LCOV - code coverage report
Current view: top level - source4/libcli/ldap - ldap_client.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 330 502 65.7 %
Date: 2023-11-21 12:31:41 Functions: 24 29 82.8 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             :    LDAP protocol helper functions for SAMBA
       4             :    
       5             :    Copyright (C) Andrew Tridgell  2004
       6             :    Copyright (C) Volker Lendecke 2004
       7             :    Copyright (C) Stefan Metzmacher 2004
       8             :    Copyright (C) Simo Sorce 2004
       9             :     
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             :    
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             :    
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             :    
      23             : */
      24             : 
      25             : #include "includes.h"
      26             : #include <tevent.h>
      27             : #include "lib/socket/socket.h"
      28             : #include "lib/tsocket/tsocket.h"
      29             : #include "libcli/util/tstream.h"
      30             : #include "../lib/util/asn1.h"
      31             : #include "../lib/util/dlinklist.h"
      32             : #include "libcli/ldap/libcli_ldap.h"
      33             : #include "libcli/ldap/ldap_proto.h"
      34             : #include "libcli/ldap/ldap_client.h"
      35             : #include "libcli/composite/composite.h"
      36             : #include "lib/tls/tls.h"
      37             : #include "auth/gensec/gensec.h"
      38             : #include "system/time.h"
      39             : #include "param/param.h"
      40             : #include "libcli/resolve/resolve.h"
      41             : 
      42             : static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status);
      43             : 
      44       26346 : static int ldap_connection_destructor(struct ldap_connection *conn)
      45             : {
      46             :         /*
      47             :          * NT_STATUS_OK means that callbacks of pending requests are not
      48             :          * triggered
      49             :          */
      50       26346 :         ldap_connection_dead(conn, NT_STATUS_OK);
      51       26346 :         return 0;
      52             : }
      53             : 
      54             : /**
      55             :   create a new ldap_connection structure. The event context is optional
      56             : */
      57             : 
      58       26346 : _PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx, 
      59             :                                              struct loadparm_context *lp_ctx,
      60             :                                              struct tevent_context *ev)
      61             : {
      62         122 :         struct ldap_connection *conn;
      63             : 
      64       26346 :         if (ev == NULL) {
      65           0 :                 return NULL;
      66             :         }
      67             : 
      68       26346 :         conn = talloc_zero(mem_ctx, struct ldap_connection);
      69       26346 :         if (conn == NULL) {
      70           0 :                 return NULL;
      71             :         }
      72             : 
      73       26346 :         conn->next_messageid  = 1;
      74       26346 :         conn->event.event_ctx = ev;
      75             : 
      76       26346 :         conn->sockets.send_queue = tevent_queue_create(conn,
      77             :                                         "ldap_connection send_queue");
      78       26346 :         if (conn->sockets.send_queue == NULL) {
      79           0 :                 TALLOC_FREE(conn);
      80           0 :                 return NULL;
      81             :         }
      82             : 
      83       26346 :         conn->lp_ctx = lp_ctx;
      84             : 
      85             :         /* set a reasonable request timeout */
      86       26346 :         conn->timeout = 60;
      87             : 
      88             :         /* explicitly avoid reconnections by default */
      89       26346 :         conn->reconnect.max_retries = 0;
      90             : 
      91       26346 :         talloc_set_destructor(conn, ldap_connection_destructor);
      92       26346 :         return conn;
      93             : }
      94             : 
      95             : /*
      96             :   the connection is dead
      97             : */
      98       26346 : static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status)
      99             : {
     100         122 :         struct ldap_request *req;
     101             : 
     102       26346 :         tevent_queue_stop(conn->sockets.send_queue);
     103       26346 :         TALLOC_FREE(conn->sockets.recv_subreq);
     104       26346 :         conn->sockets.active = NULL;
     105       26346 :         TALLOC_FREE(conn->sockets.sasl);
     106       26346 :         TALLOC_FREE(conn->sockets.tls);
     107       26346 :         TALLOC_FREE(conn->sockets.raw);
     108             : 
     109             :         /* return an error for any pending request ... */
     110       26412 :         while (conn->pending) {
     111          66 :                 req = conn->pending;
     112          66 :                 DLIST_REMOVE(req->conn->pending, req);
     113          66 :                 req->conn = NULL;
     114          66 :                 req->state = LDAP_REQUEST_DONE;
     115          66 :                 if (NT_STATUS_IS_OK(status)) {
     116          66 :                         continue;
     117             :                 }
     118           0 :                 req->status = status;
     119           0 :                 if (req->async.fn) {
     120           0 :                         req->async.fn(req);
     121             :                 }
     122             :         }
     123       26346 : }
     124             : 
     125             : static void ldap_reconnect(struct ldap_connection *conn);
     126             : 
     127             : /*
     128             :   handle packet errors
     129             : */
     130           0 : static void ldap_error_handler(struct ldap_connection *conn, NTSTATUS status)
     131             : {
     132           0 :         ldap_connection_dead(conn, status);
     133             : 
     134             :         /* but try to reconnect so that the ldb client can go on */
     135           0 :         ldap_reconnect(conn);
     136           0 : }
     137             : 
     138             : 
     139             : /*
     140             :   match up with a pending message, adding to the replies list
     141             : */
     142     1359106 : static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
     143             : {
     144        1116 :         struct ldap_request *req;
     145        1116 :         int i;
     146             : 
     147     1359620 :         for (req=conn->pending; req; req=req->next) {
     148     1359619 :                 if (req->messageid == msg->messageid) break;
     149             :         }
     150             :         /* match a zero message id to the last request sent.
     151             :            It seems that servers send 0 if unable to parse */
     152     1359106 :         if (req == NULL && msg->messageid == 0) {
     153           1 :                 req = conn->pending;
     154             :         }
     155     1359106 :         if (req == NULL) {
     156           0 :                 DEBUG(0,("ldap: no matching message id for %u\n",
     157             :                          msg->messageid));
     158           0 :                 TALLOC_FREE(msg);
     159           0 :                 return;
     160             :         }
     161             : 
     162             :         /* Check for undecoded critical extensions */
     163     1476535 :         for (i=0; msg->controls && msg->controls[i]; i++) {
     164      117429 :                 if (!msg->controls_decoded[i] && 
     165           0 :                     msg->controls[i]->critical) {
     166           0 :                         TALLOC_FREE(msg);
     167           0 :                         req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
     168           0 :                         req->state = LDAP_REQUEST_DONE;
     169           0 :                         DLIST_REMOVE(conn->pending, req);
     170           0 :                         if (req->async.fn) {
     171           0 :                                 req->async.fn(req);
     172             :                         }
     173           0 :                         return;
     174             :                 }
     175             :         }
     176             : 
     177             :         /* add to the list of replies received */
     178     1359106 :         req->replies = talloc_realloc(req, req->replies, 
     179             :                                       struct ldap_message *, req->num_replies+1);
     180     1359106 :         if (req->replies == NULL) {
     181           0 :                 TALLOC_FREE(msg);
     182           0 :                 req->status = NT_STATUS_NO_MEMORY;
     183           0 :                 req->state = LDAP_REQUEST_DONE;
     184           0 :                 DLIST_REMOVE(conn->pending, req);
     185           0 :                 if (req->async.fn) {
     186           0 :                         req->async.fn(req);
     187             :                 }
     188           0 :                 return;
     189             :         }
     190             : 
     191     1359106 :         req->replies[req->num_replies] = talloc_steal(req->replies, msg);
     192     1359106 :         req->num_replies++;
     193             : 
     194     1359106 :         if (msg->type != LDAP_TAG_SearchResultEntry &&
     195      742380 :             msg->type != LDAP_TAG_SearchResultReference) {
     196             :                 /* currently only search results expect multiple
     197             :                    replies */
     198      611918 :                 req->state = LDAP_REQUEST_DONE;
     199      611918 :                 DLIST_REMOVE(conn->pending, req);
     200             :         }
     201             : 
     202     1359106 :         if (req->async.fn) {
     203     1271903 :                 req->async.fn(req);
     204             :         }
     205             : }
     206             : 
     207             : static void ldap_connection_recv_done(struct tevent_req *subreq);
     208             : 
     209     1971103 : static void ldap_connection_recv_next(struct ldap_connection *conn)
     210             : {
     211     1971103 :         struct tevent_req *subreq = NULL;
     212             : 
     213     1971103 :         if (conn->sockets.recv_subreq != NULL) {
     214        4734 :                 return;
     215             :         }
     216             : 
     217     1966369 :         if (conn->sockets.active == NULL) {
     218           0 :                 return;
     219             :         }
     220             : 
     221     1966369 :         if (conn->pending == NULL) {
     222      606488 :                 return;
     223             :         }
     224             : 
     225             :         /*
     226             :          * The minimum size of a LDAP pdu is 7 bytes
     227             :          *
     228             :          * dumpasn1 -hh ldap-unbind-min.dat
     229             :          *
     230             :          *     <30 05 02 01 09 42 00>
     231             :          *    0    5: SEQUENCE {
     232             :          *     <02 01 09>
     233             :          *    2    1:   INTEGER 9
     234             :          *     <42 00>
     235             :          *    5    0:   [APPLICATION 2]
     236             :          *          :     Error: Object has zero length.
     237             :          *          :   }
     238             :          *
     239             :          * dumpasn1 -hh ldap-unbind-windows.dat
     240             :          *
     241             :          *     <30 84 00 00 00 05 02 01 09 42 00>
     242             :          *    0    5: SEQUENCE {
     243             :          *     <02 01 09>
     244             :          *    6    1:   INTEGER 9
     245             :          *     <42 00>
     246             :          *    9    0:   [APPLICATION 2]
     247             :          *          :     Error: Object has zero length.
     248             :          *          :   }
     249             :          *
     250             :          * This means using an initial read size
     251             :          * of 7 is ok.
     252             :          */
     253     1359172 :         subreq = tstream_read_pdu_blob_send(conn,
     254             :                                             conn->event.event_ctx,
     255             :                                             conn->sockets.active,
     256             :                                             7, /* initial_read_size */
     257             :                                             ldap_full_packet,
     258             :                                             conn);
     259     1359172 :         if (subreq == NULL) {
     260           0 :                 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
     261           0 :                 return;
     262             :         }
     263     1359172 :         tevent_req_set_callback(subreq, ldap_connection_recv_done, conn);
     264     1359172 :         conn->sockets.recv_subreq = subreq;
     265     1359172 :         return;
     266             : }
     267             : 
     268             : /*
     269             :   decode/process LDAP data
     270             : */
     271     1359106 : static void ldap_connection_recv_done(struct tevent_req *subreq)
     272             : {
     273        1116 :         NTSTATUS status;
     274        1116 :         struct ldap_connection *conn =
     275     1359106 :                 tevent_req_callback_data(subreq,
     276             :                 struct ldap_connection);
     277        1116 :         struct ldap_message *msg;
     278        1116 :         struct asn1_data *asn1;
     279        1116 :         DATA_BLOB blob;
     280     1359106 :         struct ldap_request_limits limits = {0};
     281             : 
     282     1359106 :         msg = talloc_zero(conn, struct ldap_message);
     283     1359106 :         if (msg == NULL) {
     284           0 :                 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
     285           0 :                 return;
     286             :         }
     287             : 
     288     1359106 :         asn1 = asn1_init(conn, ASN1_MAX_TREE_DEPTH);
     289     1359106 :         if (asn1 == NULL) {
     290           0 :                 TALLOC_FREE(msg);
     291           0 :                 ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
     292           0 :                 return;
     293             :         }
     294             : 
     295     1359106 :         conn->sockets.recv_subreq = NULL;
     296             : 
     297     1359106 :         status = tstream_read_pdu_blob_recv(subreq,
     298             :                                             asn1,
     299             :                                             &blob);
     300     1359106 :         TALLOC_FREE(subreq);
     301     1359106 :         if (!NT_STATUS_IS_OK(status)) {
     302           0 :                 TALLOC_FREE(msg);
     303           0 :                 asn1_free(asn1);
     304           0 :                 ldap_error_handler(conn, status);
     305           0 :                 return;
     306             :         }
     307             : 
     308     1359106 :         asn1_load_nocopy(asn1, blob.data, blob.length);
     309             : 
     310     1359106 :         status = ldap_decode(asn1, &limits, samba_ldap_control_handlers(), msg);
     311     1359106 :         asn1_free(asn1);
     312     1359106 :         if (!NT_STATUS_IS_OK(status)) {
     313           0 :                 TALLOC_FREE(msg);
     314           0 :                 ldap_error_handler(conn, status);
     315           0 :                 return;
     316             :         }
     317             : 
     318     1359106 :         ldap_match_message(conn, msg);
     319     1359106 :         ldap_connection_recv_next(conn);
     320             : 
     321     1359106 :         return;
     322             : }
     323             : 
     324             : enum ldap_proto {
     325             :         LDAP_PROTO_NONE,
     326             :         LDAP_PROTO_LDAP,
     327             :         LDAP_PROTO_LDAPS,
     328             :         LDAP_PROTO_LDAPI
     329             : };
     330             : 
     331       26346 : static int ldap_parse_basic_url(
     332             :         const char *url,
     333             :         enum ldap_proto *pproto,
     334             :         TALLOC_CTX *mem_ctx,
     335             :         char **pdest,           /* path for ldapi, host for ldap[s] */
     336             :         uint16_t *pport)        /* Not set for ldapi */
     337             : {
     338       26346 :         enum ldap_proto proto = LDAP_PROTO_NONE;
     339       26346 :         char *host = NULL;
     340         122 :         int ret, port;
     341             : 
     342       26346 :         if (url == NULL) {
     343           0 :                 return EINVAL;
     344             :         }
     345             : 
     346       26346 :         if (strncasecmp_m(url, "ldapi://", strlen("ldapi://")) == 0) {
     347         108 :                 char *path = NULL, *end = NULL;
     348             : 
     349         108 :                 path = talloc_strdup(mem_ctx, url+8);
     350         108 :                 if (path == NULL) {
     351           0 :                         return ENOMEM;
     352             :                 }
     353         108 :                 end = rfc1738_unescape(path);
     354         108 :                 if (end == NULL) {
     355           0 :                         TALLOC_FREE(path);
     356           0 :                         return EINVAL;
     357             :                 }
     358             : 
     359         108 :                 *pproto = LDAP_PROTO_LDAPI;
     360         108 :                 *pdest = path;
     361         108 :                 return 0;
     362             :         }
     363             : 
     364       26238 :         if (strncasecmp_m(url, "ldap://", strlen("ldap://")) == 0) {
     365       25761 :                 url += 7;
     366       25761 :                 proto = LDAP_PROTO_LDAP;
     367       25761 :                 port = 389;
     368             :         }
     369       26238 :         if (strncasecmp_m(url, "ldaps://", strlen("ldaps://")) == 0) {
     370         477 :                 url += 8;
     371         477 :                 port = 636;
     372         477 :                 proto = LDAP_PROTO_LDAPS;
     373             :         }
     374             : 
     375       26238 :         if (proto == LDAP_PROTO_NONE) {
     376           0 :                 return EPROTONOSUPPORT;
     377             :         }
     378             : 
     379       26238 :         if (url[0] == '[') {
     380             :                 /*
     381             :                  * IPv6 with [aa:bb:cc..]:port
     382             :                  */
     383           0 :                 const char *end = NULL;
     384             : 
     385           0 :                 url +=1;
     386             : 
     387           0 :                 end = strchr(url, ']');
     388           0 :                 if (end == NULL) {
     389           0 :                         return EINVAL;
     390             :                 }
     391             : 
     392           0 :                 ret = sscanf(end+1, ":%d", &port);
     393           0 :                 if (ret < 0) {
     394           0 :                         return EINVAL;
     395             :                 }
     396             : 
     397           0 :                 *pdest = talloc_strndup(mem_ctx, url, end-url);
     398           0 :                 if (*pdest == NULL) {
     399           0 :                         return ENOMEM;
     400             :                 }
     401           0 :                 *pproto = proto;
     402           0 :                 *pport = port;
     403           0 :                 return 0;
     404             :         }
     405             : 
     406       26238 :         ret = sscanf(url, "%m[^:/]:%d", &host, &port);
     407       26238 :         if (ret < 1) {
     408           0 :                 return EINVAL;
     409             :         }
     410             : 
     411       26238 :         *pdest = talloc_strdup(mem_ctx, host);
     412       26238 :         SAFE_FREE(host);
     413       26238 :         if (*pdest == NULL) {
     414           0 :                 return ENOMEM;
     415             :         }
     416       26238 :         *pproto = proto;
     417       26238 :         *pport = port;
     418             : 
     419       26238 :         return 0;
     420             : }
     421             : 
     422             : /*
     423             :   connect to a ldap server
     424             : */
     425             : 
     426             : struct ldap_connect_state {
     427             :         struct composite_context *ctx;
     428             :         struct ldap_connection *conn;
     429             :         struct socket_context *sock;
     430             :         struct tstream_context *raw;
     431             :         struct tstream_tls_params *tls_params;
     432             :         struct tstream_context *tls;
     433             : };
     434             : 
     435             : static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
     436             : static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
     437             : 
     438       26346 : _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
     439             :                                             const char *url)
     440             : {
     441         122 :         struct composite_context *result, *ctx;
     442         122 :         struct ldap_connect_state *state;
     443         122 :         enum ldap_proto proto;
     444       26346 :         char *dest = NULL;
     445         122 :         uint16_t port;
     446         122 :         int ret;
     447             : 
     448       26346 :         result = talloc_zero(conn, struct composite_context);
     449       26346 :         if (result == NULL) goto failed;
     450       26346 :         result->state = COMPOSITE_STATE_IN_PROGRESS;
     451       26346 :         result->async.fn = NULL;
     452       26346 :         result->event_ctx = conn->event.event_ctx;
     453             : 
     454       26346 :         state = talloc(result, struct ldap_connect_state);
     455       26346 :         if (state == NULL) goto failed;
     456       26346 :         state->ctx = result;
     457       26346 :         result->private_data = state;
     458             : 
     459       26346 :         state->conn = conn;
     460             : 
     461       26346 :         if (conn->reconnect.url == NULL) {
     462       26346 :                 conn->reconnect.url = talloc_strdup(conn, url);
     463       26346 :                 if (conn->reconnect.url == NULL) goto failed;
     464             :         }
     465             : 
     466       26346 :         ret = ldap_parse_basic_url(url, &proto, conn, &dest, &port);
     467       26346 :         if (ret != 0) {
     468           0 :                 composite_error(result, map_nt_error_from_unix_common(ret));
     469           0 :                 return result;
     470             :         }
     471             : 
     472       26346 :         if (proto == LDAP_PROTO_LDAPI) {
     473           0 :                 struct socket_address *unix_addr;
     474         108 :                 NTSTATUS status = socket_create(state, "unix",
     475             :                                                 SOCKET_TYPE_STREAM,
     476             :                                                 &state->sock, 0);
     477         108 :                 if (!NT_STATUS_IS_OK(status)) {
     478           0 :                         return NULL;
     479             :                 }
     480             : 
     481         108 :                 conn->host = talloc_asprintf(conn, "%s.%s",
     482             :                                              lpcfg_netbios_name(conn->lp_ctx),
     483             :                                              lpcfg_dnsdomain(conn->lp_ctx));
     484         108 :                 if (composite_nomem(conn->host, state->ctx)) {
     485           0 :                         return result;
     486             :                 }
     487             : 
     488         108 :                 unix_addr = socket_address_from_strings(state, state->sock->backend_name,
     489             :                                                         dest, 0);
     490         108 :                 if (composite_nomem(unix_addr, result)) {
     491           0 :                         return result;
     492             :                 }
     493             : 
     494         108 :                 ctx = socket_connect_send(state->sock, NULL, unix_addr,
     495             :                                           0, result->event_ctx);
     496         108 :                 ctx->async.fn = ldap_connect_recv_unix_conn;
     497         108 :                 ctx->async.private_data = state;
     498         108 :                 return result;
     499             :         }
     500             : 
     501       26238 :         if ((proto == LDAP_PROTO_LDAP) || (proto == LDAP_PROTO_LDAPS)) {
     502             : 
     503       26238 :                 conn->ldaps = (proto == LDAP_PROTO_LDAPS);
     504             : 
     505       26238 :                 conn->host = talloc_move(conn, &dest);
     506       26238 :                 conn->port = port;
     507             : 
     508       26238 :                 if (conn->ldaps) {
     509         477 :                         char *ca_file = lpcfg_tls_cafile(state, conn->lp_ctx);
     510         477 :                         char *crl_file = lpcfg_tls_crlfile(state, conn->lp_ctx);
     511         477 :                         const char *tls_priority = lpcfg_tls_priority(conn->lp_ctx);
     512         477 :                         enum tls_verify_peer_state verify_peer =
     513         477 :                                 lpcfg_tls_verify_peer(conn->lp_ctx);
     514           0 :                         NTSTATUS status;
     515             : 
     516         477 :                         status = tstream_tls_params_client(state,
     517             :                                                            ca_file,
     518             :                                                            crl_file,
     519             :                                                            tls_priority,
     520             :                                                            verify_peer,
     521         477 :                                                            conn->host,
     522             :                                                            &state->tls_params);
     523         477 :                         if (!NT_STATUS_IS_OK(status)) {
     524           6 :                                 composite_error(result, status);
     525           6 :                                 return result;
     526             :                         }
     527             :                 }
     528             : 
     529       26232 :                 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
     530             :                                                 lpcfg_resolve_context(conn->lp_ctx),
     531             :                                                 result->event_ctx);
     532       26232 :                 if (composite_nomem(ctx, result)) {
     533           0 :                         return result;
     534             :                 }
     535             : 
     536       26232 :                 ctx->async.fn = ldap_connect_recv_tcp_conn;
     537       26232 :                 ctx->async.private_data = state;
     538       26232 :                 return result;
     539             :         }
     540           0 :  failed:
     541           0 :         talloc_free(result);
     542           0 :         return NULL;
     543             : }
     544             : 
     545             : static void ldap_connect_got_tls(struct tevent_req *subreq);
     546             : 
     547       26340 : static void ldap_connect_got_sock(struct composite_context *ctx, 
     548             :                                   struct ldap_connection *conn)
     549             : {
     550         122 :         struct ldap_connect_state *state =
     551       26340 :                 talloc_get_type_abort(ctx->private_data,
     552             :                 struct ldap_connect_state);
     553       26340 :         struct tevent_req *subreq = NULL;
     554         122 :         int fd;
     555         122 :         int ret;
     556             : 
     557       26340 :         socket_set_flags(state->sock, SOCKET_FLAG_NOCLOSE);
     558       26340 :         fd = socket_get_fd(state->sock);
     559       26340 :         TALLOC_FREE(state->sock);
     560             : 
     561       26340 :         smb_set_close_on_exec(fd);
     562             : 
     563       26340 :         ret = set_blocking(fd, false);
     564       26340 :         if (ret == -1) {
     565           0 :                 NTSTATUS status = map_nt_error_from_unix_common(errno);
     566           0 :                 composite_error(state->ctx, status);
     567           0 :                 return;
     568             :         }
     569             : 
     570       26340 :         ret = tstream_bsd_existing_socket(state, fd, &state->raw);
     571       26340 :         if (ret == -1) {
     572           0 :                 NTSTATUS status = map_nt_error_from_unix_common(errno);
     573           0 :                 composite_error(state->ctx, status);
     574           0 :                 return;
     575             :         }
     576             : 
     577       26340 :         if (!conn->ldaps) {
     578       25869 :                 conn->sockets.raw = talloc_move(conn, &state->raw);
     579       25869 :                 conn->sockets.active = conn->sockets.raw;
     580       25869 :                 composite_done(state->ctx);
     581       25869 :                 return;
     582             :         }
     583             : 
     584         471 :         subreq = tstream_tls_connect_send(state, state->ctx->event_ctx,
     585             :                                           state->raw, state->tls_params);
     586         471 :         if (composite_nomem(subreq, state->ctx)) {
     587           0 :                 return;
     588             :         }
     589         471 :         tevent_req_set_callback(subreq, ldap_connect_got_tls, state);
     590             : }
     591             : 
     592         471 : static void ldap_connect_got_tls(struct tevent_req *subreq)
     593             : {
     594           0 :         struct ldap_connect_state *state =
     595         471 :                 tevent_req_callback_data(subreq,
     596             :                 struct ldap_connect_state);
     597           0 :         int err;
     598           0 :         int ret;
     599             : 
     600         471 :         ret = tstream_tls_connect_recv(subreq, &err, state, &state->tls);
     601         471 :         TALLOC_FREE(subreq);
     602         471 :         if (ret == -1) {
     603          13 :                 NTSTATUS status = map_nt_error_from_unix_common(err);
     604          13 :                 composite_error(state->ctx, status);
     605          13 :                 return;
     606             :         }
     607             : 
     608         458 :         talloc_steal(state->tls, state->tls_params);
     609             : 
     610         458 :         state->conn->sockets.raw = talloc_move(state->conn, &state->raw);
     611         458 :         state->conn->sockets.tls = talloc_move(state->conn->sockets.raw,
     612             :                                                &state->tls);
     613         458 :         state->conn->sockets.active = state->conn->sockets.tls;
     614         458 :         composite_done(state->ctx);
     615             : }
     616             : 
     617       26232 : static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
     618             : {
     619         122 :         struct ldap_connect_state *state =
     620       26232 :                 talloc_get_type_abort(ctx->async.private_data,
     621             :                 struct ldap_connect_state);
     622       26232 :         struct ldap_connection *conn = state->conn;
     623         122 :         uint16_t port;
     624       26232 :         NTSTATUS status = socket_connect_multi_recv(ctx, state, &state->sock,
     625             :                                                        &port);
     626       26232 :         if (!NT_STATUS_IS_OK(status)) {
     627           0 :                 composite_error(state->ctx, status);
     628           0 :                 return;
     629             :         }
     630             : 
     631       26232 :         ldap_connect_got_sock(state->ctx, conn);
     632             : }
     633             : 
     634         108 : static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
     635             : {
     636           0 :         struct ldap_connect_state *state =
     637         108 :                 talloc_get_type_abort(ctx->async.private_data,
     638             :                 struct ldap_connect_state);
     639         108 :         struct ldap_connection *conn = state->conn;
     640             : 
     641         108 :         NTSTATUS status = socket_connect_recv(ctx);
     642             : 
     643         108 :         if (!NT_STATUS_IS_OK(state->ctx->status)) {
     644           0 :                 composite_error(state->ctx, status);
     645           0 :                 return;
     646             :         }
     647             : 
     648         108 :         ldap_connect_got_sock(state->ctx, conn);
     649             : }
     650             : 
     651       26346 : _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
     652             : {
     653       26346 :         NTSTATUS status = composite_wait(ctx);
     654       26346 :         talloc_free(ctx);
     655       26346 :         return status;
     656             : }
     657             : 
     658       26346 : _PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
     659             : {
     660       26346 :         struct composite_context *ctx = ldap_connect_send(conn, url);
     661       26346 :         return ldap_connect_recv(ctx);
     662             : }
     663             : 
     664             : /* set reconnect parameters */
     665             : 
     666           0 : _PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
     667             : {
     668           0 :         if (conn) {
     669           0 :                 conn->reconnect.max_retries = max_retries;
     670           0 :                 conn->reconnect.retries = 0;
     671           0 :                 conn->reconnect.previous = time_mono(NULL);
     672             :         }
     673           0 : }
     674             : 
     675             : /* Actually this function is NOT ASYNC safe, FIXME? */
     676           0 : static void ldap_reconnect(struct ldap_connection *conn)
     677             : {
     678           0 :         NTSTATUS status;
     679           0 :         time_t now = time_mono(NULL);
     680             : 
     681             :         /* do we have set up reconnect ? */
     682           0 :         if (conn->reconnect.max_retries == 0) return;
     683             : 
     684             :         /* is the retry time expired ? */
     685           0 :         if (now > conn->reconnect.previous + 30) {
     686           0 :                 conn->reconnect.retries = 0;
     687           0 :                 conn->reconnect.previous = now;
     688             :         }
     689             : 
     690             :         /* are we reconnectind too often and too fast? */
     691           0 :         if (conn->reconnect.retries > conn->reconnect.max_retries) return;
     692             : 
     693             :         /* keep track of the number of reconnections */
     694           0 :         conn->reconnect.retries++;
     695             : 
     696             :         /* reconnect */
     697           0 :         status = ldap_connect(conn, conn->reconnect.url);
     698           0 :         if ( ! NT_STATUS_IS_OK(status)) {
     699           0 :                 return;
     700             :         }
     701             : 
     702             :         /* rebind */
     703           0 :         status = ldap_rebind(conn);
     704           0 :         if ( ! NT_STATUS_IS_OK(status)) {
     705           0 :                 ldap_connection_dead(conn, status);
     706             :         }
     707             : }
     708             : 
     709          13 : static void ldap_request_destructor_abandon(struct ldap_request *abandon)
     710             : {
     711          13 :         TALLOC_FREE(abandon);
     712          13 : }
     713             : 
     714             : /* destroy an open ldap request */
     715      612078 : static int ldap_request_destructor(struct ldap_request *req)
     716             : {
     717      612078 :         if (req->state == LDAP_REQUEST_PENDING) {
     718          79 :                 struct ldap_message msg = {
     719             :                         .type = LDAP_TAG_AbandonRequest,
     720          79 :                         .r.AbandonRequest.messageid = req->messageid,
     721             :                 };
     722          79 :                 struct ldap_request *abandon = NULL;
     723             : 
     724          79 :                 DLIST_REMOVE(req->conn->pending, req);
     725             : 
     726          79 :                 abandon = ldap_request_send(req->conn, &msg);
     727          79 :                 if (abandon == NULL) {
     728           0 :                         ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
     729           0 :                         return 0;
     730             :                 }
     731          79 :                 abandon->async.fn = ldap_request_destructor_abandon;
     732          79 :                 abandon->async.private_data = NULL;
     733             :         }
     734             : 
     735      611369 :         return 0;
     736             : }
     737             : 
     738           0 : static void ldap_request_timeout_abandon(struct ldap_request *abandon)
     739             : {
     740           0 :         struct ldap_request *req =
     741           0 :                 talloc_get_type_abort(abandon->async.private_data,
     742             :                 struct ldap_request);
     743             : 
     744           0 :         if (req->state == LDAP_REQUEST_PENDING) {
     745           0 :                 DLIST_REMOVE(req->conn->pending, req);
     746             :         }
     747           0 :         req->state = LDAP_REQUEST_DONE;
     748           0 :         if (req->async.fn) {
     749           0 :                 req->async.fn(req);
     750             :         }
     751           0 : }
     752             : 
     753             : /*
     754             :   called on timeout of a ldap request
     755             : */
     756          19 : static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te, 
     757             :                                       struct timeval t, void *private_data)
     758             : {
     759           0 :         struct ldap_request *req =
     760          19 :                 talloc_get_type_abort(private_data,
     761             :                 struct ldap_request);
     762             : 
     763          19 :         req->status = NT_STATUS_IO_TIMEOUT;
     764          19 :         if (req->state == LDAP_REQUEST_PENDING) {
     765           0 :                 struct ldap_message msg = {
     766             :                         .type = LDAP_TAG_AbandonRequest,
     767           0 :                         .r.AbandonRequest.messageid = req->messageid,
     768             :                 };
     769           0 :                 struct ldap_request *abandon = NULL;
     770             : 
     771           0 :                 abandon = ldap_request_send(req->conn, &msg);
     772           0 :                 if (abandon == NULL) {
     773           0 :                         ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
     774           0 :                         return;
     775             :                 }
     776           0 :                 talloc_reparent(req->conn, req, abandon);
     777           0 :                 abandon->async.fn = ldap_request_timeout_abandon;
     778           0 :                 abandon->async.private_data = req;
     779           0 :                 DLIST_REMOVE(req->conn->pending, req);
     780           0 :                 return;
     781             :         }
     782          19 :         req->state = LDAP_REQUEST_DONE;
     783          19 :         if (req->async.fn) {
     784           0 :                 req->async.fn(req);
     785             :         }
     786             : }
     787             : 
     788             : 
     789             : /*
     790             :   called on completion of a failed ldap request
     791             : */
     792           0 : static void ldap_request_failed_complete(struct tevent_context *ev, struct tevent_timer *te,
     793             :                                       struct timeval t, void *private_data)
     794             : {
     795           0 :         struct ldap_request *req =
     796           0 :                 talloc_get_type_abort(private_data,
     797             :                 struct ldap_request);
     798             : 
     799           0 :         if (req->async.fn) {
     800           0 :                 req->async.fn(req);
     801             :         }
     802           0 : }
     803             : 
     804             : static void ldap_request_written(struct tevent_req *subreq);
     805             : 
     806             : /*
     807             :   send a ldap message - async interface
     808             : */
     809      612078 : _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
     810             :                                        struct ldap_message *msg)
     811             : {
     812         709 :         struct ldap_request *req;
     813      612078 :         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
     814      612078 :         struct tevent_req *subreq = NULL;
     815             : 
     816      612078 :         req = talloc_zero(conn, struct ldap_request);
     817      612078 :         if (req == NULL) return NULL;
     818             : 
     819      612078 :         if (conn->sockets.active == NULL) {
     820           0 :                 status = NT_STATUS_INVALID_CONNECTION;
     821           0 :                 goto failed;
     822             :         }
     823             : 
     824      612078 :         req->state       = LDAP_REQUEST_SEND;
     825      612078 :         req->conn        = conn;
     826      612078 :         req->messageid   = conn->next_messageid++;
     827      612078 :         if (conn->next_messageid == 0) {
     828           0 :                 conn->next_messageid = 1;
     829             :         }
     830      612078 :         req->type        = msg->type;
     831      612078 :         if (req->messageid == -1) {
     832           0 :                 goto failed;
     833             :         }
     834             : 
     835      612078 :         talloc_set_destructor(req, ldap_request_destructor);
     836             : 
     837      612078 :         msg->messageid = req->messageid;
     838             : 
     839      612078 :         if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
     840           0 :                 status = NT_STATUS_INTERNAL_ERROR;
     841           0 :                 goto failed;            
     842             :         }
     843             : 
     844             :         /* put a timeout on the request */
     845      612078 :         req->time_event = tevent_add_timer(conn->event.event_ctx, req,
     846             :                                            timeval_current_ofs(conn->timeout, 0),
     847             :                                            ldap_request_timeout, req);
     848      612078 :         if (req->time_event == NULL) {
     849           0 :                 status = NT_STATUS_NO_MEMORY;
     850           0 :                 goto failed;
     851             :         }
     852             : 
     853      612078 :         req->write_iov.iov_base = req->data.data;
     854      612078 :         req->write_iov.iov_len = req->data.length;
     855             : 
     856      612787 :         subreq = tstream_writev_queue_send(req, conn->event.event_ctx,
     857             :                                            conn->sockets.active,
     858             :                                            conn->sockets.send_queue,
     859      612078 :                                            &req->write_iov, 1);
     860      612078 :         if (subreq == NULL) {
     861           0 :                 status = NT_STATUS_NO_MEMORY;
     862           0 :                 goto failed;
     863             :         }
     864      612078 :         tevent_req_set_callback(subreq, ldap_request_written, req);
     865             : 
     866      612078 :         req->state = LDAP_REQUEST_PENDING;
     867      612078 :         DLIST_ADD(conn->pending, req);
     868             : 
     869      611369 :         return req;
     870             : 
     871           0 : failed:
     872           0 :         req->status = status;
     873           0 :         req->state = LDAP_REQUEST_ERROR;
     874           0 :         tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
     875             :                          ldap_request_failed_complete, req);
     876             : 
     877           0 :         return req;
     878             : }
     879             : 
     880      612012 : static void ldap_request_written(struct tevent_req *subreq)
     881             : {
     882         709 :         struct ldap_request *req =
     883      612012 :                 tevent_req_callback_data(subreq,
     884             :                 struct ldap_request);
     885         709 :         int err;
     886         709 :         ssize_t ret;
     887             : 
     888      612012 :         ret = tstream_writev_queue_recv(subreq, &err);
     889      612012 :         TALLOC_FREE(subreq);
     890      612012 :         if (ret == -1) {
     891           0 :                 NTSTATUS error = map_nt_error_from_unix_common(err);
     892           0 :                 ldap_error_handler(req->conn, error);
     893           0 :                 return;
     894             :         }
     895             : 
     896      612012 :         if (req->type == LDAP_TAG_AbandonRequest ||
     897      611289 :             req->type == LDAP_TAG_UnbindRequest)
     898             :         {
     899          15 :                 if (req->state == LDAP_REQUEST_PENDING) {
     900          15 :                         DLIST_REMOVE(req->conn->pending, req);
     901             :                 }
     902          15 :                 req->state = LDAP_REQUEST_DONE;
     903          15 :                 if (req->async.fn) {
     904          13 :                         req->async.fn(req);
     905             :                 }
     906          15 :                 return;
     907             :         }
     908             : 
     909      611997 :         ldap_connection_recv_next(req->conn);
     910             : }
     911             : 
     912             : 
     913             : /*
     914             :   wait for a request to complete
     915             :   note that this does not destroy the request
     916             : */
     917         446 : _PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
     918             : {
     919        2988 :         while (req->state < LDAP_REQUEST_DONE) {
     920        2542 :                 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
     921           0 :                         req->state = LDAP_REQUEST_ERROR;
     922           0 :                         req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
     923           0 :                         break;
     924             :                 }
     925             :         }
     926         446 :         return req->status;
     927             : }
     928             : 
     929             : 
     930             : /*
     931             :   a mapping of ldap response code to strings
     932             : */
     933             : static const struct {
     934             :         enum ldap_result_code code;
     935             :         const char *str;
     936             : } ldap_code_map[] = {
     937             : #define _LDAP_MAP_CODE(c) { c, #c }
     938             :         _LDAP_MAP_CODE(LDAP_SUCCESS),
     939             :         _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
     940             :         _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
     941             :         _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
     942             :         _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
     943             :         _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
     944             :         _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
     945             :         _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
     946             :         _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
     947             :         _LDAP_MAP_CODE(LDAP_REFERRAL),
     948             :         _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
     949             :         _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
     950             :         _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
     951             :         _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
     952             :         _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
     953             :         _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
     954             :         _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
     955             :         _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
     956             :         _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
     957             :         _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
     958             :         _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
     959             :         _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
     960             :         _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
     961             :         _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
     962             :         _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
     963             :         _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
     964             :         _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
     965             :         _LDAP_MAP_CODE(LDAP_BUSY),
     966             :         _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
     967             :         _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
     968             :         _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
     969             :         _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
     970             :         _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
     971             :         _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
     972             :         _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
     973             :         _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
     974             :         _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
     975             :         _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
     976             :         _LDAP_MAP_CODE(LDAP_OTHER)
     977             : };
     978             : 
     979             : /*
     980             :   used to setup the status code from a ldap response
     981             : */
     982      577128 : _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
     983             : {
     984         587 :         size_t i;
     985      577128 :         const char *codename = "unknown";
     986             : 
     987      577128 :         if (r->resultcode == LDAP_SUCCESS) {
     988      525267 :                 return NT_STATUS_OK;
     989             :         }
     990             : 
     991       51861 :         if (conn->last_error) {
     992       41886 :                 talloc_free(conn->last_error);
     993             :         }
     994             : 
     995     1113034 :         for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
     996     1113034 :                 if ((enum ldap_result_code)r->resultcode == ldap_code_map[i].code) {
     997       51861 :                         codename = ldap_code_map[i].str;
     998       51861 :                         break;
     999             :                 }
    1000             :         }
    1001             : 
    1002      155583 :         conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>", 
    1003             :                                            r->resultcode,
    1004             :                                            codename,
    1005       51861 :                                            r->dn?r->dn:"(NULL)", 
    1006       51861 :                                            r->errormessage?r->errormessage:"", 
    1007       51861 :                                            r->referral?r->referral:"");
    1008             :         
    1009       51861 :         return NT_STATUS_LDAP(r->resultcode);
    1010             : }
    1011             : 
    1012             : /*
    1013             :   return error string representing the last error
    1014             : */
    1015       52761 : _PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn, 
    1016             :                         TALLOC_CTX *mem_ctx, 
    1017             :                         NTSTATUS status)
    1018             : {
    1019       52761 :         if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
    1020       52181 :                 return talloc_strdup(mem_ctx, conn->last_error);
    1021             :         }
    1022         580 :         return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
    1023             : }
    1024             : 
    1025             : 
    1026             : /*
    1027             :   return the Nth result message, waiting if necessary
    1028             : */
    1029       86757 : _PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
    1030             : {
    1031       86757 :         *msg = NULL;
    1032             : 
    1033       86757 :         NT_STATUS_HAVE_NO_MEMORY(req);
    1034             : 
    1035      337749 :         while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
    1036      250992 :                 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
    1037           0 :                         return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
    1038             :                 }
    1039             :         }
    1040             : 
    1041       86757 :         if (n < req->num_replies) {
    1042       86757 :                 *msg = req->replies[n];
    1043       86757 :                 return NT_STATUS_OK;
    1044             :         }
    1045             : 
    1046           0 :         if (!NT_STATUS_IS_OK(req->status)) {
    1047           0 :                 return req->status;
    1048             :         }
    1049             : 
    1050           0 :         return NT_STATUS_NO_MORE_ENTRIES;
    1051             : }
    1052             : 
    1053             : 
    1054             : /*
    1055             :   return a single result message, checking if it is of the expected LDAP type
    1056             : */
    1057          14 : _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
    1058             : {
    1059           0 :         NTSTATUS status;
    1060          14 :         status = ldap_result_n(req, 0, msg);
    1061          14 :         if (!NT_STATUS_IS_OK(status)) {
    1062           0 :                 return status;
    1063             :         }
    1064          14 :         if ((*msg) != NULL && (*msg)->type != (enum ldap_request_tag)type) {
    1065           0 :                 *msg = NULL;
    1066           0 :                 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
    1067             :         }
    1068          14 :         return status;
    1069             : }

Generated by: LCOV version 1.14