s3-torture: run_fdpasstest(): replace cli_read_old() with cli_read()
[Samba/gebeck_regimport.git] / source4 / libcli / ldap / ldap_client.c
blob7c8bb0304c927049f34b117e73917fd0b36ff8a5
1 /*
2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
5 Copyright (C) Andrew Tridgell 2004
6 Copyright (C) Volker Lendecke 2004
7 Copyright (C) Stefan Metzmacher 2004
8 Copyright (C) Simo Sorce 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "includes.h"
26 #include <tevent.h>
27 #include "lib/socket/socket.h"
28 #include "../lib/util/asn1.h"
29 #include "../lib/util/dlinklist.h"
30 #include "libcli/ldap/libcli_ldap.h"
31 #include "libcli/ldap/ldap_proto.h"
32 #include "libcli/ldap/ldap_client.h"
33 #include "libcli/composite/composite.h"
34 #include "lib/stream/packet.h"
35 #include "lib/tls/tls.h"
36 #include "auth/gensec/gensec.h"
37 #include "system/time.h"
38 #include "param/param.h"
39 #include "libcli/resolve/resolve.h"
41 /**
42 create a new ldap_connection stucture. The event context is optional
44 _PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx,
45 struct loadparm_context *lp_ctx,
46 struct tevent_context *ev)
48 struct ldap_connection *conn;
50 if (ev == NULL) {
51 return NULL;
54 conn = talloc_zero(mem_ctx, struct ldap_connection);
55 if (conn == NULL) {
56 return NULL;
59 conn->next_messageid = 1;
60 conn->event.event_ctx = ev;
62 conn->lp_ctx = lp_ctx;
64 /* set a reasonable request timeout */
65 conn->timeout = 60;
67 /* explicitly avoid reconnections by default */
68 conn->reconnect.max_retries = 0;
70 return conn;
74 the connection is dead
76 static void ldap_connection_dead(struct ldap_connection *conn)
78 struct ldap_request *req;
80 talloc_free(conn->sock); /* this will also free event.fde */
81 talloc_free(conn->packet);
82 conn->sock = NULL;
83 conn->event.fde = NULL;
84 conn->packet = NULL;
86 /* return an error for any pending request ... */
87 while (conn->pending) {
88 req = conn->pending;
89 DLIST_REMOVE(req->conn->pending, req);
90 req->state = LDAP_REQUEST_DONE;
91 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
92 if (req->async.fn) {
93 req->async.fn(req);
98 static void ldap_reconnect(struct ldap_connection *conn);
101 handle packet errors
103 static void ldap_error_handler(void *private_data, NTSTATUS status)
105 struct ldap_connection *conn = talloc_get_type(private_data,
106 struct ldap_connection);
107 ldap_connection_dead(conn);
109 /* but try to reconnect so that the ldb client can go on */
110 ldap_reconnect(conn);
115 match up with a pending message, adding to the replies list
117 static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
119 struct ldap_request *req;
120 int i;
122 for (req=conn->pending; req; req=req->next) {
123 if (req->messageid == msg->messageid) break;
125 /* match a zero message id to the last request sent.
126 It seems that servers send 0 if unable to parse */
127 if (req == NULL && msg->messageid == 0) {
128 req = conn->pending;
130 if (req == NULL) {
131 DEBUG(0,("ldap: no matching message id for %u\n",
132 msg->messageid));
133 talloc_free(msg);
134 return;
137 /* Check for undecoded critical extensions */
138 for (i=0; msg->controls && msg->controls[i]; i++) {
139 if (!msg->controls_decoded[i] &&
140 msg->controls[i]->critical) {
141 req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
142 req->state = LDAP_REQUEST_DONE;
143 DLIST_REMOVE(conn->pending, req);
144 if (req->async.fn) {
145 req->async.fn(req);
147 return;
151 /* add to the list of replies received */
152 talloc_steal(req, msg);
153 req->replies = talloc_realloc(req, req->replies,
154 struct ldap_message *, req->num_replies+1);
155 if (req->replies == NULL) {
156 req->status = NT_STATUS_NO_MEMORY;
157 req->state = LDAP_REQUEST_DONE;
158 DLIST_REMOVE(conn->pending, req);
159 if (req->async.fn) {
160 req->async.fn(req);
162 return;
165 req->replies[req->num_replies] = talloc_steal(req->replies, msg);
166 req->num_replies++;
168 if (msg->type != LDAP_TAG_SearchResultEntry &&
169 msg->type != LDAP_TAG_SearchResultReference) {
170 /* currently only search results expect multiple
171 replies */
172 req->state = LDAP_REQUEST_DONE;
173 DLIST_REMOVE(conn->pending, req);
176 if (req->async.fn) {
177 req->async.fn(req);
183 decode/process LDAP data
185 static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
187 NTSTATUS status;
188 struct ldap_connection *conn = talloc_get_type(private_data,
189 struct ldap_connection);
190 struct ldap_message *msg = talloc(conn, struct ldap_message);
191 struct asn1_data *asn1 = asn1_init(conn);
193 if (asn1 == NULL || msg == NULL) {
194 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
197 if (!asn1_load(asn1, blob)) {
198 talloc_free(msg);
199 talloc_free(asn1);
200 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
203 status = ldap_decode(asn1, samba_ldap_control_handlers(), msg);
204 if (!NT_STATUS_IS_OK(status)) {
205 asn1_free(asn1);
206 return status;
209 ldap_match_message(conn, msg);
211 data_blob_free(&blob);
212 asn1_free(asn1);
213 return NT_STATUS_OK;
216 /* Handle read events, from the GENSEC socket callback, or real events */
217 void ldap_read_io_handler(void *private_data, uint16_t flags)
219 struct ldap_connection *conn = talloc_get_type(private_data,
220 struct ldap_connection);
221 packet_recv(conn->packet);
225 handle ldap socket events
227 static void ldap_io_handler(struct tevent_context *ev, struct tevent_fd *fde,
228 uint16_t flags, void *private_data)
230 struct ldap_connection *conn = talloc_get_type(private_data,
231 struct ldap_connection);
232 if (flags & TEVENT_FD_WRITE) {
233 packet_queue_run(conn->packet);
234 if (!tls_enabled(conn->sock)) return;
236 if (flags & TEVENT_FD_READ) {
237 ldap_read_io_handler(private_data, flags);
242 parse a ldap URL
244 static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
245 char **host, uint16_t *port, bool *ldaps)
247 int tmp_port = 0;
248 char protocol[11];
249 char tmp_host[1025];
250 int ret;
252 /* Paranoia check */
253 SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
255 ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
256 if (ret < 2) {
257 return NT_STATUS_INVALID_PARAMETER;
260 if (strequal(protocol, "ldap")) {
261 *port = 389;
262 *ldaps = false;
263 } else if (strequal(protocol, "ldaps")) {
264 *port = 636;
265 *ldaps = true;
266 } else {
267 DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
268 return NT_STATUS_PROTOCOL_UNREACHABLE;
271 if (tmp_port != 0)
272 *port = tmp_port;
274 *host = talloc_strdup(mem_ctx, tmp_host);
275 NT_STATUS_HAVE_NO_MEMORY(*host);
277 return NT_STATUS_OK;
281 connect to a ldap server
284 struct ldap_connect_state {
285 struct composite_context *ctx;
286 struct ldap_connection *conn;
289 static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
290 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
292 _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
293 const char *url)
295 struct composite_context *result, *ctx;
296 struct ldap_connect_state *state;
297 char protocol[11];
298 int ret;
300 result = talloc_zero(conn, struct composite_context);
301 if (result == NULL) goto failed;
302 result->state = COMPOSITE_STATE_IN_PROGRESS;
303 result->async.fn = NULL;
304 result->event_ctx = conn->event.event_ctx;
306 state = talloc(result, struct ldap_connect_state);
307 if (state == NULL) goto failed;
308 state->ctx = result;
309 result->private_data = state;
311 state->conn = conn;
313 if (conn->reconnect.url == NULL) {
314 conn->reconnect.url = talloc_strdup(conn, url);
315 if (conn->reconnect.url == NULL) goto failed;
318 /* Paranoia check */
319 SMB_ASSERT(sizeof(protocol)>10);
321 ret = sscanf(url, "%10[^:]://", protocol);
322 if (ret < 1) {
323 return NULL;
326 if (strequal(protocol, "ldapi")) {
327 struct socket_address *unix_addr;
328 char path[1025];
330 NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &conn->sock, 0);
331 if (!NT_STATUS_IS_OK(status)) {
332 return NULL;
334 talloc_steal(conn, conn->sock);
335 SMB_ASSERT(sizeof(protocol)>10);
336 SMB_ASSERT(sizeof(path)>1024);
338 /* LDAPI connections are to localhost, so give the
339 * local host name as the target for gensec's
340 * DIGEST-MD5 mechanism */
341 conn->host = talloc_asprintf(conn, "%s.%s",
342 lpcfg_netbios_name(conn->lp_ctx),
343 lpcfg_dnsdomain(conn->lp_ctx));
344 if (composite_nomem(conn->host, state->ctx)) {
345 return result;
348 /* The %c specifier doesn't null terminate :-( */
349 ZERO_STRUCT(path);
350 ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
351 if (ret < 2) {
352 composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
353 return result;
356 rfc1738_unescape(path);
358 unix_addr = socket_address_from_strings(conn, conn->sock->backend_name,
359 path, 0);
360 if (!unix_addr) {
361 return NULL;
364 ctx = socket_connect_send(conn->sock, NULL, unix_addr,
365 0, conn->event.event_ctx);
366 ctx->async.fn = ldap_connect_recv_unix_conn;
367 ctx->async.private_data = state;
368 return result;
369 } else {
370 NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
371 &conn->port, &conn->ldaps);
372 if (!NT_STATUS_IS_OK(state->ctx->status)) {
373 composite_error(state->ctx, status);
374 return result;
377 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
378 lpcfg_resolve_context(conn->lp_ctx), conn->event.event_ctx);
379 if (ctx == NULL) goto failed;
381 ctx->async.fn = ldap_connect_recv_tcp_conn;
382 ctx->async.private_data = state;
383 return result;
385 failed:
386 talloc_free(result);
387 return NULL;
390 static void ldap_connect_got_sock(struct composite_context *ctx,
391 struct ldap_connection *conn)
393 /* setup a handler for events on this socket */
394 conn->event.fde = tevent_add_fd(conn->event.event_ctx, conn->sock,
395 socket_get_fd(conn->sock),
396 TEVENT_FD_READ, ldap_io_handler, conn);
397 if (conn->event.fde == NULL) {
398 composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
399 return;
402 tevent_fd_set_close_fn(conn->event.fde, socket_tevent_fd_close_fn);
403 socket_set_flags(conn->sock, SOCKET_FLAG_NOCLOSE);
405 talloc_steal(conn, conn->sock);
406 if (conn->ldaps) {
407 struct socket_context *tls_socket;
408 char *cafile = lpcfg_tls_cafile(conn->sock, conn->lp_ctx);
410 if (!cafile || !*cafile) {
411 talloc_free(conn->sock);
412 return;
415 tls_socket = tls_init_client(conn->sock, conn->event.fde, cafile);
416 talloc_free(cafile);
418 if (tls_socket == NULL) {
419 talloc_free(conn->sock);
420 return;
423 conn->sock = talloc_steal(conn, tls_socket);
426 conn->packet = packet_init(conn);
427 if (conn->packet == NULL) {
428 talloc_free(conn->sock);
429 return;
432 packet_set_private(conn->packet, conn);
433 packet_set_socket(conn->packet, conn->sock);
434 packet_set_callback(conn->packet, ldap_recv_handler);
435 packet_set_full_request(conn->packet, ldap_full_packet);
436 packet_set_error_handler(conn->packet, ldap_error_handler);
437 packet_set_event_context(conn->packet, conn->event.event_ctx);
438 packet_set_fde(conn->packet, conn->event.fde);
439 /* packet_set_serialise(conn->packet); */
441 if (conn->ldaps) {
442 packet_set_unreliable_select(conn->packet);
445 composite_done(ctx);
448 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
450 struct ldap_connect_state *state =
451 talloc_get_type(ctx->async.private_data,
452 struct ldap_connect_state);
453 struct ldap_connection *conn = state->conn;
454 uint16_t port;
455 NTSTATUS status = socket_connect_multi_recv(ctx, state, &conn->sock,
456 &port);
457 if (!NT_STATUS_IS_OK(status)) {
458 composite_error(state->ctx, status);
459 return;
462 ldap_connect_got_sock(state->ctx, conn);
465 static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
467 struct ldap_connect_state *state =
468 talloc_get_type(ctx->async.private_data,
469 struct ldap_connect_state);
470 struct ldap_connection *conn = state->conn;
472 NTSTATUS status = socket_connect_recv(ctx);
474 if (!NT_STATUS_IS_OK(state->ctx->status)) {
475 composite_error(state->ctx, status);
476 return;
479 ldap_connect_got_sock(state->ctx, conn);
482 _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
484 NTSTATUS status = composite_wait(ctx);
485 talloc_free(ctx);
486 return status;
489 _PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
491 struct composite_context *ctx = ldap_connect_send(conn, url);
492 return ldap_connect_recv(ctx);
495 /* set reconnect parameters */
497 _PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
499 if (conn) {
500 conn->reconnect.max_retries = max_retries;
501 conn->reconnect.retries = 0;
502 conn->reconnect.previous = time_mono(NULL);
506 /* Actually this function is NOT ASYNC safe, FIXME? */
507 static void ldap_reconnect(struct ldap_connection *conn)
509 NTSTATUS status;
510 time_t now = time_mono(NULL);
512 /* do we have set up reconnect ? */
513 if (conn->reconnect.max_retries == 0) return;
515 /* is the retry time expired ? */
516 if (now > conn->reconnect.previous + 30) {
517 conn->reconnect.retries = 0;
518 conn->reconnect.previous = now;
521 /* are we reconnectind too often and too fast? */
522 if (conn->reconnect.retries > conn->reconnect.max_retries) return;
524 /* keep track of the number of reconnections */
525 conn->reconnect.retries++;
527 /* reconnect */
528 status = ldap_connect(conn, conn->reconnect.url);
529 if ( ! NT_STATUS_IS_OK(status)) {
530 return;
533 /* rebind */
534 status = ldap_rebind(conn);
535 if ( ! NT_STATUS_IS_OK(status)) {
536 ldap_connection_dead(conn);
540 /* destroy an open ldap request */
541 static int ldap_request_destructor(struct ldap_request *req)
543 if (req->state == LDAP_REQUEST_PENDING) {
544 DLIST_REMOVE(req->conn->pending, req);
546 return 0;
550 called on timeout of a ldap request
552 static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te,
553 struct timeval t, void *private_data)
555 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
556 req->status = NT_STATUS_IO_TIMEOUT;
557 if (req->state == LDAP_REQUEST_PENDING) {
558 DLIST_REMOVE(req->conn->pending, req);
560 req->state = LDAP_REQUEST_DONE;
561 if (req->async.fn) {
562 req->async.fn(req);
568 called on completion of a failed ldap request
570 static void ldap_request_failed_complete(struct tevent_context *ev, struct tevent_timer *te,
571 struct timeval t, void *private_data)
573 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
574 if (req->async.fn) {
575 req->async.fn(req);
580 called on completion of a one-way ldap request
582 static void ldap_request_oneway_complete(void *private_data)
584 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
585 if (req->state == LDAP_REQUEST_PENDING) {
586 DLIST_REMOVE(req->conn->pending, req);
588 req->state = LDAP_REQUEST_DONE;
589 if (req->async.fn) {
590 req->async.fn(req);
594 send a ldap message - async interface
596 _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
597 struct ldap_message *msg)
599 struct ldap_request *req;
600 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
601 packet_send_callback_fn_t send_callback = NULL;
603 req = talloc_zero(conn, struct ldap_request);
604 if (req == NULL) return NULL;
606 if (conn->sock == NULL) {
607 status = NT_STATUS_INVALID_CONNECTION;
608 goto failed;
611 req->state = LDAP_REQUEST_SEND;
612 req->conn = conn;
613 req->messageid = conn->next_messageid++;
614 if (conn->next_messageid == 0) {
615 conn->next_messageid = 1;
617 req->type = msg->type;
618 if (req->messageid == -1) {
619 goto failed;
622 talloc_set_destructor(req, ldap_request_destructor);
624 msg->messageid = req->messageid;
626 if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
627 status = NT_STATUS_INTERNAL_ERROR;
628 goto failed;
631 if (req->type == LDAP_TAG_AbandonRequest ||
632 req->type == LDAP_TAG_UnbindRequest) {
633 send_callback = ldap_request_oneway_complete;
636 status = packet_send_callback(conn->packet, req->data,
637 send_callback, req);
638 if (!NT_STATUS_IS_OK(status)) {
639 goto failed;
642 req->state = LDAP_REQUEST_PENDING;
643 DLIST_ADD(conn->pending, req);
645 /* put a timeout on the request */
646 req->time_event = tevent_add_timer(conn->event.event_ctx, req,
647 timeval_current_ofs(conn->timeout, 0),
648 ldap_request_timeout, req);
650 return req;
652 failed:
653 req->status = status;
654 req->state = LDAP_REQUEST_ERROR;
655 tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
656 ldap_request_failed_complete, req);
658 return req;
663 wait for a request to complete
664 note that this does not destroy the request
666 _PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
668 while (req->state < LDAP_REQUEST_DONE) {
669 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
670 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
671 break;
674 return req->status;
679 a mapping of ldap response code to strings
681 static const struct {
682 enum ldap_result_code code;
683 const char *str;
684 } ldap_code_map[] = {
685 #define _LDAP_MAP_CODE(c) { c, #c }
686 _LDAP_MAP_CODE(LDAP_SUCCESS),
687 _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
688 _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
689 _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
690 _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
691 _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
692 _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
693 _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
694 _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
695 _LDAP_MAP_CODE(LDAP_REFERRAL),
696 _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
697 _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
698 _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
699 _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
700 _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
701 _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
702 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
703 _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
704 _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
705 _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
706 _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
707 _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
708 _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
709 _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
710 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
711 _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
712 _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
713 _LDAP_MAP_CODE(LDAP_BUSY),
714 _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
715 _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
716 _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
717 _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
718 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
719 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
720 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
721 _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
722 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
723 _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
724 _LDAP_MAP_CODE(LDAP_OTHER)
728 used to setup the status code from a ldap response
730 _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
732 int i;
733 const char *codename = "unknown";
735 if (r->resultcode == LDAP_SUCCESS) {
736 return NT_STATUS_OK;
739 if (conn->last_error) {
740 talloc_free(conn->last_error);
743 for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
744 if (r->resultcode == ldap_code_map[i].code) {
745 codename = ldap_code_map[i].str;
746 break;
750 conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>",
751 r->resultcode,
752 codename,
753 r->dn?r->dn:"(NULL)",
754 r->errormessage?r->errormessage:"",
755 r->referral?r->referral:"");
757 return NT_STATUS_LDAP(r->resultcode);
761 return error string representing the last error
763 _PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn,
764 TALLOC_CTX *mem_ctx,
765 NTSTATUS status)
767 if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
768 return talloc_strdup(mem_ctx, conn->last_error);
770 return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
775 return the Nth result message, waiting if necessary
777 _PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
779 *msg = NULL;
781 NT_STATUS_HAVE_NO_MEMORY(req);
783 while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
784 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
785 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
789 if (n < req->num_replies) {
790 *msg = req->replies[n];
791 return NT_STATUS_OK;
794 if (!NT_STATUS_IS_OK(req->status)) {
795 return req->status;
798 return NT_STATUS_NO_MORE_ENTRIES;
803 return a single result message, checking if it is of the expected LDAP type
805 _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
807 NTSTATUS status;
808 status = ldap_result_n(req, 0, msg);
809 if (!NT_STATUS_IS_OK(status)) {
810 return status;
812 if ((*msg)->type != type) {
813 *msg = NULL;
814 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
816 return status;
820 a simple ldap transaction, for single result requests that only need a status code
821 this relies on single valued requests having the response type == request type + 1
823 _PUBLIC_ NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
825 struct ldap_request *req = ldap_request_send(conn, msg);
826 struct ldap_message *res;
827 NTSTATUS status;
828 status = ldap_result_n(req, 0, &res);
829 if (!NT_STATUS_IS_OK(status)) {
830 talloc_free(req);
831 return status;
833 if (res->type != msg->type + 1) {
834 talloc_free(req);
835 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
837 status = ldap_check_response(conn, &res->r.GeneralResult);
838 talloc_free(req);
839 return status;