search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r13355: check controls are correctly exported
[Samba/aatanasov.git] / source4 / ldap_server / ldap_backend.c
blob562263371bce9ac1a57607b18a2ea098751087fe
1 /*
2 Unix SMB/CIFS implementation.
3 LDAP server
4 Copyright (C) Stefan Metzmacher 2004
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "ldap_server/ldap_server.h"
23 #include "dlinklist.h"
24 #include "libcli/ldap/ldap.h"
25 #include "lib/ldb/include/ldb.h"
26 #include "lib/ldb/include/ldb_errors.h"
27 #include "dsdb/samdb/samdb.h"
28
29 #define VALID_DN_SYNTAX(dn,i) do {\
30 if (!(dn)) {\
31 return NT_STATUS_NO_MEMORY;\
32 } else if ((dn)->comp_num < (i)) {\
33 result = LDAP_INVALID_DN_SYNTAX;\
34 errstr = "Invalid DN (" #i " components needed for '" #dn "')";\
35 goto reply;\
36 }\
37 } while(0)
38
39 static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstring)
40 {
41 *errstring = ldb_errstring(ldb);
42
43 /* its 1:1 for now */
44 return err;
45 }
46
47 /*
48 map controls
49 */
50 static int get_ldb_controls(void *mem_ctx, struct ldap_Control **controls, struct ldb_control ***lcontrols)
51 {
52 struct ldb_control **lctrl;
53 int i, l;
54
55 if (controls == NULL || controls[0] == NULL) {
56 *lcontrols = NULL;
57 return LDB_SUCCESS;
58 }
59
60 l = 0;
61 lctrl = NULL;
62 *lcontrols = NULL;
63
64 for (i = 0; controls[i] != NULL; i++) {
65 lctrl = talloc_realloc(mem_ctx, lctrl, struct ldb_control *, l + 2);
66 if (lctrl == NULL) {
67 return LDB_ERR_OTHER;
68 }
69 lctrl[l] = talloc(lctrl, struct ldb_control);
70 if (lctrl[l] == NULL) {
71 return LDB_ERR_OTHER;
72 }
73 lctrl[l]->oid = controls[i]->oid;
74 lctrl[l]->critical = controls[i]->critical;
75 lctrl[l]->data = controls[i]->value;
76 l++;
77 }
78 lctrl[l] = NULL;
79
80 *lcontrols = lctrl;
81
82 return LDB_SUCCESS;
83 }
84
85 /*
86 connect to the sam database
87 */
88 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
89 {
90 conn->ldb = samdb_connect(conn, conn->session_info);
91 if (conn->ldb == NULL) {
92 return NT_STATUS_INTERNAL_DB_CORRUPTION;
93 }
94 ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
95
96 return NT_STATUS_OK;
97 }
98
99 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
100 {
101 struct ldapsrv_reply *reply;
102
103 reply = talloc(call, struct ldapsrv_reply);
104 if (!reply) {
105 return NULL;
106 }
107 reply->msg = talloc(reply, struct ldap_message);
108 if (reply->msg == NULL) {
109 talloc_free(reply);
110 return NULL;
111 }
112
113 reply->msg->messageid = call->request->messageid;
114 reply->msg->type = type;
115 reply->msg->controls = NULL;
116
117 return reply;
118 }
119
120 void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
121 {
122 DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
123 }
124
125 NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
126 {
127 struct ldapsrv_reply *reply;
128 struct ldap_ExtendedResponse *r;
129
130 DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request->type, call->request->messageid));
131
132 reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
133 if (!reply) {
134 return NT_STATUS_NO_MEMORY;
135 }
136
137 r = &reply->msg->r.ExtendedResponse;
138 r->response.resultcode = error;
139 r->response.dn = NULL;
140 r->response.errormessage = NULL;
141 r->response.referral = NULL;
142 r->name = NULL;
143 r->value.data = NULL;
144 r->value.length = 0;
145
146 ldapsrv_queue_reply(call, reply);
147 return NT_STATUS_OK;
148 }
149
150 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
151 {
152 struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
153 struct ldap_SearchResEntry *ent;
154 struct ldap_Result *done;
155 struct ldapsrv_reply *ent_r, *done_r;
156 void *local_ctx;
157 struct ldb_context *samdb = call->conn->ldb;
158 struct ldb_dn *basedn;
159 struct ldb_result *res = NULL;
160 struct ldb_request lreq;
161 enum ldb_scope scope = LDB_SCOPE_DEFAULT;
162 const char **attrs = NULL;
163 const char *errstr = NULL;
164 int success_limit = 1;
165 int result = LDAP_SUCCESS;
166 int ldb_ret;
167 int i, j, y;
168
169 DEBUG(10, ("SearchRequest"));
170 DEBUGADD(10, (" basedn: %s", req->basedn));
171 DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
172
173 local_ctx = talloc_named(call, 0, "sldb_Search local memory context");
174 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
175
176 basedn = ldb_dn_explode(local_ctx, req->basedn);
177 VALID_DN_SYNTAX(basedn, 0);
178
179 DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn));
180 DEBUG(10, ("SearchRequest: filter: [%s]\n", ldb_filter_from_tree(call, req->tree)));
181
182 switch (req->scope) {
183 case LDAP_SEARCH_SCOPE_BASE:
184 DEBUG(10,("SearchRequest: scope: [BASE]\n"));
185 scope = LDB_SCOPE_BASE;
186 success_limit = 0;
187 break;
188 case LDAP_SEARCH_SCOPE_SINGLE:
189 DEBUG(10,("SearchRequest: scope: [ONE]\n"));
190 scope = LDB_SCOPE_ONELEVEL;
191 success_limit = 0;
192 break;
193 case LDAP_SEARCH_SCOPE_SUB:
194 DEBUG(10,("SearchRequest: scope: [SUB]\n"));
195 scope = LDB_SCOPE_SUBTREE;
196 success_limit = 0;
197 break;
198 }
199
200 if (req->num_attributes >= 1) {
201 attrs = talloc_array(samdb, const char *, req->num_attributes+1);
202 NT_STATUS_HAVE_NO_MEMORY(attrs);
203
204 for (i=0; i < req->num_attributes; i++) {
205 DEBUG(10,("SearchRequest: attrs: [%s]\n",req->attributes[i]));
206 attrs[i] = req->attributes[i];
207 }
208 attrs[i] = NULL;
209 }
210
211 DEBUG(5,("ldb_request dn=%s filter=%s\n",
212 req->basedn, ldb_filter_from_tree(call, req->tree)));
213
214 ZERO_STRUCT(lreq);
215 lreq.operation = LDB_REQ_SEARCH;
216 lreq.op.search.base = basedn;
217 lreq.op.search.scope = scope;
218 lreq.op.search.tree = req->tree;
219 lreq.op.search.attrs = attrs;
220
221 ldb_ret = get_ldb_controls(local_ctx, call->request->controls, &lreq.controls);
222
223 if (ldb_ret != LDB_SUCCESS) {
224 /* get_ldb_controls fails only on a critical internal error or when
225 * a control is defined as critical but it is not supported
226 */
227 goto reply;
228 }
229
230 ldb_ret = ldb_request(samdb, &lreq);
231
232 res = talloc_steal(samdb, lreq.op.search.res);
233
234 if (ldb_ret == LDB_SUCCESS) {
235 for (i = 0; i < res->count; i++) {
236 ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
237 NT_STATUS_HAVE_NO_MEMORY(ent_r);
238
239 ent = &ent_r->msg->r.SearchResultEntry;
240 ent->dn = ldb_dn_linearize(ent_r, res->msgs[i]->dn);
241 ent->num_attributes = 0;
242 ent->attributes = NULL;
243 if (res->msgs[i]->num_elements == 0) {
244 goto queue_reply;
245 }
246 ent->num_attributes = res->msgs[i]->num_elements;
247 ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
248 NT_STATUS_HAVE_NO_MEMORY(ent->attributes);
249 for (j=0; j < ent->num_attributes; j++) {
250 ent->attributes[j].name = talloc_steal(ent->attributes, res->msgs[i]->elements[j].name);
251 ent->attributes[j].num_values = 0;
252 ent->attributes[j].values = NULL;
253 if (req->attributesonly && (res->msgs[i]->elements[j].num_values == 0)) {
254 continue;
255 }
256 ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
257 ent->attributes[j].values = talloc_array(ent->attributes,
258 DATA_BLOB, ent->attributes[j].num_values);
259 NT_STATUS_HAVE_NO_MEMORY(ent->attributes[j].values);
260 for (y=0; y < ent->attributes[j].num_values; y++) {
261 ent->attributes[j].values[y].length = res->msgs[i]->elements[j].values[y].length;
262 ent->attributes[j].values[y].data = talloc_steal(ent->attributes[j].values,
263 res->msgs[i]->elements[j].values[y].data);
264 }
265 }
266 queue_reply:
267 ldapsrv_queue_reply(call, ent_r);
268 }
269 }
270
271 reply:
272 done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
273 NT_STATUS_HAVE_NO_MEMORY(done_r);
274
275 done = &done_r->msg->r.SearchResultDone;
276 done->dn = NULL;
277 done->referral = NULL;
278
279 if (ldb_ret == LDB_SUCCESS) {
280 if (res->count >= success_limit) {
281 DEBUG(10,("SearchRequest: results: [%d]\n", res->count));
282 result = LDAP_SUCCESS;
283 errstr = NULL;
284 } else if (res->count == 0) {
285 DEBUG(10,("SearchRequest: no results\n"));
286 result = LDAP_NO_SUCH_OBJECT;
287 errstr = ldb_errstring(samdb);
288 }
289 if (res->controls) {
290 done_r->msg->controls = (struct ldap_Control **)(res->controls);
291 }
292 } else {
293 DEBUG(10,("SearchRequest: error\n"));
294 result = map_ldb_error(samdb, ldb_ret, &errstr);
295 }
296
297 done->resultcode = result;
298 done->errormessage = (errstr?talloc_strdup(done_r, errstr):NULL);
299
300 talloc_free(local_ctx);
301
302 ldapsrv_queue_reply(call, done_r);
303 return NT_STATUS_OK;
304 }
305
306 static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
307 {
308 struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
309 struct ldap_Result *modify_result;
310 struct ldapsrv_reply *modify_reply;
311 void *local_ctx;
312 struct ldb_context *samdb = call->conn->ldb;
313 struct ldb_message *msg = NULL;
314 struct ldb_dn *dn;
315 const char *errstr = NULL;
316 int result = LDAP_SUCCESS;
317 int ldb_ret;
318 int i,j;
319
320 DEBUG(10, ("ModifyRequest"));
321 DEBUGADD(10, (" dn: %s", req->dn));
322
323 local_ctx = talloc_named(call, 0, "ModifyRequest local memory context");
324 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
325
326 dn = ldb_dn_explode(local_ctx, req->dn);
327 VALID_DN_SYNTAX(dn, 1);
328
329 DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
330
331 msg = talloc(local_ctx, struct ldb_message);
332 NT_STATUS_HAVE_NO_MEMORY(msg);
333
334 msg->dn = dn;
335 msg->private_data = NULL;
336 msg->num_elements = 0;
337 msg->elements = NULL;
338
339 if (req->num_mods > 0) {
340 msg->num_elements = req->num_mods;
341 msg->elements = talloc_array(msg, struct ldb_message_element, req->num_mods);
342 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
343
344 for (i=0; i < msg->num_elements; i++) {
345 msg->elements[i].name = discard_const_p(char, req->mods[i].attrib.name);
346 msg->elements[i].num_values = 0;
347 msg->elements[i].values = NULL;
348
349 switch (req->mods[i].type) {
350 default:
351 result = LDAP_PROTOCOL_ERROR;
352 errstr = "Invalid LDAP_MODIFY_* type";
353 goto reply;
354 case LDAP_MODIFY_ADD:
355 msg->elements[i].flags = LDB_FLAG_MOD_ADD;
356 break;
357 case LDAP_MODIFY_DELETE:
358 msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
359 break;
360 case LDAP_MODIFY_REPLACE:
361 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
362 break;
363 }
364
365 msg->elements[i].num_values = req->mods[i].attrib.num_values;
366 if (msg->elements[i].num_values > 0) {
367 msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
368 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
369
370 for (j=0; j < msg->elements[i].num_values; j++) {
371 if (!(req->mods[i].attrib.values[j].length > 0)) {
372 result = LDAP_OTHER;
373 errstr = "Empty attribute values are not allowed";
374 goto reply;
375 }
376 msg->elements[i].values[j].length = req->mods[i].attrib.values[j].length;
377 msg->elements[i].values[j].data = req->mods[i].attrib.values[j].data;
378 }
379 }
380 }
381 } else {
382 result = LDAP_OTHER;
383 errstr = "No mods are not allowed";
384 goto reply;
385 }
386
387 reply:
388 modify_reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse);
389 NT_STATUS_HAVE_NO_MEMORY(modify_reply);
390
391 if (result == LDAP_SUCCESS) {
392 ldb_ret = ldb_modify(samdb, msg);
393 result = map_ldb_error(samdb, ldb_ret, &errstr);
394 }
395
396 modify_result = &modify_reply->msg->r.AddResponse;
397 modify_result->dn = NULL;
398 modify_result->resultcode = result;
399 modify_result->errormessage = (errstr?talloc_strdup(modify_reply, errstr):NULL);
400 modify_result->referral = NULL;
401
402 talloc_free(local_ctx);
403
404 ldapsrv_queue_reply(call, modify_reply);
405 return NT_STATUS_OK;
406
407 }
408
409 static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
410 {
411 struct ldap_AddRequest *req = &call->request->r.AddRequest;
412 struct ldap_Result *add_result;
413 struct ldapsrv_reply *add_reply;
414 void *local_ctx;
415 struct ldb_context *samdb = call->conn->ldb;
416 struct ldb_message *msg = NULL;
417 struct ldb_dn *dn;
418 const char *errstr = NULL;
419 int result = LDAP_SUCCESS;
420 int ldb_ret;
421 int i,j;
422
423 DEBUG(10, ("AddRequest"));
424 DEBUGADD(10, (" dn: %s", req->dn));
425
426 local_ctx = talloc_named(call, 0, "AddRequest local memory context");
427 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
428
429 dn = ldb_dn_explode(local_ctx, req->dn);
430 VALID_DN_SYNTAX(dn,1);
431
432 DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn));
433
434 msg = talloc(local_ctx, struct ldb_message);
435 NT_STATUS_HAVE_NO_MEMORY(msg);
436
437 msg->dn = dn;
438 msg->private_data = NULL;
439 msg->num_elements = 0;
440 msg->elements = NULL;
441
442 if (req->num_attributes > 0) {
443 msg->num_elements = req->num_attributes;
444 msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements);
445 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
446
447 for (i=0; i < msg->num_elements; i++) {
448 msg->elements[i].name = discard_const_p(char, req->attributes[i].name);
449 msg->elements[i].flags = 0;
450 msg->elements[i].num_values = 0;
451 msg->elements[i].values = NULL;
452
453 if (req->attributes[i].num_values > 0) {
454 msg->elements[i].num_values = req->attributes[i].num_values;
455 msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
456 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
457
458 for (j=0; j < msg->elements[i].num_values; j++) {
459 if (!(req->attributes[i].values[j].length > 0)) {
460 result = LDAP_OTHER;
461 errstr = "Empty attribute values are not allowed";
462 goto reply;
463 }
464 msg->elements[i].values[j].length = req->attributes[i].values[j].length;
465 msg->elements[i].values[j].data = req->attributes[i].values[j].data;
466 }
467 } else {
468 result = LDAP_OTHER;
469 errstr = "No attribute values are not allowed";
470 goto reply;
471 }
472 }
473 } else {
474 result = LDAP_OTHER;
475 errstr = "No attributes are not allowed";
476 goto reply;
477 }
478
479 reply:
480 add_reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse);
481 NT_STATUS_HAVE_NO_MEMORY(add_reply);
482
483 if (result == LDAP_SUCCESS) {
484 ldb_ret = ldb_add(samdb, msg);
485 result = map_ldb_error(samdb, ldb_ret, &errstr);
486 }
487
488 add_result = &add_reply->msg->r.AddResponse;
489 add_result->dn = NULL;
490 add_result->resultcode = result;
491 add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
492 add_result->referral = NULL;
493
494 talloc_free(local_ctx);
495
496 ldapsrv_queue_reply(call, add_reply);
497 return NT_STATUS_OK;
498
499 }
500
501 static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
502 {
503 struct ldap_DelRequest *req = &call->request->r.DelRequest;
504 struct ldap_Result *del_result;
505 struct ldapsrv_reply *del_reply;
506 void *local_ctx;
507 struct ldb_context *samdb = call->conn->ldb;
508 struct ldb_dn *dn;
509 const char *errstr = NULL;
510 int result = LDAP_SUCCESS;
511 int ldb_ret;
512
513 DEBUG(10, ("DelRequest"));
514 DEBUGADD(10, (" dn: %s", req->dn));
515
516 local_ctx = talloc_named(call, 0, "DelRequest local memory context");
517 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
518
519 dn = ldb_dn_explode(local_ctx, req->dn);
520 VALID_DN_SYNTAX(dn,1);
521
522 DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn));
523
524 reply:
525 del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
526 NT_STATUS_HAVE_NO_MEMORY(del_reply);
527
528 if (result == LDAP_SUCCESS) {
529 ldb_ret = ldb_delete(samdb, dn);
530 result = map_ldb_error(samdb, ldb_ret, &errstr);
531 }
532
533 del_result = &del_reply->msg->r.DelResponse;
534 del_result->dn = NULL;
535 del_result->resultcode = result;
536 del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
537 del_result->referral = NULL;
538
539 talloc_free(local_ctx);
540
541 ldapsrv_queue_reply(call, del_reply);
542 return NT_STATUS_OK;
543 }
544
545 static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
546 {
547 struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
548 struct ldap_Result *modifydn;
549 struct ldapsrv_reply *modifydn_r;
550 void *local_ctx;
551 struct ldb_context *samdb = call->conn->ldb;
552 struct ldb_dn *olddn, *newdn, *newrdn;
553 struct ldb_dn *parentdn = NULL;
554 const char *errstr = NULL;
555 int result = LDAP_SUCCESS;
556 int ldb_ret;
557
558 DEBUG(10, ("ModifyDNRequrest"));
559 DEBUGADD(10, (" dn: %s", req->dn));
560 DEBUGADD(10, (" newrdn: %s", req->newrdn));
561
562 local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context");
563 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
564
565 olddn = ldb_dn_explode(local_ctx, req->dn);
566 VALID_DN_SYNTAX(olddn, 2);
567
568 newrdn = ldb_dn_explode(local_ctx, req->newrdn);
569 VALID_DN_SYNTAX(newrdn, 1);
570
571 DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
572 DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
573
574 /* we can't handle the rename if we should not remove the old dn */
575 if (!req->deleteolddn) {
576 result = LDAP_UNWILLING_TO_PERFORM;
577 errstr = "Old RDN must be deleted";
578 goto reply;
579 }
580
581 if (newrdn->comp_num > 1) {
582 result = LDAP_NAMING_VIOLATION;
583 errstr = "Error new RDN invalid";
584 goto reply;
585 }
586
587 if (req->newsuperior) {
588 parentdn = ldb_dn_explode(local_ctx, req->newsuperior);
589 VALID_DN_SYNTAX(parentdn, 0);
590 DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior));
591
592 if (parentdn->comp_num < 1) {
593 result = LDAP_AFFECTS_MULTIPLE_DSAS;
594 errstr = "Error new Superior DN invalid";
595 goto reply;
596 }
597 }
598
599 if (!parentdn) {
600 parentdn = ldb_dn_get_parent(local_ctx, olddn);
601 NT_STATUS_HAVE_NO_MEMORY(parentdn);
602 }
603
604 newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn);
605 NT_STATUS_HAVE_NO_MEMORY(newdn);
606
607 reply:
608 modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
609 NT_STATUS_HAVE_NO_MEMORY(modifydn_r);
610
611 if (result == LDAP_SUCCESS) {
612 ldb_ret = ldb_rename(samdb, olddn, newdn);
613 result = map_ldb_error(samdb, ldb_ret, &errstr);
614 }
615
616 modifydn = &modifydn_r->msg->r.ModifyDNResponse;
617 modifydn->dn = NULL;
618 modifydn->resultcode = result;
619 modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
620 modifydn->referral = NULL;
621
622 talloc_free(local_ctx);
623
624 ldapsrv_queue_reply(call, modifydn_r);
625 return NT_STATUS_OK;
626 }
627
628 static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
629 {
630 struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
631 struct ldap_Result *compare;
632 struct ldapsrv_reply *compare_r;
633 void *local_ctx;
634 struct ldb_context *samdb = call->conn->ldb;
635 struct ldb_result *res = NULL;
636 struct ldb_dn *dn;
637 const char *attrs[1];
638 const char *errstr = NULL;
639 const char *filter = NULL;
640 int result = LDAP_SUCCESS;
641 int ldb_ret;
642
643 DEBUG(10, ("CompareRequest"));
644 DEBUGADD(10, (" dn: %s", req->dn));
645
646 local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context");
647 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
648
649 dn = ldb_dn_explode(local_ctx, req->dn);
650 VALID_DN_SYNTAX(dn, 1);
651
652 DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn));
653 filter = talloc_asprintf(local_ctx, "(%s=%*s)", req->attribute,
654 (int)req->value.length, req->value.data);
655 NT_STATUS_HAVE_NO_MEMORY(filter);
656
657 DEBUGADD(10, ("CompareRequest: attribute: [%s]\n", filter));
658
659 attrs[0] = NULL;
660
661 reply:
662 compare_r = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse);
663 NT_STATUS_HAVE_NO_MEMORY(compare_r);
664
665 if (result == LDAP_SUCCESS) {
666 ldb_ret = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res);
667 talloc_steal(samdb, res);
668 if (ldb_ret != LDB_SUCCESS) {
669 result = map_ldb_error(samdb, ldb_ret, &errstr);
670 DEBUG(10,("CompareRequest: error: %s\n", errstr));
671 } else if (res->count == 0) {
672 DEBUG(10,("CompareRequest: doesn't matched\n"));
673 result = LDAP_COMPARE_FALSE;
674 errstr = NULL;
675 } else if (res->count == 1) {
676 DEBUG(10,("CompareRequest: matched\n"));
677 result = LDAP_COMPARE_TRUE;
678 errstr = NULL;
679 } else if (res->count > 1) {
680 result = LDAP_OTHER;
681 errstr = "too many objects match";
682 DEBUG(10,("CompareRequest: %d results: %s\n", res->count, errstr));
683 }
684 }
685
686 compare = &compare_r->msg->r.CompareResponse;
687 compare->dn = NULL;
688 compare->resultcode = result;
689 compare->errormessage = (errstr?talloc_strdup(compare_r,errstr):NULL);
690 compare->referral = NULL;
691
692 talloc_free(local_ctx);
693
694 ldapsrv_queue_reply(call, compare_r);
695 return NT_STATUS_OK;
696 }
697
698 static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
699 {
700 /* struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/
701 DEBUG(10, ("AbandonRequest\n"));
702 return NT_STATUS_OK;
703 }
704
705 static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
706 {
707 /* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/
708 struct ldapsrv_reply *reply;
709
710 DEBUG(10, ("Extended\n"));
711
712 reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
713 if (!reply) {
714 return NT_STATUS_NO_MEMORY;
715 }
716
717 ZERO_STRUCT(reply->msg->r);
718
719 ldapsrv_queue_reply(call, reply);
720 return NT_STATUS_OK;
721 }
722
723 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
724 {
725 switch(call->request->type) {
726 case LDAP_TAG_BindRequest:
727 return ldapsrv_BindRequest(call);
728 case LDAP_TAG_UnbindRequest:
729 return ldapsrv_UnbindRequest(call);
730 case LDAP_TAG_SearchRequest:
731 return ldapsrv_SearchRequest(call);
732 case LDAP_TAG_ModifyRequest:
733 return ldapsrv_ModifyRequest(call);
734 case LDAP_TAG_AddRequest:
735 return ldapsrv_AddRequest(call);
736 case LDAP_TAG_DelRequest:
737 return ldapsrv_DelRequest(call);
738 case LDAP_TAG_ModifyDNRequest:
739 return ldapsrv_ModifyDNRequest(call);
740 case LDAP_TAG_CompareRequest:
741 return ldapsrv_CompareRequest(call);
742 case LDAP_TAG_AbandonRequest:
743 return ldapsrv_AbandonRequest(call);
744 case LDAP_TAG_ExtendedRequest:
745 return ldapsrv_ExtendedRequest(call);
746 default:
747 return ldapsrv_unwilling(call, 2);
748 }
749 }
750
751
aatanasov's samba4 branch