search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r21761: - Give more detail on LDAP client library failures (make it clear
[Samba.git] / source / libcli / ldap / ldap_client.c
blob82cafd721a00654c3c405a72520ed58e124aa366
1 /*
2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
4
5 Copyright (C) Andrew Tridgell 2004
6 Copyright (C) Volker Lendecke 2004
7 Copyright (C) Stefan Metzmacher 2004
8 Copyright (C) Simo Sorce 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23
24 */
25
26 #include "includes.h"
27 #include "libcli/util/asn_1.h"
28 #include "lib/util/dlinklist.h"
29 #include "lib/events/events.h"
30 #include "lib/socket/socket.h"
31 #include "libcli/ldap/ldap.h"
32 #include "libcli/ldap/ldap_client.h"
33 #include "libcli/composite/composite.h"
34 #include "lib/stream/packet.h"
35 #include "lib/tls/tls.h"
36 #include "auth/gensec/gensec.h"
37 #include "system/time.h"
38
39
40 /*
41 create a new ldap_connection stucture. The event context is optional
42 */
43 struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx,
44 struct event_context *ev)
45 {
46 struct ldap_connection *conn;
47
48 conn = talloc_zero(mem_ctx, struct ldap_connection);
49 if (conn == NULL) {
50 return NULL;
51 }
52
53 if (ev == NULL) {
54 ev = event_context_init(conn);
55 if (ev == NULL) {
56 talloc_free(conn);
57 return NULL;
58 }
59 }
60
61 conn->next_messageid = 1;
62 conn->event.event_ctx = ev;
63
64 /* set a reasonable request timeout */
65 conn->timeout = 60;
66
67 /* explicitly avoid reconnections by default */
68 conn->reconnect.max_retries = 0;
69
70 return conn;
71 }
72
73 /*
74 the connection is dead
75 */
76 static void ldap_connection_dead(struct ldap_connection *conn)
77 {
78 struct ldap_request *req;
79
80 /* return an error for any pending request ... */
81 while (conn->pending) {
82 req = conn->pending;
83 DLIST_REMOVE(req->conn->pending, req);
84 req->state = LDAP_REQUEST_DONE;
85 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
86 if (req->async.fn) {
87 req->async.fn(req);
88 }
89 }
90
91 talloc_free(conn->sock); /* this will also free event.fde */
92 talloc_free(conn->packet);
93 conn->sock = NULL;
94 conn->event.fde = NULL;
95 conn->packet = NULL;
96 }
97
98 static void ldap_reconnect(struct ldap_connection *conn);
99
100 /*
101 handle packet errors
102 */
103 static void ldap_error_handler(void *private_data, NTSTATUS status)
104 {
105 struct ldap_connection *conn = talloc_get_type(private_data,
106 struct ldap_connection);
107 ldap_connection_dead(conn);
108
109 /* but try to reconnect so that the ldb client can go on */
110 ldap_reconnect(conn);
111 }
112
113
114 /*
115 match up with a pending message, adding to the replies list
116 */
117 static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
118 {
119 struct ldap_request *req;
120
121 for (req=conn->pending; req; req=req->next) {
122 if (req->messageid == msg->messageid) break;
123 }
124 /* match a zero message id to the last request sent.
125 It seems that servers send 0 if unable to parse */
126 if (req == NULL && msg->messageid == 0) {
127 req = conn->pending;
128 }
129 if (req == NULL) {
130 DEBUG(0,("ldap: no matching message id for %u\n",
131 msg->messageid));
132 talloc_free(msg);
133 return;
134 }
135
136 /* add to the list of replies received */
137 talloc_steal(req, msg);
138 req->replies = talloc_realloc(req, req->replies,
139 struct ldap_message *, req->num_replies+1);
140 if (req->replies == NULL) {
141 req->status = NT_STATUS_NO_MEMORY;
142 req->state = LDAP_REQUEST_DONE;
143 DLIST_REMOVE(conn->pending, req);
144 if (req->async.fn) {
145 req->async.fn(req);
146 }
147 return;
148 }
149
150 req->replies[req->num_replies] = talloc_steal(req->replies, msg);
151 req->num_replies++;
152
153 if (msg->type != LDAP_TAG_SearchResultEntry &&
154 msg->type != LDAP_TAG_SearchResultReference) {
155 /* currently only search results expect multiple
156 replies */
157 req->state = LDAP_REQUEST_DONE;
158 DLIST_REMOVE(conn->pending, req);
159 }
160
161 if (req->async.fn) {
162 req->async.fn(req);
163 }
164 }
165
166
167 /*
168 decode/process LDAP data
169 */
170 static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
171 {
172 struct asn1_data asn1;
173 struct ldap_connection *conn = talloc_get_type(private_data,
174 struct ldap_connection);
175 struct ldap_message *msg = talloc(conn, struct ldap_message);
176
177 if (msg == NULL) {
178 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
179 }
180
181 if (!asn1_load(&asn1, blob)) {
182 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
183 }
184
185 if (!ldap_decode(&asn1, msg)) {
186 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
187 }
188
189 ldap_match_message(conn, msg);
190
191 data_blob_free(&blob);
192 asn1_free(&asn1);
193 return NT_STATUS_OK;
194 }
195
196 /* Handle read events, from the GENSEC socket callback, or real events */
197 void ldap_read_io_handler(void *private_data, uint16_t flags)
198 {
199 struct ldap_connection *conn = talloc_get_type(private_data,
200 struct ldap_connection);
201 packet_recv(conn->packet);
202 }
203
204 /*
205 handle ldap socket events
206 */
207 static void ldap_io_handler(struct event_context *ev, struct fd_event *fde,
208 uint16_t flags, void *private_data)
209 {
210 struct ldap_connection *conn = talloc_get_type(private_data,
211 struct ldap_connection);
212 if (flags & EVENT_FD_WRITE) {
213 packet_queue_run(conn->packet);
214 if (!tls_enabled(conn->sock)) return;
215 }
216 if (flags & EVENT_FD_READ) {
217 ldap_read_io_handler(private_data, flags);
218 }
219 }
220
221 /*
222 parse a ldap URL
223 */
224 static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
225 char **host, uint16_t *port, BOOL *ldaps)
226 {
227 int tmp_port = 0;
228 char protocol[11];
229 char tmp_host[1025];
230 int ret;
231
232 /* Paranoia check */
233 SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
234
235 ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
236 if (ret < 2) {
237 return NT_STATUS_INVALID_PARAMETER;
238 }
239
240 if (strequal(protocol, "ldap")) {
241 *port = 389;
242 *ldaps = False;
243 } else if (strequal(protocol, "ldaps")) {
244 *port = 636;
245 *ldaps = True;
246 } else {
247 DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
248 return NT_STATUS_PROTOCOL_UNREACHABLE;
249 }
250
251 if (tmp_port != 0)
252 *port = tmp_port;
253
254 *host = talloc_strdup(mem_ctx, tmp_host);
255 NT_STATUS_HAVE_NO_MEMORY(*host);
256
257 return NT_STATUS_OK;
258 }
259
260 /*
261 connect to a ldap server
262 */
263
264 struct ldap_connect_state {
265 struct composite_context *ctx;
266 struct ldap_connection *conn;
267 };
268
269 static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
270 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
271
272 struct composite_context *ldap_connect_send(struct ldap_connection *conn,
273 const char *url)
274 {
275 struct composite_context *result, *ctx;
276 struct ldap_connect_state *state;
277 char protocol[11];
278 int ret;
279
280 result = talloc_zero(NULL, struct composite_context);
281 if (result == NULL) goto failed;
282 result->state = COMPOSITE_STATE_IN_PROGRESS;
283 result->async.fn = NULL;
284 result->event_ctx = conn->event.event_ctx;
285
286 state = talloc(result, struct ldap_connect_state);
287 if (state == NULL) goto failed;
288 state->ctx = result;
289 result->private_data = state;
290
291 state->conn = conn;
292
293 if (conn->reconnect.url == NULL) {
294 conn->reconnect.url = talloc_strdup(conn, url);
295 if (conn->reconnect.url == NULL) goto failed;
296 }
297
298 /* Paranoia check */
299 SMB_ASSERT(sizeof(protocol)>10);
300
301 ret = sscanf(url, "%10[^:]://", protocol);
302 if (ret < 1) {
303 return NULL;
304 }
305
306 if (strequal(protocol, "ldapi")) {
307 struct socket_address *unix_addr;
308 char path[1025];
309
310 NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &conn->sock, 0);
311 if (!NT_STATUS_IS_OK(status)) {
312 return NULL;
313 }
314 talloc_steal(conn, conn->sock);
315 SMB_ASSERT(sizeof(protocol)>10);
316 SMB_ASSERT(sizeof(path)>1024);
317
318 /* The %c specifier doesn't null terminate :-( */
319 ZERO_STRUCT(path);
320 ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
321 if (ret < 2) {
322 composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
323 return result;
324 }
325
326 rfc1738_unescape(path);
327
328 unix_addr = socket_address_from_strings(conn, conn->sock->backend_name,
329 path, 0);
330 if (!unix_addr) {
331 return NULL;
332 }
333
334 ctx = socket_connect_send(conn->sock, NULL, unix_addr,
335 0, conn->event.event_ctx);
336 ctx->async.fn = ldap_connect_recv_unix_conn;
337 ctx->async.private_data = state;
338 return result;
339 } else {
340 NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
341 &conn->port, &conn->ldaps);
342 if (!NT_STATUS_IS_OK(state->ctx->status)) {
343 composite_error(state->ctx, status);
344 return result;
345 }
346
347 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
348 conn->event.event_ctx);
349 if (ctx == NULL) goto failed;
350
351 ctx->async.fn = ldap_connect_recv_tcp_conn;
352 ctx->async.private_data = state;
353 return result;
354 }
355 failed:
356 talloc_free(result);
357 return NULL;
358 }
359
360 static void ldap_connect_got_sock(struct composite_context *ctx, struct ldap_connection *conn)
361 {
362 /* setup a handler for events on this socket */
363 conn->event.fde = event_add_fd(conn->event.event_ctx, conn->sock,
364 socket_get_fd(conn->sock),
365 EVENT_FD_READ, ldap_io_handler, conn);
366 if (conn->event.fde == NULL) {
367 composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
368 return;
369 }
370
371 talloc_steal(conn, conn->sock);
372 if (conn->ldaps) {
373 struct socket_context *tls_socket = tls_init_client(conn->sock, conn->event.fde);
374 if (tls_socket == NULL) {
375 talloc_free(conn->sock);
376 return;
377 }
378 talloc_unlink(conn, conn->sock);
379 conn->sock = tls_socket;
380 talloc_steal(conn, conn->sock);
381 }
382
383 conn->packet = packet_init(conn);
384 if (conn->packet == NULL) {
385 talloc_free(conn->sock);
386 return;
387 }
388
389 packet_set_private(conn->packet, conn);
390 packet_set_socket(conn->packet, conn->sock);
391 packet_set_callback(conn->packet, ldap_recv_handler);
392 packet_set_full_request(conn->packet, ldap_full_packet);
393 packet_set_error_handler(conn->packet, ldap_error_handler);
394 packet_set_event_context(conn->packet, conn->event.event_ctx);
395 packet_set_fde(conn->packet, conn->event.fde);
396 packet_set_serialise(conn->packet);
397
398 composite_done(ctx);
399 }
400
401 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
402 {
403 struct ldap_connect_state *state =
404 talloc_get_type(ctx->async.private_data,
405 struct ldap_connect_state);
406 struct ldap_connection *conn = state->conn;
407 uint16_t port;
408 NTSTATUS status = socket_connect_multi_recv(ctx, state, &conn->sock,
409 &port);
410 if (!NT_STATUS_IS_OK(status)) {
411 composite_error(state->ctx, status);
412 return;
413 }
414
415 ldap_connect_got_sock(state->ctx, conn);
416 }
417
418 static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
419 {
420 struct ldap_connect_state *state =
421 talloc_get_type(ctx->async.private_data,
422 struct ldap_connect_state);
423 struct ldap_connection *conn = state->conn;
424
425 NTSTATUS status = socket_connect_recv(ctx);
426
427 if (!NT_STATUS_IS_OK(state->ctx->status)) {
428 composite_error(state->ctx, status);
429 return;
430 }
431
432 ldap_connect_got_sock(state->ctx, conn);
433 }
434
435 _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
436 {
437 NTSTATUS status = composite_wait(ctx);
438 talloc_free(ctx);
439 return status;
440 }
441
442 NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
443 {
444 struct composite_context *ctx = ldap_connect_send(conn, url);
445 return ldap_connect_recv(ctx);
446 }
447
448 /* set reconnect parameters */
449
450 void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
451 {
452 if (conn) {
453 conn->reconnect.max_retries = max_retries;
454 conn->reconnect.retries = 0;
455 conn->reconnect.previous = time(NULL);
456 }
457 }
458
459 /* Actually this function is NOT ASYNC safe, FIXME? */
460 static void ldap_reconnect(struct ldap_connection *conn)
461 {
462 NTSTATUS status;
463 time_t now = time(NULL);
464
465 /* do we have set up reconnect ? */
466 if (conn->reconnect.max_retries == 0) return;
467
468 /* is the retry time expired ? */
469 if (now > conn->reconnect.previous + 30) {
470 conn->reconnect.retries = 0;
471 conn->reconnect.previous = now;
472 }
473
474 /* are we reconnectind too often and too fast? */
475 if (conn->reconnect.retries > conn->reconnect.max_retries) return;
476
477 /* keep track of the number of reconnections */
478 conn->reconnect.retries++;
479
480 /* reconnect */
481 status = ldap_connect(conn, conn->reconnect.url);
482 if ( ! NT_STATUS_IS_OK(status)) {
483 return;
484 }
485
486 /* rebind */
487 status = ldap_rebind(conn);
488 if ( ! NT_STATUS_IS_OK(status)) {
489 ldap_connection_dead(conn);
490 }
491 }
492
493 /* destroy an open ldap request */
494 static int ldap_request_destructor(struct ldap_request *req)
495 {
496 if (req->state == LDAP_REQUEST_PENDING) {
497 DLIST_REMOVE(req->conn->pending, req);
498 }
499 return 0;
500 }
501
502 /*
503 called on timeout of a ldap request
504 */
505 static void ldap_request_timeout(struct event_context *ev, struct timed_event *te,
506 struct timeval t, void *private_data)
507 {
508 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
509 req->status = NT_STATUS_IO_TIMEOUT;
510 if (req->state == LDAP_REQUEST_PENDING) {
511 DLIST_REMOVE(req->conn->pending, req);
512 }
513 req->state = LDAP_REQUEST_DONE;
514 if (req->async.fn) {
515 req->async.fn(req);
516 }
517 }
518
519
520 /*
521 called on completion of a one-way ldap request
522 */
523 static void ldap_request_complete(struct event_context *ev, struct timed_event *te,
524 struct timeval t, void *private_data)
525 {
526 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
527 if (req->async.fn) {
528 req->async.fn(req);
529 }
530 }
531
532 /*
533 send a ldap message - async interface
534 */
535 struct ldap_request *ldap_request_send(struct ldap_connection *conn,
536 struct ldap_message *msg)
537 {
538 struct ldap_request *req;
539 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
540
541 req = talloc_zero(conn, struct ldap_request);
542 if (req == NULL) return NULL;
543
544 if (conn->sock == NULL) {
545 status = NT_STATUS_INVALID_CONNECTION;
546 goto failed;
547 }
548
549 req->state = LDAP_REQUEST_SEND;
550 req->conn = conn;
551 req->messageid = conn->next_messageid++;
552 if (conn->next_messageid == 0) {
553 conn->next_messageid = 1;
554 }
555 req->type = msg->type;
556 if (req->messageid == -1) {
557 goto failed;
558 }
559
560 talloc_set_destructor(req, ldap_request_destructor);
561
562 msg->messageid = req->messageid;
563
564 if (!ldap_encode(msg, &req->data, req)) {
565 status = NT_STATUS_INTERNAL_ERROR;
566 goto failed;
567 }
568
569 status = packet_send(conn->packet, req->data);
570 if (!NT_STATUS_IS_OK(status)) {
571 goto failed;
572 }
573
574 /* some requests don't expect a reply, so don't add those to the
575 pending queue */
576 if (req->type == LDAP_TAG_AbandonRequest ||
577 req->type == LDAP_TAG_UnbindRequest) {
578 req->status = NT_STATUS_OK;
579 req->state = LDAP_REQUEST_DONE;
580 /* we can't call the async callback now, as it isn't setup, so
581 call it as next event */
582 event_add_timed(conn->event.event_ctx, req, timeval_zero(),
583 ldap_request_complete, req);
584 return req;
585 }
586
587 req->state = LDAP_REQUEST_PENDING;
588 DLIST_ADD(conn->pending, req);
589
590 /* put a timeout on the request */
591 req->time_event = event_add_timed(conn->event.event_ctx, req,
592 timeval_current_ofs(conn->timeout, 0),
593 ldap_request_timeout, req);
594
595 return req;
596
597 failed:
598 req->status = status;
599 req->state = LDAP_REQUEST_ERROR;
600 event_add_timed(conn->event.event_ctx, req, timeval_zero(),
601 ldap_request_complete, req);
602
603 return req;
604 }
605
606
607 /*
608 wait for a request to complete
609 note that this does not destroy the request
610 */
611 NTSTATUS ldap_request_wait(struct ldap_request *req)
612 {
613 while (req->state < LDAP_REQUEST_DONE) {
614 if (event_loop_once(req->conn->event.event_ctx) != 0) {
615 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
616 break;
617 }
618 }
619 return req->status;
620 }
621
622
623 /*
624 a mapping of ldap response code to strings
625 */
626 static const struct {
627 enum ldap_result_code code;
628 const char *str;
629 } ldap_code_map[] = {
630 #define _LDAP_MAP_CODE(c) { c, #c }
631 _LDAP_MAP_CODE(LDAP_SUCCESS),
632 _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
633 _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
634 _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
635 _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
636 _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
637 _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
638 _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
639 _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
640 _LDAP_MAP_CODE(LDAP_REFERRAL),
641 _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
642 _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
643 _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
644 _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
645 _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
646 _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
647 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
648 _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
649 _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
650 _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
651 _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
652 _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
653 _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
654 _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
655 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
656 _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
657 _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTs),
658 _LDAP_MAP_CODE(LDAP_BUSY),
659 _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
660 _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
661 _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
662 _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
663 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
664 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
665 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
666 _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
667 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
668 _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
669 _LDAP_MAP_CODE(LDAP_OTHER)
670 };
671
672 /*
673 used to setup the status code from a ldap response
674 */
675 NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
676 {
677 int i;
678 const char *codename = "unknown";
679
680 if (r->resultcode == LDAP_SUCCESS) {
681 return NT_STATUS_OK;
682 }
683
684 if (conn->last_error) {
685 talloc_free(conn->last_error);
686 }
687
688 for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
689 if (r->resultcode == ldap_code_map[i].code) {
690 codename = ldap_code_map[i].str;
691 break;
692 }
693 }
694
695 conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>",
696 r->resultcode,
697 codename,
698 r->dn?r->dn:"(NULL)",
699 r->errormessage?r->errormessage:"",
700 r->referral?r->referral:"");
701
702 return NT_STATUS_LDAP(r->resultcode);
703 }
704
705 /*
706 return error string representing the last error
707 */
708 const char *ldap_errstr(struct ldap_connection *conn,
709 TALLOC_CTX *mem_ctx,
710 NTSTATUS status)
711 {
712 if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
713 return talloc_strdup(mem_ctx, conn->last_error);
714 }
715 return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
716 }
717
718
719 /*
720 return the Nth result message, waiting if necessary
721 */
722 NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
723 {
724 *msg = NULL;
725
726 NT_STATUS_HAVE_NO_MEMORY(req);
727
728 while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
729 if (event_loop_once(req->conn->event.event_ctx) != 0) {
730 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
731 }
732 }
733
734 if (n < req->num_replies) {
735 *msg = req->replies[n];
736 return NT_STATUS_OK;
737 }
738
739 if (!NT_STATUS_IS_OK(req->status)) {
740 return req->status;
741 }
742
743 return NT_STATUS_NO_MORE_ENTRIES;
744 }
745
746
747 /*
748 return a single result message, checking if it is of the expected LDAP type
749 */
750 NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
751 {
752 NTSTATUS status;
753 status = ldap_result_n(req, 0, msg);
754 if (!NT_STATUS_IS_OK(status)) {
755 return status;
756 }
757 if ((*msg)->type != type) {
758 *msg = NULL;
759 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
760 }
761 return status;
762 }
763
764 /*
765 a simple ldap transaction, for single result requests that only need a status code
766 this relies on single valued requests having the response type == request type + 1
767 */
768 NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
769 {
770 struct ldap_request *req = ldap_request_send(conn, msg);
771 struct ldap_message *res;
772 NTSTATUS status;
773 status = ldap_result_n(req, 0, &res);
774 if (!NT_STATUS_IS_OK(status)) {
775 talloc_free(req);
776 return status;
777 }
778 if (res->type != msg->type + 1) {
779 talloc_free(req);
780 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
781 }
782 status = ldap_check_response(conn, &res->r.GeneralResult);
783 talloc_free(req);
784 return status;
785 }
Samba GIT mirror