2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Stefan Metzmacher 2009
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 see RFC1798 for details of CLDAP
27 - carried over UDP on port 389
28 - request and response matched by message ID
29 - request consists of only a single searchRequest element
30 - response can be in one of two forms
31 - a single searchResponse, followed by a searchResult
32 - a single searchResult
37 #include "../lib/util/dlinklist.h"
38 #include "../libcli/ldap/ldap_message.h"
39 #include "../libcli/ldap/ldap_ndr.h"
40 #include "../libcli/cldap/cldap.h"
41 #include "../lib/tsocket/tsocket.h"
42 #include "../libcli/security/dom_sid.h"
43 #include "../librpc/gen_ndr/ndr_nbt.h"
44 #include "../lib/util/asn1.h"
45 #include "../lib/util/tevent_ntstatus.h"
50 context structure for operations on cldap packets
53 /* the low level socket */
54 struct tdgram_context
*sock
;
57 * Are we in connected mode, which means
58 * we get ICMP errors back instead of timing
59 * out requests. And we can only send requests
60 * to the connected peer.
64 /* the queue for outgoing dgrams */
65 struct tevent_queue
*send_queue
;
67 /* do we have an async tsocket_recvfrom request pending */
68 struct tevent_req
*recv_subreq
;
71 /* a queue of pending search requests */
72 struct cldap_search_state
*list
;
74 /* mapping from message_id to pending request */
75 struct idr_context
*idr
;
78 /* what to do with incoming request packets */
80 struct tevent_context
*ev
;
81 void (*handler
)(struct cldap_socket
*,
83 struct cldap_incoming
*);
88 struct cldap_search_state
{
89 struct cldap_search_state
*prev
, *next
;
92 struct tevent_context
*ev
;
93 struct cldap_socket
*cldap
;
102 struct tsocket_address
*dest
;
107 struct cldap_incoming
*in
;
108 struct asn1_data
*asn1
;
111 struct tevent_req
*req
;
114 static int cldap_socket_destructor(struct cldap_socket
*c
)
116 while (c
->searches
.list
) {
117 struct cldap_search_state
*s
= c
->searches
.list
;
118 DLIST_REMOVE(c
->searches
.list
, s
);
119 ZERO_STRUCT(s
->caller
);
122 talloc_free(c
->recv_subreq
);
123 talloc_free(c
->send_queue
);
124 talloc_free(c
->sock
);
128 static void cldap_recvfrom_done(struct tevent_req
*subreq
);
130 static bool cldap_recvfrom_setup(struct cldap_socket
*c
)
132 struct tevent_context
*ev
;
134 if (c
->recv_subreq
) {
138 if (!c
->searches
.list
&& !c
->incoming
.handler
) {
144 /* this shouldn't happen but should be protected against */
145 if (c
->searches
.list
== NULL
) {
148 ev
= c
->searches
.list
->caller
.ev
;
151 c
->recv_subreq
= tdgram_recvfrom_send(c
, ev
, c
->sock
);
152 if (!c
->recv_subreq
) {
155 tevent_req_set_callback(c
->recv_subreq
, cldap_recvfrom_done
, c
);
160 static void cldap_recvfrom_stop(struct cldap_socket
*c
)
162 if (!c
->recv_subreq
) {
166 if (c
->searches
.list
|| c
->incoming
.handler
) {
170 talloc_free(c
->recv_subreq
);
171 c
->recv_subreq
= NULL
;
174 static bool cldap_socket_recv_dgram(struct cldap_socket
*c
,
175 struct cldap_incoming
*in
);
177 static void cldap_recvfrom_done(struct tevent_req
*subreq
)
179 struct cldap_socket
*c
= tevent_req_callback_data(subreq
,
180 struct cldap_socket
);
181 struct cldap_incoming
*in
= NULL
;
185 c
->recv_subreq
= NULL
;
187 in
= talloc_zero(c
, struct cldap_incoming
);
192 ret
= tdgram_recvfrom_recv(subreq
,
202 if (ret
== -1 && in
->recv_errno
== 0) {
203 in
->recv_errno
= EIO
;
206 /* this function should free or steal 'in' */
207 setup_done
= cldap_socket_recv_dgram(c
, in
);
210 if (!setup_done
&& !cldap_recvfrom_setup(c
)) {
222 handle recv events on a cldap socket
224 static bool cldap_socket_recv_dgram(struct cldap_socket
*c
,
225 struct cldap_incoming
*in
)
227 struct asn1_data
*asn1
;
229 struct cldap_search_state
*search
;
232 if (in
->recv_errno
!= 0) {
236 asn1
= asn1_init(in
);
241 asn1_load_nocopy(asn1
, in
->buf
, in
->len
);
243 in
->ldap_msg
= talloc(in
, struct ldap_message
);
244 if (in
->ldap_msg
== NULL
) {
248 /* this initial decode is used to find the message id */
249 status
= ldap_decode(asn1
, NULL
, in
->ldap_msg
);
250 if (!NT_STATUS_IS_OK(status
)) {
254 /* find the pending request */
255 p
= idr_find(c
->searches
.idr
, in
->ldap_msg
->messageid
);
257 if (!c
->incoming
.handler
) {
262 /* this function should free or steal 'in' */
263 c
->incoming
.handler(c
, c
->incoming
.private_data
, in
);
267 search
= talloc_get_type_abort(p
, struct cldap_search_state
);
268 search
->response
.in
= talloc_move(search
, &in
);
270 search
->response
.asn1
= asn1
;
272 asn1_load_nocopy(search
->response
.asn1
,
273 search
->response
.in
->buf
, search
->response
.in
->len
);
275 DLIST_REMOVE(c
->searches
.list
, search
);
277 if (cldap_recvfrom_setup(c
)) {
278 tevent_req_done(search
->req
);
283 * This request was ok, just defer the notify of the caller
284 * and then just fail the next request if needed
286 tevent_req_defer_callback(search
->req
, search
->caller
.ev
);
287 tevent_req_done(search
->req
);
289 status
= NT_STATUS_NO_MEMORY
;
290 /* in is NULL it this point */
293 in
->recv_errno
= ENOMEM
;
295 status
= map_nt_error_from_unix_common(in
->recv_errno
);
298 /* in connected mode the first pending search gets the error */
300 /* otherwise we just ignore the error */
303 if (!c
->searches
.list
) {
307 * We might called tevent_req_done() for a successful
308 * search before, so we better deliver the failure
309 * after the success, that is why we better also
310 * use tevent_req_defer_callback() here.
312 tevent_req_defer_callback(c
->searches
.list
->req
,
313 c
->searches
.list
->caller
.ev
);
314 tevent_req_nterror(c
->searches
.list
->req
, status
);
319 initialise a cldap_sock
321 NTSTATUS
cldap_socket_init(TALLOC_CTX
*mem_ctx
,
322 const struct tsocket_address
*local_addr
,
323 const struct tsocket_address
*remote_addr
,
324 struct cldap_socket
**_cldap
)
326 struct cldap_socket
*c
= NULL
;
327 struct tsocket_address
*any
= NULL
;
330 const char *fam
= NULL
;
332 if (local_addr
== NULL
&& remote_addr
== NULL
) {
333 return NT_STATUS_INVALID_PARAMETER_MIX
;
340 is_ipv4
= tsocket_address_is_inet(remote_addr
, "ipv4");
341 is_ipv6
= tsocket_address_is_inet(remote_addr
, "ipv6");
345 } else if (is_ipv6
) {
348 return NT_STATUS_INVALID_ADDRESS
;
352 c
= talloc_zero(mem_ctx
, struct cldap_socket
);
359 * Here we know the address family of the remote address.
362 return NT_STATUS_INVALID_PARAMETER_MIX
;
365 ret
= tsocket_address_inet_from_strings(c
, fam
,
369 status
= map_nt_error_from_unix_common(errno
);
375 c
->searches
.idr
= idr_init(c
);
376 if (!c
->searches
.idr
) {
380 ret
= tdgram_inet_udp_socket(local_addr
, remote_addr
,
383 status
= map_nt_error_from_unix_common(errno
);
392 c
->send_queue
= tevent_queue_create(c
, "cldap_send_queue");
393 if (!c
->send_queue
) {
397 talloc_set_destructor(c
, cldap_socket_destructor
);
403 status
= NT_STATUS_NO_MEMORY
;
410 setup a handler for incoming requests
412 NTSTATUS
cldap_set_incoming_handler(struct cldap_socket
*c
,
413 struct tevent_context
*ev
,
414 void (*handler
)(struct cldap_socket
*,
416 struct cldap_incoming
*),
420 return NT_STATUS_PIPE_CONNECTED
;
424 c
->incoming
.handler
= handler
;
425 c
->incoming
.private_data
= private_data
;
427 if (!cldap_recvfrom_setup(c
)) {
428 ZERO_STRUCT(c
->incoming
);
429 return NT_STATUS_NO_MEMORY
;
435 struct cldap_reply_state
{
436 struct tsocket_address
*dest
;
440 static void cldap_reply_state_destroy(struct tevent_req
*subreq
);
443 queue a cldap reply for send
445 NTSTATUS
cldap_reply_send(struct cldap_socket
*cldap
, struct cldap_reply
*io
)
447 struct cldap_reply_state
*state
= NULL
;
448 struct ldap_message
*msg
;
449 DATA_BLOB blob1
, blob2
;
451 struct tevent_req
*subreq
;
453 if (cldap
->connected
) {
454 return NT_STATUS_PIPE_CONNECTED
;
457 if (cldap
->incoming
.ev
== NULL
) {
458 return NT_STATUS_INVALID_PIPE_STATE
;
462 return NT_STATUS_INVALID_ADDRESS
;
465 state
= talloc(cldap
, struct cldap_reply_state
);
466 NT_STATUS_HAVE_NO_MEMORY(state
);
468 state
->dest
= tsocket_address_copy(io
->dest
, state
);
473 msg
= talloc(state
, struct ldap_message
);
478 msg
->messageid
= io
->messageid
;
479 msg
->controls
= NULL
;
482 msg
->type
= LDAP_TAG_SearchResultEntry
;
483 msg
->r
.SearchResultEntry
= *io
->response
;
485 if (!ldap_encode(msg
, NULL
, &blob1
, state
)) {
486 status
= NT_STATUS_INVALID_PARAMETER
;
490 blob1
= data_blob(NULL
, 0);
493 msg
->type
= LDAP_TAG_SearchResultDone
;
494 msg
->r
.SearchResultDone
= *io
->result
;
496 if (!ldap_encode(msg
, NULL
, &blob2
, state
)) {
497 status
= NT_STATUS_INVALID_PARAMETER
;
502 state
->blob
= data_blob_talloc(state
, NULL
, blob1
.length
+ blob2
.length
);
503 if (!state
->blob
.data
) {
507 memcpy(state
->blob
.data
, blob1
.data
, blob1
.length
);
508 memcpy(state
->blob
.data
+blob1
.length
, blob2
.data
, blob2
.length
);
509 data_blob_free(&blob1
);
510 data_blob_free(&blob2
);
512 subreq
= tdgram_sendto_queue_send(state
,
522 /* the callback will just free the state, as we don't need a result */
523 tevent_req_set_callback(subreq
, cldap_reply_state_destroy
, state
);
528 status
= NT_STATUS_NO_MEMORY
;
534 static void cldap_reply_state_destroy(struct tevent_req
*subreq
)
536 struct cldap_reply_state
*state
= tevent_req_callback_data(subreq
,
537 struct cldap_reply_state
);
539 /* we don't want to know the result here, we just free the state */
544 static int cldap_search_state_destructor(struct cldap_search_state
*s
)
546 if (s
->caller
.cldap
) {
547 if (s
->message_id
!= -1) {
548 idr_remove(s
->caller
.cldap
->searches
.idr
, s
->message_id
);
551 DLIST_REMOVE(s
->caller
.cldap
->searches
.list
, s
);
552 cldap_recvfrom_stop(s
->caller
.cldap
);
553 ZERO_STRUCT(s
->caller
);
559 static void cldap_search_state_queue_done(struct tevent_req
*subreq
);
560 static void cldap_search_state_wakeup_done(struct tevent_req
*subreq
);
563 queue a cldap reply for send
565 struct tevent_req
*cldap_search_send(TALLOC_CTX
*mem_ctx
,
566 struct tevent_context
*ev
,
567 struct cldap_socket
*cldap
,
568 const struct cldap_search
*io
)
570 struct tevent_req
*req
, *subreq
;
571 struct cldap_search_state
*state
= NULL
;
572 struct ldap_message
*msg
;
573 struct ldap_SearchRequest
*search
;
579 req
= tevent_req_create(mem_ctx
, &state
,
580 struct cldap_search_state
);
584 state
->caller
.ev
= ev
;
586 state
->caller
.cldap
= cldap
;
587 state
->message_id
= -1;
589 talloc_set_destructor(state
, cldap_search_state_destructor
);
591 if (state
->caller
.cldap
== NULL
) {
592 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
596 if (io
->in
.dest_address
) {
597 if (cldap
->connected
) {
598 tevent_req_nterror(req
, NT_STATUS_PIPE_CONNECTED
);
601 ret
= tsocket_address_inet_from_strings(state
,
605 &state
->request
.dest
);
607 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
611 if (!cldap
->connected
) {
612 tevent_req_nterror(req
, NT_STATUS_INVALID_ADDRESS
);
615 state
->request
.dest
= NULL
;
618 state
->message_id
= idr_get_new_random(cldap
->searches
.idr
,
620 if (state
->message_id
== -1) {
621 tevent_req_nterror(req
, NT_STATUS_INSUFFICIENT_RESOURCES
);
625 msg
= talloc(state
, struct ldap_message
);
626 if (tevent_req_nomem(msg
, req
)) {
630 msg
->messageid
= state
->message_id
;
631 msg
->type
= LDAP_TAG_SearchRequest
;
632 msg
->controls
= NULL
;
633 search
= &msg
->r
.SearchRequest
;
636 search
->scope
= LDAP_SEARCH_SCOPE_BASE
;
637 search
->deref
= LDAP_DEREFERENCE_NEVER
;
638 search
->timelimit
= 0;
639 search
->sizelimit
= 0;
640 search
->attributesonly
= false;
641 search
->num_attributes
= str_list_length(io
->in
.attributes
);
642 search
->attributes
= io
->in
.attributes
;
643 search
->tree
= ldb_parse_tree(msg
, io
->in
.filter
);
644 if (tevent_req_nomem(search
->tree
, req
)) {
648 if (!ldap_encode(msg
, NULL
, &state
->request
.blob
, state
)) {
649 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
654 state
->request
.idx
= 0;
655 state
->request
.delay
= 10*1000*1000;
656 state
->request
.count
= 3;
657 if (io
->in
.timeout
> 0) {
658 state
->request
.delay
= io
->in
.timeout
* 1000 * 1000;
659 state
->request
.count
= io
->in
.retries
+ 1;
662 now
= tevent_timeval_current();
664 for (i
= 0; i
< state
->request
.count
; i
++) {
665 end
= tevent_timeval_add(&end
, state
->request
.delay
/ 1000000,
666 state
->request
.delay
% 1000000);
669 if (!tevent_req_set_endtime(req
, state
->caller
.ev
, end
)) {
673 subreq
= tdgram_sendto_queue_send(state
,
675 state
->caller
.cldap
->sock
,
676 state
->caller
.cldap
->send_queue
,
677 state
->request
.blob
.data
,
678 state
->request
.blob
.length
,
679 state
->request
.dest
);
680 if (tevent_req_nomem(subreq
, req
)) {
683 tevent_req_set_callback(subreq
, cldap_search_state_queue_done
, req
);
685 DLIST_ADD_END(cldap
->searches
.list
, state
);
690 return tevent_req_post(req
, state
->caller
.ev
);
693 static void cldap_search_state_queue_done(struct tevent_req
*subreq
)
695 struct tevent_req
*req
= tevent_req_callback_data(subreq
,
697 struct cldap_search_state
*state
= tevent_req_data(req
,
698 struct cldap_search_state
);
703 ret
= tdgram_sendto_queue_recv(subreq
, &sys_errno
);
707 status
= map_nt_error_from_unix_common(sys_errno
);
708 DLIST_REMOVE(state
->caller
.cldap
->searches
.list
, state
);
709 ZERO_STRUCT(state
->caller
.cldap
);
710 tevent_req_nterror(req
, status
);
714 state
->request
.idx
++;
716 /* wait for incoming traffic */
717 if (!cldap_recvfrom_setup(state
->caller
.cldap
)) {
722 if (state
->request
.idx
> state
->request
.count
) {
723 /* we just wait for the response or a timeout */
727 next
= tevent_timeval_current_ofs(state
->request
.delay
/ 1000000,
728 state
->request
.delay
% 1000000);
729 subreq
= tevent_wakeup_send(state
,
732 if (tevent_req_nomem(subreq
, req
)) {
735 tevent_req_set_callback(subreq
, cldap_search_state_wakeup_done
, req
);
738 static void cldap_search_state_wakeup_done(struct tevent_req
*subreq
)
740 struct tevent_req
*req
= tevent_req_callback_data(subreq
,
742 struct cldap_search_state
*state
= tevent_req_data(req
,
743 struct cldap_search_state
);
746 ok
= tevent_wakeup_recv(subreq
);
749 tevent_req_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
753 subreq
= tdgram_sendto_queue_send(state
,
755 state
->caller
.cldap
->sock
,
756 state
->caller
.cldap
->send_queue
,
757 state
->request
.blob
.data
,
758 state
->request
.blob
.length
,
759 state
->request
.dest
);
760 if (tevent_req_nomem(subreq
, req
)) {
763 tevent_req_set_callback(subreq
, cldap_search_state_queue_done
, req
);
767 receive a cldap reply
769 NTSTATUS
cldap_search_recv(struct tevent_req
*req
,
771 struct cldap_search
*io
)
773 struct cldap_search_state
*state
= tevent_req_data(req
,
774 struct cldap_search_state
);
775 struct ldap_message
*ldap_msg
;
778 if (tevent_req_is_nterror(req
, &status
)) {
782 ldap_msg
= talloc(mem_ctx
, struct ldap_message
);
787 status
= ldap_decode(state
->response
.asn1
, NULL
, ldap_msg
);
788 if (!NT_STATUS_IS_OK(status
)) {
792 ZERO_STRUCT(io
->out
);
794 /* the first possible form has a search result in first place */
795 if (ldap_msg
->type
== LDAP_TAG_SearchResultEntry
) {
796 io
->out
.response
= talloc(mem_ctx
, struct ldap_SearchResEntry
);
797 if (!io
->out
.response
) {
800 *io
->out
.response
= ldap_msg
->r
.SearchResultEntry
;
802 /* decode the 2nd part */
803 status
= ldap_decode(state
->response
.asn1
, NULL
, ldap_msg
);
804 if (!NT_STATUS_IS_OK(status
)) {
809 if (ldap_msg
->type
!= LDAP_TAG_SearchResultDone
) {
810 status
= NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR
);
814 io
->out
.result
= talloc(mem_ctx
, struct ldap_Result
);
815 if (!io
->out
.result
) {
818 *io
->out
.result
= ldap_msg
->r
.SearchResultDone
;
820 if (io
->out
.result
->resultcode
!= LDAP_SUCCESS
) {
821 status
= NT_STATUS_LDAP(io
->out
.result
->resultcode
);
825 tevent_req_received(req
);
829 status
= NT_STATUS_NO_MEMORY
;
831 tevent_req_received(req
);
837 synchronous cldap search
839 NTSTATUS
cldap_search(struct cldap_socket
*cldap
,
841 struct cldap_search
*io
)
844 struct tevent_req
*req
;
845 struct tevent_context
*ev
;
848 if (cldap
->searches
.list
) {
849 return NT_STATUS_PIPE_BUSY
;
852 if (cldap
->incoming
.handler
) {
853 return NT_STATUS_INVALID_PIPE_STATE
;
856 frame
= talloc_stackframe();
858 ev
= samba_tevent_context_init(frame
);
861 return NT_STATUS_NO_MEMORY
;
864 req
= cldap_search_send(mem_ctx
, ev
, cldap
, io
);
867 return NT_STATUS_NO_MEMORY
;
870 if (!tevent_req_poll(req
, ev
)) {
871 status
= map_nt_error_from_unix_common(errno
);
876 status
= cldap_search_recv(req
, mem_ctx
, io
);
877 if (!NT_STATUS_IS_OK(status
)) {
886 struct cldap_netlogon_state
{
887 struct cldap_search search
;
890 char *cldap_netlogon_create_filter(TALLOC_CTX
*mem_ctx
,
891 const struct cldap_netlogon
*io
)
895 filter
= talloc_asprintf(mem_ctx
, "(&(NtVer=%s)",
896 ldap_encode_ndr_uint32(mem_ctx
, io
->in
.version
));
901 filter
= talloc_asprintf_append_buffer(filter
, "(User=%s)", io
->in
.user
);
902 if (filter
== NULL
) {
907 filter
= talloc_asprintf_append_buffer(filter
, "(Host=%s)", io
->in
.host
);
908 if (filter
== NULL
) {
913 filter
= talloc_asprintf_append_buffer(filter
, "(DnsDomain=%s)", io
->in
.realm
);
914 if (filter
== NULL
) {
918 if (io
->in
.acct_control
!= -1) {
919 filter
= talloc_asprintf_append_buffer(filter
, "(AAC=%s)",
920 ldap_encode_ndr_uint32(mem_ctx
, io
->in
.acct_control
));
921 if (filter
== NULL
) {
925 if (io
->in
.domain_sid
) {
926 struct dom_sid
*sid
= dom_sid_parse_talloc(mem_ctx
, io
->in
.domain_sid
);
928 filter
= talloc_asprintf_append_buffer(filter
, "(domainSid=%s)",
929 ldap_encode_ndr_dom_sid(mem_ctx
, sid
));
930 if (filter
== NULL
) {
934 if (io
->in
.domain_guid
) {
936 GUID_from_string(io
->in
.domain_guid
, &guid
);
938 filter
= talloc_asprintf_append_buffer(filter
, "(DomainGuid=%s)",
939 ldap_encode_ndr_GUID(mem_ctx
, &guid
));
940 if (filter
== NULL
) {
944 filter
= talloc_asprintf_append_buffer(filter
, ")");
949 static void cldap_netlogon_state_done(struct tevent_req
*subreq
);
951 queue a cldap netlogon for send
953 struct tevent_req
*cldap_netlogon_send(TALLOC_CTX
*mem_ctx
,
954 struct tevent_context
*ev
,
955 struct cldap_socket
*cldap
,
956 const struct cldap_netlogon
*io
)
958 struct tevent_req
*req
, *subreq
;
959 struct cldap_netlogon_state
*state
;
961 static const char * const attr
[] = { "NetLogon", NULL
};
963 req
= tevent_req_create(mem_ctx
, &state
,
964 struct cldap_netlogon_state
);
969 filter
= cldap_netlogon_create_filter(state
, io
);
970 if (tevent_req_nomem(filter
, req
)) {
974 if (io
->in
.dest_address
) {
975 state
->search
.in
.dest_address
= talloc_strdup(state
,
976 io
->in
.dest_address
);
977 if (tevent_req_nomem(state
->search
.in
.dest_address
, req
)) {
980 state
->search
.in
.dest_port
= io
->in
.dest_port
;
982 state
->search
.in
.dest_address
= NULL
;
983 state
->search
.in
.dest_port
= 0;
985 state
->search
.in
.filter
= filter
;
986 state
->search
.in
.attributes
= attr
;
987 state
->search
.in
.timeout
= 2;
988 state
->search
.in
.retries
= 2;
990 subreq
= cldap_search_send(state
, ev
, cldap
, &state
->search
);
991 if (tevent_req_nomem(subreq
, req
)) {
994 tevent_req_set_callback(subreq
, cldap_netlogon_state_done
, req
);
998 return tevent_req_post(req
, ev
);
1001 static void cldap_netlogon_state_done(struct tevent_req
*subreq
)
1003 struct tevent_req
*req
= tevent_req_callback_data(subreq
,
1005 struct cldap_netlogon_state
*state
= tevent_req_data(req
,
1006 struct cldap_netlogon_state
);
1009 status
= cldap_search_recv(subreq
, state
, &state
->search
);
1010 talloc_free(subreq
);
1012 if (tevent_req_nterror(req
, status
)) {
1016 tevent_req_done(req
);
1020 receive a cldap netlogon reply
1022 NTSTATUS
cldap_netlogon_recv(struct tevent_req
*req
,
1023 TALLOC_CTX
*mem_ctx
,
1024 struct cldap_netlogon
*io
)
1026 struct cldap_netlogon_state
*state
= tevent_req_data(req
,
1027 struct cldap_netlogon_state
);
1028 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
1031 if (tevent_req_is_nterror(req
, &status
)) {
1035 if (state
->search
.out
.response
== NULL
) {
1036 status
= NT_STATUS_NOT_FOUND
;
1040 if (state
->search
.out
.response
->num_attributes
!= 1 ||
1041 strcasecmp(state
->search
.out
.response
->attributes
[0].name
, "netlogon") != 0 ||
1042 state
->search
.out
.response
->attributes
[0].num_values
!= 1 ||
1043 state
->search
.out
.response
->attributes
[0].values
->length
< 2) {
1044 status
= NT_STATUS_UNEXPECTED_NETWORK_ERROR
;
1047 data
= state
->search
.out
.response
->attributes
[0].values
;
1049 status
= pull_netlogon_samlogon_response(data
, mem_ctx
,
1051 if (!NT_STATUS_IS_OK(status
)) {
1055 if (io
->in
.map_response
) {
1056 map_netlogon_samlogon_response(&io
->out
.netlogon
);
1059 status
= NT_STATUS_OK
;
1061 tevent_req_received(req
);
1066 sync cldap netlogon search
1068 NTSTATUS
cldap_netlogon(struct cldap_socket
*cldap
,
1069 TALLOC_CTX
*mem_ctx
,
1070 struct cldap_netlogon
*io
)
1073 struct tevent_req
*req
;
1074 struct tevent_context
*ev
;
1077 if (cldap
->searches
.list
) {
1078 return NT_STATUS_PIPE_BUSY
;
1081 if (cldap
->incoming
.handler
) {
1082 return NT_STATUS_INVALID_PIPE_STATE
;
1085 frame
= talloc_stackframe();
1087 ev
= samba_tevent_context_init(frame
);
1090 return NT_STATUS_NO_MEMORY
;
1093 req
= cldap_netlogon_send(mem_ctx
, ev
, cldap
, io
);
1096 return NT_STATUS_NO_MEMORY
;
1099 if (!tevent_req_poll(req
, ev
)) {
1100 status
= map_nt_error_from_unix_common(errno
);
1105 status
= cldap_netlogon_recv(req
, mem_ctx
, io
);
1106 if (!NT_STATUS_IS_OK(status
)) {
1112 return NT_STATUS_OK
;
1117 send an empty reply (used on any error, so the client doesn't keep waiting
1118 or send the bad request again)
1120 NTSTATUS
cldap_empty_reply(struct cldap_socket
*cldap
,
1121 uint32_t message_id
,
1122 struct tsocket_address
*dest
)
1125 struct cldap_reply reply
;
1126 struct ldap_Result result
;
1128 reply
.messageid
= message_id
;
1130 reply
.response
= NULL
;
1131 reply
.result
= &result
;
1133 ZERO_STRUCT(result
);
1135 status
= cldap_reply_send(cldap
, &reply
);
1141 send an error reply (used on any error, so the client doesn't keep waiting
1142 or send the bad request again)
1144 NTSTATUS
cldap_error_reply(struct cldap_socket
*cldap
,
1145 uint32_t message_id
,
1146 struct tsocket_address
*dest
,
1148 const char *errormessage
)
1151 struct cldap_reply reply
;
1152 struct ldap_Result result
;
1154 reply
.messageid
= message_id
;
1156 reply
.response
= NULL
;
1157 reply
.result
= &result
;
1159 ZERO_STRUCT(result
);
1160 result
.resultcode
= resultcode
;
1161 result
.errormessage
= errormessage
;
1163 status
= cldap_reply_send(cldap
, &reply
);
1170 send a netlogon reply
1172 NTSTATUS
cldap_netlogon_reply(struct cldap_socket
*cldap
,
1173 uint32_t message_id
,
1174 struct tsocket_address
*dest
,
1176 struct netlogon_samlogon_response
*netlogon
)
1179 struct cldap_reply reply
;
1180 struct ldap_SearchResEntry response
;
1181 struct ldap_Result result
;
1182 TALLOC_CTX
*tmp_ctx
= talloc_new(cldap
);
1185 status
= push_netlogon_samlogon_response(&blob
, tmp_ctx
,
1187 if (!NT_STATUS_IS_OK(status
)) {
1188 talloc_free(tmp_ctx
);
1191 reply
.messageid
= message_id
;
1193 reply
.response
= &response
;
1194 reply
.result
= &result
;
1196 ZERO_STRUCT(result
);
1199 response
.num_attributes
= 1;
1200 response
.attributes
= talloc(tmp_ctx
, struct ldb_message_element
);
1201 NT_STATUS_HAVE_NO_MEMORY(response
.attributes
);
1202 response
.attributes
->name
= "netlogon";
1203 response
.attributes
->num_values
= 1;
1204 response
.attributes
->values
= &blob
;
1206 status
= cldap_reply_send(cldap
, &reply
);
1208 talloc_free(tmp_ctx
);