benny/wmic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

wmi-1.3.16 from opsview.com

Browse Source
This commit is contained in:
Are Casilla
2019-02-16 00:16:52 +01:00
parent 163fdd3d1b
commit 17b3af2911
2146 changed files with 678824 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Samba/source/libcli/ldap/config.mk
+17
View File
@@ -0,0 +1,17 @@
#################################
# Start SUBSYSTEM LIBCLI_LDAP
[SUBSYSTEM::LIBCLI_LDAP]
PUBLIC_PROTO_HEADER = ldap_proto.h
PUBLIC_HEADERS = ldap.h
OBJ_FILES = ldap.o \
ldap_client.o \
ldap_bind.o \
ldap_msg.o \
ldap_ndr.o \
ldap_ildap.o \
ldap_controls.o
PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBEVENTS LIBPACKET
PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE samba-socket LIBCLI_RESOLVE NDR_SAMR LIBTLS ASN1_UTIL GENSEC_SOCKET
#PRIVATE_DEPENDENCIES = gensec
# End SUBSYSTEM LIBCLI_LDAP
#################################
Samba/source/libcli/ldap/ldap.c
+1372
View File
File diff suppressed because it is too large Load Diff
Samba/source/libcli/ldap/ldap.h
+257
View File
@@ -0,0 +1,257 @@
/*
Unix SMB/CIFS Implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Volker Lendecke 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef _SMB_LDAP_H
#define _SMB_LDAP_H
#include "lib/ldb/include/ldb.h"
enum ldap_request_tag {
LDAP_TAG_BindRequest = 0,
LDAP_TAG_BindResponse = 1,
LDAP_TAG_UnbindRequest = 2,
LDAP_TAG_SearchRequest = 3,
LDAP_TAG_SearchResultEntry = 4,
LDAP_TAG_SearchResultDone = 5,
LDAP_TAG_ModifyRequest = 6,
LDAP_TAG_ModifyResponse = 7,
LDAP_TAG_AddRequest = 8,
LDAP_TAG_AddResponse = 9,
LDAP_TAG_DelRequest = 10,
LDAP_TAG_DelResponse = 11,
LDAP_TAG_ModifyDNRequest = 12,
LDAP_TAG_ModifyDNResponse = 13,
LDAP_TAG_CompareRequest = 14,
LDAP_TAG_CompareResponse = 15,
LDAP_TAG_AbandonRequest = 16,
LDAP_TAG_SearchResultReference = 19,
LDAP_TAG_ExtendedRequest = 23,
LDAP_TAG_ExtendedResponse = 24
};
enum ldap_auth_mechanism {
LDAP_AUTH_MECH_SIMPLE = 0,
LDAP_AUTH_MECH_SASL = 3
};
enum ldap_result_code {
LDAP_SUCCESS = 0,
LDAP_OPERATIONS_ERROR = 1,
LDAP_PROTOCOL_ERROR = 2,
LDAP_TIME_LIMIT_EXCEEDED = 3,
LDAP_SIZE_LIMIT_EXCEEDED = 4,
LDAP_COMPARE_FALSE = 5,
LDAP_COMPARE_TRUE = 6,
LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
LDAP_STRONG_AUTH_REQUIRED = 8,
LDAP_REFERRAL = 10,
LDAP_ADMIN_LIMIT_EXCEEDED = 11,
LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
LDAP_CONFIDENTIALITY_REQUIRED = 13,
LDAP_SASL_BIND_IN_PROGRESS = 14,
LDAP_NO_SUCH_ATTRIBUTE = 16,
LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
LDAP_INAPPROPRIATE_MATCHING = 18,
LDAP_CONSTRAINT_VIOLATION = 19,
LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
LDAP_NO_SUCH_OBJECT = 32,
LDAP_ALIAS_PROBLEM = 33,
LDAP_INVALID_DN_SYNTAX = 34,
LDAP_ALIAS_DEREFERENCING_PROBLEM = 36,
LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
LDAP_INVALID_CREDENTIALS = 49,
LDAP_INSUFFICIENT_ACCESS_RIGHTs = 50,
LDAP_BUSY = 51,
LDAP_UNAVAILABLE = 52,
LDAP_UNWILLING_TO_PERFORM = 53,
LDAP_LOOP_DETECT = 54,
LDAP_NAMING_VIOLATION = 64,
LDAP_OBJECT_CLASS_VIOLATION = 65,
LDAP_NOT_ALLOWED_ON_NON_LEAF = 66,
LDAP_NOT_ALLOWED_ON_RDN = 67,
LDAP_ENTRY_ALREADY_EXISTS = 68,
LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
LDAP_AFFECTS_MULTIPLE_DSAS = 71,
LDAP_OTHER = 80
};
struct ldap_Result {
int resultcode;
const char *dn;
const char *errormessage;
const char *referral;
};
struct ldap_BindRequest {
int version;
const char *dn;
enum ldap_auth_mechanism mechanism;
union {
const char *password;
struct {
const char *mechanism;
DATA_BLOB *secblob;/* optional */
} SASL;
} creds;
};
struct ldap_BindResponse {
struct ldap_Result response;
union {
DATA_BLOB *secblob;/* optional */
} SASL;
};
struct ldap_UnbindRequest {
uint8_t __dummy;
};
enum ldap_scope {
LDAP_SEARCH_SCOPE_BASE = 0,
LDAP_SEARCH_SCOPE_SINGLE = 1,
LDAP_SEARCH_SCOPE_SUB = 2
};
enum ldap_deref {
LDAP_DEREFERENCE_NEVER = 0,
LDAP_DEREFERENCE_IN_SEARCHING = 1,
LDAP_DEREFERENCE_FINDING_BASE = 2,
LDAP_DEREFERENCE_ALWAYS
};
struct ldap_SearchRequest {
const char *basedn;
enum ldap_scope scope;
enum ldap_deref deref;
uint32_t timelimit;
uint32_t sizelimit;
BOOL attributesonly;
struct ldb_parse_tree *tree;
int num_attributes;
const char **attributes;
};
struct ldap_SearchResEntry {
const char *dn;
int num_attributes;
struct ldb_message_element *attributes;
};
struct ldap_SearchResRef {
const char *referral;
};
enum ldap_modify_type {
LDAP_MODIFY_NONE = -1,
LDAP_MODIFY_ADD = 0,
LDAP_MODIFY_DELETE = 1,
LDAP_MODIFY_REPLACE = 2
};
struct ldap_mod {
enum ldap_modify_type type;
struct ldb_message_element attrib;
};
struct ldap_ModifyRequest {
const char *dn;
int num_mods;
struct ldap_mod *mods;
};
struct ldap_AddRequest {
const char *dn;
int num_attributes;
struct ldb_message_element *attributes;
};
struct ldap_DelRequest {
const char *dn;
};
struct ldap_ModifyDNRequest {
const char *dn;
const char *newrdn;
BOOL deleteolddn;
const char *newsuperior;/* optional */
};
struct ldap_CompareRequest {
const char *dn;
const char *attribute;
DATA_BLOB value;
};
struct ldap_AbandonRequest {
uint32_t messageid;
};
struct ldap_ExtendedRequest {
const char *oid;
DATA_BLOB *value;/* optional */
};
struct ldap_ExtendedResponse {
struct ldap_Result response;
const char *oid;/* optional */
DATA_BLOB *value;/* optional */
};
union ldap_Request {
struct ldap_Result GeneralResult;
struct ldap_BindRequest BindRequest;
struct ldap_BindResponse BindResponse;
struct ldap_UnbindRequest UnbindRequest;
struct ldap_SearchRequest SearchRequest;
struct ldap_SearchResEntry SearchResultEntry;
struct ldap_Result SearchResultDone;
struct ldap_SearchResRef SearchResultReference;
struct ldap_ModifyRequest ModifyRequest;
struct ldap_Result ModifyResponse;
struct ldap_AddRequest AddRequest;
struct ldap_Result AddResponse;
struct ldap_DelRequest DelRequest;
struct ldap_Result DelResponse;
struct ldap_ModifyDNRequest ModifyDNRequest;
struct ldap_Result ModifyDNResponse;
struct ldap_CompareRequest CompareRequest;
struct ldap_Result CompareResponse;
struct ldap_AbandonRequest AbandonRequest;
struct ldap_ExtendedRequest ExtendedRequest;
struct ldap_ExtendedResponse ExtendedResponse;
};
struct ldap_message {
int messageid;
enum ldap_request_tag type;
union ldap_Request r;
struct ldb_control **controls;
};
struct event_context;
struct cli_credentials;
struct dom_sid;
struct asn1_data;
#include "libcli/ldap/ldap_proto.h"
#endif
Samba/source/libcli/ldap/ldap_bind.c
+400
View File
@@ -0,0 +1,400 @@
/*
Unix SMB/CIFS mplementation.
LDAP bind calls
Copyright (C) Andrew Tridgell 2005
Copyright (C) Volker Lendecke 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/socket.h"
#include "lib/stream/packet.h"
struct ldap_simple_creds {
const char *dn;
const char *pw;
};
NTSTATUS ldap_rebind(struct ldap_connection *conn)
{
NTSTATUS status;
struct ldap_simple_creds *creds;
switch (conn->bind.type) {
case LDAP_BIND_SASL:
status = ldap_bind_sasl(conn, (struct cli_credentials *)conn->bind.creds);
break;
case LDAP_BIND_SIMPLE:
creds = (struct ldap_simple_creds *)conn->bind.creds;
if (creds == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
status = ldap_bind_simple(conn, creds->dn, creds->pw);
break;
default:
return NT_STATUS_UNSUCCESSFUL;
}
return status;
}
static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn,
const char *dn, const char *pw)
{
struct ldap_message *res;
res = new_ldap_message(conn);
if (!res) {
return NULL;
}
res->type = LDAP_TAG_BindRequest;
res->r.BindRequest.version = 3;
res->r.BindRequest.dn = talloc_strdup(res, dn);
res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SIMPLE;
res->r.BindRequest.creds.password = talloc_strdup(res, pw);
res->controls = NULL;
return res;
}
/*
perform a simple username/password bind
*/
NTSTATUS ldap_bind_simple(struct ldap_connection *conn,
const char *userdn, const char *password)
{
struct ldap_request *req;
struct ldap_message *msg;
const char *dn, *pw;
NTSTATUS status;
if (conn == NULL) {
return NT_STATUS_INVALID_CONNECTION;
}
if (userdn) {
dn = userdn;
} else {
if (conn->auth_dn) {
dn = conn->auth_dn;
} else {
dn = "";
}
}
if (password) {
pw = password;
} else {
if (conn->simple_pw) {
pw = conn->simple_pw;
} else {
pw = "";
}
}
msg = new_ldap_simple_bind_msg(conn, dn, pw);
NT_STATUS_HAVE_NO_MEMORY(msg);
/* send the request */
req = ldap_request_send(conn, msg);
talloc_free(msg);
NT_STATUS_HAVE_NO_MEMORY(req);
/* wait for replies */
status = ldap_request_wait(req);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(req);
return status;
}
/* check its a valid reply */
msg = req->replies[0];
if (msg->type != LDAP_TAG_BindResponse) {
talloc_free(req);
return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
}
status = ldap_check_response(conn, &msg->r.BindResponse.response);
talloc_free(req);
if (NT_STATUS_IS_OK(status)) {
struct ldap_simple_creds *creds = talloc(conn, struct ldap_simple_creds);
if (creds == NULL) {
return NT_STATUS_NO_MEMORY;
}
creds->dn = talloc_strdup(creds, dn);
creds->pw = talloc_strdup(creds, pw);
if (creds->dn == NULL || creds->pw == NULL) {
return NT_STATUS_NO_MEMORY;
}
conn->bind.type = LDAP_BIND_SIMPLE;
conn->bind.creds = creds;
}
return status;
}
static struct ldap_message *new_ldap_sasl_bind_msg(struct ldap_connection *conn,
const char *sasl_mechanism,
DATA_BLOB *secblob)
{
struct ldap_message *res;
res = new_ldap_message(conn);
if (!res) {
return NULL;
}
res->type = LDAP_TAG_BindRequest;
res->r.BindRequest.version = 3;
res->r.BindRequest.dn = "";
res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SASL;
res->r.BindRequest.creds.SASL.mechanism = talloc_strdup(res, sasl_mechanism);
if (secblob) {
res->r.BindRequest.creds.SASL.secblob = talloc(res, DATA_BLOB);
if (!res->r.BindRequest.creds.SASL.secblob) {
talloc_free(res);
return NULL;
}
*res->r.BindRequest.creds.SASL.secblob = *secblob;
} else {
res->r.BindRequest.creds.SASL.secblob = NULL;
}
res->controls = NULL;
return res;
}
/*
perform a sasl bind using the given credentials
*/
NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *creds)
{
NTSTATUS status;
TALLOC_CTX *tmp_ctx = NULL;
DATA_BLOB input = data_blob(NULL, 0);
DATA_BLOB output = data_blob(NULL, 0);
struct ldap_message **sasl_mechs_msgs;
struct ldap_SearchResEntry *search;
int count, i;
const char **sasl_names;
static const char *supported_sasl_mech_attrs[] = {
"supportedSASLMechanisms",
NULL
};
status = gensec_client_start(conn, &conn->gensec, NULL);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
goto failed;
}
/* require Kerberos SIGN/SEAL only if we don't use SSL
* Windows seem not to like double encryption */
if (!tls_enabled(conn->sock)) {
gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
}
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC creds: %s\n",
nt_errstr(status)));
goto failed;
}
if (conn->host) {
status = gensec_set_target_hostname(conn->gensec, conn->host);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
nt_errstr(status)));
goto failed;
}
}
status = gensec_set_target_service(conn->gensec, "ldap");
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC target service: %s\n",
nt_errstr(status)));
goto failed;
}
status = ildap_search(conn, "", LDAP_SEARCH_SCOPE_BASE, "", supported_sasl_mech_attrs,
False, NULL, NULL, &sasl_mechs_msgs);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: %s\n",
nt_errstr(status)));
goto failed;
}
count = ildap_count_entries(conn, sasl_mechs_msgs);
if (count != 1) {
DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of replies: %d\n",
count));
goto failed;
}
tmp_ctx = talloc_new(conn);
if (tmp_ctx == NULL) goto failed;
search = &sasl_mechs_msgs[0]->r.SearchResultEntry;
if (search->num_attributes != 1) {
DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d\n",
search->num_attributes));
goto failed;
}
sasl_names = talloc_array(tmp_ctx, const char *, search->attributes[0].num_values + 1);
if (!sasl_names) {
DEBUG(1, ("talloc_arry(char *, %d) failed\n",
count));
goto failed;
}
for (i=0; i<search->attributes[0].num_values; i++) {
sasl_names[i] = (const char *)search->attributes[0].values[i].data;
}
sasl_names[i] = NULL;
status = gensec_start_mech_by_sasl_list(conn->gensec, sasl_names);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("None of the %d proposed SASL mechs were acceptable: %s\n",
count, nt_errstr(status)));
goto failed;
}
while (1) {
NTSTATUS gensec_status;
struct ldap_message *response;
struct ldap_message *msg;
struct ldap_request *req;
int result = LDAP_OTHER;
status = gensec_update(conn->gensec, tmp_ctx,
input,
&output);
/* The status value here, from GENSEC is vital to the security
* of the system. Even if the other end accepts, if GENSEC
* claims 'MORE_PROCESSING_REQUIRED' then you must keep
* feeding it blobs, or else the remote host/attacker might
* avoid mutal authentication requirements.
*
* Likewise, you must not feed GENSEC too much (after the OK),
* it doesn't like that either
*/
gensec_status = status;
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
break;
}
if (NT_STATUS_IS_OK(status) && output.length == 0) {
break;
}
/* Perhaps we should make gensec_start_mech_by_sasl_list() return the name we got? */
msg = new_ldap_sasl_bind_msg(tmp_ctx, conn->gensec->ops->sasl_name, (output.data?&output:NULL));
if (msg == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
req = ldap_request_send(conn, msg);
if (req == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
talloc_steal(tmp_ctx, req);
status = ldap_result_n(req, 0, &response);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
if (response->type != LDAP_TAG_BindResponse) {
status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
goto failed;
}
result = response->r.BindResponse.response.resultcode;
if (result != LDAP_SUCCESS && result != LDAP_SASL_BIND_IN_PROGRESS) {
status = ldap_check_response(conn,
&response->r.BindResponse.response);
break;
}
/* This is where we check if GENSEC wanted to be fed more data */
if (!NT_STATUS_EQUAL(gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
break;
}
if (response->r.BindResponse.SASL.secblob) {
input = *response->r.BindResponse.SASL.secblob;
} else {
input = data_blob(NULL, 0);
}
}
talloc_free(tmp_ctx);
if (NT_STATUS_IS_OK(status)) {
struct socket_context *sasl_socket;
status = gensec_socket_init(conn->gensec,
conn->sock,
conn->event.event_ctx,
ldap_read_io_handler,
conn,
&sasl_socket);
if (!NT_STATUS_IS_OK(status)) goto failed;
talloc_steal(conn->sock, sasl_socket);
talloc_unlink(conn, conn->sock);
conn->sock = sasl_socket;
packet_set_socket(conn->packet, conn->sock);
conn->bind.type = LDAP_BIND_SASL;
conn->bind.creds = creds;
}
return status;
failed:
talloc_free(tmp_ctx);
talloc_free(conn->gensec);
conn->gensec = NULL;
return status;
}
Samba/source/libcli/ldap/ldap_client.c
+782
View File
@@ -0,0 +1,782 @@
/*
Unix SMB/CIFS mplementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Andrew Tridgell 2004
Copyright (C) Volker Lendecke 2004
Copyright (C) Stefan Metzmacher 2004
Copyright (C) Simo Sorce 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/util/asn_1.h"
#include "lib/util/dlinklist.h"
#include "lib/events/events.h"
#include "lib/socket/socket.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
#include "libcli/composite/composite.h"
#include "lib/stream/packet.h"
#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
#include "system/time.h"
/*
create a new ldap_connection stucture. The event context is optional
*/
struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx,
struct event_context *ev)
{
struct ldap_connection *conn;
conn = talloc_zero(mem_ctx, struct ldap_connection);
if (conn == NULL) {
return NULL;
}
if (ev == NULL) {
ev = event_context_init(conn);
if (ev == NULL) {
talloc_free(conn);
return NULL;
}
}
conn->next_messageid = 1;
conn->event.event_ctx = ev;
/* set a reasonable request timeout */
conn->timeout = 60;
/* explicitly avoid reconnections by default */
conn->reconnect.max_retries = 0;
return conn;
}
/*
the connection is dead
*/
static void ldap_connection_dead(struct ldap_connection *conn)
{
struct ldap_request *req;
/* return an error for any pending request ... */
while (conn->pending) {
req = conn->pending;
DLIST_REMOVE(req->conn->pending, req);
req->state = LDAP_REQUEST_DONE;
req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
if (req->async.fn) {
req->async.fn(req);
}
}
talloc_free(conn->sock); /* this will also free event.fde */
talloc_free(conn->packet);
conn->sock = NULL;
conn->event.fde = NULL;
conn->packet = NULL;
}
static void ldap_reconnect(struct ldap_connection *conn);
/*
handle packet errors
*/
static void ldap_error_handler(void *private_data, NTSTATUS status)
{
struct ldap_connection *conn = talloc_get_type(private_data,
struct ldap_connection);
ldap_connection_dead(conn);
/* but try to reconnect so that the ldb client can go on */
ldap_reconnect(conn);
}
/*
match up with a pending message, adding to the replies list
*/
static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
{
struct ldap_request *req;
for (req=conn->pending; req; req=req->next) {
if (req->messageid == msg->messageid) break;
}
/* match a zero message id to the last request sent.
It seems that servers send 0 if unable to parse */
if (req == NULL && msg->messageid == 0) {
req = conn->pending;
}
if (req == NULL) {
DEBUG(0,("ldap: no matching message id for %u\n",
msg->messageid));
talloc_free(msg);
return;
}
/* add to the list of replies received */
talloc_steal(req, msg);
req->replies = talloc_realloc(req, req->replies,
struct ldap_message *, req->num_replies+1);
if (req->replies == NULL) {
req->status = NT_STATUS_NO_MEMORY;
req->state = LDAP_REQUEST_DONE;
DLIST_REMOVE(conn->pending, req);
if (req->async.fn) {
req->async.fn(req);
}
return;
}
req->replies[req->num_replies] = talloc_steal(req->replies, msg);
req->num_replies++;
if (msg->type != LDAP_TAG_SearchResultEntry &&
msg->type != LDAP_TAG_SearchResultReference) {
/* currently only search results expect multiple
replies */
req->state = LDAP_REQUEST_DONE;
DLIST_REMOVE(conn->pending, req);
}
if (req->async.fn) {
req->async.fn(req);
}
}
/*
decode/process LDAP data
*/
static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
{
struct asn1_data asn1;
struct ldap_connection *conn = talloc_get_type(private_data,
struct ldap_connection);
struct ldap_message *msg = talloc(conn, struct ldap_message);
if (msg == NULL) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
if (!asn1_load(&asn1, blob)) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
if (!ldap_decode(&asn1, msg)) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
ldap_match_message(conn, msg);
data_blob_free(&blob);
asn1_free(&asn1);
return NT_STATUS_OK;
}
/* Handle read events, from the GENSEC socket callback, or real events */
void ldap_read_io_handler(void *private_data, uint16_t flags)
{
struct ldap_connection *conn = talloc_get_type(private_data,
struct ldap_connection);
packet_recv(conn->packet);
}
/*
handle ldap socket events
*/
static void ldap_io_handler(struct event_context *ev, struct fd_event *fde,
uint16_t flags, void *private_data)
{
struct ldap_connection *conn = talloc_get_type(private_data,
struct ldap_connection);
if (flags & EVENT_FD_WRITE) {
packet_queue_run(conn->packet);
if (!tls_enabled(conn->sock)) return;
}
if (flags & EVENT_FD_READ) {
ldap_read_io_handler(private_data, flags);
}
}
/*
parse a ldap URL
*/
static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
char **host, uint16_t *port, BOOL *ldaps)
{
int tmp_port = 0;
char protocol[11];
char tmp_host[1025];
int ret;
/* Paranoia check */
SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
if (ret < 2) {
return NT_STATUS_INVALID_PARAMETER;
}
if (strequal(protocol, "ldap")) {
*port = 389;
*ldaps = False;
} else if (strequal(protocol, "ldaps")) {
*port = 636;
*ldaps = True;
} else {
DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
return NT_STATUS_PROTOCOL_UNREACHABLE;
}
if (tmp_port != 0)
*port = tmp_port;
*host = talloc_strdup(mem_ctx, tmp_host);
NT_STATUS_HAVE_NO_MEMORY(*host);
return NT_STATUS_OK;
}
/*
connect to a ldap server
*/
struct ldap_connect_state {
struct composite_context *ctx;
struct ldap_connection *conn;
};
static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
struct composite_context *ldap_connect_send(struct ldap_connection *conn,
const char *url)
{
struct composite_context *result, *ctx;
struct ldap_connect_state *state;
char protocol[11];
int ret;
result = talloc_zero(NULL, struct composite_context);
if (result == NULL) goto failed;
result->state = COMPOSITE_STATE_IN_PROGRESS;
result->async.fn = NULL;
result->event_ctx = conn->event.event_ctx;
state = talloc(result, struct ldap_connect_state);
if (state == NULL) goto failed;
state->ctx = result;
result->private_data = state;
state->conn = conn;
if (conn->reconnect.url == NULL) {
conn->reconnect.url = talloc_strdup(conn, url);
if (conn->reconnect.url == NULL) goto failed;
}
/* Paranoia check */
SMB_ASSERT(sizeof(protocol)>10);
ret = sscanf(url, "%10[^:]://", protocol);
if (ret < 1) {
return NULL;
}
if (strequal(protocol, "ldapi")) {
struct socket_address *unix_addr;
char path[1025];
NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &conn->sock, 0);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
talloc_steal(conn, conn->sock);
SMB_ASSERT(sizeof(protocol)>10);
SMB_ASSERT(sizeof(path)>1024);
/* The %c specifier doesn't null terminate :-( */
ZERO_STRUCT(path);
ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
if (ret < 2) {
composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
return result;
}
rfc1738_unescape(path);
unix_addr = socket_address_from_strings(conn, conn->sock->backend_name,
path, 0);
if (!unix_addr) {
return NULL;
}
ctx = socket_connect_send(conn->sock, NULL, unix_addr,
0, conn->event.event_ctx);
ctx->async.fn = ldap_connect_recv_unix_conn;
ctx->async.private_data = state;
return result;
} else {
NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
&conn->port, &conn->ldaps);
if (!NT_STATUS_IS_OK(state->ctx->status)) {
composite_error(state->ctx, status);
return result;
}
ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
conn->event.event_ctx);
if (ctx == NULL) goto failed;
ctx->async.fn = ldap_connect_recv_tcp_conn;
ctx->async.private_data = state;
return result;
}
failed:
talloc_free(result);
return NULL;
}
static void ldap_connect_got_sock(struct composite_context *ctx, struct ldap_connection *conn)
{
/* setup a handler for events on this socket */
conn->event.fde = event_add_fd(conn->event.event_ctx, conn->sock,
socket_get_fd(conn->sock),
EVENT_FD_READ, ldap_io_handler, conn);
if (conn->event.fde == NULL) {
composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
talloc_steal(conn, conn->sock);
if (conn->ldaps) {
struct socket_context *tls_socket = tls_init_client(conn->sock, conn->event.fde);
if (tls_socket == NULL) {
talloc_free(conn->sock);
return;
}
talloc_unlink(conn, conn->sock);
conn->sock = tls_socket;
talloc_steal(conn, conn->sock);
}
conn->packet = packet_init(conn);
if (conn->packet == NULL) {
talloc_free(conn->sock);
return;
}
packet_set_private(conn->packet, conn);
packet_set_socket(conn->packet, conn->sock);
packet_set_callback(conn->packet, ldap_recv_handler);
packet_set_full_request(conn->packet, ldap_full_packet);
packet_set_error_handler(conn->packet, ldap_error_handler);
packet_set_event_context(conn->packet, conn->event.event_ctx);
packet_set_fde(conn->packet, conn->event.fde);
packet_set_serialise(conn->packet);
composite_done(ctx);
}
static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
{
struct ldap_connect_state *state =
talloc_get_type(ctx->async.private_data,
struct ldap_connect_state);
struct ldap_connection *conn = state->conn;
uint16_t port;
NTSTATUS status = socket_connect_multi_recv(ctx, state, &conn->sock,
&port);
if (!NT_STATUS_IS_OK(status)) {
composite_error(state->ctx, status);
return;
}
ldap_connect_got_sock(state->ctx, conn);
}
static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
{
struct ldap_connect_state *state =
talloc_get_type(ctx->async.private_data,
struct ldap_connect_state);
struct ldap_connection *conn = state->conn;
NTSTATUS status = socket_connect_recv(ctx);
if (!NT_STATUS_IS_OK(state->ctx->status)) {
composite_error(state->ctx, status);
return;
}
ldap_connect_got_sock(state->ctx, conn);
}
_PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
{
NTSTATUS status = composite_wait(ctx);
talloc_free(ctx);
return status;
}
NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
{
struct composite_context *ctx = ldap_connect_send(conn, url);
return ldap_connect_recv(ctx);
}
/* set reconnect parameters */
void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
{
if (conn) {
conn->reconnect.max_retries = max_retries;
conn->reconnect.retries = 0;
conn->reconnect.previous = time(NULL);
}
}
/* Actually this function is NOT ASYNC safe, FIXME? */
static void ldap_reconnect(struct ldap_connection *conn)
{
NTSTATUS status;
time_t now = time(NULL);
/* do we have set up reconnect ? */
if (conn->reconnect.max_retries == 0) return;
/* is the retry time expired ? */
if (now > conn->reconnect.previous + 30) {
conn->reconnect.retries = 0;
conn->reconnect.previous = now;
}
/* are we reconnectind too often and too fast? */
if (conn->reconnect.retries > conn->reconnect.max_retries) return;
/* keep track of the number of reconnections */
conn->reconnect.retries++;
/* reconnect */
status = ldap_connect(conn, conn->reconnect.url);
if ( ! NT_STATUS_IS_OK(status)) {
return;
}
/* rebind */
status = ldap_rebind(conn);
if ( ! NT_STATUS_IS_OK(status)) {
ldap_connection_dead(conn);
}
}
/* destroy an open ldap request */
static int ldap_request_destructor(struct ldap_request *req)
{
if (req->state == LDAP_REQUEST_PENDING) {
DLIST_REMOVE(req->conn->pending, req);
}
return 0;
}
/*
called on timeout of a ldap request
*/
static void ldap_request_timeout(struct event_context *ev, struct timed_event *te,
struct timeval t, void *private_data)
{
struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
req->status = NT_STATUS_IO_TIMEOUT;
if (req->state == LDAP_REQUEST_PENDING) {
DLIST_REMOVE(req->conn->pending, req);
}
req->state = LDAP_REQUEST_DONE;
if (req->async.fn) {
req->async.fn(req);
}
}
/*
called on completion of a one-way ldap request
*/
static void ldap_request_complete(struct event_context *ev, struct timed_event *te,
struct timeval t, void *private_data)
{
struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
if (req->async.fn) {
req->async.fn(req);
}
}
/*
send a ldap message - async interface
*/
struct ldap_request *ldap_request_send(struct ldap_connection *conn,
struct ldap_message *msg)
{
struct ldap_request *req;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
req = talloc_zero(conn, struct ldap_request);
if (req == NULL) return NULL;
if (conn->sock == NULL) {
status = NT_STATUS_INVALID_CONNECTION;
goto failed;
}
req->state = LDAP_REQUEST_SEND;
req->conn = conn;
req->messageid = conn->next_messageid++;
if (conn->next_messageid == 0) {
conn->next_messageid = 1;
}
req->type = msg->type;
if (req->messageid == -1) {
goto failed;
}
talloc_set_destructor(req, ldap_request_destructor);
msg->messageid = req->messageid;
if (!ldap_encode(msg, &req->data, req)) {
goto failed;
}
status = packet_send(conn->packet, req->data);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
/* some requests don't expect a reply, so don't add those to the
pending queue */
if (req->type == LDAP_TAG_AbandonRequest ||
req->type == LDAP_TAG_UnbindRequest) {
req->status = NT_STATUS_OK;
req->state = LDAP_REQUEST_DONE;
/* we can't call the async callback now, as it isn't setup, so
call it as next event */
event_add_timed(conn->event.event_ctx, req, timeval_zero(),
ldap_request_complete, req);
return req;
}
req->state = LDAP_REQUEST_PENDING;
DLIST_ADD(conn->pending, req);
/* put a timeout on the request */
req->time_event = event_add_timed(conn->event.event_ctx, req,
timeval_current_ofs(conn->timeout, 0),
ldap_request_timeout, req);
return req;
failed:
req->status = status;
req->state = LDAP_REQUEST_ERROR;
event_add_timed(conn->event.event_ctx, req, timeval_zero(),
ldap_request_complete, req);
return req;
}
/*
wait for a request to complete
note that this does not destroy the request
*/
NTSTATUS ldap_request_wait(struct ldap_request *req)
{
while (req->state < LDAP_REQUEST_DONE) {
if (event_loop_once(req->conn->event.event_ctx) != 0) {
req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
break;
}
}
return req->status;
}
/*
a mapping of ldap response code to strings
*/
static const struct {
enum ldap_result_code code;
const char *str;
} ldap_code_map[] = {
#define _LDAP_MAP_CODE(c) { c, #c }
_LDAP_MAP_CODE(LDAP_SUCCESS),
_LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
_LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
_LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
_LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
_LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
_LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
_LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
_LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
_LDAP_MAP_CODE(LDAP_REFERRAL),
_LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
_LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
_LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
_LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
_LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
_LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
_LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
_LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
_LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
_LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
_LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
_LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
_LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
_LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
_LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
_LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
_LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTs),
_LDAP_MAP_CODE(LDAP_BUSY),
_LDAP_MAP_CODE(LDAP_UNAVAILABLE),
_LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
_LDAP_MAP_CODE(LDAP_LOOP_DETECT),
_LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
_LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
_LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
_LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
_LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
_LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
_LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
_LDAP_MAP_CODE(LDAP_OTHER)
};
/*
used to setup the status code from a ldap response
*/
NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
{
int i;
const char *codename = "unknown";
if (r->resultcode == LDAP_SUCCESS) {
return NT_STATUS_OK;
}
if (conn->last_error) {
talloc_free(conn->last_error);
}
for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
if (r->resultcode == ldap_code_map[i].code) {
codename = ldap_code_map[i].str;
break;
}
}
conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>",
r->resultcode,
codename,
r->dn?r->dn:"(NULL)",
r->errormessage?r->errormessage:"",
r->referral?r->referral:"");
return NT_STATUS_LDAP(r->resultcode);
}
/*
return error string representing the last error
*/
const char *ldap_errstr(struct ldap_connection *conn, NTSTATUS status)
{
if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
return conn->last_error;
}
return nt_errstr(status);
}
/*
return the Nth result message, waiting if necessary
*/
NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
{
*msg = NULL;
NT_STATUS_HAVE_NO_MEMORY(req);
while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
if (event_loop_once(req->conn->event.event_ctx) != 0) {
return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
}
}
if (n < req->num_replies) {
*msg = req->replies[n];
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(req->status)) {
return req->status;
}
return NT_STATUS_NO_MORE_ENTRIES;
}
/*
return a single result message, checking if it is of the expected LDAP type
*/
NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
{
NTSTATUS status;
status = ldap_result_n(req, 0, msg);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if ((*msg)->type != type) {
*msg = NULL;
return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
}
return status;
}
/*
a simple ldap transaction, for single result requests that only need a status code
this relies on single valued requests having the response type == request type + 1
*/
NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
{
struct ldap_request *req = ldap_request_send(conn, msg);
struct ldap_message *res;
NTSTATUS status;
status = ldap_result_n(req, 0, &res);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(req);
return status;
}
if (res->type != msg->type + 1) {
talloc_free(req);
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
status = ldap_check_response(conn, &res->r.GeneralResult);
talloc_free(req);
return status;
}
Samba/source/libcli/ldap/ldap_client.h
+95
View File
@@ -0,0 +1,95 @@
/*
Unix SMB/CIFS Implementation.
ldap client side header
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "libcli/ldap/ldap.h"
enum ldap_request_state { LDAP_REQUEST_SEND=1, LDAP_REQUEST_PENDING=2, LDAP_REQUEST_DONE=3, LDAP_REQUEST_ERROR=4 };
/* this is the handle that the caller gets when an async ldap message
is sent */
struct ldap_request {
struct ldap_request *next, *prev;
struct ldap_connection *conn;
enum ldap_request_tag type;
int messageid;
enum ldap_request_state state;
int num_replies;
struct ldap_message **replies;
NTSTATUS status;
DATA_BLOB data;
struct {
void (*fn)(struct ldap_request *);
void *private_data;
} async;
struct timed_event *time_event;
};
/* main context for a ldap client connection */
struct ldap_connection {
struct socket_context *sock;
char *host;
uint16_t port;
BOOL ldaps;
const char *auth_dn;
const char *simple_pw;
struct {
char *url;
int max_retries;
int retries;
time_t previous;
} reconnect;
struct {
enum { LDAP_BIND_SIMPLE, LDAP_BIND_SASL } type;
void *creds;
} bind;
/* next message id to assign */
unsigned next_messageid;
/* Outstanding LDAP requests that have not yet been replied to */
struct ldap_request *pending;
/* Let's support SASL */
struct gensec_security *gensec;
/* the default timeout for messages */
int timeout;
/* last error message */
char *last_error;
struct {
struct event_context *event_ctx;
struct fd_event *fde;
} event;
struct packet_context *packet;
};
Samba/source/libcli/ldap/ldap_controls.c
+1168
View File
File diff suppressed because it is too large Load Diff
Samba/source/libcli/ldap/ldap_ildap.c
+244
View File
@@ -0,0 +1,244 @@
/*
Unix SMB/CIFS mplementation.
ildap api - an api similar to the traditional ldap api
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
/*
delete a record
*/
NTSTATUS ildap_delete(struct ldap_connection *conn, const char *dn)
{
struct ldap_message *msg;
NTSTATUS status;
msg = new_ldap_message(conn);
NT_STATUS_HAVE_NO_MEMORY(msg);
msg->type = LDAP_TAG_DelRequest;
msg->r.DelRequest.dn = dn;
status = ldap_transaction(conn, msg);
talloc_free(msg);
return status;
}
/*
add a record
*/
NTSTATUS ildap_add(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods)
{
struct ldap_message *msg;
int n, i;
NTSTATUS status;
msg = new_ldap_message(conn);
NT_STATUS_HAVE_NO_MEMORY(msg);
for (n=0;mods[n];n++) /* noop */ ;
msg->type = LDAP_TAG_AddRequest;
msg->r.AddRequest.dn = dn;
msg->r.AddRequest.num_attributes = n;
msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
if (msg->r.AddRequest.attributes == NULL) {
talloc_free(msg);
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<n;i++) {
msg->r.AddRequest.attributes[i] = mods[i]->attrib;
}
status = ldap_transaction(conn, msg);
talloc_free(msg);
return status;
}
/*
modify a record
*/
NTSTATUS ildap_modify(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods)
{
struct ldap_message *msg;
int n, i;
NTSTATUS status;
msg = new_ldap_message(conn);
NT_STATUS_HAVE_NO_MEMORY(msg);
for (n=0;mods[n];n++) /* noop */ ;
msg->type = LDAP_TAG_ModifyRequest;
msg->r.ModifyRequest.dn = dn;
msg->r.ModifyRequest.num_mods = n;
msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
if (msg->r.ModifyRequest.mods == NULL) {
talloc_free(msg);
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<n;i++) {
msg->r.ModifyRequest.mods[i] = *mods[i];
}
status = ldap_transaction(conn, msg);
talloc_free(msg);
return status;
}
/*
rename a record
*/
NTSTATUS ildap_rename(struct ldap_connection *conn, const char *dn, const char *newrdn,
const char *parentdn, BOOL deleteolddn)
{
struct ldap_message *msg;
NTSTATUS status;
msg = new_ldap_message(conn);
NT_STATUS_HAVE_NO_MEMORY(msg);
msg->type = LDAP_TAG_ModifyDNRequest;
msg->r.ModifyDNRequest.dn = dn;
msg->r.ModifyDNRequest.newrdn = newrdn;
msg->r.ModifyDNRequest.deleteolddn = deleteolddn;
msg->r.ModifyDNRequest.newsuperior = parentdn;
status = ldap_transaction(conn, msg);
talloc_free(msg);
return status;
}
/*
count the returned search entries
*/
int ildap_count_entries(struct ldap_connection *conn, struct ldap_message **res)
{
int i;
for (i=0;res && res[i];i++) /* noop */ ;
return i;
}
/*
perform a synchronous ldap search
*/
NTSTATUS ildap_search_bytree(struct ldap_connection *conn, const char *basedn,
int scope, struct ldb_parse_tree *tree,
const char * const *attrs, BOOL attributesonly,
struct ldb_control **control_req,
struct ldb_control ***control_res,
struct ldap_message ***results)
{
struct ldap_message *msg;
int n, i;
NTSTATUS status;
struct ldap_request *req;
if (control_res)
*control_res = NULL;
*results = NULL;
msg = new_ldap_message(conn);
NT_STATUS_HAVE_NO_MEMORY(msg);
for (n=0;attrs && attrs[n];n++) /* noop */ ;
msg->type = LDAP_TAG_SearchRequest;
msg->r.SearchRequest.basedn = basedn;
msg->r.SearchRequest.scope = scope;
msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
msg->r.SearchRequest.timelimit = 0;
msg->r.SearchRequest.sizelimit = 0;
msg->r.SearchRequest.attributesonly = attributesonly;
msg->r.SearchRequest.tree = tree;
msg->r.SearchRequest.num_attributes = n;
msg->r.SearchRequest.attributes = discard_const(attrs);
msg->controls = control_req;
req = ldap_request_send(conn, msg);
talloc_steal(msg, req);
for (i=n=0;True;i++) {
struct ldap_message *res;
status = ldap_result_n(req, i, &res);
if (!NT_STATUS_IS_OK(status)) break;
if (res->type == LDAP_TAG_SearchResultDone) {
status = ldap_check_response(conn, &res->r.GeneralResult);
if (control_res) {
*control_res = talloc_steal(conn, res->controls);
}
break;
}
if (res->type != LDAP_TAG_SearchResultEntry &&
res->type != LDAP_TAG_SearchResultReference)
continue;
(*results) = talloc_realloc(conn, *results, struct ldap_message *, n+2);
if (*results == NULL) {
talloc_free(msg);
return NT_STATUS_NO_MEMORY;
}
(*results)[n] = talloc_steal(*results, res);
(*results)[n+1] = NULL;
n++;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
status = NT_STATUS_OK;
}
return status;
}
/*
perform a ldap search
*/
NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn,
int scope, const char *expression,
const char * const *attrs, BOOL attributesonly,
struct ldb_control **control_req,
struct ldb_control ***control_res,
struct ldap_message ***results)
{
struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
NTSTATUS status;
status = ildap_search_bytree(conn, basedn, scope, tree, attrs,
attributesonly, control_req,
control_res, results);
talloc_free(tree);
return status;
}
Samba/source/libcli/ldap/ldap_msg.c
+87
View File
@@ -0,0 +1,87 @@
/*
Unix SMB/CIFS mplementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Andrew Tridgell 2005
Copyright (C) Volker Lendecke 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx)
{
return talloc_zero(mem_ctx, struct ldap_message);
}
BOOL add_value_to_attrib(TALLOC_CTX *mem_ctx, struct ldb_val *value,
struct ldb_message_element *attrib)
{
attrib->values = talloc_realloc(mem_ctx,
attrib->values,
DATA_BLOB,
attrib->num_values+1);
if (attrib->values == NULL)
return False;
attrib->values[attrib->num_values].data = talloc_steal(attrib->values,
value->data);
attrib->values[attrib->num_values].length = value->length;
attrib->num_values += 1;
return True;
}
BOOL add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx,
const struct ldb_message_element *attrib,
struct ldb_message_element **attribs,
int *num_attribs)
{
*attribs = talloc_realloc(mem_ctx,
*attribs,
struct ldb_message_element,
*num_attribs+1);
if (*attribs == NULL)
return False;
(*attribs)[*num_attribs] = *attrib;
talloc_steal(*attribs, attrib->values);
talloc_steal(*attribs, attrib->name);
*num_attribs += 1;
return True;
}
BOOL add_mod_to_array_talloc(TALLOC_CTX *mem_ctx,
struct ldap_mod *mod,
struct ldap_mod **mods,
int *num_mods)
{
*mods = talloc_realloc(mem_ctx, *mods, struct ldap_mod, (*num_mods)+1);
if (*mods == NULL)
return False;
(*mods)[*num_mods] = *mod;
*num_mods += 1;
return True;
}
Samba/source/libcli/ldap/ldap_ndr.c
+93
View File
@@ -0,0 +1,93 @@
/*
Unix SMB/CIFS mplementation.
wrap/unwrap NDR encoded elements for ldap calls
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/gen_ndr/ndr_misc.h"
/*
encode a NDR uint32 as a ldap filter element
*/
char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value)
{
uint8_t buf[4];
struct ldb_val val;
SIVAL(buf, 0, value);
val.data = buf;
val.length = 4;
return ldb_binary_encode(mem_ctx, val);
}
/*
encode a NDR dom_sid as a ldap filter element
*/
char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
DATA_BLOB blob;
NTSTATUS status;
char *ret;
status = ndr_push_struct_blob(&blob, mem_ctx, sid,
(ndr_push_flags_fn_t)ndr_push_dom_sid);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
ret = ldb_binary_encode(mem_ctx, blob);
data_blob_free(&blob);
return ret;
}
/*
encode a NDR GUID as a ldap filter element
*/
char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid)
{
DATA_BLOB blob;
NTSTATUS status;
char *ret;
status = ndr_push_struct_blob(&blob, mem_ctx, guid,
(ndr_push_flags_fn_t)ndr_push_GUID);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
ret = ldb_binary_encode(mem_ctx, blob);
data_blob_free(&blob);
return ret;
}
/*
decode a NDR GUID from a ldap filter element
*/
NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid)
{
DATA_BLOB blob;
NTSTATUS status;
blob.data = val.data;
blob.length = val.length;
status = ndr_pull_struct_blob(&blob, mem_ctx, guid,
(ndr_pull_flags_fn_t)ndr_pull_GUID);
talloc_free(val.data);
return status;
}