Line data Source code
1 : /*
2 : ldb database library - ildap backend
3 :
4 : Copyright (C) Andrew Tridgell 2005
5 : Copyright (C) Simo Sorce 2008
6 :
7 : ** NOTE! The following LGPL license applies to the ldb
8 : ** library. This does NOT imply that all of Samba is released
9 : ** under the LGPL
10 :
11 : This library is free software; you can redistribute it and/or
12 : modify it under the terms of the GNU Lesser General Public
13 : License as published by the Free Software Foundation; either
14 : version 3 of the License, or (at your option) any later version.
15 :
16 : This library is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 : Lesser General Public License for more details.
20 :
21 : You should have received a copy of the GNU Lesser General Public
22 : License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : /*
26 : * Name: ldb_ildap
27 : *
28 : * Component: ldb ildap backend
29 : *
30 : * Description: This is a ldb backend for the internal ldap
31 : * client library in Samba4. By using this backend we are
32 : * independent of a system ldap library
33 : *
34 : * Author: Andrew Tridgell
35 : *
36 : * Modifications:
37 : *
38 : * - description: make the module use asynchronous calls
39 : * date: Feb 2006
40 : * author: Simo Sorce
41 : */
42 :
43 : #include "includes.h"
44 : #include "ldb_module.h"
45 : #include "util/dlinklist.h"
46 :
47 : #include "libcli/ldap/libcli_ldap.h"
48 : #include "libcli/ldap/ldap_client.h"
49 : #include "auth/auth.h"
50 : #include "auth/credentials/credentials.h"
51 : #include "dsdb/common/util.h"
52 :
53 : struct ildb_private {
54 : struct ldap_connection *ldap;
55 : struct tevent_context *event_ctx;
56 : };
57 :
58 : struct ildb_context {
59 : struct ldb_module *module;
60 : struct ldb_request *req;
61 :
62 : struct ildb_private *ildb;
63 : struct ldap_request *ireq;
64 :
65 : /* indicate we are already processing
66 : * the ldap_request in ildb_callback() */
67 : bool in_ildb_callback;
68 :
69 : bool done;
70 :
71 : struct ildb_destructor_ctx *dc;
72 : };
73 :
74 550793 : static void ildb_request_done(struct ildb_context *ctx,
75 : struct ldb_control **ctrls, int error)
76 : {
77 465 : struct ldb_context *ldb;
78 465 : struct ldb_reply *ares;
79 :
80 550793 : ldb = ldb_module_get_ctx(ctx->module);
81 :
82 550793 : ctx->done = true;
83 :
84 550793 : if (ctx->req == NULL) {
85 : /* if the req has been freed already just return */
86 0 : return;
87 : }
88 :
89 550793 : ares = talloc_zero(ctx->req, struct ldb_reply);
90 550793 : if (!ares) {
91 0 : ldb_oom(ldb);
92 0 : ctx->req->callback(ctx->req, NULL);
93 0 : return;
94 : }
95 550793 : ares->type = LDB_REPLY_DONE;
96 550793 : ares->controls = talloc_steal(ares, ctrls);
97 550793 : ares->error = error;
98 :
99 550793 : ctx->req->callback(ctx->req, ares);
100 : }
101 :
102 24 : static void ildb_auto_done_callback(struct tevent_context *ev,
103 : struct tevent_timer *te,
104 : struct timeval t,
105 : void *private_data)
106 : {
107 0 : struct ildb_context *ac;
108 :
109 24 : ac = talloc_get_type(private_data, struct ildb_context);
110 24 : ildb_request_done(ac, NULL, LDB_SUCCESS);
111 24 : }
112 :
113 : /*
114 : convert a ldb_message structure to a list of ldap_mod structures
115 : ready for ildap_add() or ildap_modify()
116 : */
117 153696 : static struct ldap_mod **ildb_msg_to_mods(void *mem_ctx, unsigned int *num_mods,
118 : const struct ldb_message *msg,
119 : int use_flags)
120 : {
121 180 : struct ldap_mod **mods;
122 180 : unsigned int i;
123 153696 : unsigned int n = 0;
124 :
125 : /* allocate maximum number of elements needed */
126 153696 : mods = talloc_array(mem_ctx, struct ldap_mod *, msg->num_elements+1);
127 153696 : if (!mods) {
128 0 : errno = ENOMEM;
129 0 : return NULL;
130 : }
131 153696 : mods[0] = NULL;
132 :
133 450170 : for (i = 0; i < msg->num_elements; i++) {
134 296474 : const struct ldb_message_element *el = &msg->elements[i];
135 :
136 296474 : mods[n] = talloc(mods, struct ldap_mod);
137 296474 : if (!mods[n]) {
138 0 : goto failed;
139 : }
140 296474 : mods[n + 1] = NULL;
141 296474 : mods[n]->type = 0;
142 296474 : mods[n]->attrib = *el;
143 296474 : if (use_flags) {
144 112690 : switch (el->flags & LDB_FLAG_MOD_MASK) {
145 31469 : case LDB_FLAG_MOD_ADD:
146 31469 : mods[n]->type = LDAP_MODIFY_ADD;
147 31469 : break;
148 21422 : case LDB_FLAG_MOD_DELETE:
149 21422 : mods[n]->type = LDAP_MODIFY_DELETE;
150 21422 : break;
151 59785 : case LDB_FLAG_MOD_REPLACE:
152 59785 : mods[n]->type = LDAP_MODIFY_REPLACE;
153 59785 : break;
154 : }
155 : }
156 296150 : n++;
157 : }
158 :
159 153696 : *num_mods = n;
160 153696 : return mods;
161 :
162 0 : failed:
163 0 : talloc_free(mods);
164 0 : return NULL;
165 : }
166 :
167 :
168 : /*
169 : map an ildap NTSTATUS to a ldb error code
170 : */
171 237278 : static int ildb_map_error(struct ldb_module *module, NTSTATUS status)
172 : {
173 216 : struct ildb_private *ildb;
174 216 : struct ldb_context *ldb;
175 216 : TALLOC_CTX *mem_ctx;
176 :
177 237278 : ildb = talloc_get_type(ldb_module_get_private(module), struct ildb_private);
178 237278 : ldb = ldb_module_get_ctx(module);
179 :
180 237278 : if (NT_STATUS_IS_OK(status)) {
181 185523 : return LDB_SUCCESS;
182 : }
183 :
184 51539 : mem_ctx = talloc_new(ildb);
185 51539 : if (!mem_ctx) {
186 0 : ldb_oom(ldb);
187 0 : return LDB_ERR_OPERATIONS_ERROR;
188 : }
189 51539 : ldb_set_errstring(ldb,
190 : ldap_errstr(ildb->ldap, mem_ctx, status));
191 51539 : talloc_free(mem_ctx);
192 51539 : if (NT_STATUS_IS_LDAP(status)) {
193 51539 : return NT_STATUS_LDAP_CODE(status);
194 : }
195 0 : return LDB_ERR_OPERATIONS_ERROR;
196 : }
197 :
198 14 : static void ildb_request_timeout(struct tevent_context *ev, struct tevent_timer *te,
199 : struct timeval t, void *private_data)
200 : {
201 14 : struct ildb_context *ac = talloc_get_type(private_data, struct ildb_context);
202 :
203 14 : if (ac->ireq->state == LDAP_REQUEST_PENDING) {
204 14 : DLIST_REMOVE(ac->ireq->conn->pending, ac->ireq);
205 : }
206 :
207 14 : ildb_request_done(ac, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED);
208 14 : }
209 :
210 1271903 : static void ildb_callback(struct ldap_request *req)
211 : {
212 750 : struct ldb_context *ldb;
213 750 : struct ildb_context *ac;
214 750 : NTSTATUS status;
215 750 : struct ldap_SearchResEntry *search;
216 750 : struct ldap_message *msg;
217 750 : struct ldb_control **controls;
218 750 : struct ldb_message *ldbmsg;
219 750 : char *referral;
220 750 : bool callback_failed;
221 750 : bool request_done;
222 750 : int ret;
223 750 : int i;
224 :
225 1271903 : ac = talloc_get_type(req->async.private_data, struct ildb_context);
226 1271903 : ldb = ldb_module_get_ctx(ac->module);
227 1271903 : callback_failed = false;
228 1271903 : request_done = false;
229 1271903 : controls = NULL;
230 :
231 : /* check if we are already processing this request */
232 1271903 : if (ac->in_ildb_callback) {
233 1 : return;
234 : }
235 : /* mark the request as being in process */
236 1271902 : ac->in_ildb_callback = true;
237 :
238 1271902 : if (!NT_STATUS_IS_OK(req->status)) {
239 0 : ret = ildb_map_error(ac->module, req->status);
240 0 : ildb_request_done(ac, NULL, ret);
241 0 : return;
242 : }
243 :
244 1271902 : if (req->num_replies < 1) {
245 0 : ret = LDB_ERR_OPERATIONS_ERROR;
246 0 : ildb_request_done(ac, NULL, ret);
247 0 : return;
248 : }
249 :
250 1271902 : switch (req->type) {
251 :
252 86310 : case LDAP_TAG_ModifyRequest:
253 86310 : if (req->replies[0]->type != LDAP_TAG_ModifyResponse) {
254 0 : ret = LDB_ERR_PROTOCOL_ERROR;
255 0 : break;
256 : }
257 86310 : status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult);
258 86310 : ret = ildb_map_error(ac->module, status);
259 86310 : request_done = true;
260 86310 : break;
261 :
262 67386 : case LDAP_TAG_AddRequest:
263 67386 : if (req->replies[0]->type != LDAP_TAG_AddResponse) {
264 750 : ret = LDB_ERR_PROTOCOL_ERROR;
265 0 : return;
266 : }
267 67386 : status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult);
268 67386 : ret = ildb_map_error(ac->module, status);
269 67386 : request_done = true;
270 67386 : break;
271 :
272 74608 : case LDAP_TAG_DelRequest:
273 74608 : if (req->replies[0]->type != LDAP_TAG_DelResponse) {
274 750 : ret = LDB_ERR_PROTOCOL_ERROR;
275 0 : return;
276 : }
277 74608 : status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult);
278 74608 : ret = ildb_map_error(ac->module, status);
279 74608 : request_done = true;
280 74608 : break;
281 :
282 384 : case LDAP_TAG_ModifyDNRequest:
283 384 : if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) {
284 750 : ret = LDB_ERR_PROTOCOL_ERROR;
285 0 : return;
286 : }
287 384 : status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult);
288 384 : ret = ildb_map_error(ac->module, status);
289 384 : request_done = true;
290 384 : break;
291 :
292 1042364 : case LDAP_TAG_SearchRequest:
293 : /* loop over all messages */
294 1042364 : ret = LDB_SUCCESS;
295 2077521 : for (i = 0; i < req->num_replies; i++) {
296 :
297 1042899 : msg = req->replies[i];
298 1042899 : switch (msg->type) {
299 :
300 321751 : case LDAP_TAG_SearchResultDone:
301 :
302 321751 : status = ldap_check_response(ac->ireq->conn, &msg->r.GeneralResult);
303 321751 : if (!NT_STATUS_IS_OK(status)) {
304 8275 : ret = ildb_map_error(ac->module, status);
305 8275 : break;
306 : }
307 :
308 313476 : controls = talloc_steal(ac, msg->controls);
309 313476 : if (msg->r.SearchResultDone.resultcode) {
310 0 : if (msg->r.SearchResultDone.errormessage) {
311 0 : ldb_set_errstring(ldb, msg->r.SearchResultDone.errormessage);
312 : }
313 : }
314 :
315 313476 : ret = msg->r.SearchResultDone.resultcode;
316 313476 : request_done = true;
317 313476 : break;
318 :
319 589940 : case LDAP_TAG_SearchResultEntry:
320 :
321 589940 : ldbmsg = ldb_msg_new(ac);
322 589940 : if (!ldbmsg) {
323 0 : ret = LDB_ERR_OPERATIONS_ERROR;
324 0 : break;
325 : }
326 :
327 589940 : search = &(msg->r.SearchResultEntry);
328 :
329 589940 : ldbmsg->dn = ldb_dn_new(ldbmsg, ldb, search->dn);
330 589940 : if ( ! ldb_dn_validate(ldbmsg->dn)) {
331 0 : ret = LDB_ERR_OPERATIONS_ERROR;
332 0 : break;
333 : }
334 589940 : ldbmsg->num_elements = search->num_attributes;
335 589940 : ldbmsg->elements = talloc_move(ldbmsg, &search->attributes);
336 :
337 589940 : controls = talloc_steal(ac, msg->controls);
338 :
339 589940 : ret = ldb_module_send_entry(ac->req, ldbmsg, controls);
340 589940 : if (ret != LDB_SUCCESS) {
341 0 : callback_failed = true;
342 : }
343 :
344 589691 : break;
345 :
346 131207 : case LDAP_TAG_SearchResultReference:
347 :
348 131207 : referral = talloc_strdup(ac, msg->r.SearchResultReference.referral);
349 :
350 131207 : ret = ldb_module_send_referral(ac->req, referral);
351 131207 : if (ret != LDB_SUCCESS) {
352 0 : callback_failed = true;
353 : }
354 :
355 131171 : break;
356 :
357 1 : default:
358 : /* TAG not handled, fail ! */
359 1 : ret = LDB_ERR_PROTOCOL_ERROR;
360 1 : break;
361 : }
362 :
363 1042899 : if (ret != LDB_SUCCESS) {
364 8276 : break;
365 : }
366 : }
367 :
368 1042898 : talloc_free(req->replies);
369 1042898 : req->replies = NULL;
370 1042898 : req->num_replies = 0;
371 :
372 1042898 : break;
373 :
374 316 : case LDAP_TAG_ExtendedRequest: {
375 :
376 316 : struct ldap_ExtendedResponse *ext_response = NULL;
377 316 : struct ldb_reply *ares = NULL;
378 :
379 316 : if (req->replies[0]->type != LDAP_TAG_ExtendedResponse) {
380 750 : ret = LDB_ERR_PROTOCOL_ERROR;
381 0 : return;
382 : }
383 316 : ext_response = &req->replies[0]->r.ExtendedResponse;
384 :
385 316 : status = ldap_check_response(ac->ireq->conn,
386 316 : &req->replies[0]->r.GeneralResult);
387 316 : if (!NT_STATUS_IS_OK(status)) {
388 315 : ret = ildb_map_error(ac->module, status);
389 315 : request_done = true;
390 315 : break;
391 : }
392 :
393 1 : ares = talloc_zero(req, struct ldb_reply);
394 1 : if (ares == NULL) {
395 0 : ret = LDB_ERR_OPERATIONS_ERROR;
396 0 : request_done = true;
397 0 : break;
398 : }
399 :
400 1 : ares->type = LDB_REPLY_DONE;
401 :
402 1 : ares->response = talloc_zero(ares, struct ldb_extended);
403 1 : if (ares->response == NULL) {
404 0 : ret = LDB_ERR_OPERATIONS_ERROR;
405 0 : request_done = true;
406 0 : break;
407 : }
408 :
409 2 : ares->response->oid =
410 1 : talloc_strdup(ares->response, ext_response->oid);
411 1 : if (ares->response->oid == NULL) {
412 0 : ret = LDB_ERR_OPERATIONS_ERROR;
413 0 : request_done = true;
414 0 : break;
415 : }
416 :
417 1 : if (ext_response->value != NULL) {
418 2 : ares->response->data =
419 1 : talloc_memdup(ares->response,
420 : ext_response->value->data,
421 : ext_response->value->length);
422 1 : if (ares->response->data == NULL) {
423 0 : ret = LDB_ERR_OPERATIONS_ERROR;
424 0 : request_done = true;
425 0 : break;
426 : }
427 : }
428 :
429 1 : ares->controls = talloc_move(ares, &req->replies[0]->controls);
430 :
431 1 : ac->req->callback(ac->req, ares);
432 1 : return;
433 : }
434 :
435 0 : default:
436 0 : ret = LDB_ERR_PROTOCOL_ERROR;
437 0 : break;
438 : }
439 :
440 1271901 : if (ret != LDB_SUCCESS) {
441 :
442 : /* if the callback failed the caller will have freed the
443 : * request. Just return and don't try to use it */
444 51540 : if ( ! callback_failed) {
445 51540 : request_done = true;
446 : }
447 : }
448 :
449 : /* mark the request as not being in progress */
450 1271901 : ac->in_ildb_callback = false;
451 :
452 1271901 : if (request_done) {
453 550755 : ildb_request_done(ac, controls, ret);
454 : }
455 :
456 1271151 : return;
457 : }
458 :
459 550835 : static int ildb_request_send(struct ildb_context *ac, struct ldap_message *msg)
460 : {
461 465 : struct ldb_context *ldb;
462 465 : struct ldap_request *req;
463 :
464 550835 : if (!ac) {
465 0 : return LDB_ERR_OPERATIONS_ERROR;
466 : }
467 :
468 550835 : ldb = ldb_module_get_ctx(ac->module);
469 :
470 550835 : ldb_request_set_state(ac->req, LDB_ASYNC_PENDING);
471 :
472 550835 : req = ldap_request_send(ac->ildb->ldap, msg);
473 550835 : if (req == NULL) {
474 0 : ldb_set_errstring(ldb, "async send request failed");
475 0 : return LDB_ERR_OPERATIONS_ERROR;
476 : }
477 550835 : ac->ireq = talloc_reparent(ac->ildb->ldap, ac, req);
478 :
479 550835 : if (!ac->ireq->conn) {
480 0 : ldb_set_errstring(ldb, "connection to remote LDAP server dropped?");
481 0 : return LDB_ERR_OPERATIONS_ERROR;
482 : }
483 :
484 550835 : TALLOC_FREE(req->time_event);
485 550835 : if (ac->req->timeout > 0) {
486 550770 : struct timeval tv = {
487 550770 : .tv_sec = ac->req->starttime + ac->req->timeout,
488 : };
489 :
490 550770 : req->time_event = tevent_add_timer(ac->ildb->event_ctx, ac, tv,
491 : ildb_request_timeout, ac);
492 : }
493 :
494 550835 : req->async.fn = ildb_callback;
495 550835 : req->async.private_data = ac;
496 :
497 550835 : return LDB_SUCCESS;
498 : }
499 :
500 : /*
501 : search for matching records using an asynchronous function
502 : */
503 321831 : static int ildb_search(struct ildb_context *ac)
504 : {
505 249 : struct ldb_context *ldb;
506 321831 : struct ldb_request *req = ac->req;
507 249 : struct ldap_message *msg;
508 249 : int n;
509 :
510 321831 : ldb = ldb_module_get_ctx(ac->module);
511 :
512 321831 : if (!req->callback || !req->context) {
513 0 : ldb_set_errstring(ldb, "Async interface called with NULL callback function or NULL context");
514 0 : return LDB_ERR_OPERATIONS_ERROR;
515 : }
516 :
517 321831 : if (req->op.search.tree == NULL) {
518 0 : ldb_set_errstring(ldb, "Invalid expression parse tree");
519 0 : return LDB_ERR_OPERATIONS_ERROR;
520 : }
521 :
522 321831 : msg = new_ldap_message(req);
523 321831 : if (msg == NULL) {
524 0 : ldb_set_errstring(ldb, "Out of Memory");
525 0 : return LDB_ERR_OPERATIONS_ERROR;
526 : }
527 :
528 321831 : msg->type = LDAP_TAG_SearchRequest;
529 :
530 321831 : if (req->op.search.base == NULL) {
531 0 : msg->r.SearchRequest.basedn = talloc_strdup(msg, "");
532 : } else {
533 321831 : msg->r.SearchRequest.basedn = ldb_dn_get_extended_linearized(msg, req->op.search.base, 0);
534 : }
535 321831 : if (msg->r.SearchRequest.basedn == NULL) {
536 0 : ldb_set_errstring(ldb, "Unable to determine baseDN");
537 0 : talloc_free(msg);
538 0 : return LDB_ERR_OPERATIONS_ERROR;
539 : }
540 :
541 321831 : switch (req->op.search.scope) {
542 87439 : case LDB_SCOPE_DEFAULT:
543 : case LDB_SCOPE_SUBTREE:
544 87439 : msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_SUB;
545 87439 : break;
546 156257 : case LDB_SCOPE_BASE:
547 156257 : msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
548 156257 : break;
549 78135 : case LDB_SCOPE_ONELEVEL:
550 78135 : msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_SINGLE;
551 78135 : break;
552 : }
553 :
554 321831 : msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
555 321831 : msg->r.SearchRequest.timelimit = 0;
556 321831 : msg->r.SearchRequest.sizelimit = 0;
557 321831 : msg->r.SearchRequest.attributesonly = 0;
558 321831 : msg->r.SearchRequest.tree = discard_const(req->op.search.tree);
559 :
560 906510 : for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* noop */ ;
561 321831 : msg->r.SearchRequest.num_attributes = n;
562 321831 : msg->r.SearchRequest.attributes = req->op.search.attrs;
563 321831 : msg->controls = req->controls;
564 :
565 321831 : return ildb_request_send(ac, msg);
566 : }
567 :
568 : /*
569 : add a record
570 : */
571 67386 : static int ildb_add(struct ildb_context *ac)
572 : {
573 67386 : struct ldb_request *req = ac->req;
574 36 : struct ldap_message *msg;
575 36 : struct ldap_mod **mods;
576 36 : unsigned int i,n;
577 :
578 67386 : msg = new_ldap_message(req);
579 67386 : if (msg == NULL) {
580 0 : return LDB_ERR_OPERATIONS_ERROR;
581 : }
582 :
583 67386 : msg->type = LDAP_TAG_AddRequest;
584 :
585 67386 : msg->r.AddRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.add.message->dn, 0);
586 67386 : if (msg->r.AddRequest.dn == NULL) {
587 0 : talloc_free(msg);
588 0 : return LDB_ERR_INVALID_DN_SYNTAX;
589 : }
590 :
591 67386 : mods = ildb_msg_to_mods(msg, &n, req->op.add.message, 0);
592 67386 : if (mods == NULL) {
593 0 : talloc_free(msg);
594 0 : return LDB_ERR_OPERATIONS_ERROR;
595 : }
596 :
597 67386 : msg->r.AddRequest.num_attributes = n;
598 67386 : msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
599 67386 : if (msg->r.AddRequest.attributes == NULL) {
600 0 : talloc_free(msg);
601 0 : return LDB_ERR_OPERATIONS_ERROR;
602 : }
603 :
604 251170 : for (i = 0; i < n; i++) {
605 183784 : msg->r.AddRequest.attributes[i] = mods[i]->attrib;
606 : }
607 67386 : msg->controls = req->controls;
608 :
609 67386 : return ildb_request_send(ac, msg);
610 : }
611 :
612 : /*
613 : modify a record
614 : */
615 86310 : static int ildb_modify(struct ildb_context *ac)
616 : {
617 86310 : struct ldb_request *req = ac->req;
618 144 : struct ldap_message *msg;
619 144 : struct ldap_mod **mods;
620 144 : unsigned int i,n;
621 :
622 86310 : msg = new_ldap_message(req);
623 86310 : if (msg == NULL) {
624 0 : return LDB_ERR_OPERATIONS_ERROR;
625 : }
626 :
627 86310 : msg->type = LDAP_TAG_ModifyRequest;
628 :
629 86310 : msg->r.ModifyRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.mod.message->dn, 0);
630 86310 : if (msg->r.ModifyRequest.dn == NULL) {
631 0 : talloc_free(msg);
632 0 : return LDB_ERR_INVALID_DN_SYNTAX;
633 : }
634 :
635 86310 : mods = ildb_msg_to_mods(msg, &n, req->op.mod.message, 1);
636 86310 : if (mods == NULL) {
637 0 : talloc_free(msg);
638 0 : return LDB_ERR_OPERATIONS_ERROR;
639 : }
640 :
641 86310 : msg->r.ModifyRequest.num_mods = n;
642 86310 : msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
643 86310 : if (msg->r.ModifyRequest.mods == NULL) {
644 0 : talloc_free(msg);
645 0 : return LDB_ERR_OPERATIONS_ERROR;
646 : }
647 :
648 199000 : for (i = 0; i < n; i++) {
649 112690 : msg->r.ModifyRequest.mods[i] = *mods[i];
650 : }
651 86310 : msg->controls = req->controls;
652 86310 : return ildb_request_send(ac, msg);
653 : }
654 :
655 : /*
656 : delete a record
657 : */
658 74608 : static int ildb_delete(struct ildb_context *ac)
659 : {
660 74608 : struct ldb_request *req = ac->req;
661 36 : struct ldap_message *msg;
662 :
663 74608 : msg = new_ldap_message(req);
664 74608 : if (msg == NULL) {
665 0 : return LDB_ERR_OPERATIONS_ERROR;
666 : }
667 :
668 74608 : msg->type = LDAP_TAG_DelRequest;
669 :
670 74608 : msg->r.DelRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.del.dn, 0);
671 74608 : if (msg->r.DelRequest.dn == NULL) {
672 0 : talloc_free(msg);
673 0 : return LDB_ERR_INVALID_DN_SYNTAX;
674 : }
675 74608 : msg->controls = req->controls;
676 :
677 74608 : return ildb_request_send(ac, msg);
678 : }
679 :
680 : /*
681 : rename a record
682 : */
683 384 : static int ildb_rename(struct ildb_context *ac)
684 : {
685 384 : struct ldb_request *req = ac->req;
686 0 : struct ldap_message *msg;
687 0 : const char *rdn_name;
688 0 : const struct ldb_val *rdn_val;
689 :
690 384 : msg = new_ldap_message(req);
691 384 : if (msg == NULL) {
692 0 : return LDB_ERR_OPERATIONS_ERROR;
693 : }
694 :
695 384 : msg->type = LDAP_TAG_ModifyDNRequest;
696 384 : msg->r.ModifyDNRequest.dn = ldb_dn_get_extended_linearized(msg, req->op.rename.olddn, 0);
697 384 : if (msg->r.ModifyDNRequest.dn == NULL) {
698 0 : talloc_free(msg);
699 0 : return LDB_ERR_INVALID_DN_SYNTAX;
700 : }
701 :
702 384 : rdn_name = ldb_dn_get_rdn_name(req->op.rename.newdn);
703 384 : rdn_val = ldb_dn_get_rdn_val(req->op.rename.newdn);
704 :
705 384 : if ((rdn_name != NULL) && (rdn_val != NULL)) {
706 384 : msg->r.ModifyDNRequest.newrdn =
707 384 : talloc_asprintf(msg, "%s=%s", rdn_name,
708 384 : rdn_val->length > 0 ? ldb_dn_escape_value(msg, *rdn_val) : "");
709 : } else {
710 0 : msg->r.ModifyDNRequest.newrdn = talloc_strdup(msg, "");
711 : }
712 384 : if (msg->r.ModifyDNRequest.newrdn == NULL) {
713 0 : talloc_free(msg);
714 0 : return LDB_ERR_OPERATIONS_ERROR;
715 : }
716 :
717 384 : msg->r.ModifyDNRequest.newsuperior =
718 384 : ldb_dn_alloc_linearized(msg, ldb_dn_get_parent(msg, req->op.rename.newdn));
719 384 : if (msg->r.ModifyDNRequest.newsuperior == NULL) {
720 0 : talloc_free(msg);
721 0 : return LDB_ERR_INVALID_DN_SYNTAX;
722 : }
723 :
724 384 : msg->r.ModifyDNRequest.deleteolddn = true;
725 384 : msg->controls = req->controls;
726 :
727 384 : return ildb_request_send(ac, msg);
728 : }
729 :
730 : /*
731 : * Issue an extended operation
732 : */
733 316 : static int ildb_extended(struct ildb_context *ac)
734 : {
735 316 : struct ldb_request *req = ac->req;
736 316 : struct ldb_extended *extended_req = NULL;
737 316 : struct ldap_message *msg = NULL;
738 316 : DATA_BLOB *value = NULL;
739 :
740 316 : if (req->operation != LDB_EXTENDED) {
741 0 : return LDB_ERR_OPERATIONS_ERROR;
742 : }
743 316 : extended_req = &req->op.extended;
744 :
745 316 : msg = new_ldap_message(req);
746 316 : if (msg == NULL) {
747 0 : goto nomem;
748 : }
749 :
750 316 : if (extended_req->data != NULL) {
751 315 : value = talloc(req, DATA_BLOB);
752 315 : if (value == NULL) {
753 0 : goto nomem;
754 : }
755 315 : *value = data_blob_talloc(value,
756 : extended_req->data,
757 : talloc_get_size(extended_req->data));
758 315 : if (value->data == NULL) {
759 0 : goto nomem;
760 : }
761 : }
762 :
763 316 : *msg = (struct ldap_message){
764 : .type = LDAP_TAG_ExtendedRequest,
765 316 : .r.ExtendedRequest.oid = extended_req->oid,
766 : .r.ExtendedRequest.value = value,
767 316 : .controls = req->controls,
768 : };
769 :
770 316 : return ildb_request_send(ac, msg);
771 0 : nomem:
772 0 : TALLOC_FREE(msg);
773 0 : return LDB_ERR_OPERATIONS_ERROR;
774 : }
775 :
776 196337 : static int ildb_start_trans(struct ldb_module *module)
777 : {
778 : /* TODO implement a local locking mechanism here */
779 :
780 196337 : return LDB_SUCCESS;
781 : }
782 :
783 153504 : static int ildb_end_trans(struct ldb_module *module)
784 : {
785 : /* TODO implement a local transaction mechanism here */
786 :
787 153504 : return LDB_SUCCESS;
788 : }
789 :
790 42831 : static int ildb_del_trans(struct ldb_module *module)
791 : {
792 : /* TODO implement a local locking mechanism here */
793 :
794 42831 : return LDB_SUCCESS;
795 : }
796 :
797 550859 : static bool ildb_dn_is_special(struct ldb_request *req)
798 : {
799 550859 : struct ldb_dn *dn = NULL;
800 :
801 550859 : switch (req->operation) {
802 321843 : case LDB_SEARCH:
803 321843 : dn = req->op.search.base;
804 321843 : break;
805 67398 : case LDB_ADD:
806 67398 : dn = req->op.add.message->dn;
807 67398 : break;
808 86310 : case LDB_MODIFY:
809 86310 : dn = req->op.mod.message->dn;
810 86310 : break;
811 74608 : case LDB_DELETE:
812 74608 : dn = req->op.del.dn;
813 74608 : break;
814 384 : case LDB_RENAME:
815 384 : dn = req->op.rename.olddn;
816 384 : break;
817 316 : default:
818 316 : break;
819 : }
820 :
821 550859 : if (dn && ldb_dn_is_special(dn)) {
822 24 : return true;
823 : }
824 550370 : return false;
825 : }
826 :
827 550859 : static int ildb_handle_request(struct ldb_module *module, struct ldb_request *req)
828 : {
829 465 : struct ldb_context *ldb;
830 465 : struct ildb_private *ildb;
831 465 : struct ildb_context *ac;
832 465 : struct tevent_timer *te;
833 465 : int ret;
834 :
835 550859 : ildb = talloc_get_type(ldb_module_get_private(module), struct ildb_private);
836 550859 : ldb = ldb_module_get_ctx(module);
837 :
838 550859 : if (req->starttime == 0 || req->timeout == 0) {
839 0 : ldb_set_errstring(ldb, "Invalid timeout settings");
840 0 : return LDB_ERR_TIME_LIMIT_EXCEEDED;
841 : }
842 :
843 550859 : ac = talloc_zero(req, struct ildb_context);
844 550859 : if (ac == NULL) {
845 0 : ldb_set_errstring(ldb, "Out of Memory");
846 0 : return LDB_ERR_OPERATIONS_ERROR;
847 : }
848 :
849 550859 : ac->module = module;
850 550859 : ac->req = req;
851 550859 : ac->ildb = ildb;
852 :
853 550859 : if (ildb_dn_is_special(req)) {
854 :
855 24 : te = tevent_add_timer(ac->ildb->event_ctx,
856 : ac, timeval_zero(),
857 : ildb_auto_done_callback, ac);
858 24 : if (NULL == te) {
859 0 : return LDB_ERR_OPERATIONS_ERROR;
860 : }
861 :
862 24 : return LDB_SUCCESS;
863 : }
864 :
865 550835 : switch (ac->req->operation) {
866 321831 : case LDB_SEARCH:
867 321831 : ret = ildb_search(ac);
868 321831 : break;
869 67386 : case LDB_ADD:
870 67386 : ret = ildb_add(ac);
871 67386 : break;
872 86310 : case LDB_MODIFY:
873 86310 : ret = ildb_modify(ac);
874 86310 : break;
875 74608 : case LDB_DELETE:
876 74608 : ret = ildb_delete(ac);
877 74608 : break;
878 384 : case LDB_RENAME:
879 384 : ret = ildb_rename(ac);
880 384 : break;
881 316 : case LDB_EXTENDED:
882 316 : ret = ildb_extended(ac);
883 316 : break;
884 0 : default:
885 : /* no other op supported */
886 0 : ret = LDB_ERR_PROTOCOL_ERROR;
887 0 : break;
888 : }
889 :
890 550370 : return ret;
891 : }
892 :
893 : static const struct ldb_module_ops ildb_ops = {
894 : .name = "ldap",
895 : .search = ildb_handle_request,
896 : .add = ildb_handle_request,
897 : .modify = ildb_handle_request,
898 : .del = ildb_handle_request,
899 : .rename = ildb_handle_request,
900 : .extended = ildb_handle_request,
901 : /* .request = ildb_handle_request, */
902 : .start_transaction = ildb_start_trans,
903 : .end_transaction = ildb_end_trans,
904 : .del_transaction = ildb_del_trans,
905 : };
906 :
907 : /*
908 : connect to the database
909 : */
910 26344 : static int ildb_connect(struct ldb_context *ldb, const char *url,
911 : unsigned int flags, const char *options[],
912 : struct ldb_module **_module)
913 : {
914 122 : struct ldb_module *module;
915 122 : struct ildb_private *ildb;
916 26344 : NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
917 122 : struct cli_credentials *creds;
918 122 : struct loadparm_context *lp_ctx;
919 :
920 26344 : module = ldb_module_new(ldb, ldb, "ldb_ildap backend", &ildb_ops);
921 26344 : if (!module) return LDB_ERR_OPERATIONS_ERROR;
922 :
923 26344 : ildb = talloc(module, struct ildb_private);
924 26344 : if (!ildb) {
925 0 : ldb_oom(ldb);
926 0 : goto failed;
927 : }
928 26344 : ldb_module_set_private(module, ildb);
929 :
930 26344 : ildb->event_ctx = ldb_get_event_context(ldb);
931 :
932 26344 : lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
933 : struct loadparm_context);
934 :
935 26344 : ildb->ldap = ldap4_new_connection(ildb, lp_ctx,
936 : ildb->event_ctx);
937 26344 : if (!ildb->ldap) {
938 0 : ldb_oom(ldb);
939 0 : goto failed;
940 : }
941 :
942 26344 : if (flags & LDB_FLG_RECONNECT) {
943 0 : ldap_set_reconn_params(ildb->ldap, 10);
944 : }
945 :
946 26344 : status = ldap_connect(ildb->ldap, url);
947 26344 : if (!NT_STATUS_IS_OK(status)) {
948 19 : ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s",
949 : url, ldap_errstr(ildb->ldap, module, status));
950 19 : goto failed;
951 : }
952 :
953 : /* caller can optionally setup credentials using the opaque token 'credentials' */
954 26325 : creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
955 26325 : if (creds == NULL) {
956 11 : struct auth_session_info *session_info = talloc_get_type(
957 : ldb_get_opaque(ldb, DSDB_SESSION_INFO),
958 : struct auth_session_info);
959 11 : if (session_info) {
960 8 : creds = session_info->credentials;
961 : }
962 : }
963 :
964 26325 : if (creds != NULL && cli_credentials_authentication_requested(creds)) {
965 26173 : const char *bind_dn = cli_credentials_get_bind_dn(creds);
966 26173 : if (bind_dn) {
967 442 : const char *password = cli_credentials_get_password(creds);
968 442 : status = ldap_bind_simple(ildb->ldap, bind_dn, password);
969 442 : if (!NT_STATUS_IS_OK(status)) {
970 124 : ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s",
971 : ldap_errstr(ildb->ldap, module, status));
972 124 : goto failed;
973 : }
974 : } else {
975 25731 : status = ldap_bind_sasl(ildb->ldap, creds, lp_ctx);
976 25731 : if (!NT_STATUS_IS_OK(status)) {
977 468 : ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s",
978 : ldap_errstr(ildb->ldap, module, status));
979 468 : goto failed;
980 : }
981 : }
982 : }
983 :
984 25733 : *_module = module;
985 25733 : return LDB_SUCCESS;
986 :
987 611 : failed:
988 611 : if (ildb != NULL && ildb->ldap != NULL) {
989 611 : ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
990 : }
991 611 : talloc_free(module);
992 611 : if (NT_STATUS_IS_LDAP(status)) {
993 321 : return NT_STATUS_LDAP_CODE(status);
994 : }
995 290 : if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)
996 290 : || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
997 290 : || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
998 135 : || NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
999 175 : return LDB_ERR_INVALID_CREDENTIALS;
1000 : }
1001 115 : return LDB_ERR_OPERATIONS_ERROR;
1002 : }
1003 :
1004 : /*
1005 : initialise the module
1006 : */
1007 5885 : _PUBLIC_ int ldb_ildap_init(const char *ldb_version)
1008 : {
1009 393 : int ret, i;
1010 5885 : const char *names[] = { "ldap", "ldaps", "ldapi", NULL };
1011 23540 : for (i=0; names[i]; i++) {
1012 17655 : ret = ldb_register_backend(names[i], ildb_connect, true);
1013 17655 : if (ret != LDB_SUCCESS) {
1014 0 : return ret;
1015 : }
1016 : }
1017 5492 : return LDB_SUCCESS;
1018 : }
|
