BUF_SIZE, "%spasssync.log", installPath);
+	_snprintf(dataFilename, SYNCSERV_BUF_SIZE, "%s\\system32\\passhook.dat", sysPath);
+
+	outLog.open(logPath, ios::out | ios::app);
+	if(outLog.is_open())
+	{
+		timeStamp(&outLog);
+		outLog << "begin log" << endl;
+	}
+
+	PK11_SetPasswordFunc(passwdcb);
 }
 
 PassSyncService::~PassSyncService()
 {
+	if(outLog.is_open())
+	{
+		timeStamp(&outLog);
+		outLog << "end log" << endl;
+	}
+	outLog.close();
 }
 
 int PassSyncService::SyncPasswords()
 {
-	UNICODE_STRING uUsername;
-	UNICODE_STRING uPassword;
-	char* username;
-	char* password;
+	int result = 0;
+	char username[PASSHAND_BUF_SIZE];
+	char password[PASSHAND_BUF_SIZE];
 	char* dn;
 
 	if(Connect() < 0)
 	{
-		// ToDo: Generate event connection failure.
-		return -1;
+		// ToDo: generate event connection failure.
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "can not connect to ldap server in SyncPasswords" << endl;
+		}
+		result = -1;
+		goto exit;
 	}
 
 	ourPasswordHandler.LoadSet(dataFilename);
 
-	while(ourPasswordHandler.PeekUserPass(&uUsername, &uPassword) > -1)
+	while(ourPasswordHandler.PeekUserPass(username, password) == 0)
 	{
-
-		username = (char*)malloc(uUsername.Length);
-		password = (char*)malloc(uPassword.Length);
-
-		sprintf(username, "%S", uUsername.Buffer);
-		sprintf(password, "%S", uPassword.Buffer);
-
-		results = NULL;
-		currentResult = NULL;
-		if(QueryUsername(username) < 0)
+		if(QueryUsername(username) != 0)
 		{
-			// ToDo: Generate event search failure.
+			// ToDo: generate event search failure.			
+			if(outLog.is_open())
+			{
+				timeStamp(&outLog);
+				outLog << "search for " << username << " failed in SyncPasswords" << endl;
+			}
 		}
 		else
 		{
-			while(dn != NULL)
+			while((dn = GetDN()) != NULL)
 			{
-				if(GetDN(&dn) < 0)
+				if(ModifyPassword(dn, password) != 0)
 				{
-					// ToDo: Generate event multiple results.
+					// ToDo: generate event modify failure.					
+					if(outLog.is_open())
+					{
+						timeStamp(&outLog);
+						outLog << "modify password for " << username << " failed in SyncPasswords" << endl;
+					}
 				}
 				else
 				{
-					if(ModifyPassword(dn, password) < 0)
+					if(outLog.is_open())
 					{
-						// ToDo: Generate event modify failure.
-					}
-					else
-					{
-						ourPasswordHandler.PopUserPass();
+						timeStamp(&outLog);
+						outLog << "password for " << username << " modified" << endl;
+						outLog << "\t" << dn << endl;
 					}
 				}
 			}
 		}
+		// ToDo: zero out buffers
 
-		// ToDo: Zero out buffers
-		free(username);
-		free(password);
+		ourPasswordHandler.PopUserPass();
 	}
 
 	ourPasswordHandler.SaveSet(dataFilename);
 
 	Disconnect();
 
-	return 0;
+exit:
+	return result;
+}
+
+void PassSyncService::OnStop()
+{
+	isRunning = false;
+	SetEvent(passhookEventHandle);
+}
+
+void PassSyncService::OnShutdown()
+{
+	isRunning = false;
+	SetEvent(passhookEventHandle);
 }
 
 void PassSyncService::Run()
 {
-	while(true)
+	isRunning = true;
+	SyncPasswords();
+
+	while(isRunning)
 	{
-		WaitForSingleObject(passhandEventHandle, INFINITE);
+		WaitForSingleObject(passhookEventHandle, INFINITE);
 		SyncPasswords();
-		ResetEvent(passhandEventHandle);
-		//Sleep(60000);
+		ResetEvent(passhookEventHandle);
 	}
 }
 
 int PassSyncService::Connect()
 {
-	pLdapConnection = ldap_init(ldapHostName, atoi(ldpaHostPort));
+	int result = 0;
 
-	lastLdapError = ldap_simple_bind_s(pLdapConnection, ldalAuthUsername, ldapAuthPassword);
-	if(lastLdapError != LDAP_SUCCESS)
+	if(ldapssl_client_init(certPath, &certdbh) != 0)
+	{
+		result = PR_GetError();
+
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "ldapssl_client_init failed in Connect" << endl;
+			outLog << "\t" << result << ": " <<  ldapssl_err2string(result) << endl;
+		}
+
+		result = GetLastError();
+
+		result = -1;
+		goto exit;
+	}
+
+	pLdapConnection = ldapssl_init(ldapHostName, atoi(ldapHostPort), 1);
+
+	if(pLdapConnection == NULL)
 	{
-		// ToDo: Log reason for bind failure.
-		return -1;
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "ldapssl_init failed in Connect" << endl;
+		}
+
+		result = -1;
+		goto exit;
 	}
 
-	return 0;
+	lastLdapError = ldap_simple_bind_s(pLdapConnection, ldapAuthUsername, ldapAuthPassword);
+
+	if(lastLdapError != LDAP_SUCCESS)
+	{
+		// ToDo: log reason for bind failure.
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "ldap error in Connect" << endl;
+			outLog << "\t" << lastLdapError << ": " << ldapssl_err2string(lastLdapError) << endl;
+		}
+
+		result = -1;
+		goto exit;
+	}
+exit:
+	return result;
 }
 
 int PassSyncService::Disconnect()
@@ -155,9 +245,12 @@ int PassSyncService::Disconnect()
 
 int PassSyncService::QueryUsername(char* username)
 {
-	char* searchFilter = (char*)malloc(strlen(ldapUsernameField) + strlen(username) + 4);
+	int result = 0;
+	char searchFilter[SYNCSERV_BUF_SIZE];
 
-	sprintf(searchFilter, "(%s=%s)", ldapUsernameField, username);
+	results = NULL;
+
+	_snprintf(searchFilter, SYNCSERV_BUF_SIZE, "(%s=%s)", ldapUsernameField, username);
 
 	lastLdapError = ldap_search_ext_s(
 		pLdapConnection,
@@ -172,19 +265,27 @@ int PassSyncService::QueryUsername(char* username)
 		-1,
 		&results);
 
-	free(searchFilter);
-
 	if(lastLdapError != LDAP_SUCCESS)
 	{
-		// ToDo: Log reason for search failure.
-		return -1;
+		// ToDo: log reason for search failure.
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "ldap error in QueryUsername" << endl;
+			outLog << "\t" << lastLdapError << ": " << ldapssl_err2string(lastLdapError) << endl;
+		}
+		result = -1;
+		goto exit;
 	}
 
-	return 0;
+exit:
+	return result;
 }
 
-int PassSyncService::GetDN(char** dn)
+char* PassSyncService::GetDN()
 {
+	char* result = NULL;
+
 	if(multipleModify)
 	{
 		if(currentResult == NULL)
@@ -193,35 +294,44 @@ int PassSyncService::GetDN(char** dn)
 		}
 		else
 		{
-			currentResult = ldap_next_entry(pLdapConnection, results);
-		}
-
-		if(currentResult == NULL)
-		{
-			*dn = NULL;
-			return 0;
+			currentResult = ldap_next_entry(pLdapConnection, currentResult);
 		}
 
-		*dn = ldap_get_dn(pLdapConnection, currentResult);
-		return 0;
+		result = ldap_get_dn(pLdapConnection, currentResult);
 	}
 	else
 	{
-		currentResult = ldap_first_entry(pLdapConnection, results);
-		if(ldap_next_entry(pLdapConnection, results) != NULLMSG)
+		if(currentResult == NULL)
 		{
-			// ToDo: Log that multiple results for username were found.
-			*dn = NULL;
-			return -1;
-		}
+			currentResult = ldap_first_entry(pLdapConnection, results);
+			if(ldap_next_entry(pLdapConnection, currentResult) != NULLMSG)
+			{
+				// Too many results
+				if(outLog.is_open())
+				{
+					timeStamp(&outLog);
+					outLog << "too many results in GetDN" << endl;
+				}
+				currentResult = NULL;
+				goto exit;
+			}
 
-		*dn = ldap_get_dn(pLdapConnection, currentResult);
-		return 0;
+			result = ldap_get_dn(pLdapConnection, currentResult);
+		}
+		else
+		{
+			currentResult = NULL;
+			goto exit;
+		}
 	}
+
+exit:
+	return result;
 }
 
 int PassSyncService::ModifyPassword(char* dn, char* password)
 {
+	int result = 0;
 	LDAPMod passMod;
 	LDAPMod* mods[2] = {&passMod, NULL};
 	char* modValues[2] = {password, NULL};
@@ -233,9 +343,15 @@ int PassSyncService::ModifyPassword(char* dn, char* password)
 	lastLdapError = ldap_modify_ext_s(pLdapConnection, dn, mods, NULL, NULL);
 	if(lastLdapError != LDAP_SUCCESS)
 	{
-		// ToDo: Log the reason for the modify failure.
-		return -1;
+		// ToDo: log the reason for the modify failure.
+		if(outLog.is_open())
+		{
+			timeStamp(&outLog);
+			outLog << "ldap error in ModifyPassword" << endl;
+			outLog << "\t" << lastLdapError << ": " << ldapssl_err2string(lastLdapError) << endl;
+		}
+		result = -1;
 	}
 
-	return 0;
-}
+	return result;
+}
\ No newline at end of file