search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
[Samba.git] / source3 / lib / tldap.c
blobd8b4f241bac520dceb52fb8186686b428145fcd6
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async ldap client requests
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "replace.h"
21 #include "tldap.h"
22 #include "system/network.h"
23 #include "system/locale.h"
24 #include "lib/util/talloc_stack.h"
25 #include "lib/util/samba_util.h"
26 #include "lib/util_tsock.h"
27 #include "../lib/util/asn1.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../lib/util/tevent_unix.h"
30
31 static int tldap_simple_recv(struct tevent_req *req);
32
33 bool tevent_req_is_ldap_error(struct tevent_req *req, int *perr)
34 {
35 enum tevent_req_state state;
36 uint64_t err;
37
38 if (!tevent_req_is_error(req, &state, &err)) {
39 return false;
40 }
41 switch (state) {
42 case TEVENT_REQ_TIMED_OUT:
43 *perr = TLDAP_TIMEOUT;
44 break;
45 case TEVENT_REQ_NO_MEMORY:
46 *perr = TLDAP_NO_MEMORY;
47 break;
48 case TEVENT_REQ_USER_ERROR:
49 *perr = err;
50 break;
51 default:
52 *perr = TLDAP_OPERATIONS_ERROR;
53 break;
54 }
55 return true;
56 }
57
58 struct tldap_ctx_attribute {
59 char *name;
60 void *ptr;
61 };
62
63 struct tldap_context {
64 int ld_version;
65 struct tstream_context *conn;
66 bool server_down;
67 int msgid;
68 struct tevent_queue *outgoing;
69 struct tevent_req **pending;
70
71 /* For the sync wrappers we need something like get_last_error... */
72 struct tldap_message *last_msg;
73
74 /* debug */
75 void (*log_fn)(void *context, enum tldap_debug_level level,
76 const char *fmt, va_list ap);
77 void *log_private;
78
79 struct tldap_ctx_attribute *ctx_attrs;
80 };
81
82 struct tldap_message {
83 struct asn1_data *data;
84 uint8_t *inbuf;
85 int type;
86 int id;
87
88 /* RESULT_ENTRY */
89 char *dn;
90 struct tldap_attribute *attribs;
91
92 /* Error data sent by the server */
93 int lderr;
94 char *res_matcheddn;
95 char *res_diagnosticmessage;
96 char *res_referral;
97 struct tldap_control *res_sctrls;
98
99 /* Controls sent by the server */
100 struct tldap_control *ctrls;
101 };
102
103 void tldap_set_debug(struct tldap_context *ld,
104 void (*log_fn)(void *log_private,
105 enum tldap_debug_level level,
106 const char *fmt,
107 va_list ap) PRINTF_ATTRIBUTE(3,0),
108 void *log_private)
109 {
110 ld->log_fn = log_fn;
111 ld->log_private = log_private;
112 }
113
114 static void tldap_debug(struct tldap_context *ld,
115 enum tldap_debug_level level,
116 const char *fmt, ...)
117 {
118 va_list ap;
119 if (!ld) {
120 return;
121 }
122 if (ld->log_fn == NULL) {
123 return;
124 }
125 va_start(ap, fmt);
126 ld->log_fn(ld->log_private, level, fmt, ap);
127 va_end(ap);
128 }
129
130 static int tldap_next_msgid(struct tldap_context *ld)
131 {
132 int result;
133
134 result = ld->msgid++;
135 if (ld->msgid == 2147483647) {
136 ld->msgid = 1;
137 }
138 return result;
139 }
140
141 struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd)
142 {
143 struct tldap_context *ctx;
144 int ret;
145
146 ctx = talloc_zero(mem_ctx, struct tldap_context);
147 if (ctx == NULL) {
148 return NULL;
149 }
150 ret = tstream_bsd_existing_socket(ctx, fd, &ctx->conn);
151 if (ret == -1) {
152 TALLOC_FREE(ctx);
153 return NULL;
154 }
155 ctx->msgid = 1;
156 ctx->ld_version = 3;
157 ctx->outgoing = tevent_queue_create(ctx, "tldap_outgoing");
158 if (ctx->outgoing == NULL) {
159 TALLOC_FREE(ctx);
160 return NULL;
161 }
162 return ctx;
163 }
164
165 bool tldap_connection_ok(struct tldap_context *ld)
166 {
167 if (ld == NULL) {
168 return false;
169 }
170 return !ld->server_down;
171 }
172
173 static struct tldap_ctx_attribute *tldap_context_findattr(
174 struct tldap_context *ld, const char *name)
175 {
176 size_t i, num_attrs;
177
178 num_attrs = talloc_array_length(ld->ctx_attrs);
179
180 for (i=0; i<num_attrs; i++) {
181 if (strcmp(ld->ctx_attrs[i].name, name) == 0) {
182 return &ld->ctx_attrs[i];
183 }
184 }
185 return NULL;
186 }
187
188 bool tldap_context_setattr(struct tldap_context *ld,
189 const char *name, const void *_pptr)
190 {
191 struct tldap_ctx_attribute *tmp, *attr;
192 char *tmpname;
193 int num_attrs;
194 void **pptr = (void **)discard_const_p(void,_pptr);
195
196 attr = tldap_context_findattr(ld, name);
197 if (attr != NULL) {
198 /*
199 * We don't actually delete attrs, we don't expect tons of
200 * attributes being shuffled around.
201 */
202 TALLOC_FREE(attr->ptr);
203 if (*pptr != NULL) {
204 attr->ptr = talloc_move(ld->ctx_attrs, pptr);
205 *pptr = NULL;
206 }
207 return true;
208 }
209
210 tmpname = talloc_strdup(ld, name);
211 if (tmpname == NULL) {
212 return false;
213 }
214
215 num_attrs = talloc_array_length(ld->ctx_attrs);
216
217 tmp = talloc_realloc(ld, ld->ctx_attrs, struct tldap_ctx_attribute,
218 num_attrs+1);
219 if (tmp == NULL) {
220 TALLOC_FREE(tmpname);
221 return false;
222 }
223 tmp[num_attrs].name = talloc_move(tmp, &tmpname);
224 if (*pptr != NULL) {
225 tmp[num_attrs].ptr = talloc_move(tmp, pptr);
226 } else {
227 tmp[num_attrs].ptr = NULL;
228 }
229 *pptr = NULL;
230 ld->ctx_attrs = tmp;
231 return true;
232 }
233
234 void *tldap_context_getattr(struct tldap_context *ld, const char *name)
235 {
236 struct tldap_ctx_attribute *attr = tldap_context_findattr(ld, name);
237
238 if (attr == NULL) {
239 return NULL;
240 }
241 return attr->ptr;
242 }
243
244 struct read_ldap_state {
245 uint8_t *buf;
246 bool done;
247 };
248
249 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data);
250 static void read_ldap_done(struct tevent_req *subreq);
251
252 static struct tevent_req *read_ldap_send(TALLOC_CTX *mem_ctx,
253 struct tevent_context *ev,
254 struct tstream_context *conn)
255 {
256 struct tevent_req *req, *subreq;
257 struct read_ldap_state *state;
258
259 req = tevent_req_create(mem_ctx, &state, struct read_ldap_state);
260 if (req == NULL) {
261 return NULL;
262 }
263 state->done = false;
264
265 subreq = tstream_read_packet_send(state, ev, conn, 2, read_ldap_more,
266 state);
267 if (tevent_req_nomem(subreq, req)) {
268 return tevent_req_post(req, ev);
269 }
270 tevent_req_set_callback(subreq, read_ldap_done, req);
271 return req;
272 }
273
274 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data)
275 {
276 struct read_ldap_state *state = talloc_get_type_abort(
277 private_data, struct read_ldap_state);
278 size_t len;
279 int i, lensize;
280
281 if (state->done) {
282 /* We've been here, we're done */
283 return 0;
284 }
285
286 /*
287 * From ldap.h: LDAP_TAG_MESSAGE is 0x30
288 */
289 if (buf[0] != 0x30) {
290 return -1;
291 }
292
293 len = buf[1];
294 if ((len & 0x80) == 0) {
295 state->done = true;
296 return len;
297 }
298
299 lensize = (len & 0x7f);
300 len = 0;
301
302 if (buflen == 2) {
303 /* Please get us the full length */
304 return lensize;
305 }
306 if (buflen > 2 + lensize) {
307 state->done = true;
308 return 0;
309 }
310 if (buflen != 2 + lensize) {
311 return -1;
312 }
313
314 for (i=0; i<lensize; i++) {
315 len = (len << 8) | buf[2+i];
316 }
317 return len;
318 }
319
320 static void read_ldap_done(struct tevent_req *subreq)
321 {
322 struct tevent_req *req = tevent_req_callback_data(
323 subreq, struct tevent_req);
324 struct read_ldap_state *state = tevent_req_data(
325 req, struct read_ldap_state);
326 ssize_t nread;
327 int err;
328
329 nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
330 TALLOC_FREE(subreq);
331 if (nread == -1) {
332 tevent_req_error(req, err);
333 return;
334 }
335 tevent_req_done(req);
336 }
337
338 static ssize_t read_ldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
339 uint8_t **pbuf, int *perrno)
340 {
341 struct read_ldap_state *state = tevent_req_data(
342 req, struct read_ldap_state);
343
344 if (tevent_req_is_unix_error(req, perrno)) {
345 return -1;
346 }
347 *pbuf = talloc_move(mem_ctx, &state->buf);
348 return talloc_get_size(*pbuf);
349 }
350
351 struct tldap_msg_state {
352 struct tldap_context *ld;
353 struct tevent_context *ev;
354 int id;
355 struct iovec iov;
356
357 struct asn1_data *data;
358 uint8_t *inbuf;
359 };
360
361 static bool tldap_push_controls(struct asn1_data *data,
362 struct tldap_control *sctrls,
363 int num_sctrls)
364 {
365 int i;
366
367 if ((sctrls == NULL) || (num_sctrls == 0)) {
368 return true;
369 }
370
371 if (!asn1_push_tag(data, ASN1_CONTEXT(0))) return false;
372
373 for (i=0; i<num_sctrls; i++) {
374 struct tldap_control *c = &sctrls[i];
375 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
376 if (!asn1_write_OctetString(data, c->oid, strlen(c->oid))) return false;
377 if (c->critical) {
378 if (!asn1_write_BOOLEAN(data, true)) return false;
379 }
380 if (c->value.data != NULL) {
381 if (!asn1_write_OctetString(data, c->value.data,
382 c->value.length)) return false;
383 }
384 if (!asn1_pop_tag(data)) return false; /* ASN1_SEQUENCE(0) */
385 }
386
387 return asn1_pop_tag(data); /* ASN1_CONTEXT(0) */
388 }
389
390 static void tldap_msg_sent(struct tevent_req *subreq);
391 static void tldap_msg_received(struct tevent_req *subreq);
392
393 static struct tevent_req *tldap_msg_send(TALLOC_CTX *mem_ctx,
394 struct tevent_context *ev,
395 struct tldap_context *ld,
396 int id, struct asn1_data *data,
397 struct tldap_control *sctrls,
398 int num_sctrls)
399 {
400 struct tevent_req *req, *subreq;
401 struct tldap_msg_state *state;
402 DATA_BLOB blob;
403
404 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_send: sending msg %d\n",
405 id);
406
407 req = tevent_req_create(mem_ctx, &state, struct tldap_msg_state);
408 if (req == NULL) {
409 return NULL;
410 }
411 state->ld = ld;
412 state->ev = ev;
413 state->id = id;
414
415 if (state->ld->server_down) {
416 tevent_req_error(req, TLDAP_SERVER_DOWN);
417 return tevent_req_post(req, ev);
418 }
419
420 if (!tldap_push_controls(data, sctrls, num_sctrls)) {
421 tevent_req_error(req, TLDAP_ENCODING_ERROR);
422 return tevent_req_post(req, ev);
423 }
424
425
426 if (!asn1_pop_tag(data)) {
427 tevent_req_error(req, TLDAP_ENCODING_ERROR);
428 return tevent_req_post(req, ev);
429 }
430
431 if (!asn1_blob(data, &blob)) {
432 tevent_req_error(req, TLDAP_ENCODING_ERROR);
433 return tevent_req_post(req, ev);
434 }
435
436 state->iov.iov_base = (void *)blob.data;
437 state->iov.iov_len = blob.length;
438
439 subreq = tstream_writev_queue_send(state, ev, ld->conn, ld->outgoing,
440 &state->iov, 1);
441 if (tevent_req_nomem(subreq, req)) {
442 return tevent_req_post(req, ev);
443 }
444 tevent_req_set_callback(subreq, tldap_msg_sent, req);
445 return req;
446 }
447
448 static void tldap_msg_unset_pending(struct tevent_req *req)
449 {
450 struct tldap_msg_state *state = tevent_req_data(
451 req, struct tldap_msg_state);
452 struct tldap_context *ld = state->ld;
453 int num_pending = talloc_array_length(ld->pending);
454 int i;
455
456 tevent_req_set_cleanup_fn(req, NULL);
457
458 if (num_pending == 1) {
459 TALLOC_FREE(ld->pending);
460 return;
461 }
462
463 for (i=0; i<num_pending; i++) {
464 if (req == ld->pending[i]) {
465 break;
466 }
467 }
468 if (i == num_pending) {
469 /*
470 * Something's seriously broken. Just returning here is the
471 * right thing nevertheless, the point of this routine is to
472 * remove ourselves from cli->pending.
473 */
474 return;
475 }
476
477 /*
478 * Remove ourselves from the cli->pending array
479 */
480 if (num_pending > 1) {
481 ld->pending[i] = ld->pending[num_pending-1];
482 }
483
484 /*
485 * No NULL check here, we're shrinking by sizeof(void *), and
486 * talloc_realloc just adjusts the size for this.
487 */
488 ld->pending = talloc_realloc(NULL, ld->pending, struct tevent_req *,
489 num_pending - 1);
490 }
491
492 static void tldap_msg_cleanup(struct tevent_req *req,
493 enum tevent_req_state req_state)
494 {
495 switch (req_state) {
496 case TEVENT_REQ_USER_ERROR:
497 case TEVENT_REQ_RECEIVED:
498 tldap_msg_unset_pending(req);
499 return;
500 default:
501 return;
502 }
503 }
504
505 static bool tldap_msg_set_pending(struct tevent_req *req)
506 {
507 struct tldap_msg_state *state = tevent_req_data(
508 req, struct tldap_msg_state);
509 struct tldap_context *ld;
510 struct tevent_req **pending;
511 int num_pending;
512 struct tevent_req *subreq;
513
514 ld = state->ld;
515 num_pending = talloc_array_length(ld->pending);
516
517 pending = talloc_realloc(ld, ld->pending, struct tevent_req *,
518 num_pending+1);
519 if (pending == NULL) {
520 return false;
521 }
522 pending[num_pending] = req;
523 ld->pending = pending;
524 tevent_req_set_cleanup_fn(req, tldap_msg_cleanup);
525
526 if (num_pending > 0) {
527 return true;
528 }
529
530 /*
531 * We're the first one, add the read_ldap request that waits for the
532 * answer from the server
533 */
534 subreq = read_ldap_send(ld->pending, state->ev, ld->conn);
535 if (subreq == NULL) {
536 tldap_msg_unset_pending(req);
537 return false;
538 }
539 tevent_req_set_callback(subreq, tldap_msg_received, ld);
540 return true;
541 }
542
543 static void tldap_msg_sent(struct tevent_req *subreq)
544 {
545 struct tevent_req *req = tevent_req_callback_data(
546 subreq, struct tevent_req);
547 struct tldap_msg_state *state = tevent_req_data(
548 req, struct tldap_msg_state);
549 ssize_t nwritten;
550 int err;
551
552 nwritten = tstream_writev_queue_recv(subreq, &err);
553 TALLOC_FREE(subreq);
554 if (nwritten == -1) {
555 state->ld->server_down = true;
556 tevent_req_error(req, TLDAP_SERVER_DOWN);
557 return;
558 }
559
560 if (!tldap_msg_set_pending(req)) {
561 tevent_req_oom(req);
562 return;
563 }
564 }
565
566 static int tldap_msg_msgid(struct tevent_req *req)
567 {
568 struct tldap_msg_state *state = tevent_req_data(
569 req, struct tldap_msg_state);
570
571 return state->id;
572 }
573
574 static void tldap_msg_received(struct tevent_req *subreq)
575 {
576 struct tldap_context *ld = tevent_req_callback_data(
577 subreq, struct tldap_context);
578 struct tevent_req *req;
579 struct tldap_msg_state *state;
580 struct asn1_data *data;
581 uint8_t *inbuf;
582 ssize_t received;
583 size_t num_pending;
584 int i, err, status;
585 int id;
586 uint8_t type;
587 bool ok;
588
589 received = read_ldap_recv(subreq, talloc_tos(), &inbuf, &err);
590 TALLOC_FREE(subreq);
591 if (received == -1) {
592 status = TLDAP_SERVER_DOWN;
593 goto fail;
594 }
595
596 data = asn1_init(talloc_tos());
597 if (data == NULL) {
598 status = TLDAP_NO_MEMORY;
599 goto fail;
600 }
601 asn1_load_nocopy(data, inbuf, received);
602
603 ok = true;
604 ok &= asn1_start_tag(data, ASN1_SEQUENCE(0));
605 ok &= asn1_read_Integer(data, &id);
606 ok &= asn1_peek_uint8(data, &type);
607
608 if (!ok) {
609 status = TLDAP_PROTOCOL_ERROR;
610 goto fail;
611 }
612
613 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_received: got msg %d "
614 "type %d\n", id, (int)type);
615
616 num_pending = talloc_array_length(ld->pending);
617
618 for (i=0; i<num_pending; i++) {
619 if (id == tldap_msg_msgid(ld->pending[i])) {
620 break;
621 }
622 }
623 if (i == num_pending) {
624 /* Dump unexpected reply */
625 tldap_debug(ld, TLDAP_DEBUG_WARNING, "tldap_msg_received: "
626 "No request pending for msg %d\n", id);
627 TALLOC_FREE(data);
628 TALLOC_FREE(inbuf);
629 goto done;
630 }
631
632 req = ld->pending[i];
633 state = tevent_req_data(req, struct tldap_msg_state);
634
635 state->inbuf = talloc_move(state, &inbuf);
636 state->data = talloc_move(state, &data);
637
638 tldap_msg_unset_pending(req);
639 num_pending = talloc_array_length(ld->pending);
640
641 tevent_req_done(req);
642
643 done:
644 if (num_pending == 0) {
645 return;
646 }
647 if (talloc_array_length(ld->pending) > num_pending) {
648 /*
649 * The callback functions called from tevent_req_done() above
650 * have put something on the pending queue. We don't have to
651 * trigger the read_ldap_send(), tldap_msg_set_pending() has
652 * done it for us already.
653 */
654 return;
655 }
656
657 state = tevent_req_data(ld->pending[0], struct tldap_msg_state);
658 subreq = read_ldap_send(ld->pending, state->ev, ld->conn);
659 if (subreq == NULL) {
660 status = TLDAP_NO_MEMORY;
661 goto fail;
662 }
663 tevent_req_set_callback(subreq, tldap_msg_received, ld);
664 return;
665
666 fail:
667 while (talloc_array_length(ld->pending) > 0) {
668 req = ld->pending[0];
669 state = tevent_req_data(req, struct tldap_msg_state);
670 tevent_req_defer_callback(req, state->ev);
671 tevent_req_error(req, status);
672 }
673 }
674
675 static int tldap_msg_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
676 struct tldap_message **pmsg)
677 {
678 struct tldap_msg_state *state = tevent_req_data(
679 req, struct tldap_msg_state);
680 struct tldap_message *msg;
681 int err;
682 uint8_t msgtype;
683
684 if (tevent_req_is_ldap_error(req, &err)) {
685 return err;
686 }
687
688 if (!asn1_peek_uint8(state->data, &msgtype)) {
689 return TLDAP_PROTOCOL_ERROR;
690 }
691
692 if (pmsg == NULL) {
693 return TLDAP_SUCCESS;
694 }
695
696 msg = talloc_zero(mem_ctx, struct tldap_message);
697 if (msg == NULL) {
698 return TLDAP_NO_MEMORY;
699 }
700 msg->id = state->id;
701
702 msg->inbuf = talloc_move(msg, &state->inbuf);
703 msg->data = talloc_move(msg, &state->data);
704 msg->type = msgtype;
705
706 *pmsg = msg;
707 return TLDAP_SUCCESS;
708 }
709
710 struct tldap_req_state {
711 int id;
712 struct asn1_data *out;
713 struct tldap_message *result;
714 };
715
716 static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
717 struct tldap_context *ld,
718 struct tldap_req_state **pstate)
719 {
720 struct tevent_req *req;
721 struct tldap_req_state *state;
722
723 req = tevent_req_create(mem_ctx, &state, struct tldap_req_state);
724 if (req == NULL) {
725 return NULL;
726 }
727 state->out = asn1_init(state);
728 if (state->out == NULL) {
729 goto err;
730 }
731 state->id = tldap_next_msgid(ld);
732
733 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
734 if (!asn1_write_Integer(state->out, state->id)) goto err;
735
736 *pstate = state;
737 return req;
738
739 err:
740
741 TALLOC_FREE(req);
742 return NULL;
743 }
744
745 static void tldap_save_msg(struct tldap_context *ld, struct tevent_req *req)
746 {
747 struct tldap_req_state *state = tevent_req_data(
748 req, struct tldap_req_state);
749
750 TALLOC_FREE(ld->last_msg);
751 ld->last_msg = talloc_move(ld, &state->result);
752 }
753
754 static char *blob2string_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob)
755 {
756 char *result = talloc_array(mem_ctx, char, blob.length+1);
757
758 if (result == NULL) {
759 return NULL;
760 }
761
762 memcpy(result, blob.data, blob.length);
763 result[blob.length] = '\0';
764 return result;
765 }
766
767 static bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
768 struct asn1_data *data,
769 char **presult)
770 {
771 DATA_BLOB string;
772 char *result;
773 if (!asn1_read_OctetString(data, mem_ctx, &string))
774 return false;
775
776 result = blob2string_talloc(mem_ctx, string);
777
778 data_blob_free(&string);
779
780 if (result == NULL) {
781 return false;
782 }
783 *presult = result;
784 return true;
785 }
786
787 static bool tldap_decode_controls(struct tldap_req_state *state);
788
789 static bool tldap_decode_response(struct tldap_req_state *state)
790 {
791 struct asn1_data *data = state->result->data;
792 struct tldap_message *msg = state->result;
793 bool ok = true;
794
795 ok &= asn1_read_enumerated(data, &msg->lderr);
796 ok &= asn1_read_OctetString_talloc(msg, data, &msg->res_matcheddn);
797 ok &= asn1_read_OctetString_talloc(msg, data,
798 &msg->res_diagnosticmessage);
799 if (!ok) return ok;
800 if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
801 ok &= asn1_start_tag(data, ASN1_CONTEXT(3));
802 ok &= asn1_read_OctetString_talloc(msg, data,
803 &msg->res_referral);
804 ok &= asn1_end_tag(data);
805 } else {
806 msg->res_referral = NULL;
807 }
808
809 return ok;
810 }
811
812 static void tldap_sasl_bind_done(struct tevent_req *subreq);
813
814 struct tevent_req *tldap_sasl_bind_send(TALLOC_CTX *mem_ctx,
815 struct tevent_context *ev,
816 struct tldap_context *ld,
817 const char *dn,
818 const char *mechanism,
819 DATA_BLOB *creds,
820 struct tldap_control *sctrls,
821 int num_sctrls,
822 struct tldap_control *cctrls,
823 int num_cctrls)
824 {
825 struct tevent_req *req, *subreq;
826 struct tldap_req_state *state;
827
828 req = tldap_req_create(mem_ctx, ld, &state);
829 if (req == NULL) {
830 return NULL;
831 }
832
833 if (dn == NULL) {
834 dn = "";
835 }
836
837 if (!asn1_push_tag(state->out, TLDAP_REQ_BIND)) goto err;
838 if (!asn1_write_Integer(state->out, ld->ld_version)) goto err;
839 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
840
841 if (mechanism == NULL) {
842 if (!asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0))) goto err;
843 if (!asn1_write(state->out, creds->data, creds->length)) goto err;
844 if (!asn1_pop_tag(state->out)) goto err;
845 } else {
846 if (!asn1_push_tag(state->out, ASN1_CONTEXT(3))) goto err;
847 if (!asn1_write_OctetString(state->out, mechanism,
848 strlen(mechanism))) goto err;
849 if ((creds != NULL) && (creds->data != NULL)) {
850 if (!asn1_write_OctetString(state->out, creds->data,
851 creds->length)) goto err;
852 }
853 if (!asn1_pop_tag(state->out)) goto err;
854 }
855
856 if (!asn1_pop_tag(state->out)) goto err;
857
858 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
859 sctrls, num_sctrls);
860 if (tevent_req_nomem(subreq, req)) {
861 return tevent_req_post(req, ev);
862 }
863 tevent_req_set_callback(subreq, tldap_sasl_bind_done, req);
864 return req;
865
866 err:
867
868 tevent_req_error(req, TLDAP_ENCODING_ERROR);
869 return tevent_req_post(req, ev);
870 }
871
872 static void tldap_sasl_bind_done(struct tevent_req *subreq)
873 {
874 struct tevent_req *req = tevent_req_callback_data(
875 subreq, struct tevent_req);
876 struct tldap_req_state *state = tevent_req_data(
877 req, struct tldap_req_state);
878 int err;
879
880 err = tldap_msg_recv(subreq, state, &state->result);
881 TALLOC_FREE(subreq);
882 if (err != TLDAP_SUCCESS) {
883 tevent_req_error(req, err);
884 return;
885 }
886 if (state->result->type != TLDAP_RES_BIND) {
887 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
888 return;
889 }
890 if (!asn1_start_tag(state->result->data, state->result->type) ||
891 !tldap_decode_response(state) ||
892 !asn1_end_tag(state->result->data)) {
893 tevent_req_error(req, TLDAP_DECODING_ERROR);
894 return;
895 }
896 /*
897 * TODO: pull the reply blob
898 */
899 if (state->result->lderr != TLDAP_SUCCESS) {
900 tevent_req_error(req, state->result->lderr);
901 return;
902 }
903 tevent_req_done(req);
904 }
905
906 int tldap_sasl_bind_recv(struct tevent_req *req)
907 {
908 return tldap_simple_recv(req);
909 }
910
911 int tldap_sasl_bind(struct tldap_context *ld,
912 const char *dn,
913 const char *mechanism,
914 DATA_BLOB *creds,
915 struct tldap_control *sctrls,
916 int num_sctrls,
917 struct tldap_control *cctrls,
918 int num_cctrls)
919 {
920 TALLOC_CTX *frame = talloc_stackframe();
921 struct tevent_context *ev;
922 struct tevent_req *req;
923 int result;
924
925 ev = samba_tevent_context_init(frame);
926 if (ev == NULL) {
927 result = TLDAP_NO_MEMORY;
928 goto fail;
929 }
930
931 req = tldap_sasl_bind_send(frame, ev, ld, dn, mechanism, creds,
932 sctrls, num_sctrls, cctrls, num_cctrls);
933 if (req == NULL) {
934 result = TLDAP_NO_MEMORY;
935 goto fail;
936 }
937
938 if (!tevent_req_poll(req, ev)) {
939 result = TLDAP_OPERATIONS_ERROR;
940 goto fail;
941 }
942
943 result = tldap_sasl_bind_recv(req);
944 tldap_save_msg(ld, req);
945 fail:
946 TALLOC_FREE(frame);
947 return result;
948 }
949
950 struct tevent_req *tldap_simple_bind_send(TALLOC_CTX *mem_ctx,
951 struct tevent_context *ev,
952 struct tldap_context *ld,
953 const char *dn,
954 const char *passwd)
955 {
956 DATA_BLOB cred;
957
958 if (passwd != NULL) {
959 cred.data = discard_const_p(uint8_t, passwd);
960 cred.length = strlen(passwd);
961 } else {
962 cred.data = discard_const_p(uint8_t, "");
963 cred.length = 0;
964 }
965 return tldap_sasl_bind_send(mem_ctx, ev, ld, dn, NULL, &cred, NULL, 0,
966 NULL, 0);
967 }
968
969 int tldap_simple_bind_recv(struct tevent_req *req)
970 {
971 return tldap_sasl_bind_recv(req);
972 }
973
974 int tldap_simple_bind(struct tldap_context *ld, const char *dn,
975 const char *passwd)
976 {
977 DATA_BLOB cred;
978
979 if (passwd != NULL) {
980 cred.data = discard_const_p(uint8_t, passwd);
981 cred.length = strlen(passwd);
982 } else {
983 cred.data = discard_const_p(uint8_t, "");
984 cred.length = 0;
985 }
986 return tldap_sasl_bind(ld, dn, NULL, &cred, NULL, 0, NULL, 0);
987 }
988
989 /*****************************************************************************/
990
991 /* can't use isalpha() as only a strict set is valid for LDAP */
992
993 static bool tldap_is_alpha(char c)
994 {
995 return (((c >= 'a') && (c <= 'z')) || \
996 ((c >= 'A') && (c <= 'Z')));
997 }
998
999 static bool tldap_is_adh(char c)
1000 {
1001 return tldap_is_alpha(c) || isdigit(c) || (c == '-');
1002 }
1003
1004 #define TLDAP_FILTER_AND ASN1_CONTEXT(0)
1005 #define TLDAP_FILTER_OR ASN1_CONTEXT(1)
1006 #define TLDAP_FILTER_NOT ASN1_CONTEXT(2)
1007 #define TLDAP_FILTER_EQ ASN1_CONTEXT(3)
1008 #define TLDAP_FILTER_SUB ASN1_CONTEXT(4)
1009 #define TLDAP_FILTER_LE ASN1_CONTEXT(5)
1010 #define TLDAP_FILTER_GE ASN1_CONTEXT(6)
1011 #define TLDAP_FILTER_PRES ASN1_CONTEXT_SIMPLE(7)
1012 #define TLDAP_FILTER_APX ASN1_CONTEXT(8)
1013 #define TLDAP_FILTER_EXT ASN1_CONTEXT(9)
1014
1015 #define TLDAP_SUB_INI ASN1_CONTEXT_SIMPLE(0)
1016 #define TLDAP_SUB_ANY ASN1_CONTEXT_SIMPLE(1)
1017 #define TLDAP_SUB_FIN ASN1_CONTEXT_SIMPLE(2)
1018
1019
1020 /* oid's should be numerical only in theory,
1021 * but apparently some broken servers may have alphanum aliases instead.
1022 * Do like openldap libraries and allow alphanum aliases for oids, but
1023 * do not allow Tagging options in that case.
1024 */
1025 static bool tldap_is_attrdesc(const char *s, int len, bool no_tagopts)
1026 {
1027 bool is_oid = false;
1028 bool dot = false;
1029 int i;
1030
1031 /* first char has stricter rules */
1032 if (isdigit(*s)) {
1033 is_oid = true;
1034 } else if (!tldap_is_alpha(*s)) {
1035 /* bad first char */
1036 return false;
1037 }
1038
1039 for (i = 1; i < len; i++) {
1040
1041 if (is_oid) {
1042 if (isdigit(s[i])) {
1043 dot = false;
1044 continue;
1045 }
1046 if (s[i] == '.') {
1047 if (dot) {
1048 /* malformed */
1049 return false;
1050 }
1051 dot = true;
1052 continue;
1053 }
1054 } else {
1055 if (tldap_is_adh(s[i])) {
1056 continue;
1057 }
1058 }
1059
1060 if (s[i] == ';') {
1061 if (no_tagopts) {
1062 /* no tagging options */
1063 return false;
1064 }
1065 if (dot) {
1066 /* malformed */
1067 return false;
1068 }
1069 if ((i + 1) == len) {
1070 /* malformed */
1071 return false;
1072 }
1073
1074 is_oid = false;
1075 continue;
1076 }
1077 }
1078
1079 if (dot) {
1080 /* malformed */
1081 return false;
1082 }
1083
1084 return true;
1085 }
1086
1087 /* this function copies the value until the closing parenthesis is found. */
1088 static char *tldap_get_val(TALLOC_CTX *memctx,
1089 const char *value, const char **_s)
1090 {
1091 const char *s = value;
1092
1093 /* find terminator */
1094 while (*s) {
1095 s = strchr(s, ')');
1096 if (s && (*(s - 1) == '\\')) {
1097 continue;
1098 }
1099 break;
1100 }
1101 if (!s || !(*s == ')')) {
1102 /* malformed filter */
1103 return NULL;
1104 }
1105
1106 *_s = s;
1107
1108 return talloc_strndup(memctx, value, s - value);
1109 }
1110
1111 static int tldap_hex2char(const char *x)
1112 {
1113 if (isxdigit(x[0]) && isxdigit(x[1])) {
1114 const char h1 = x[0], h2 = x[1];
1115 int c = 0;
1116
1117 if (h1 >= 'a') c = h1 - (int)'a' + 10;
1118 else if (h1 >= 'A') c = h1 - (int)'A' + 10;
1119 else if (h1 >= '0') c = h1 - (int)'0';
1120 c = c << 4;
1121 if (h2 >= 'a') c += h2 - (int)'a' + 10;
1122 else if (h2 >= 'A') c += h2 - (int)'A' + 10;
1123 else if (h2 >= '0') c += h2 - (int)'0';
1124
1125 return c;
1126 }
1127
1128 return -1;
1129 }
1130
1131 static bool tldap_find_first_star(const char *val, const char **star)
1132 {
1133 const char *s;
1134
1135 for (s = val; *s; s++) {
1136 switch (*s) {
1137 case '\\':
1138 if (isxdigit(s[1]) && isxdigit(s[2])) {
1139 s += 2;
1140 break;
1141 }
1142 /* not hex based escape, check older syntax */
1143 switch (s[1]) {
1144 case '(':
1145 case ')':
1146 case '*':
1147 case '\\':
1148 s++;
1149 break;
1150 default:
1151 /* invalid escape sequence */
1152 return false;
1153 }
1154 break;
1155 case ')':
1156 /* end of val, nothing found */
1157 *star = s;
1158 return true;
1159
1160 case '*':
1161 *star = s;
1162 return true;
1163 }
1164 }
1165
1166 /* string ended without closing parenthesis, filter is malformed */
1167 return false;
1168 }
1169
1170 static bool tldap_unescape_inplace(char *value, size_t *val_len)
1171 {
1172 int c, i, p;
1173
1174 for (i = 0,p = 0; i < *val_len; i++) {
1175
1176 switch (value[i]) {
1177 case '(':
1178 case ')':
1179 case '*':
1180 /* these must be escaped */
1181 return false;
1182
1183 case '\\':
1184 if (!value[i + 1]) {
1185 /* invalid EOL */
1186 return false;
1187 }
1188 i++;
1189
1190 c = tldap_hex2char(&value[i]);
1191 if (c >= 0 && c < 256) {
1192 value[p] = c;
1193 i++;
1194 p++;
1195 break;
1196 }
1197
1198 switch (value[i]) {
1199 case '(':
1200 case ')':
1201 case '*':
1202 case '\\':
1203 value[p] = value[i];
1204 p++;
1205 default:
1206 /* invalid */
1207 return false;
1208 }
1209 break;
1210
1211 default:
1212 value[p] = value[i];
1213 p++;
1214 }
1215 }
1216 value[p] = '\0';
1217 *val_len = p;
1218 return true;
1219 }
1220
1221 static bool tldap_push_filter_basic(struct tldap_context *ld,
1222 struct asn1_data *data,
1223 const char **_s);
1224 static bool tldap_push_filter_substring(struct tldap_context *ld,
1225 struct asn1_data *data,
1226 const char *val,
1227 const char **_s);
1228 static bool tldap_push_filter_int(struct tldap_context *ld,
1229 struct asn1_data *data,
1230 const char **_s)
1231 {
1232 const char *s = *_s;
1233 bool ret;
1234
1235 if (*s != '(') {
1236 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1237 "Incomplete or malformed filter\n");
1238 return false;
1239 }
1240 s++;
1241
1242 /* we are right after a parenthesis,
1243 * find out what op we have at hand */
1244 switch (*s) {
1245 case '&':
1246 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: AND\n");
1247 if (!asn1_push_tag(data, TLDAP_FILTER_AND)) return false;
1248 s++;
1249 break;
1250
1251 case '|':
1252 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: OR\n");
1253 if (!asn1_push_tag(data, TLDAP_FILTER_OR)) return false;
1254 s++;
1255 break;
1256
1257 case '!':
1258 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: NOT\n");
1259 if (!asn1_push_tag(data, TLDAP_FILTER_NOT)) return false;
1260 s++;
1261 ret = tldap_push_filter_int(ld, data, &s);
1262 if (!ret) {
1263 return false;
1264 }
1265 if (!asn1_pop_tag(data)) return false;
1266 goto done;
1267
1268 case '(':
1269 case ')':
1270 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1271 "Invalid parenthesis '%c'\n", *s);
1272 return false;
1273
1274 case '\0':
1275 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1276 "Invalid filter termination\n");
1277 return false;
1278
1279 default:
1280 ret = tldap_push_filter_basic(ld, data, &s);
1281 if (!ret) {
1282 return false;
1283 }
1284 goto done;
1285 }
1286
1287 /* only and/or filters get here.
1288 * go through the list of filters */
1289
1290 if (*s == ')') {
1291 /* RFC 4526: empty and/or */
1292 if (!asn1_pop_tag(data)) return false;
1293 goto done;
1294 }
1295
1296 while (*s) {
1297 ret = tldap_push_filter_int(ld, data, &s);
1298 if (!ret) {
1299 return false;
1300 }
1301
1302 if (*s == ')') {
1303 /* end of list, return */
1304 if (!asn1_pop_tag(data)) return false;
1305 break;
1306 }
1307 }
1308
1309 done:
1310 if (*s != ')') {
1311 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1312 "Incomplete or malformed filter\n");
1313 return false;
1314 }
1315 s++;
1316
1317 if (asn1_has_error(data)) {
1318 return false;
1319 }
1320
1321 *_s = s;
1322 return true;
1323 }
1324
1325
1326 static bool tldap_push_filter_basic(struct tldap_context *ld,
1327 struct asn1_data *data,
1328 const char **_s)
1329 {
1330 TALLOC_CTX *tmpctx = talloc_tos();
1331 const char *s = *_s;
1332 const char *e;
1333 const char *eq;
1334 const char *val;
1335 const char *type;
1336 const char *dn;
1337 const char *rule;
1338 const char *star;
1339 size_t type_len = 0;
1340 char *uval;
1341 size_t uval_len;
1342 bool write_octect = true;
1343 bool ret;
1344
1345 eq = strchr(s, '=');
1346 if (!eq) {
1347 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1348 "Invalid filter, missing equal sign\n");
1349 return false;
1350 }
1351
1352 val = eq + 1;
1353 e = eq - 1;
1354
1355 switch (*e) {
1356 case '<':
1357 if (!asn1_push_tag(data, TLDAP_FILTER_LE)) return false;
1358 break;
1359
1360 case '>':
1361 if (!asn1_push_tag(data, TLDAP_FILTER_GE)) return false;
1362 break;
1363
1364 case '~':
1365 if (!asn1_push_tag(data, TLDAP_FILTER_APX)) return false;
1366 break;
1367
1368 case ':':
1369 if (!asn1_push_tag(data, TLDAP_FILTER_EXT)) return false;
1370 write_octect = false;
1371
1372 type = NULL;
1373 dn = NULL;
1374 rule = NULL;
1375
1376 if (*s == ':') { /* [:dn]:rule:= value */
1377 if (s == e) {
1378 /* malformed filter */
1379 return false;
1380 }
1381 dn = s;
1382 } else { /* type[:dn][:rule]:= value */
1383 type = s;
1384 dn = strchr(s, ':');
1385 type_len = dn - type;
1386 if (dn == e) { /* type:= value */
1387 dn = NULL;
1388 }
1389 }
1390 if (dn) {
1391 dn++;
1392
1393 rule = strchr(dn, ':');
1394 if (rule == NULL) {
1395 return false;
1396 }
1397 if ((rule == dn + 1) || rule + 1 == e) {
1398 /* malformed filter, contains "::" */
1399 return false;
1400 }
1401
1402 if (strncasecmp_m(dn, "dn:", 3) != 0) {
1403 if (rule == e) {
1404 rule = dn;
1405 dn = NULL;
1406 } else {
1407 /* malformed filter. With two
1408 * optionals, the first must be "dn"
1409 */
1410 return false;
1411 }
1412 } else {
1413 if (rule == e) {
1414 rule = NULL;
1415 } else {
1416 rule++;
1417 }
1418 }
1419 }
1420
1421 if (!type && !dn && !rule) {
1422 /* malformed filter, there must be at least one */
1423 return false;
1424 }
1425
1426 /*
1427 MatchingRuleAssertion ::= SEQUENCE {
1428 matchingRule [1] MatchingRuleID OPTIONAL,
1429 type [2] AttributeDescription OPTIONAL,
1430 matchValue [3] AssertionValue,
1431 dnAttributes [4] BOOLEAN DEFAULT FALSE
1432 }
1433 */
1434
1435 /* check and add rule */
1436 if (rule) {
1437 ret = tldap_is_attrdesc(rule, e - rule, true);
1438 if (!ret) {
1439 return false;
1440 }
1441 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) return false;
1442 if (!asn1_write(data, rule, e - rule)) return false;
1443 if (!asn1_pop_tag(data)) return false;
1444 }
1445
1446 /* check and add type */
1447 if (type) {
1448 ret = tldap_is_attrdesc(type, type_len, false);
1449 if (!ret) {
1450 return false;
1451 }
1452 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2))) return false;
1453 if (!asn1_write(data, type, type_len)) return false;
1454 if (!asn1_pop_tag(data)) return false;
1455 }
1456
1457 uval = tldap_get_val(tmpctx, val, _s);
1458 if (!uval) {
1459 return false;
1460 }
1461 uval_len = *_s - val;
1462 ret = tldap_unescape_inplace(uval, &uval_len);
1463 if (!ret) {
1464 return false;
1465 }
1466
1467 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3))) return false;
1468 if (!asn1_write(data, uval, uval_len)) return false;
1469 if (!asn1_pop_tag(data)) return false;
1470
1471 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4))) return false;
1472 if (!asn1_write_uint8(data, dn?1:0)) return false;
1473 if (!asn1_pop_tag(data)) return false;
1474 break;
1475
1476 default:
1477 e = eq;
1478
1479 ret = tldap_is_attrdesc(s, e - s, false);
1480 if (!ret) {
1481 return false;
1482 }
1483
1484 if (strncmp(val, "*)", 2) == 0) {
1485 /* presence */
1486 if (!asn1_push_tag(data, TLDAP_FILTER_PRES)) return false;
1487 if (!asn1_write(data, s, e - s)) return false;
1488 *_s = val + 1;
1489 write_octect = false;
1490 break;
1491 }
1492
1493 ret = tldap_find_first_star(val, &star);
1494 if (!ret) {
1495 return false;
1496 }
1497 if (*star == '*') {
1498 /* substring */
1499 if (!asn1_push_tag(data, TLDAP_FILTER_SUB)) return false;
1500 if (!asn1_write_OctetString(data, s, e - s)) return false;
1501 ret = tldap_push_filter_substring(ld, data, val, &s);
1502 if (!ret) {
1503 return false;
1504 }
1505 *_s = s;
1506 write_octect = false;
1507 break;
1508 }
1509
1510 /* if nothing else, then it is just equality */
1511 if (!asn1_push_tag(data, TLDAP_FILTER_EQ)) return false;
1512 write_octect = true;
1513 break;
1514 }
1515
1516 if (write_octect) {
1517 uval = tldap_get_val(tmpctx, val, _s);
1518 if (!uval) {
1519 return false;
1520 }
1521 uval_len = *_s - val;
1522 ret = tldap_unescape_inplace(uval, &uval_len);
1523 if (!ret) {
1524 return false;
1525 }
1526
1527 if (!asn1_write_OctetString(data, s, e - s)) return false;
1528 if (!asn1_write_OctetString(data, uval, uval_len)) return false;
1529 }
1530
1531 if (asn1_has_error(data)) {
1532 return false;
1533 }
1534 return asn1_pop_tag(data);
1535 }
1536
1537 static bool tldap_push_filter_substring(struct tldap_context *ld,
1538 struct asn1_data *data,
1539 const char *val,
1540 const char **_s)
1541 {
1542 TALLOC_CTX *tmpctx = talloc_tos();
1543 bool initial = true;
1544 const char *star;
1545 char *chunk;
1546 size_t chunk_len;
1547 bool ret;
1548
1549 /*
1550 SubstringFilter ::= SEQUENCE {
1551 type AttributeDescription,
1552 -- at least one must be present
1553 substrings SEQUENCE OF CHOICE {
1554 initial [0] LDAPString,
1555 any [1] LDAPString,
1556 final [2] LDAPString } }
1557 */
1558 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
1559
1560 do {
1561 ret = tldap_find_first_star(val, &star);
1562 if (!ret) {
1563 return false;
1564 }
1565 chunk_len = star - val;
1566
1567 switch (*star) {
1568 case '*':
1569 if (!initial && chunk_len == 0) {
1570 /* found '**', which is illegal */
1571 return false;
1572 }
1573 break;
1574 case ')':
1575 if (initial) {
1576 /* no stars ?? */
1577 return false;
1578 }
1579 /* we are done */
1580 break;
1581 default:
1582 /* ?? */
1583 return false;
1584 }
1585
1586 if (initial && chunk_len == 0) {
1587 val = star + 1;
1588 initial = false;
1589 continue;
1590 }
1591
1592 chunk = talloc_strndup(tmpctx, val, chunk_len);
1593 if (!chunk) {
1594 return false;
1595 }
1596 ret = tldap_unescape_inplace(chunk, &chunk_len);
1597 if (!ret) {
1598 return false;
1599 }
1600 switch (*star) {
1601 case '*':
1602 if (initial) {
1603 if (!asn1_push_tag(data, TLDAP_SUB_INI)) return false;
1604 initial = false;
1605 } else {
1606 if (!asn1_push_tag(data, TLDAP_SUB_ANY)) return false;
1607 }
1608 break;
1609 case ')':
1610 if (!asn1_push_tag(data, TLDAP_SUB_FIN)) return false;
1611 break;
1612 default:
1613 /* ?? */
1614 return false;
1615 }
1616 if (!asn1_write(data, chunk, chunk_len)) return false;
1617 if (!asn1_pop_tag(data)) return false;
1618
1619 val = star + 1;
1620
1621 } while (*star == '*');
1622
1623 *_s = star;
1624
1625 /* end of sequence */
1626 return asn1_pop_tag(data);
1627 }
1628
1629 /* NOTE: although openldap libraries allow for spaces in some places, mosly
1630 * around parenthesis, we do not allow any spaces (except in values of
1631 * course) as I couldn't fine any place in RFC 4512 or RFC 4515 where
1632 * leading or trailing spaces where allowed.
1633 */
1634 static bool tldap_push_filter(struct tldap_context *ld,
1635 struct asn1_data *data,
1636 const char *filter)
1637 {
1638 const char *s = filter;
1639 bool ret;
1640
1641 ret = tldap_push_filter_int(ld, data, &s);
1642 if (ret && *s) {
1643 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1644 "Incomplete or malformed filter\n");
1645 return false;
1646 }
1647 return ret;
1648 }
1649
1650 /*****************************************************************************/
1651
1652 static void tldap_search_done(struct tevent_req *subreq);
1653
1654 struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx,
1655 struct tevent_context *ev,
1656 struct tldap_context *ld,
1657 const char *base, int scope,
1658 const char *filter,
1659 const char **attrs,
1660 int num_attrs,
1661 int attrsonly,
1662 struct tldap_control *sctrls,
1663 int num_sctrls,
1664 struct tldap_control *cctrls,
1665 int num_cctrls,
1666 int timelimit,
1667 int sizelimit,
1668 int deref)
1669 {
1670 struct tevent_req *req, *subreq;
1671 struct tldap_req_state *state;
1672 int i;
1673
1674 req = tldap_req_create(mem_ctx, ld, &state);
1675 if (req == NULL) {
1676 return NULL;
1677 }
1678
1679 if (!asn1_push_tag(state->out, TLDAP_REQ_SEARCH)) goto encoding_error;
1680 if (!asn1_write_OctetString(state->out, base, strlen(base))) goto encoding_error;
1681 if (!asn1_write_enumerated(state->out, scope)) goto encoding_error;
1682 if (!asn1_write_enumerated(state->out, deref)) goto encoding_error;
1683 if (!asn1_write_Integer(state->out, sizelimit)) goto encoding_error;
1684 if (!asn1_write_Integer(state->out, timelimit)) goto encoding_error;
1685 if (!asn1_write_BOOLEAN(state->out, attrsonly)) goto encoding_error;
1686
1687 if (!tldap_push_filter(ld, state->out, filter)) {
1688 goto encoding_error;
1689 }
1690
1691 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto encoding_error;
1692 for (i=0; i<num_attrs; i++) {
1693 if (!asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]))) goto encoding_error;
1694 }
1695 if (!asn1_pop_tag(state->out)) goto encoding_error;
1696 if (!asn1_pop_tag(state->out)) goto encoding_error;
1697
1698 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1699 sctrls, num_sctrls);
1700 if (tevent_req_nomem(subreq, req)) {
1701 return tevent_req_post(req, ev);
1702 }
1703 tevent_req_set_callback(subreq, tldap_search_done, req);
1704 return req;
1705
1706 encoding_error:
1707 tevent_req_error(req, TLDAP_ENCODING_ERROR);
1708 return tevent_req_post(req, ev);
1709 }
1710
1711 static void tldap_search_done(struct tevent_req *subreq)
1712 {
1713 struct tevent_req *req = tevent_req_callback_data(
1714 subreq, struct tevent_req);
1715 struct tldap_req_state *state = tevent_req_data(
1716 req, struct tldap_req_state);
1717 int err;
1718
1719 err = tldap_msg_recv(subreq, state, &state->result);
1720 if (err != TLDAP_SUCCESS) {
1721 tevent_req_error(req, err);
1722 return;
1723 }
1724 switch (state->result->type) {
1725 case TLDAP_RES_SEARCH_ENTRY:
1726 case TLDAP_RES_SEARCH_REFERENCE:
1727 if (!tldap_msg_set_pending(subreq)) {
1728 tevent_req_oom(req);
1729 return;
1730 }
1731 tevent_req_notify_callback(req);
1732 break;
1733 case TLDAP_RES_SEARCH_RESULT:
1734 TALLOC_FREE(subreq);
1735 if (!asn1_start_tag(state->result->data,
1736 state->result->type) ||
1737 !tldap_decode_response(state) ||
1738 !asn1_end_tag(state->result->data) ||
1739 !tldap_decode_controls(state)) {
1740 tevent_req_error(req, TLDAP_DECODING_ERROR);
1741 return;
1742 }
1743 tevent_req_done(req);
1744 break;
1745 default:
1746 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
1747 return;
1748 }
1749 }
1750
1751 int tldap_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1752 struct tldap_message **pmsg)
1753 {
1754 struct tldap_req_state *state = tevent_req_data(
1755 req, struct tldap_req_state);
1756 int err;
1757
1758 if (!tevent_req_is_in_progress(req)
1759 && tevent_req_is_ldap_error(req, &err)) {
1760 return err;
1761 }
1762
1763 if (tevent_req_is_in_progress(req)) {
1764 switch (state->result->type) {
1765 case TLDAP_RES_SEARCH_ENTRY:
1766 case TLDAP_RES_SEARCH_REFERENCE:
1767 break;
1768 default:
1769 return TLDAP_OPERATIONS_ERROR;
1770 }
1771 }
1772
1773 *pmsg = talloc_move(mem_ctx, &state->result);
1774 return TLDAP_SUCCESS;
1775 }
1776
1777 struct tldap_sync_search_state {
1778 TALLOC_CTX *mem_ctx;
1779 struct tldap_message **entries;
1780 struct tldap_message **refs;
1781 int rc;
1782 };
1783
1784 static void tldap_search_cb(struct tevent_req *req)
1785 {
1786 struct tldap_sync_search_state *state =
1787 (struct tldap_sync_search_state *)
1788 tevent_req_callback_data_void(req);
1789 struct tldap_message *msg, **tmp;
1790 int rc, num_entries, num_refs;
1791
1792 rc = tldap_search_recv(req, talloc_tos(), &msg);
1793 if (rc != TLDAP_SUCCESS) {
1794 state->rc = rc;
1795 return;
1796 }
1797
1798 switch (tldap_msg_type(msg)) {
1799 case TLDAP_RES_SEARCH_ENTRY:
1800 num_entries = talloc_array_length(state->entries);
1801 tmp = talloc_realloc(state->mem_ctx, state->entries,
1802 struct tldap_message *, num_entries + 1);
1803 if (tmp == NULL) {
1804 state->rc = TLDAP_NO_MEMORY;
1805 return;
1806 }
1807 state->entries = tmp;
1808 state->entries[num_entries] = talloc_move(state->entries,
1809 &msg);
1810 break;
1811 case TLDAP_RES_SEARCH_REFERENCE:
1812 num_refs = talloc_array_length(state->refs);
1813 tmp = talloc_realloc(state->mem_ctx, state->refs,
1814 struct tldap_message *, num_refs + 1);
1815 if (tmp == NULL) {
1816 state->rc = TLDAP_NO_MEMORY;
1817 return;
1818 }
1819 state->refs = tmp;
1820 state->refs[num_refs] = talloc_move(state->refs, &msg);
1821 break;
1822 case TLDAP_RES_SEARCH_RESULT:
1823 state->rc = TLDAP_SUCCESS;
1824 break;
1825 default:
1826 state->rc = TLDAP_PROTOCOL_ERROR;
1827 break;
1828 }
1829 }
1830
1831 int tldap_search(struct tldap_context *ld,
1832 const char *base, int scope, const char *filter,
1833 const char **attrs, int num_attrs, int attrsonly,
1834 struct tldap_control *sctrls, int num_sctrls,
1835 struct tldap_control *cctrls, int num_cctrls,
1836 int timelimit, int sizelimit, int deref,
1837 TALLOC_CTX *mem_ctx, struct tldap_message ***entries,
1838 struct tldap_message ***refs)
1839 {
1840 TALLOC_CTX *frame = talloc_stackframe();
1841 struct tevent_context *ev;
1842 struct tevent_req *req;
1843 struct tldap_sync_search_state state = {
1844 .mem_ctx = mem_ctx, .rc = TLDAP_SUCCESS
1845 };
1846
1847 ev = samba_tevent_context_init(frame);
1848 if (ev == NULL) {
1849 state.rc = TLDAP_NO_MEMORY;
1850 goto fail;
1851 }
1852
1853 req = tldap_search_send(frame, ev, ld, base, scope, filter,
1854 attrs, num_attrs, attrsonly,
1855 sctrls, num_sctrls, cctrls, num_cctrls,
1856 timelimit, sizelimit, deref);
1857 if (req == NULL) {
1858 state.rc = TLDAP_NO_MEMORY;
1859 goto fail;
1860 }
1861
1862 tevent_req_set_callback(req, tldap_search_cb, &state);
1863
1864 if (!tevent_req_is_in_progress(req)) {
1865 /* an error happend before sending */
1866 if (tevent_req_is_ldap_error(req, &state.rc)) {
1867 goto fail;
1868 }
1869 }
1870
1871 while (tevent_req_is_in_progress(req)
1872 && (state.rc == TLDAP_SUCCESS)) {
1873 if (tevent_loop_once(ev) == -1) {
1874 return TLDAP_OPERATIONS_ERROR;
1875 }
1876 }
1877
1878 if (state.rc != TLDAP_SUCCESS) {
1879 return state.rc;
1880 }
1881
1882 if (entries != NULL) {
1883 *entries = state.entries;
1884 } else {
1885 TALLOC_FREE(state.entries);
1886 }
1887 if (refs != NULL) {
1888 *refs = state.refs;
1889 } else {
1890 TALLOC_FREE(state.refs);
1891 }
1892 tldap_save_msg(ld, req);
1893 fail:
1894 TALLOC_FREE(frame);
1895 return state.rc;
1896 }
1897
1898 static bool tldap_parse_search_entry(struct tldap_message *msg)
1899 {
1900 int num_attribs = 0;
1901
1902 if (!asn1_start_tag(msg->data, msg->type)) return false;
1903
1904 /* dn */
1905
1906 if (!asn1_read_OctetString_talloc(msg, msg->data, &msg->dn)) return false;
1907
1908 if (msg->dn == NULL) {
1909 return false;
1910 }
1911
1912 /*
1913 * Attributes: We overallocate msg->attribs by one, so that while
1914 * looping over the attributes we can directly parse into the last
1915 * array element. Same for the values in the inner loop.
1916 */
1917
1918 msg->attribs = talloc_array(msg, struct tldap_attribute, 1);
1919 if (msg->attribs == NULL) {
1920 return false;
1921 }
1922
1923 if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
1924 while (asn1_peek_tag(msg->data, ASN1_SEQUENCE(0))) {
1925 struct tldap_attribute *attrib;
1926 int num_values = 0;
1927
1928 attrib = &msg->attribs[num_attribs];
1929 attrib->values = talloc_array(msg->attribs, DATA_BLOB, 1);
1930 if (attrib->values == NULL) {
1931 return false;
1932 }
1933 if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
1934 if (!asn1_read_OctetString_talloc(msg->attribs, msg->data,
1935 &attrib->name)) return false;
1936 if (!asn1_start_tag(msg->data, ASN1_SET)) return false;
1937
1938 while (asn1_peek_tag(msg->data, ASN1_OCTET_STRING)) {
1939 if (!asn1_read_OctetString(msg->data, msg,
1940 &attrib->values[num_values])) return false;
1941
1942 attrib->values = talloc_realloc(
1943 msg->attribs, attrib->values, DATA_BLOB,
1944 num_values + 2);
1945 if (attrib->values == NULL) {
1946 return false;
1947 }
1948 num_values += 1;
1949 }
1950 attrib->values = talloc_realloc(msg->attribs, attrib->values,
1951 DATA_BLOB, num_values);
1952 attrib->num_values = num_values;
1953
1954 if (!asn1_end_tag(msg->data)) return false; /* ASN1_SET */
1955 if (!asn1_end_tag(msg->data)) return false; /* ASN1_SEQUENCE(0) */
1956 msg->attribs = talloc_realloc(
1957 msg, msg->attribs, struct tldap_attribute,
1958 num_attribs + 2);
1959 if (msg->attribs == NULL) {
1960 return false;
1961 }
1962 num_attribs += 1;
1963 }
1964 msg->attribs = talloc_realloc(
1965 msg, msg->attribs, struct tldap_attribute, num_attribs);
1966 return asn1_end_tag(msg->data);
1967 }
1968
1969 bool tldap_entry_dn(struct tldap_message *msg, char **dn)
1970 {
1971 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1972 return false;
1973 }
1974 *dn = msg->dn;
1975 return true;
1976 }
1977
1978 bool tldap_entry_attributes(struct tldap_message *msg,
1979 struct tldap_attribute **attributes,
1980 int *num_attributes)
1981 {
1982 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1983 return false;
1984 }
1985 *attributes = msg->attribs;
1986 *num_attributes = talloc_array_length(msg->attribs);
1987 return true;
1988 }
1989
1990 static bool tldap_decode_controls(struct tldap_req_state *state)
1991 {
1992 struct tldap_message *msg = state->result;
1993 struct asn1_data *data = msg->data;
1994 struct tldap_control *sctrls = NULL;
1995 int num_controls = 0;
1996 bool ret = false;
1997
1998 msg->res_sctrls = NULL;
1999
2000 if (!asn1_peek_tag(data, ASN1_CONTEXT(0))) {
2001 return true;
2002 }
2003
2004 if (!asn1_start_tag(data, ASN1_CONTEXT(0))) goto out;
2005
2006 while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
2007 struct tldap_control *c;
2008 char *oid = NULL;
2009
2010 sctrls = talloc_realloc(msg, sctrls, struct tldap_control,
2011 num_controls + 1);
2012 if (sctrls == NULL) {
2013 goto out;
2014 }
2015 c = &sctrls[num_controls];
2016
2017 if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto out;
2018 if (!asn1_read_OctetString_talloc(msg, data, &oid)) goto out;
2019 if (asn1_has_error(data) || (oid == NULL)) {
2020 goto out;
2021 }
2022 c->oid = oid;
2023 if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
2024 if (!asn1_read_BOOLEAN(data, &c->critical)) goto out;
2025 } else {
2026 c->critical = false;
2027 }
2028 c->value = data_blob_null;
2029 if (asn1_peek_tag(data, ASN1_OCTET_STRING) &&
2030 !asn1_read_OctetString(data, msg, &c->value)) {
2031 goto out;
2032 }
2033 if (!asn1_end_tag(data)) goto out; /* ASN1_SEQUENCE(0) */
2034
2035 num_controls += 1;
2036 }
2037
2038 if (!asn1_end_tag(data)) goto out; /* ASN1_CONTEXT(0) */
2039
2040 ret = true;
2041
2042 out:
2043
2044 if (ret == false) {
2045 TALLOC_FREE(sctrls);
2046 } else {
2047 msg->res_sctrls = sctrls;
2048 }
2049 return ret;
2050 }
2051
2052 static void tldap_simple_done(struct tevent_req *subreq, int type)
2053 {
2054 struct tevent_req *req = tevent_req_callback_data(
2055 subreq, struct tevent_req);
2056 struct tldap_req_state *state = tevent_req_data(
2057 req, struct tldap_req_state);
2058 int err;
2059
2060 err = tldap_msg_recv(subreq, state, &state->result);
2061 TALLOC_FREE(subreq);
2062 if (err != TLDAP_SUCCESS) {
2063 tevent_req_error(req, err);
2064 return;
2065 }
2066 if (state->result->type != type) {
2067 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
2068 return;
2069 }
2070 if (!asn1_start_tag(state->result->data, state->result->type) ||
2071 !tldap_decode_response(state) ||
2072 !asn1_end_tag(state->result->data) ||
2073 !tldap_decode_controls(state)) {
2074 tevent_req_error(req, TLDAP_DECODING_ERROR);
2075 return;
2076 }
2077 if (state->result->lderr != TLDAP_SUCCESS) {
2078 tevent_req_error(req, state->result->lderr);
2079 return;
2080 }
2081 tevent_req_done(req);
2082 }
2083
2084 static int tldap_simple_recv(struct tevent_req *req)
2085 {
2086 int err;
2087 if (tevent_req_is_ldap_error(req, &err)) {
2088 return err;
2089 }
2090 return TLDAP_SUCCESS;
2091 }
2092
2093 static void tldap_add_done(struct tevent_req *subreq);
2094
2095 struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx,
2096 struct tevent_context *ev,
2097 struct tldap_context *ld,
2098 const char *dn,
2099 struct tldap_mod *attributes,
2100 int num_attributes,
2101 struct tldap_control *sctrls,
2102 int num_sctrls,
2103 struct tldap_control *cctrls,
2104 int num_cctrls)
2105 {
2106 struct tevent_req *req, *subreq;
2107 struct tldap_req_state *state;
2108 int i, j;
2109
2110 req = tldap_req_create(mem_ctx, ld, &state);
2111 if (req == NULL) {
2112 return NULL;
2113 }
2114
2115 if (!asn1_push_tag(state->out, TLDAP_REQ_ADD)) goto err;
2116 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
2117 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2118
2119 for (i=0; i<num_attributes; i++) {
2120 struct tldap_mod *attrib = &attributes[i];
2121 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2122 if (!asn1_write_OctetString(state->out, attrib->attribute,
2123 strlen(attrib->attribute))) goto err;
2124 if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
2125 for (j=0; j<attrib->num_values; j++) {
2126 if (!asn1_write_OctetString(state->out,
2127 attrib->values[j].data,
2128 attrib->values[j].length)) goto err;
2129 }
2130 if (!asn1_pop_tag(state->out)) goto err;
2131 if (!asn1_pop_tag(state->out)) goto err;
2132 }
2133
2134 if (!asn1_pop_tag(state->out)) goto err;
2135 if (!asn1_pop_tag(state->out)) goto err;
2136
2137 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2138 sctrls, num_sctrls);
2139 if (tevent_req_nomem(subreq, req)) {
2140 return tevent_req_post(req, ev);
2141 }
2142 tevent_req_set_callback(subreq, tldap_add_done, req);
2143 return req;
2144
2145 err:
2146
2147 tevent_req_error(req, TLDAP_ENCODING_ERROR);
2148 return tevent_req_post(req, ev);
2149 }
2150
2151 static void tldap_add_done(struct tevent_req *subreq)
2152 {
2153 tldap_simple_done(subreq, TLDAP_RES_ADD);
2154 }
2155
2156 int tldap_add_recv(struct tevent_req *req)
2157 {
2158 return tldap_simple_recv(req);
2159 }
2160
2161 int tldap_add(struct tldap_context *ld, const char *dn,
2162 struct tldap_mod *attributes, int num_attributes,
2163 struct tldap_control *sctrls, int num_sctrls,
2164 struct tldap_control *cctrls, int num_cctrls)
2165 {
2166 TALLOC_CTX *frame = talloc_stackframe();
2167 struct tevent_context *ev;
2168 struct tevent_req *req;
2169 int result;
2170
2171 ev = samba_tevent_context_init(frame);
2172 if (ev == NULL) {
2173 result = TLDAP_NO_MEMORY;
2174 goto fail;
2175 }
2176
2177 req = tldap_add_send(frame, ev, ld, dn, attributes, num_attributes,
2178 sctrls, num_sctrls, cctrls, num_cctrls);
2179 if (req == NULL) {
2180 result = TLDAP_NO_MEMORY;
2181 goto fail;
2182 }
2183
2184 if (!tevent_req_poll(req, ev)) {
2185 result = TLDAP_OPERATIONS_ERROR;
2186 goto fail;
2187 }
2188
2189 result = tldap_add_recv(req);
2190 tldap_save_msg(ld, req);
2191 fail:
2192 TALLOC_FREE(frame);
2193 return result;
2194 }
2195
2196 static void tldap_modify_done(struct tevent_req *subreq);
2197
2198 struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx,
2199 struct tevent_context *ev,
2200 struct tldap_context *ld,
2201 const char *dn,
2202 struct tldap_mod *mods, int num_mods,
2203 struct tldap_control *sctrls,
2204 int num_sctrls,
2205 struct tldap_control *cctrls,
2206 int num_cctrls)
2207 {
2208 struct tevent_req *req, *subreq;
2209 struct tldap_req_state *state;
2210 int i, j;
2211
2212 req = tldap_req_create(mem_ctx, ld, &state);
2213 if (req == NULL) {
2214 return NULL;
2215 }
2216
2217 if (!asn1_push_tag(state->out, TLDAP_REQ_MODIFY)) goto err;
2218 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
2219 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2220
2221 for (i=0; i<num_mods; i++) {
2222 struct tldap_mod *mod = &mods[i];
2223 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2224 if (!asn1_write_enumerated(state->out, mod->mod_op)) goto err;
2225 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2226 if (!asn1_write_OctetString(state->out, mod->attribute,
2227 strlen(mod->attribute))) goto err;
2228 if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
2229 for (j=0; j<mod->num_values; j++) {
2230 if (!asn1_write_OctetString(state->out,
2231 mod->values[j].data,
2232 mod->values[j].length)) goto err;
2233 }
2234 if (!asn1_pop_tag(state->out)) goto err;
2235 if (!asn1_pop_tag(state->out)) goto err;
2236 if (!asn1_pop_tag(state->out)) goto err;
2237 }
2238
2239 if (!asn1_pop_tag(state->out)) goto err;
2240 if (!asn1_pop_tag(state->out)) goto err;
2241
2242 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2243 sctrls, num_sctrls);
2244 if (tevent_req_nomem(subreq, req)) {
2245 return tevent_req_post(req, ev);
2246 }
2247 tevent_req_set_callback(subreq, tldap_modify_done, req);
2248 return req;
2249
2250 err:
2251
2252 tevent_req_error(req, TLDAP_ENCODING_ERROR);
2253 return tevent_req_post(req, ev);
2254 }
2255
2256 static void tldap_modify_done(struct tevent_req *subreq)
2257 {
2258 tldap_simple_done(subreq, TLDAP_RES_MODIFY);
2259 }
2260
2261 int tldap_modify_recv(struct tevent_req *req)
2262 {
2263 return tldap_simple_recv(req);
2264 }
2265
2266 int tldap_modify(struct tldap_context *ld, const char *dn,
2267 struct tldap_mod *mods, int num_mods,
2268 struct tldap_control *sctrls, int num_sctrls,
2269 struct tldap_control *cctrls, int num_cctrls)
2270 {
2271 TALLOC_CTX *frame = talloc_stackframe();
2272 struct tevent_context *ev;
2273 struct tevent_req *req;
2274 int result;
2275
2276 ev = samba_tevent_context_init(frame);
2277 if (ev == NULL) {
2278 result = TLDAP_NO_MEMORY;
2279 goto fail;
2280 }
2281
2282 req = tldap_modify_send(frame, ev, ld, dn, mods, num_mods,
2283 sctrls, num_sctrls, cctrls, num_cctrls);
2284 if (req == NULL) {
2285 result = TLDAP_NO_MEMORY;
2286 goto fail;
2287 }
2288
2289 if (!tevent_req_poll(req, ev)) {
2290 result = TLDAP_OPERATIONS_ERROR;
2291 goto fail;
2292 }
2293
2294 result = tldap_modify_recv(req);
2295 tldap_save_msg(ld, req);
2296 fail:
2297 TALLOC_FREE(frame);
2298 return result;
2299 }
2300
2301 static void tldap_delete_done(struct tevent_req *subreq);
2302
2303 struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx,
2304 struct tevent_context *ev,
2305 struct tldap_context *ld,
2306 const char *dn,
2307 struct tldap_control *sctrls,
2308 int num_sctrls,
2309 struct tldap_control *cctrls,
2310 int num_cctrls)
2311 {
2312 struct tevent_req *req, *subreq;
2313 struct tldap_req_state *state;
2314
2315 req = tldap_req_create(mem_ctx, ld, &state);
2316 if (req == NULL) {
2317 return NULL;
2318 }
2319
2320 if (!asn1_push_tag(state->out, TLDAP_REQ_DELETE)) goto err;
2321 if (!asn1_write(state->out, dn, strlen(dn))) goto err;
2322 if (!asn1_pop_tag(state->out)) goto err;
2323
2324 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2325 sctrls, num_sctrls);
2326 if (tevent_req_nomem(subreq, req)) {
2327 return tevent_req_post(req, ev);
2328 }
2329 tevent_req_set_callback(subreq, tldap_delete_done, req);
2330 return req;
2331
2332 err:
2333
2334 tevent_req_error(req, TLDAP_ENCODING_ERROR);
2335 return tevent_req_post(req, ev);
2336 }
2337
2338 static void tldap_delete_done(struct tevent_req *subreq)
2339 {
2340 tldap_simple_done(subreq, TLDAP_RES_DELETE);
2341 }
2342
2343 int tldap_delete_recv(struct tevent_req *req)
2344 {
2345 return tldap_simple_recv(req);
2346 }
2347
2348 int tldap_delete(struct tldap_context *ld, const char *dn,
2349 struct tldap_control *sctrls, int num_sctrls,
2350 struct tldap_control *cctrls, int num_cctrls)
2351 {
2352 TALLOC_CTX *frame = talloc_stackframe();
2353 struct tevent_context *ev;
2354 struct tevent_req *req;
2355 int result;
2356
2357 ev = samba_tevent_context_init(frame);
2358 if (ev == NULL) {
2359 result = TLDAP_NO_MEMORY;
2360 goto fail;
2361 }
2362
2363 req = tldap_delete_send(frame, ev, ld, dn, sctrls, num_sctrls,
2364 cctrls, num_cctrls);
2365 if (req == NULL) {
2366 result = TLDAP_NO_MEMORY;
2367 goto fail;
2368 }
2369
2370 if (!tevent_req_poll(req, ev)) {
2371 result = TLDAP_OPERATIONS_ERROR;
2372 goto fail;
2373 }
2374
2375 result = tldap_delete_recv(req);
2376 tldap_save_msg(ld, req);
2377 fail:
2378 TALLOC_FREE(frame);
2379 return result;
2380 }
2381
2382 int tldap_msg_id(const struct tldap_message *msg)
2383 {
2384 return msg->id;
2385 }
2386
2387 int tldap_msg_type(const struct tldap_message *msg)
2388 {
2389 return msg->type;
2390 }
2391
2392 const char *tldap_msg_matcheddn(struct tldap_message *msg)
2393 {
2394 if (msg == NULL) {
2395 return NULL;
2396 }
2397 return msg->res_matcheddn;
2398 }
2399
2400 const char *tldap_msg_diagnosticmessage(struct tldap_message *msg)
2401 {
2402 if (msg == NULL) {
2403 return NULL;
2404 }
2405 return msg->res_diagnosticmessage;
2406 }
2407
2408 const char *tldap_msg_referral(struct tldap_message *msg)
2409 {
2410 if (msg == NULL) {
2411 return NULL;
2412 }
2413 return msg->res_referral;
2414 }
2415
2416 void tldap_msg_sctrls(struct tldap_message *msg, int *num_sctrls,
2417 struct tldap_control **sctrls)
2418 {
2419 if (msg == NULL) {
2420 *sctrls = NULL;
2421 *num_sctrls = 0;
2422 return;
2423 }
2424 *sctrls = msg->res_sctrls;
2425 *num_sctrls = talloc_array_length(msg->res_sctrls);
2426 }
2427
2428 struct tldap_message *tldap_ctx_lastmsg(struct tldap_context *ld)
2429 {
2430 return ld->last_msg;
2431 }
2432
2433 const char *tldap_err2string(int rc)
2434 {
2435 const char *res = NULL;
2436
2437 /*
2438 * This would normally be a table, but the error codes are not fully
2439 * sequential. Let the compiler figure out the optimum implementation
2440 * :-)
2441 */
2442
2443 switch (rc) {
2444 case TLDAP_SUCCESS:
2445 res = "TLDAP_SUCCESS";
2446 break;
2447 case TLDAP_OPERATIONS_ERROR:
2448 res = "TLDAP_OPERATIONS_ERROR";
2449 break;
2450 case TLDAP_PROTOCOL_ERROR:
2451 res = "TLDAP_PROTOCOL_ERROR";
2452 break;
2453 case TLDAP_TIMELIMIT_EXCEEDED:
2454 res = "TLDAP_TIMELIMIT_EXCEEDED";
2455 break;
2456 case TLDAP_SIZELIMIT_EXCEEDED:
2457 res = "TLDAP_SIZELIMIT_EXCEEDED";
2458 break;
2459 case TLDAP_COMPARE_FALSE:
2460 res = "TLDAP_COMPARE_FALSE";
2461 break;
2462 case TLDAP_COMPARE_TRUE:
2463 res = "TLDAP_COMPARE_TRUE";
2464 break;
2465 case TLDAP_STRONG_AUTH_NOT_SUPPORTED:
2466 res = "TLDAP_STRONG_AUTH_NOT_SUPPORTED";
2467 break;
2468 case TLDAP_STRONG_AUTH_REQUIRED:
2469 res = "TLDAP_STRONG_AUTH_REQUIRED";
2470 break;
2471 case TLDAP_REFERRAL:
2472 res = "TLDAP_REFERRAL";
2473 break;
2474 case TLDAP_ADMINLIMIT_EXCEEDED:
2475 res = "TLDAP_ADMINLIMIT_EXCEEDED";
2476 break;
2477 case TLDAP_UNAVAILABLE_CRITICAL_EXTENSION:
2478 res = "TLDAP_UNAVAILABLE_CRITICAL_EXTENSION";
2479 break;
2480 case TLDAP_CONFIDENTIALITY_REQUIRED:
2481 res = "TLDAP_CONFIDENTIALITY_REQUIRED";
2482 break;
2483 case TLDAP_SASL_BIND_IN_PROGRESS:
2484 res = "TLDAP_SASL_BIND_IN_PROGRESS";
2485 break;
2486 case TLDAP_NO_SUCH_ATTRIBUTE:
2487 res = "TLDAP_NO_SUCH_ATTRIBUTE";
2488 break;
2489 case TLDAP_UNDEFINED_TYPE:
2490 res = "TLDAP_UNDEFINED_TYPE";
2491 break;
2492 case TLDAP_INAPPROPRIATE_MATCHING:
2493 res = "TLDAP_INAPPROPRIATE_MATCHING";
2494 break;
2495 case TLDAP_CONSTRAINT_VIOLATION:
2496 res = "TLDAP_CONSTRAINT_VIOLATION";
2497 break;
2498 case TLDAP_TYPE_OR_VALUE_EXISTS:
2499 res = "TLDAP_TYPE_OR_VALUE_EXISTS";
2500 break;
2501 case TLDAP_INVALID_SYNTAX:
2502 res = "TLDAP_INVALID_SYNTAX";
2503 break;
2504 case TLDAP_NO_SUCH_OBJECT:
2505 res = "TLDAP_NO_SUCH_OBJECT";
2506 break;
2507 case TLDAP_ALIAS_PROBLEM:
2508 res = "TLDAP_ALIAS_PROBLEM";
2509 break;
2510 case TLDAP_INVALID_DN_SYNTAX:
2511 res = "TLDAP_INVALID_DN_SYNTAX";
2512 break;
2513 case TLDAP_IS_LEAF:
2514 res = "TLDAP_IS_LEAF";
2515 break;
2516 case TLDAP_ALIAS_DEREF_PROBLEM:
2517 res = "TLDAP_ALIAS_DEREF_PROBLEM";
2518 break;
2519 case TLDAP_INAPPROPRIATE_AUTH:
2520 res = "TLDAP_INAPPROPRIATE_AUTH";
2521 break;
2522 case TLDAP_INVALID_CREDENTIALS:
2523 res = "TLDAP_INVALID_CREDENTIALS";
2524 break;
2525 case TLDAP_INSUFFICIENT_ACCESS:
2526 res = "TLDAP_INSUFFICIENT_ACCESS";
2527 break;
2528 case TLDAP_BUSY:
2529 res = "TLDAP_BUSY";
2530 break;
2531 case TLDAP_UNAVAILABLE:
2532 res = "TLDAP_UNAVAILABLE";
2533 break;
2534 case TLDAP_UNWILLING_TO_PERFORM:
2535 res = "TLDAP_UNWILLING_TO_PERFORM";
2536 break;
2537 case TLDAP_LOOP_DETECT:
2538 res = "TLDAP_LOOP_DETECT";
2539 break;
2540 case TLDAP_NAMING_VIOLATION:
2541 res = "TLDAP_NAMING_VIOLATION";
2542 break;
2543 case TLDAP_OBJECT_CLASS_VIOLATION:
2544 res = "TLDAP_OBJECT_CLASS_VIOLATION";
2545 break;
2546 case TLDAP_NOT_ALLOWED_ON_NONLEAF:
2547 res = "TLDAP_NOT_ALLOWED_ON_NONLEAF";
2548 break;
2549 case TLDAP_NOT_ALLOWED_ON_RDN:
2550 res = "TLDAP_NOT_ALLOWED_ON_RDN";
2551 break;
2552 case TLDAP_ALREADY_EXISTS:
2553 res = "TLDAP_ALREADY_EXISTS";
2554 break;
2555 case TLDAP_NO_OBJECT_CLASS_MODS:
2556 res = "TLDAP_NO_OBJECT_CLASS_MODS";
2557 break;
2558 case TLDAP_RESULTS_TOO_LARGE:
2559 res = "TLDAP_RESULTS_TOO_LARGE";
2560 break;
2561 case TLDAP_AFFECTS_MULTIPLE_DSAS:
2562 res = "TLDAP_AFFECTS_MULTIPLE_DSAS";
2563 break;
2564 case TLDAP_OTHER:
2565 res = "TLDAP_OTHER";
2566 break;
2567 case TLDAP_SERVER_DOWN:
2568 res = "TLDAP_SERVER_DOWN";
2569 break;
2570 case TLDAP_LOCAL_ERROR:
2571 res = "TLDAP_LOCAL_ERROR";
2572 break;
2573 case TLDAP_ENCODING_ERROR:
2574 res = "TLDAP_ENCODING_ERROR";
2575 break;
2576 case TLDAP_DECODING_ERROR:
2577 res = "TLDAP_DECODING_ERROR";
2578 break;
2579 case TLDAP_TIMEOUT:
2580 res = "TLDAP_TIMEOUT";
2581 break;
2582 case TLDAP_AUTH_UNKNOWN:
2583 res = "TLDAP_AUTH_UNKNOWN";
2584 break;
2585 case TLDAP_FILTER_ERROR:
2586 res = "TLDAP_FILTER_ERROR";
2587 break;
2588 case TLDAP_USER_CANCELLED:
2589 res = "TLDAP_USER_CANCELLED";
2590 break;
2591 case TLDAP_PARAM_ERROR:
2592 res = "TLDAP_PARAM_ERROR";
2593 break;
2594 case TLDAP_NO_MEMORY:
2595 res = "TLDAP_NO_MEMORY";
2596 break;
2597 case TLDAP_CONNECT_ERROR:
2598 res = "TLDAP_CONNECT_ERROR";
2599 break;
2600 case TLDAP_NOT_SUPPORTED:
2601 res = "TLDAP_NOT_SUPPORTED";
2602 break;
2603 case TLDAP_CONTROL_NOT_FOUND:
2604 res = "TLDAP_CONTROL_NOT_FOUND";
2605 break;
2606 case TLDAP_NO_RESULTS_RETURNED:
2607 res = "TLDAP_NO_RESULTS_RETURNED";
2608 break;
2609 case TLDAP_MORE_RESULTS_TO_RETURN:
2610 res = "TLDAP_MORE_RESULTS_TO_RETURN";
2611 break;
2612 case TLDAP_CLIENT_LOOP:
2613 res = "TLDAP_CLIENT_LOOP";
2614 break;
2615 case TLDAP_REFERRAL_LIMIT_EXCEEDED:
2616 res = "TLDAP_REFERRAL_LIMIT_EXCEEDED";
2617 break;
2618 default:
2619 res = talloc_asprintf(talloc_tos(), "Unknown LDAP Error (%d)",
2620 rc);
2621 break;
2622 }
2623 if (res == NULL) {
2624 res = "Unknown LDAP Error";
2625 }
2626 return res;
2627 }
Samba GIT mirror