search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r25068: Older samba3 DCs will return DCERPC_FAULT_OP_RNG_ERROR for every opcode on the
[Samba.git] / source / lib / ldb / ldb_ildap / ldb_ildap.c
blob87f38b5fc787d8b0846f4b369717836cb3dccb4f
1 /*
2 ldb database library - ildap backend
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Simo Sorce 2006
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 2 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, write to the Free Software
23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 */
25
26 /*
27 * Name: ldb_ildap
28 *
29 * Component: ldb ildap backend
30 *
31 * Description: This is a ldb backend for the internal ldap
32 * client library in Samba4. By using this backend we are
33 * independent of a system ldap library
34 *
35 * Author: Andrew Tridgell
36 *
37 * Modifications:
38 *
39 * - description: make the module use asyncronous calls
40 * date: Feb 2006
41 * author: Simo Sorce
42 */
43
44
45 #include "includes.h"
46 #include "ldb/include/includes.h"
47
48 #include "lib/events/events.h"
49 #include "libcli/ldap/ldap.h"
50 #include "libcli/ldap/ldap_client.h"
51 #include "auth/auth.h"
52 #include "auth/credentials/credentials.h"
53
54 struct ildb_private {
55 struct ldap_connection *ldap;
56 struct ldb_context *ldb;
57 };
58
59 struct ildb_context {
60 struct ldb_module *module;
61 struct ldap_request *req;
62 void *context;
63 int (*callback)(struct ldb_context *, void *, struct ldb_reply *);
64 };
65
66 /*
67 convert a ldb_message structure to a list of ldap_mod structures
68 ready for ildap_add() or ildap_modify()
69 */
70 static struct ldap_mod **ildb_msg_to_mods(void *mem_ctx, int *num_mods,
71 const struct ldb_message *msg, int use_flags)
72 {
73 struct ldap_mod **mods;
74 unsigned int i;
75 int n = 0;
76
77 /* allocate maximum number of elements needed */
78 mods = talloc_array(mem_ctx, struct ldap_mod *, msg->num_elements+1);
79 if (!mods) {
80 errno = ENOMEM;
81 return NULL;
82 }
83 mods[0] = NULL;
84
85 for (i = 0; i < msg->num_elements; i++) {
86 const struct ldb_message_element *el = &msg->elements[i];
87
88 mods[n] = talloc(mods, struct ldap_mod);
89 if (!mods[n]) {
90 goto failed;
91 }
92 mods[n + 1] = NULL;
93 mods[n]->type = 0;
94 mods[n]->attrib = *el;
95 if (use_flags) {
96 switch (el->flags & LDB_FLAG_MOD_MASK) {
97 case LDB_FLAG_MOD_ADD:
98 mods[n]->type = LDAP_MODIFY_ADD;
99 break;
100 case LDB_FLAG_MOD_DELETE:
101 mods[n]->type = LDAP_MODIFY_DELETE;
102 break;
103 case LDB_FLAG_MOD_REPLACE:
104 mods[n]->type = LDAP_MODIFY_REPLACE;
105 break;
106 }
107 }
108 n++;
109 }
110
111 *num_mods = n;
112 return mods;
113
114 failed:
115 talloc_free(mods);
116 return NULL;
117 }
118
119
120 /*
121 map an ildap NTSTATUS to a ldb error code
122 */
123 static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status)
124 {
125 if (NT_STATUS_IS_OK(status)) {
126 return LDB_SUCCESS;
127 }
128 ldb_set_errstring(ildb->ldb, ldap_errstr(ildb->ldap, status));
129 if (NT_STATUS_IS_LDAP(status)) {
130 return NT_STATUS_LDAP_CODE(status);
131 }
132 return LDB_ERR_OPERATIONS_ERROR;
133 }
134
135 static void ildb_request_timeout(struct event_context *ev, struct timed_event *te,
136 struct timeval t, void *private_data)
137 {
138 struct ldb_handle *handle = talloc_get_type(private_data, struct ldb_handle);
139 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
140
141 if (ac->req->state == LDAP_REQUEST_PENDING) {
142 DLIST_REMOVE(ac->req->conn->pending, ac->req);
143 }
144
145 handle->status = LDB_ERR_TIME_LIMIT_EXCEEDED;
146
147 return;
148 }
149
150 static void ildb_callback(struct ldap_request *req)
151 {
152 struct ldb_handle *handle = talloc_get_type(req->async.private_data, struct ldb_handle);
153 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
154 struct ildb_private *ildb = talloc_get_type(ac->module->private_data, struct ildb_private);
155 NTSTATUS status;
156 int i;
157
158 handle->status = LDB_SUCCESS;
159
160 if (!NT_STATUS_IS_OK(req->status)) {
161 handle->status = ildb_map_error(ildb, req->status);
162 return;
163 }
164
165 if (req->num_replies < 1) {
166 handle->status = LDB_ERR_OPERATIONS_ERROR;
167 return;
168 }
169
170 switch (req->type) {
171
172 case LDAP_TAG_ModifyRequest:
173 if (req->replies[0]->type != LDAP_TAG_ModifyResponse) {
174 handle->status = LDB_ERR_PROTOCOL_ERROR;
175 return;
176 }
177 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
178 handle->status = ildb_map_error(ildb, status);
179 if (ac->callback && handle->status == LDB_SUCCESS) {
180 /* FIXME: build a corresponding ares to pass on */
181 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
182 }
183 handle->state = LDB_ASYNC_DONE;
184 break;
185
186 case LDAP_TAG_AddRequest:
187 if (req->replies[0]->type != LDAP_TAG_AddResponse) {
188 handle->status = LDB_ERR_PROTOCOL_ERROR;
189 return;
190 }
191 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
192 handle->status = ildb_map_error(ildb, status);
193 if (ac->callback && handle->status == LDB_SUCCESS) {
194 /* FIXME: build a corresponding ares to pass on */
195 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
196 }
197 handle->state = LDB_ASYNC_DONE;
198 break;
199
200 case LDAP_TAG_DelRequest:
201 if (req->replies[0]->type != LDAP_TAG_DelResponse) {
202 handle->status = LDB_ERR_PROTOCOL_ERROR;
203 return;
204 }
205 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
206 handle->status = ildb_map_error(ildb, status);
207 if (ac->callback && handle->status == LDB_SUCCESS) {
208 /* FIXME: build a corresponding ares to pass on */
209 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
210 }
211 handle->state = LDB_ASYNC_DONE;
212 break;
213
214 case LDAP_TAG_ModifyDNRequest:
215 if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) {
216 handle->status = LDB_ERR_PROTOCOL_ERROR;
217 return;
218 }
219 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
220 handle->status = ildb_map_error(ildb, status);
221 if (ac->callback && handle->status == LDB_SUCCESS) {
222 /* FIXME: build a corresponding ares to pass on */
223 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
224 }
225 handle->state = LDB_ASYNC_DONE;
226 break;
227
228 case LDAP_TAG_SearchRequest:
229 /* loop over all messages */
230 for (i = 0; i < req->num_replies; i++) {
231 struct ldap_SearchResEntry *search;
232 struct ldb_reply *ares = NULL;
233 struct ldap_message *msg;
234 int ret;
235
236 ares = talloc_zero(ac, struct ldb_reply);
237 if (!ares) {
238 handle->status = LDB_ERR_OPERATIONS_ERROR;
239 return;
240 }
241
242 msg = req->replies[i];
243 switch (msg->type) {
244
245 case LDAP_TAG_SearchResultDone:
246
247 status = ldap_check_response(req->conn, &msg->r.GeneralResult);
248 if (!NT_STATUS_IS_OK(status)) {
249 handle->status = ildb_map_error(ildb, status);
250 return;
251 }
252
253 ares->controls = talloc_move(ares, &msg->controls);
254 if (msg->r.SearchResultDone.resultcode) {
255 if (msg->r.SearchResultDone.errormessage) {
256 ldb_set_errstring(ac->module->ldb, msg->r.SearchResultDone.errormessage);
257 }
258 }
259
260 handle->status = msg->r.SearchResultDone.resultcode;
261 handle->state = LDB_ASYNC_DONE;
262 ares->type = LDB_REPLY_DONE;
263 break;
264
265 case LDAP_TAG_SearchResultEntry:
266
267
268 ares->message = ldb_msg_new(ares);
269 if (!ares->message) {
270 handle->status = LDB_ERR_OPERATIONS_ERROR;
271 return;
272 }
273
274 search = &(msg->r.SearchResultEntry);
275
276 ares->message->dn = ldb_dn_explode_or_special(ares->message, search->dn);
277 if (ares->message->dn == NULL) {
278 handle->status = LDB_ERR_OPERATIONS_ERROR;
279 return;
280 }
281 ares->message->num_elements = search->num_attributes;
282 ares->message->elements = talloc_move(ares->message,
283 &search->attributes);
284
285 handle->status = LDB_SUCCESS;
286 handle->state = LDB_ASYNC_PENDING;
287 ares->type = LDB_REPLY_ENTRY;
288 break;
289
290 case LDAP_TAG_SearchResultReference:
291
292 ares->referral = talloc_strdup(ares, msg->r.SearchResultReference.referral);
293
294 handle->status = LDB_SUCCESS;
295 handle->state = LDB_ASYNC_PENDING;
296 ares->type = LDB_REPLY_REFERRAL;
297 break;
298
299 default:
300 /* TAG not handled, fail ! */
301 handle->status = LDB_ERR_PROTOCOL_ERROR;
302 return;
303 }
304
305 ret = ac->callback(ac->module->ldb, ac->context, ares);
306 if (ret) {
307 handle->status = ret;
308 }
309 }
310
311 talloc_free(req->replies);
312 req->replies = NULL;
313 req->num_replies = 0;
314
315 break;
316
317 default:
318 handle->status = LDB_ERR_PROTOCOL_ERROR;
319 return;
320 }
321 }
322
323 static struct ldb_handle *init_ildb_handle(struct ldb_module *module,
324 void *context,
325 int (*callback)(struct ldb_context *, void *, struct ldb_reply *))
326 {
327 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
328 struct ildb_context *ildb_ac;
329 struct ldb_handle *h;
330
331 h = talloc_zero(ildb->ldap, struct ldb_handle);
332 if (h == NULL) {
333 ldb_set_errstring(module->ldb, "Out of Memory");
334 return NULL;
335 }
336
337 h->module = module;
338
339 ildb_ac = talloc(h, struct ildb_context);
340 if (ildb_ac == NULL) {
341 ldb_set_errstring(module->ldb, "Out of Memory");
342 talloc_free(h);
343 return NULL;
344 }
345
346 h->private_data = (void *)ildb_ac;
347
348 h->state = LDB_ASYNC_INIT;
349 h->status = LDB_SUCCESS;
350
351 ildb_ac->module = module;
352 ildb_ac->context = context;
353 ildb_ac->callback = callback;
354
355 return h;
356 }
357
358 static int ildb_request_send(struct ldb_module *module, struct ldap_message *msg,
359 void *context,
360 int (*callback)(struct ldb_context *, void *, struct ldb_reply *),
361 int timeout,
362 struct ldb_handle **handle)
363 {
364 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
365 struct ldb_handle *h = init_ildb_handle(module, context, callback);
366 struct ildb_context *ildb_ac;
367 struct ldap_request *req;
368
369 if (!h) {
370 return LDB_ERR_OPERATIONS_ERROR;
371 }
372
373 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
374
375 req = ldap_request_send(ildb->ldap, msg);
376 if (req == NULL) {
377 ldb_set_errstring(module->ldb, "async send request failed");
378 return LDB_ERR_OPERATIONS_ERROR;
379 }
380
381 if (!req->conn) {
382 ldb_set_errstring(module->ldb, "connection to remote LDAP server dropped?");
383 return LDB_ERR_OPERATIONS_ERROR;
384 }
385
386 talloc_free(req->time_event);
387 req->time_event = NULL;
388 if (timeout) {
389 req->time_event = event_add_timed(req->conn->event.event_ctx, h,
390 timeval_current_ofs(timeout, 0),
391 ildb_request_timeout, h);
392 }
393
394 req->async.fn = ildb_callback;
395 req->async.private_data = (void *)h;
396 ildb_ac->req = talloc_move(ildb_ac, &req);
397
398 *handle = h;
399 return LDB_SUCCESS;
400 }
401
402 static int ildb_request_noop(struct ldb_module *module, struct ldb_request *req)
403 {
404 struct ldb_handle *h = init_ildb_handle(module, req->context, req->callback);
405 struct ildb_context *ildb_ac;
406 int ret = LDB_SUCCESS;
407
408 if (!h) {
409 return LDB_ERR_OPERATIONS_ERROR;
410 }
411
412 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
413
414 req->handle = h;
415
416 if (ildb_ac->callback) {
417 ret = ildb_ac->callback(module->ldb, ildb_ac->context, NULL);
418 }
419 req->handle->state = LDB_ASYNC_DONE;
420 return ret;
421 }
422
423 /*
424 search for matching records using an asynchronous function
425 */
426 static int ildb_search(struct ldb_module *module, struct ldb_request *req)
427 {
428 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
429 struct ldap_message *msg;
430 int n;
431
432 req->handle = NULL;
433
434 if (!req->callback || !req->context) {
435 ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context");
436 return LDB_ERR_OPERATIONS_ERROR;
437 }
438
439 if (req->op.search.tree == NULL) {
440 ldb_set_errstring(module->ldb, "Invalid expression parse tree");
441 return LDB_ERR_OPERATIONS_ERROR;
442 }
443
444 msg = new_ldap_message(ildb);
445 if (msg == NULL) {
446 ldb_set_errstring(module->ldb, "Out of Memory");
447 return LDB_ERR_OPERATIONS_ERROR;
448 }
449
450 msg->type = LDAP_TAG_SearchRequest;
451
452 if (req->op.search.base == NULL) {
453 msg->r.SearchRequest.basedn = talloc_strdup(msg, "");
454 } else {
455 msg->r.SearchRequest.basedn = ldb_dn_linearize(msg, req->op.search.base);
456 }
457 if (msg->r.SearchRequest.basedn == NULL) {
458 ldb_set_errstring(module->ldb, "Unable to determine baseDN");
459 talloc_free(msg);
460 return LDB_ERR_OPERATIONS_ERROR;
461 }
462
463 if (req->op.search.scope == LDB_SCOPE_DEFAULT) {
464 msg->r.SearchRequest.scope = LDB_SCOPE_SUBTREE;
465 } else {
466 msg->r.SearchRequest.scope = req->op.search.scope;
467 }
468
469 msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
470 msg->r.SearchRequest.timelimit = 0;
471 msg->r.SearchRequest.sizelimit = 0;
472 msg->r.SearchRequest.attributesonly = 0;
473 msg->r.SearchRequest.tree = discard_const_p(struct ldb_parse_tree, req->op.search.tree);
474
475 for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* noop */ ;
476 msg->r.SearchRequest.num_attributes = n;
477 msg->r.SearchRequest.attributes = discard_const_p(char *, req->op.search.attrs),
478
479 msg->controls = req->controls;
480
481 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
482 }
483
484 /*
485 add a record
486 */
487 static int ildb_add(struct ldb_module *module, struct ldb_request *req)
488 {
489 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
490 struct ldap_message *msg;
491 struct ldap_mod **mods;
492 int i,n;
493
494 req->handle = NULL;
495
496 /* ignore ltdb specials */
497 if (ldb_dn_is_special(req->op.add.message->dn)) {
498 return ildb_request_noop(module, req);
499 }
500
501 msg = new_ldap_message(ildb->ldap);
502 if (msg == NULL) {
503 return LDB_ERR_OPERATIONS_ERROR;
504 }
505
506 msg->type = LDAP_TAG_AddRequest;
507
508 msg->r.AddRequest.dn = ldb_dn_linearize(msg, req->op.add.message->dn);
509 if (msg->r.AddRequest.dn == NULL) {
510 talloc_free(msg);
511 return LDB_ERR_INVALID_DN_SYNTAX;
512 }
513
514 mods = ildb_msg_to_mods(msg, &n, req->op.add.message, 0);
515 if (mods == NULL) {
516 talloc_free(msg);
517 return LDB_ERR_OPERATIONS_ERROR;
518 }
519
520 msg->r.AddRequest.num_attributes = n;
521 msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
522 if (msg->r.AddRequest.attributes == NULL) {
523 talloc_free(msg);
524 return LDB_ERR_OPERATIONS_ERROR;
525 }
526
527 for (i = 0; i < n; i++) {
528 msg->r.AddRequest.attributes[i] = mods[i]->attrib;
529 }
530
531 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
532 }
533
534 /*
535 modify a record
536 */
537 static int ildb_modify(struct ldb_module *module, struct ldb_request *req)
538 {
539 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
540 struct ldap_message *msg;
541 struct ldap_mod **mods;
542 int i,n;
543
544 req->handle = NULL;
545
546 /* ignore ltdb specials */
547 if (ldb_dn_is_special(req->op.mod.message->dn)) {
548 return ildb_request_noop(module, req);
549 }
550
551 msg = new_ldap_message(ildb->ldap);
552 if (msg == NULL) {
553 return LDB_ERR_OPERATIONS_ERROR;
554 }
555
556 msg->type = LDAP_TAG_ModifyRequest;
557
558 msg->r.ModifyRequest.dn = ldb_dn_linearize(msg, req->op.mod.message->dn);
559 if (msg->r.ModifyRequest.dn == NULL) {
560 talloc_free(msg);
561 return LDB_ERR_INVALID_DN_SYNTAX;
562 }
563
564 mods = ildb_msg_to_mods(msg, &n, req->op.mod.message, 1);
565 if (mods == NULL) {
566 talloc_free(msg);
567 return LDB_ERR_OPERATIONS_ERROR;
568 }
569
570 msg->r.ModifyRequest.num_mods = n;
571 msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
572 if (msg->r.ModifyRequest.mods == NULL) {
573 talloc_free(msg);
574 return LDB_ERR_OPERATIONS_ERROR;
575 }
576
577 for (i = 0; i < n; i++) {
578 msg->r.ModifyRequest.mods[i] = *mods[i];
579 }
580
581 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
582 }
583
584 /*
585 delete a record
586 */
587 static int ildb_delete(struct ldb_module *module, struct ldb_request *req)
588 {
589 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
590 struct ldap_message *msg;
591
592 req->handle = NULL;
593
594 /* ignore ltdb specials */
595 if (ldb_dn_is_special(req->op.del.dn)) {
596 return ildb_request_noop(module, req);
597 }
598
599 msg = new_ldap_message(ildb->ldap);
600 if (msg == NULL) {
601 return LDB_ERR_OPERATIONS_ERROR;
602 }
603
604 msg->type = LDAP_TAG_DelRequest;
605
606 msg->r.DelRequest.dn = ldb_dn_linearize(msg, req->op.del.dn);
607 if (msg->r.DelRequest.dn == NULL) {
608 talloc_free(msg);
609 return LDB_ERR_INVALID_DN_SYNTAX;
610 }
611
612 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
613 }
614
615 /*
616 rename a record
617 */
618 static int ildb_rename(struct ldb_module *module, struct ldb_request *req)
619 {
620 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
621 struct ldap_message *msg;
622
623 req->handle = NULL;
624
625 /* ignore ltdb specials */
626 if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) {
627 return ildb_request_noop(module, req);
628 }
629
630 msg = new_ldap_message(ildb->ldap);
631 if (msg == NULL) {
632 return LDB_ERR_OPERATIONS_ERROR;
633 }
634
635 msg->type = LDAP_TAG_ModifyDNRequest;
636 msg->r.ModifyDNRequest.dn = ldb_dn_linearize(msg, req->op.rename.olddn);
637 if (msg->r.ModifyDNRequest.dn == NULL) {
638 talloc_free(msg);
639 return LDB_ERR_INVALID_DN_SYNTAX;
640 }
641
642 msg->r.ModifyDNRequest.newrdn =
643 talloc_asprintf(msg, "%s=%s",
644 ldb_dn_get_rdn_name(req->op.rename.newdn),
645 ldb_dn_escape_value(msg, *ldb_dn_get_rdn_val(req->op.rename.newdn)));
646 if (msg->r.ModifyDNRequest.newrdn == NULL) {
647 talloc_free(msg);
648 return LDB_ERR_OPERATIONS_ERROR;
649 }
650
651 msg->r.ModifyDNRequest.newsuperior =
652 ldb_dn_linearize(msg,
653 ldb_dn_get_parent(msg, req->op.rename.newdn));
654 if (msg->r.ModifyDNRequest.newsuperior == NULL) {
655 talloc_free(msg);
656 return LDB_ERR_INVALID_DN_SYNTAX;
657 }
658
659 msg->r.ModifyDNRequest.deleteolddn = True;
660
661 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
662 }
663
664 static int ildb_start_trans(struct ldb_module *module)
665 {
666 /* TODO implement a local locking mechanism here */
667
668 return LDB_SUCCESS;
669 }
670
671 static int ildb_end_trans(struct ldb_module *module)
672 {
673 /* TODO implement a local transaction mechanism here */
674
675 return LDB_SUCCESS;
676 }
677
678 static int ildb_del_trans(struct ldb_module *module)
679 {
680 /* TODO implement a local locking mechanism here */
681
682 return LDB_SUCCESS;
683 }
684
685 static int ildb_request(struct ldb_module *module, struct ldb_request *req)
686 {
687 return LDB_ERR_OPERATIONS_ERROR;
688 }
689
690 static int ildb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
691 {
692 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
693
694 if (handle->state == LDB_ASYNC_DONE) {
695 return handle->status;
696 }
697
698 if (!ac) {
699 return LDB_ERR_OPERATIONS_ERROR;
700 }
701
702 handle->state = LDB_ASYNC_INIT;
703
704 switch(type) {
705 case LDB_WAIT_NONE:
706 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
707 return LDB_ERR_OTHER;
708 }
709 break;
710 case LDB_WAIT_ALL:
711 while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) {
712 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
713 return LDB_ERR_OTHER;
714 }
715 }
716 break;
717 default:
718 return LDB_ERR_OPERATIONS_ERROR;
719 }
720
721 return handle->status;
722 }
723
724 static const struct ldb_module_ops ildb_ops = {
725 .name = "ldap",
726 .search = ildb_search,
727 .add = ildb_add,
728 .modify = ildb_modify,
729 .del = ildb_delete,
730 .rename = ildb_rename,
731 .request = ildb_request,
732 .start_transaction = ildb_start_trans,
733 .end_transaction = ildb_end_trans,
734 .del_transaction = ildb_del_trans,
735 .wait = ildb_wait
736 };
737
738 /*
739 connect to the database
740 */
741 static int ildb_connect(struct ldb_context *ldb, const char *url,
742 unsigned int flags, const char *options[],
743 struct ldb_module **module)
744 {
745 struct ildb_private *ildb = NULL;
746 NTSTATUS status;
747 struct cli_credentials *creds;
748
749 ildb = talloc(ldb, struct ildb_private);
750 if (!ildb) {
751 ldb_oom(ldb);
752 goto failed;
753 }
754
755 ildb->ldb = ldb;
756
757 ildb->ldap = ldap4_new_connection(ildb, ldb_get_opaque(ldb, "EventContext"));
758 if (!ildb->ldap) {
759 ldb_oom(ldb);
760 goto failed;
761 }
762
763 if (flags & LDB_FLG_RECONNECT) {
764 ldap_set_reconn_params(ildb->ldap, 10);
765 }
766
767 status = ldap_connect(ildb->ldap, url);
768 if (!NT_STATUS_IS_OK(status)) {
769 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
770 url, ldap_errstr(ildb->ldap, status));
771 goto failed;
772 }
773
774
775 *module = talloc(ldb, struct ldb_module);
776 if (!module) {
777 ldb_oom(ldb);
778 talloc_free(ildb);
779 return -1;
780 }
781 talloc_set_name_const(*module, "ldb_ildap backend");
782 (*module)->ldb = ldb;
783 (*module)->prev = (*module)->next = NULL;
784 (*module)->private_data = ildb;
785 (*module)->ops = &ildb_ops;
786
787 /* caller can optionally setup credentials using the opaque token 'credentials' */
788 creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
789 if (creds == NULL) {
790 struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
791 if (session_info) {
792 creds = session_info->credentials;
793 }
794 }
795
796 if (creds != NULL && cli_credentials_authentication_requested(creds)) {
797 const char *bind_dn = cli_credentials_get_bind_dn(creds);
798 if (bind_dn) {
799 const char *password = cli_credentials_get_password(creds);
800 status = ldap_bind_simple(ildb->ldap, bind_dn, password);
801 if (!NT_STATUS_IS_OK(status)) {
802 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
803 ldap_errstr(ildb->ldap, status));
804 goto failed;
805 }
806 } else {
807 status = ldap_bind_sasl(ildb->ldap, creds);
808 if (!NT_STATUS_IS_OK(status)) {
809 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
810 ldap_errstr(ildb->ldap, status));
811 goto failed;
812 }
813 }
814 }
815
816 return 0;
817
818 failed:
819 talloc_free(ildb);
820 return -1;
821 }
822
823 int ldb_ildap_init(void)
824 {
825 return ldb_register_backend("ldap", ildb_connect) +
826 ldb_register_backend("ldapi", ildb_connect) +
827 ldb_register_backend("ldaps", ildb_connect);
828 }
Samba GIT mirror