search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-daemon: Schedule running of callback if there are no event scripts
[Samba.git] / source4 / libcli / ldap / ldap_client.c
blob40d508cb01c0cec6877558edaa639cf02df8f364
1 /*
2 Unix SMB/CIFS implementation.
3 LDAP protocol helper functions for SAMBA
4
5 Copyright (C) Andrew Tridgell 2004
6 Copyright (C) Volker Lendecke 2004
7 Copyright (C) Stefan Metzmacher 2004
8 Copyright (C) Simo Sorce 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22
23 */
24
25 #include "includes.h"
26 #include <tevent.h>
27 #include "lib/socket/socket.h"
28 #include "lib/tsocket/tsocket.h"
29 #include "libcli/util/tstream.h"
30 #include "../lib/util/asn1.h"
31 #include "../lib/util/dlinklist.h"
32 #include "libcli/ldap/libcli_ldap.h"
33 #include "libcli/ldap/ldap_proto.h"
34 #include "libcli/ldap/ldap_client.h"
35 #include "libcli/composite/composite.h"
36 #include "lib/tls/tls.h"
37 #include "auth/gensec/gensec.h"
38 #include "system/time.h"
39 #include "param/param.h"
40 #include "libcli/resolve/resolve.h"
41
42 static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status);
43
44 static int ldap_connection_destructor(struct ldap_connection *conn)
45 {
46 /*
47 * NT_STATUS_OK means that callbacks of pending requests are not
48 * triggered
49 */
50 ldap_connection_dead(conn, NT_STATUS_OK);
51 return 0;
52 }
53
54 /**
55 create a new ldap_connection stucture. The event context is optional
56 */
57
58 _PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx,
59 struct loadparm_context *lp_ctx,
60 struct tevent_context *ev)
61 {
62 struct ldap_connection *conn;
63
64 if (ev == NULL) {
65 return NULL;
66 }
67
68 conn = talloc_zero(mem_ctx, struct ldap_connection);
69 if (conn == NULL) {
70 return NULL;
71 }
72
73 conn->next_messageid = 1;
74 conn->event.event_ctx = ev;
75
76 conn->sockets.send_queue = tevent_queue_create(conn,
77 "ldap_connection send_queue");
78 if (conn->sockets.send_queue == NULL) {
79 TALLOC_FREE(conn);
80 return NULL;
81 }
82
83 conn->lp_ctx = lp_ctx;
84
85 /* set a reasonable request timeout */
86 conn->timeout = 60;
87
88 /* explicitly avoid reconnections by default */
89 conn->reconnect.max_retries = 0;
90
91 talloc_set_destructor(conn, ldap_connection_destructor);
92 return conn;
93 }
94
95 /*
96 the connection is dead
97 */
98 static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status)
99 {
100 struct ldap_request *req;
101
102 tevent_queue_stop(conn->sockets.send_queue);
103 TALLOC_FREE(conn->sockets.recv_subreq);
104 conn->sockets.active = NULL;
105 TALLOC_FREE(conn->sockets.sasl);
106 TALLOC_FREE(conn->sockets.tls);
107 TALLOC_FREE(conn->sockets.raw);
108
109 /* return an error for any pending request ... */
110 while (conn->pending) {
111 req = conn->pending;
112 DLIST_REMOVE(req->conn->pending, req);
113 req->conn = NULL;
114 req->state = LDAP_REQUEST_DONE;
115 if (NT_STATUS_IS_OK(status)) {
116 continue;
117 }
118 req->status = status;
119 if (req->async.fn) {
120 req->async.fn(req);
121 }
122 }
123 }
124
125 static void ldap_reconnect(struct ldap_connection *conn);
126
127 /*
128 handle packet errors
129 */
130 static void ldap_error_handler(struct ldap_connection *conn, NTSTATUS status)
131 {
132 ldap_connection_dead(conn, status);
133
134 /* but try to reconnect so that the ldb client can go on */
135 ldap_reconnect(conn);
136 }
137
138
139 /*
140 match up with a pending message, adding to the replies list
141 */
142 static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
143 {
144 struct ldap_request *req;
145 int i;
146
147 for (req=conn->pending; req; req=req->next) {
148 if (req->messageid == msg->messageid) break;
149 }
150 /* match a zero message id to the last request sent.
151 It seems that servers send 0 if unable to parse */
152 if (req == NULL && msg->messageid == 0) {
153 req = conn->pending;
154 }
155 if (req == NULL) {
156 DEBUG(0,("ldap: no matching message id for %u\n",
157 msg->messageid));
158 TALLOC_FREE(msg);
159 return;
160 }
161
162 /* Check for undecoded critical extensions */
163 for (i=0; msg->controls && msg->controls[i]; i++) {
164 if (!msg->controls_decoded[i] &&
165 msg->controls[i]->critical) {
166 TALLOC_FREE(msg);
167 req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
168 req->state = LDAP_REQUEST_DONE;
169 DLIST_REMOVE(conn->pending, req);
170 if (req->async.fn) {
171 req->async.fn(req);
172 }
173 return;
174 }
175 }
176
177 /* add to the list of replies received */
178 req->replies = talloc_realloc(req, req->replies,
179 struct ldap_message *, req->num_replies+1);
180 if (req->replies == NULL) {
181 TALLOC_FREE(msg);
182 req->status = NT_STATUS_NO_MEMORY;
183 req->state = LDAP_REQUEST_DONE;
184 DLIST_REMOVE(conn->pending, req);
185 if (req->async.fn) {
186 req->async.fn(req);
187 }
188 return;
189 }
190
191 req->replies[req->num_replies] = talloc_steal(req->replies, msg);
192 req->num_replies++;
193
194 if (msg->type != LDAP_TAG_SearchResultEntry &&
195 msg->type != LDAP_TAG_SearchResultReference) {
196 /* currently only search results expect multiple
197 replies */
198 req->state = LDAP_REQUEST_DONE;
199 DLIST_REMOVE(conn->pending, req);
200 }
201
202 if (req->async.fn) {
203 req->async.fn(req);
204 }
205 }
206
207 static void ldap_connection_recv_done(struct tevent_req *subreq);
208
209 static void ldap_connection_recv_next(struct ldap_connection *conn)
210 {
211 struct tevent_req *subreq = NULL;
212
213 if (conn->sockets.recv_subreq != NULL) {
214 return;
215 }
216
217 if (conn->sockets.active == NULL) {
218 return;
219 }
220
221 if (conn->pending == NULL) {
222 return;
223 }
224
225 /*
226 * The minimum size of a LDAP pdu is 7 bytes
227 *
228 * dumpasn1 -hh ldap-unbind-min.dat
229 *
230 * <30 05 02 01 09 42 00>
231 * 0 5: SEQUENCE {
232 * <02 01 09>
233 * 2 1: INTEGER 9
234 * <42 00>
235 * 5 0: [APPLICATION 2]
236 * : Error: Object has zero length.
237 * : }
238 *
239 * dumpasn1 -hh ldap-unbind-windows.dat
240 *
241 * <30 84 00 00 00 05 02 01 09 42 00>
242 * 0 5: SEQUENCE {
243 * <02 01 09>
244 * 6 1: INTEGER 9
245 * <42 00>
246 * 9 0: [APPLICATION 2]
247 * : Error: Object has zero length.
248 * : }
249 *
250 * This means using an initial read size
251 * of 7 is ok.
252 */
253 subreq = tstream_read_pdu_blob_send(conn,
254 conn->event.event_ctx,
255 conn->sockets.active,
256 7, /* initial_read_size */
257 ldap_full_packet,
258 conn);
259 if (subreq == NULL) {
260 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
261 return;
262 }
263 tevent_req_set_callback(subreq, ldap_connection_recv_done, conn);
264 conn->sockets.recv_subreq = subreq;
265 return;
266 }
267
268 /*
269 decode/process LDAP data
270 */
271 static void ldap_connection_recv_done(struct tevent_req *subreq)
272 {
273 NTSTATUS status;
274 struct ldap_connection *conn =
275 tevent_req_callback_data(subreq,
276 struct ldap_connection);
277 struct ldap_message *msg;
278 struct asn1_data *asn1;
279 DATA_BLOB blob;
280
281 msg = talloc_zero(conn, struct ldap_message);
282 if (msg == NULL) {
283 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
284 return;
285 }
286
287 asn1 = asn1_init(conn);
288 if (asn1 == NULL) {
289 TALLOC_FREE(msg);
290 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
291 return;
292 }
293
294 conn->sockets.recv_subreq = NULL;
295
296 status = tstream_read_pdu_blob_recv(subreq,
297 asn1,
298 &blob);
299 TALLOC_FREE(subreq);
300 if (!NT_STATUS_IS_OK(status)) {
301 TALLOC_FREE(msg);
302 asn1_free(asn1);
303 ldap_error_handler(conn, status);
304 return;
305 }
306
307 asn1_load_nocopy(asn1, blob.data, blob.length);
308
309 status = ldap_decode(asn1, samba_ldap_control_handlers(), msg);
310 asn1_free(asn1);
311 if (!NT_STATUS_IS_OK(status)) {
312 TALLOC_FREE(msg);
313 ldap_error_handler(conn, status);
314 return;
315 }
316
317 ldap_match_message(conn, msg);
318 ldap_connection_recv_next(conn);
319
320 return;
321 }
322
323 /*
324 parse a ldap URL
325 */
326 static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
327 char **host, uint16_t *port, bool *ldaps)
328 {
329 int tmp_port = 0;
330 char protocol[11];
331 char tmp_host[1025];
332 int ret;
333
334 /* Paranoia check */
335 SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
336
337 ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
338 if (ret < 2) {
339 return NT_STATUS_INVALID_PARAMETER;
340 }
341
342 if (strequal(protocol, "ldap")) {
343 *port = 389;
344 *ldaps = false;
345 } else if (strequal(protocol, "ldaps")) {
346 *port = 636;
347 *ldaps = true;
348 } else {
349 DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
350 return NT_STATUS_PROTOCOL_UNREACHABLE;
351 }
352
353 if (tmp_port != 0)
354 *port = tmp_port;
355
356 *host = talloc_strdup(mem_ctx, tmp_host);
357 NT_STATUS_HAVE_NO_MEMORY(*host);
358
359 return NT_STATUS_OK;
360 }
361
362 /*
363 connect to a ldap server
364 */
365
366 struct ldap_connect_state {
367 struct composite_context *ctx;
368 struct ldap_connection *conn;
369 struct socket_context *sock;
370 struct tstream_context *raw;
371 struct tstream_tls_params *tls_params;
372 struct tstream_context *tls;
373 };
374
375 static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
376 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
377
378 _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
379 const char *url)
380 {
381 struct composite_context *result, *ctx;
382 struct ldap_connect_state *state;
383 char protocol[11];
384 int ret;
385
386 result = talloc_zero(conn, struct composite_context);
387 if (result == NULL) goto failed;
388 result->state = COMPOSITE_STATE_IN_PROGRESS;
389 result->async.fn = NULL;
390 result->event_ctx = conn->event.event_ctx;
391
392 state = talloc(result, struct ldap_connect_state);
393 if (state == NULL) goto failed;
394 state->ctx = result;
395 result->private_data = state;
396
397 state->conn = conn;
398
399 if (conn->reconnect.url == NULL) {
400 conn->reconnect.url = talloc_strdup(conn, url);
401 if (conn->reconnect.url == NULL) goto failed;
402 }
403
404 /* Paranoia check */
405 SMB_ASSERT(sizeof(protocol)>10);
406
407 ret = sscanf(url, "%10[^:]://", protocol);
408 if (ret < 1) {
409 return NULL;
410 }
411
412 if (strequal(protocol, "ldapi")) {
413 struct socket_address *unix_addr;
414 char path[1025];
415
416 NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &state->sock, 0);
417 if (!NT_STATUS_IS_OK(status)) {
418 return NULL;
419 }
420 talloc_steal(state, state->sock);
421 SMB_ASSERT(sizeof(protocol)>10);
422 SMB_ASSERT(sizeof(path)>1024);
423
424 /* LDAPI connections are to localhost, so give the
425 * local host name as the target for gensec's
426 * DIGEST-MD5 mechanism */
427 conn->host = talloc_asprintf(conn, "%s.%s",
428 lpcfg_netbios_name(conn->lp_ctx),
429 lpcfg_dnsdomain(conn->lp_ctx));
430 if (composite_nomem(conn->host, state->ctx)) {
431 return result;
432 }
433
434 /* The %c specifier doesn't null terminate :-( */
435 ZERO_STRUCT(path);
436 ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
437 if (ret < 2) {
438 composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
439 return result;
440 }
441
442 rfc1738_unescape(path);
443
444 unix_addr = socket_address_from_strings(state, state->sock->backend_name,
445 path, 0);
446 if (composite_nomem(unix_addr, result)) {
447 return result;
448 }
449
450
451 ctx = socket_connect_send(state->sock, NULL, unix_addr,
452 0, result->event_ctx);
453 ctx->async.fn = ldap_connect_recv_unix_conn;
454 ctx->async.private_data = state;
455 return result;
456 } else {
457 NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
458 &conn->port, &conn->ldaps);
459 if (!NT_STATUS_IS_OK(status)) {
460 composite_error(result, status);
461 return result;
462 }
463
464 if (conn->ldaps) {
465 char *ca_file = lpcfg_tls_cafile(state, conn->lp_ctx);
466 char *crl_file = lpcfg_tls_crlfile(state, conn->lp_ctx);
467 const char *tls_priority = lpcfg_tls_priority(conn->lp_ctx);
468 enum tls_verify_peer_state verify_peer =
469 lpcfg_tls_verify_peer(conn->lp_ctx);
470
471 status = tstream_tls_params_client(state,
472 ca_file,
473 crl_file,
474 tls_priority,
475 verify_peer,
476 conn->host,
477 &state->tls_params);
478 if (!NT_STATUS_IS_OK(status)) {
479 composite_error(result, status);
480 return result;
481 }
482 }
483
484 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
485 lpcfg_resolve_context(conn->lp_ctx),
486 result->event_ctx);
487 if (composite_nomem(ctx, result)) {
488 return result;
489 }
490
491 ctx->async.fn = ldap_connect_recv_tcp_conn;
492 ctx->async.private_data = state;
493 return result;
494 }
495 failed:
496 talloc_free(result);
497 return NULL;
498 }
499
500 static void ldap_connect_got_tls(struct tevent_req *subreq);
501
502 static void ldap_connect_got_sock(struct composite_context *ctx,
503 struct ldap_connection *conn)
504 {
505 struct ldap_connect_state *state =
506 talloc_get_type_abort(ctx->private_data,
507 struct ldap_connect_state);
508 struct tevent_req *subreq = NULL;
509 int fd;
510 int ret;
511
512 socket_set_flags(state->sock, SOCKET_FLAG_NOCLOSE);
513 fd = socket_get_fd(state->sock);
514 TALLOC_FREE(state->sock);
515
516 smb_set_close_on_exec(fd);
517
518 ret = set_blocking(fd, false);
519 if (ret == -1) {
520 NTSTATUS status = map_nt_error_from_unix_common(errno);
521 composite_error(state->ctx, status);
522 return;
523 }
524
525 ret = tstream_bsd_existing_socket(state, fd, &state->raw);
526 if (ret == -1) {
527 NTSTATUS status = map_nt_error_from_unix_common(errno);
528 composite_error(state->ctx, status);
529 return;
530 }
531
532 if (!conn->ldaps) {
533 conn->sockets.raw = talloc_move(conn, &state->raw);
534 conn->sockets.active = conn->sockets.raw;
535 composite_done(state->ctx);
536 return;
537 }
538
539 subreq = tstream_tls_connect_send(state, state->ctx->event_ctx,
540 state->raw, state->tls_params);
541 if (composite_nomem(subreq, state->ctx)) {
542 return;
543 }
544 tevent_req_set_callback(subreq, ldap_connect_got_tls, state);
545 }
546
547 static void ldap_connect_got_tls(struct tevent_req *subreq)
548 {
549 struct ldap_connect_state *state =
550 tevent_req_callback_data(subreq,
551 struct ldap_connect_state);
552 int err;
553 int ret;
554
555 ret = tstream_tls_connect_recv(subreq, &err, state, &state->tls);
556 TALLOC_FREE(subreq);
557 if (ret == -1) {
558 NTSTATUS status = map_nt_error_from_unix_common(err);
559 composite_error(state->ctx, status);
560 return;
561 }
562
563 talloc_steal(state->tls, state->tls_params);
564
565 state->conn->sockets.raw = talloc_move(state->conn, &state->raw);
566 state->conn->sockets.tls = talloc_move(state->conn->sockets.raw,
567 &state->tls);
568 state->conn->sockets.active = state->conn->sockets.tls;
569 composite_done(state->ctx);
570 }
571
572 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
573 {
574 struct ldap_connect_state *state =
575 talloc_get_type_abort(ctx->async.private_data,
576 struct ldap_connect_state);
577 struct ldap_connection *conn = state->conn;
578 uint16_t port;
579 NTSTATUS status = socket_connect_multi_recv(ctx, state, &state->sock,
580 &port);
581 if (!NT_STATUS_IS_OK(status)) {
582 composite_error(state->ctx, status);
583 return;
584 }
585
586 ldap_connect_got_sock(state->ctx, conn);
587 }
588
589 static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
590 {
591 struct ldap_connect_state *state =
592 talloc_get_type_abort(ctx->async.private_data,
593 struct ldap_connect_state);
594 struct ldap_connection *conn = state->conn;
595
596 NTSTATUS status = socket_connect_recv(ctx);
597
598 if (!NT_STATUS_IS_OK(state->ctx->status)) {
599 composite_error(state->ctx, status);
600 return;
601 }
602
603 ldap_connect_got_sock(state->ctx, conn);
604 }
605
606 _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
607 {
608 NTSTATUS status = composite_wait(ctx);
609 talloc_free(ctx);
610 return status;
611 }
612
613 _PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
614 {
615 struct composite_context *ctx = ldap_connect_send(conn, url);
616 return ldap_connect_recv(ctx);
617 }
618
619 /* set reconnect parameters */
620
621 _PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
622 {
623 if (conn) {
624 conn->reconnect.max_retries = max_retries;
625 conn->reconnect.retries = 0;
626 conn->reconnect.previous = time_mono(NULL);
627 }
628 }
629
630 /* Actually this function is NOT ASYNC safe, FIXME? */
631 static void ldap_reconnect(struct ldap_connection *conn)
632 {
633 NTSTATUS status;
634 time_t now = time_mono(NULL);
635
636 /* do we have set up reconnect ? */
637 if (conn->reconnect.max_retries == 0) return;
638
639 /* is the retry time expired ? */
640 if (now > conn->reconnect.previous + 30) {
641 conn->reconnect.retries = 0;
642 conn->reconnect.previous = now;
643 }
644
645 /* are we reconnectind too often and too fast? */
646 if (conn->reconnect.retries > conn->reconnect.max_retries) return;
647
648 /* keep track of the number of reconnections */
649 conn->reconnect.retries++;
650
651 /* reconnect */
652 status = ldap_connect(conn, conn->reconnect.url);
653 if ( ! NT_STATUS_IS_OK(status)) {
654 return;
655 }
656
657 /* rebind */
658 status = ldap_rebind(conn);
659 if ( ! NT_STATUS_IS_OK(status)) {
660 ldap_connection_dead(conn, status);
661 }
662 }
663
664 static void ldap_request_destructor_abandon(struct ldap_request *abandon)
665 {
666 TALLOC_FREE(abandon);
667 }
668
669 /* destroy an open ldap request */
670 static int ldap_request_destructor(struct ldap_request *req)
671 {
672 if (req->state == LDAP_REQUEST_PENDING) {
673 struct ldap_message msg = {
674 .type = LDAP_TAG_AbandonRequest,
675 .r.AbandonRequest.messageid = req->messageid,
676 };
677 struct ldap_request *abandon = NULL;
678
679 DLIST_REMOVE(req->conn->pending, req);
680
681 abandon = ldap_request_send(req->conn, &msg);
682 if (abandon == NULL) {
683 ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
684 return 0;
685 }
686 abandon->async.fn = ldap_request_destructor_abandon;
687 abandon->async.private_data = NULL;
688 }
689
690 return 0;
691 }
692
693 static void ldap_request_timeout_abandon(struct ldap_request *abandon)
694 {
695 struct ldap_request *req =
696 talloc_get_type_abort(abandon->async.private_data,
697 struct ldap_request);
698
699 if (req->state == LDAP_REQUEST_PENDING) {
700 DLIST_REMOVE(req->conn->pending, req);
701 }
702 req->state = LDAP_REQUEST_DONE;
703 if (req->async.fn) {
704 req->async.fn(req);
705 }
706 }
707
708 /*
709 called on timeout of a ldap request
710 */
711 static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te,
712 struct timeval t, void *private_data)
713 {
714 struct ldap_request *req =
715 talloc_get_type_abort(private_data,
716 struct ldap_request);
717
718 req->status = NT_STATUS_IO_TIMEOUT;
719 if (req->state == LDAP_REQUEST_PENDING) {
720 struct ldap_message msg = {
721 .type = LDAP_TAG_AbandonRequest,
722 .r.AbandonRequest.messageid = req->messageid,
723 };
724 struct ldap_request *abandon = NULL;
725
726 abandon = ldap_request_send(req->conn, &msg);
727 if (abandon == NULL) {
728 ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
729 return;
730 }
731 talloc_reparent(req->conn, req, abandon);
732 abandon->async.fn = ldap_request_timeout_abandon;
733 abandon->async.private_data = req;
734 DLIST_REMOVE(req->conn->pending, req);
735 return;
736 }
737 req->state = LDAP_REQUEST_DONE;
738 if (req->async.fn) {
739 req->async.fn(req);
740 }
741 }
742
743
744 /*
745 called on completion of a failed ldap request
746 */
747 static void ldap_request_failed_complete(struct tevent_context *ev, struct tevent_timer *te,
748 struct timeval t, void *private_data)
749 {
750 struct ldap_request *req =
751 talloc_get_type_abort(private_data,
752 struct ldap_request);
753
754 if (req->async.fn) {
755 req->async.fn(req);
756 }
757 }
758
759 static void ldap_request_written(struct tevent_req *subreq);
760
761 /*
762 send a ldap message - async interface
763 */
764 _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
765 struct ldap_message *msg)
766 {
767 struct ldap_request *req;
768 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
769 struct tevent_req *subreq = NULL;
770
771 req = talloc_zero(conn, struct ldap_request);
772 if (req == NULL) return NULL;
773
774 if (conn->sockets.active == NULL) {
775 status = NT_STATUS_INVALID_CONNECTION;
776 goto failed;
777 }
778
779 req->state = LDAP_REQUEST_SEND;
780 req->conn = conn;
781 req->messageid = conn->next_messageid++;
782 if (conn->next_messageid == 0) {
783 conn->next_messageid = 1;
784 }
785 req->type = msg->type;
786 if (req->messageid == -1) {
787 goto failed;
788 }
789
790 talloc_set_destructor(req, ldap_request_destructor);
791
792 msg->messageid = req->messageid;
793
794 if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
795 status = NT_STATUS_INTERNAL_ERROR;
796 goto failed;
797 }
798
799 /* put a timeout on the request */
800 req->time_event = tevent_add_timer(conn->event.event_ctx, req,
801 timeval_current_ofs(conn->timeout, 0),
802 ldap_request_timeout, req);
803 if (req->time_event == NULL) {
804 status = NT_STATUS_NO_MEMORY;
805 goto failed;
806 }
807
808 req->write_iov.iov_base = req->data.data;
809 req->write_iov.iov_len = req->data.length;
810
811 subreq = tstream_writev_queue_send(req, conn->event.event_ctx,
812 conn->sockets.active,
813 conn->sockets.send_queue,
814 &req->write_iov, 1);
815 if (subreq == NULL) {
816 status = NT_STATUS_NO_MEMORY;
817 goto failed;
818 }
819 tevent_req_set_callback(subreq, ldap_request_written, req);
820
821 req->state = LDAP_REQUEST_PENDING;
822 DLIST_ADD(conn->pending, req);
823
824 return req;
825
826 failed:
827 req->status = status;
828 req->state = LDAP_REQUEST_ERROR;
829 tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
830 ldap_request_failed_complete, req);
831
832 return req;
833 }
834
835 static void ldap_request_written(struct tevent_req *subreq)
836 {
837 struct ldap_request *req =
838 tevent_req_callback_data(subreq,
839 struct ldap_request);
840 int err;
841 ssize_t ret;
842
843 ret = tstream_writev_queue_recv(subreq, &err);
844 TALLOC_FREE(subreq);
845 if (ret == -1) {
846 NTSTATUS error = map_nt_error_from_unix_common(err);
847 ldap_error_handler(req->conn, error);
848 return;
849 }
850
851 if (req->type == LDAP_TAG_AbandonRequest ||
852 req->type == LDAP_TAG_UnbindRequest)
853 {
854 if (req->state == LDAP_REQUEST_PENDING) {
855 DLIST_REMOVE(req->conn->pending, req);
856 }
857 req->state = LDAP_REQUEST_DONE;
858 if (req->async.fn) {
859 req->async.fn(req);
860 }
861 return;
862 }
863
864 ldap_connection_recv_next(req->conn);
865 }
866
867
868 /*
869 wait for a request to complete
870 note that this does not destroy the request
871 */
872 _PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
873 {
874 while (req->state < LDAP_REQUEST_DONE) {
875 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
876 req->state = LDAP_REQUEST_ERROR;
877 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
878 break;
879 }
880 }
881 return req->status;
882 }
883
884
885 /*
886 a mapping of ldap response code to strings
887 */
888 static const struct {
889 enum ldap_result_code code;
890 const char *str;
891 } ldap_code_map[] = {
892 #define _LDAP_MAP_CODE(c) { c, #c }
893 _LDAP_MAP_CODE(LDAP_SUCCESS),
894 _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
895 _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
896 _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
897 _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
898 _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
899 _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
900 _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
901 _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
902 _LDAP_MAP_CODE(LDAP_REFERRAL),
903 _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
904 _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
905 _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
906 _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
907 _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
908 _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
909 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
910 _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
911 _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
912 _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
913 _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
914 _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
915 _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
916 _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
917 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
918 _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
919 _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
920 _LDAP_MAP_CODE(LDAP_BUSY),
921 _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
922 _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
923 _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
924 _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
925 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
926 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
927 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
928 _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
929 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
930 _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
931 _LDAP_MAP_CODE(LDAP_OTHER)
932 };
933
934 /*
935 used to setup the status code from a ldap response
936 */
937 _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
938 {
939 int i;
940 const char *codename = "unknown";
941
942 if (r->resultcode == LDAP_SUCCESS) {
943 return NT_STATUS_OK;
944 }
945
946 if (conn->last_error) {
947 talloc_free(conn->last_error);
948 }
949
950 for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
951 if (r->resultcode == ldap_code_map[i].code) {
952 codename = ldap_code_map[i].str;
953 break;
954 }
955 }
956
957 conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>",
958 r->resultcode,
959 codename,
960 r->dn?r->dn:"(NULL)",
961 r->errormessage?r->errormessage:"",
962 r->referral?r->referral:"");
963
964 return NT_STATUS_LDAP(r->resultcode);
965 }
966
967 /*
968 return error string representing the last error
969 */
970 _PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn,
971 TALLOC_CTX *mem_ctx,
972 NTSTATUS status)
973 {
974 if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
975 return talloc_strdup(mem_ctx, conn->last_error);
976 }
977 return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
978 }
979
980
981 /*
982 return the Nth result message, waiting if necessary
983 */
984 _PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
985 {
986 *msg = NULL;
987
988 NT_STATUS_HAVE_NO_MEMORY(req);
989
990 while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
991 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
992 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
993 }
994 }
995
996 if (n < req->num_replies) {
997 *msg = req->replies[n];
998 return NT_STATUS_OK;
999 }
1000
1001 if (!NT_STATUS_IS_OK(req->status)) {
1002 return req->status;
1003 }
1004
1005 return NT_STATUS_NO_MORE_ENTRIES;
1006 }
1007
1008
1009 /*
1010 return a single result message, checking if it is of the expected LDAP type
1011 */
1012 _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
1013 {
1014 NTSTATUS status;
1015 status = ldap_result_n(req, 0, msg);
1016 if (!NT_STATUS_IS_OK(status)) {
1017 return status;
1018 }
1019 if ((*msg)->type != type) {
1020 *msg = NULL;
1021 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
1022 }
1023 return status;
1024 }
1025
1026 /*
1027 a simple ldap transaction, for single result requests that only need a status code
1028 this relies on single valued requests having the response type == request type + 1
1029 */
1030 _PUBLIC_ NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
1031 {
1032 struct ldap_request *req = ldap_request_send(conn, msg);
1033 struct ldap_message *res;
1034 NTSTATUS status;
1035 status = ldap_result_n(req, 0, &res);
1036 if (!NT_STATUS_IS_OK(status)) {
1037 talloc_free(req);
1038 return status;
1039 }
1040 if (res->type != msg->type + 1) {
1041 talloc_free(req);
1042 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
1043 }
1044 status = ldap_check_response(conn, &res->r.GeneralResult);
1045 talloc_free(req);
1046 return status;
1047 }
Samba GIT mirror