root/source4/libcli/ldap/ldap_client.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. ldap4_new_connection
  2. ldap_connection_dead
  3. ldap_error_handler
  4. ldap_match_message
  5. ldap_recv_handler
  6. ldap_read_io_handler
  7. ldap_io_handler
  8. ldap_parse_basic_url
  9. ldap_connect_send
  10. ldap_connect_got_sock
  11. ldap_connect_recv_tcp_conn
  12. ldap_connect_recv_unix_conn
  13. ldap_connect_recv
  14. ldap_connect
  15. ldap_set_reconn_params
  16. ldap_reconnect
  17. ldap_request_destructor
  18. ldap_request_timeout
  19. ldap_request_complete
  20. ldap_request_send
  21. ldap_request_wait
  22. ldap_check_response
  23. ldap_errstr
  24. ldap_result_n
  25. ldap_result_one
  26. ldap_transaction

   1 /* 
   2    Unix SMB/CIFS mplementation.
   3    LDAP protocol helper functions for SAMBA
   4    
   5    Copyright (C) Andrew Tridgell  2004
   6    Copyright (C) Volker Lendecke 2004
   7    Copyright (C) Stefan Metzmacher 2004
   8    Copyright (C) Simo Sorce 2004
   9     
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14    
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19    
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22    
  23 */
  24 
  25 #include "includes.h"
  26 #include <tevent.h>
  27 #include "lib/socket/socket.h"
  28 #include "../lib/util/asn1.h"
  29 #include "../lib/util/dlinklist.h"
  30 #include "libcli/ldap/ldap.h"
  31 #include "libcli/ldap/ldap_proto.h"
  32 #include "libcli/ldap/ldap_client.h"
  33 #include "libcli/composite/composite.h"
  34 #include "lib/stream/packet.h"
  35 #include "lib/tls/tls.h"
  36 #include "auth/gensec/gensec.h"
  37 #include "system/time.h"
  38 #include "param/param.h"
  39 #include "libcli/resolve/resolve.h"
  40 
  41 /**
  42   create a new ldap_connection stucture. The event context is optional
  43 */
  44 _PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
  45                                              struct loadparm_context *lp_ctx,
  46                                              struct tevent_context *ev)
  47 {
  48         struct ldap_connection *conn;
  49 
  50         if (ev == NULL) {
  51                 return NULL;
  52         }
  53 
  54         conn = talloc_zero(mem_ctx, struct ldap_connection);
  55         if (conn == NULL) {
  56                 return NULL;
  57         }
  58 
  59         conn->next_messageid  = 1;
  60         conn->event.event_ctx = ev;
  61 
  62         conn->lp_ctx = lp_ctx;
  63 
  64         /* set a reasonable request timeout */
  65         conn->timeout = 60;
  66 
  67         /* explicitly avoid reconnections by default */
  68         conn->reconnect.max_retries = 0;
  69         
  70         return conn;
  71 }
  72 
  73 /*
  74   the connection is dead
  75 */
  76 static void ldap_connection_dead(struct ldap_connection *conn)
     /* [<][>][^][v][top][bottom][index][help] */
  77 {
  78         struct ldap_request *req;
  79 
  80         talloc_free(conn->sock);  /* this will also free event.fde */
  81         talloc_free(conn->packet);
  82         conn->sock = NULL;
  83         conn->event.fde = NULL;
  84         conn->packet = NULL;
  85 
  86         /* return an error for any pending request ... */
  87         while (conn->pending) {
  88                 req = conn->pending;
  89                 DLIST_REMOVE(req->conn->pending, req);
  90                 req->state = LDAP_REQUEST_DONE;
  91                 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
  92                 if (req->async.fn) {
  93                         req->async.fn(req);
  94                 }
  95         }
  96 }
  97 
  98 static void ldap_reconnect(struct ldap_connection *conn);
  99 
 100 /*
 101   handle packet errors
 102 */
 103 static void ldap_error_handler(void *private_data, NTSTATUS status)
     /* [<][>][^][v][top][bottom][index][help] */
 104 {
 105         struct ldap_connection *conn = talloc_get_type(private_data, 
 106                                                        struct ldap_connection);
 107         ldap_connection_dead(conn);
 108 
 109         /* but try to reconnect so that the ldb client can go on */
 110         ldap_reconnect(conn);
 111 }
 112 
 113 
 114 /*
 115   match up with a pending message, adding to the replies list
 116 */
 117 static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
     /* [<][>][^][v][top][bottom][index][help] */
 118 {
 119         struct ldap_request *req;
 120         int i;
 121 
 122         for (req=conn->pending; req; req=req->next) {
 123                 if (req->messageid == msg->messageid) break;
 124         }
 125         /* match a zero message id to the last request sent.
 126            It seems that servers send 0 if unable to parse */
 127         if (req == NULL && msg->messageid == 0) {
 128                 req = conn->pending;
 129         }
 130         if (req == NULL) {
 131                 DEBUG(0,("ldap: no matching message id for %u\n",
 132                          msg->messageid));
 133                 talloc_free(msg);
 134                 return;
 135         }
 136 
 137         /* Check for undecoded critical extensions */
 138         for (i=0; msg->controls && msg->controls[i]; i++) {
 139                 if (!msg->controls_decoded[i] && 
 140                     msg->controls[i]->critical) {
 141                         req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
 142                         req->state = LDAP_REQUEST_DONE;
 143                         DLIST_REMOVE(conn->pending, req);
 144                         if (req->async.fn) {
 145                                 req->async.fn(req);
 146                         }
 147                         return;
 148                 }
 149         }
 150 
 151         /* add to the list of replies received */
 152         talloc_steal(req, msg);
 153         req->replies = talloc_realloc(req, req->replies, 
 154                                       struct ldap_message *, req->num_replies+1);
 155         if (req->replies == NULL) {
 156                 req->status = NT_STATUS_NO_MEMORY;
 157                 req->state = LDAP_REQUEST_DONE;
 158                 DLIST_REMOVE(conn->pending, req);
 159                 if (req->async.fn) {
 160                         req->async.fn(req);
 161                 }
 162                 return;
 163         }
 164 
 165         req->replies[req->num_replies] = talloc_steal(req->replies, msg);
 166         req->num_replies++;
 167 
 168         if (msg->type != LDAP_TAG_SearchResultEntry &&
 169             msg->type != LDAP_TAG_SearchResultReference) {
 170                 /* currently only search results expect multiple
 171                    replies */
 172                 req->state = LDAP_REQUEST_DONE;
 173                 DLIST_REMOVE(conn->pending, req);
 174         }
 175 
 176         if (req->async.fn) {
 177                 req->async.fn(req);
 178         }
 179 }
 180 
 181 
 182 /*
 183   decode/process LDAP data
 184 */
 185 static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
     /* [<][>][^][v][top][bottom][index][help] */
 186 {
 187         NTSTATUS status;
 188         struct ldap_connection *conn = talloc_get_type(private_data, 
 189                                                        struct ldap_connection);
 190         struct ldap_message *msg = talloc(conn, struct ldap_message);
 191         struct asn1_data *asn1 = asn1_init(conn);
 192 
 193         if (asn1 == NULL || msg == NULL) {
 194                 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
 195         }
 196 
 197         if (!asn1_load(asn1, blob)) {
 198                 talloc_free(msg);
 199                 talloc_free(asn1);
 200                 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
 201         }
 202         
 203         status = ldap_decode(asn1, samba_ldap_control_handlers(), msg);
 204         if (!NT_STATUS_IS_OK(status)) {
 205                 asn1_free(asn1);
 206                 return status;
 207         }
 208 
 209         ldap_match_message(conn, msg);
 210 
 211         data_blob_free(&blob);
 212         asn1_free(asn1);
 213         return NT_STATUS_OK;
 214 }
 215 
 216 /* Handle read events, from the GENSEC socket callback, or real events */
 217 void ldap_read_io_handler(void *private_data, uint16_t flags) 
     /* [<][>][^][v][top][bottom][index][help] */
 218 {
 219         struct ldap_connection *conn = talloc_get_type(private_data, 
 220                                                        struct ldap_connection);
 221         packet_recv(conn->packet);
 222 }
 223 
 224 /*
 225   handle ldap socket events
 226 */
 227 static void ldap_io_handler(struct tevent_context *ev, struct tevent_fd *fde, 
     /* [<][>][^][v][top][bottom][index][help] */
 228                             uint16_t flags, void *private_data)
 229 {
 230         struct ldap_connection *conn = talloc_get_type(private_data, 
 231                                                        struct ldap_connection);
 232         if (flags & TEVENT_FD_WRITE) {
 233                 packet_queue_run(conn->packet);
 234                 if (!tls_enabled(conn->sock)) return;
 235         }
 236         if (flags & TEVENT_FD_READ) {
 237                 ldap_read_io_handler(private_data, flags);
 238         }
 239 }
 240 
 241 /*
 242   parse a ldap URL
 243 */
 244 static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
     /* [<][>][^][v][top][bottom][index][help] */
 245                                      char **host, uint16_t *port, bool *ldaps)
 246 {
 247         int tmp_port = 0;
 248         char protocol[11];
 249         char tmp_host[1025];
 250         int ret;
 251 
 252         /* Paranoia check */
 253         SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
 254                 
 255         ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
 256         if (ret < 2) {
 257                 return NT_STATUS_INVALID_PARAMETER;
 258         }
 259 
 260         if (strequal(protocol, "ldap")) {
 261                 *port = 389;
 262                 *ldaps = false;
 263         } else if (strequal(protocol, "ldaps")) {
 264                 *port = 636;
 265                 *ldaps = true;
 266         } else {
 267                 DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
 268                 return NT_STATUS_PROTOCOL_UNREACHABLE;
 269         }
 270 
 271         if (tmp_port != 0)
 272                 *port = tmp_port;
 273 
 274         *host = talloc_strdup(mem_ctx, tmp_host);
 275         NT_STATUS_HAVE_NO_MEMORY(*host);
 276 
 277         return NT_STATUS_OK;
 278 }
 279 
 280 /*
 281   connect to a ldap server
 282 */
 283 
 284 struct ldap_connect_state {
 285         struct composite_context *ctx;
 286         struct ldap_connection *conn;
 287 };
 288 
 289 static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
 290 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
 291 
 292 _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 293                                             const char *url)
 294 {
 295         struct composite_context *result, *ctx;
 296         struct ldap_connect_state *state;
 297         char protocol[11];
 298         int ret;
 299 
 300         result = talloc_zero(conn, struct composite_context);
 301         if (result == NULL) goto failed;
 302         result->state = COMPOSITE_STATE_IN_PROGRESS;
 303         result->async.fn = NULL;
 304         result->event_ctx = conn->event.event_ctx;
 305 
 306         state = talloc(result, struct ldap_connect_state);
 307         if (state == NULL) goto failed;
 308         state->ctx = result;
 309         result->private_data = state;
 310 
 311         state->conn = conn;
 312 
 313         if (conn->reconnect.url == NULL) {
 314                 conn->reconnect.url = talloc_strdup(conn, url);
 315                 if (conn->reconnect.url == NULL) goto failed;
 316         }
 317 
 318         /* Paranoia check */
 319         SMB_ASSERT(sizeof(protocol)>10);
 320 
 321         ret = sscanf(url, "%10[^:]://", protocol);
 322         if (ret < 1) {
 323                 return NULL;
 324         }
 325 
 326         if (strequal(protocol, "ldapi")) {
 327                 struct socket_address *unix_addr;
 328                 char path[1025];
 329         
 330                 NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &conn->sock, 0);
 331                 if (!NT_STATUS_IS_OK(status)) {
 332                         return NULL;
 333                 }
 334                 talloc_steal(conn, conn->sock);
 335                 SMB_ASSERT(sizeof(protocol)>10);
 336                 SMB_ASSERT(sizeof(path)>1024);
 337         
 338                 /* LDAPI connections are to localhost, so give the local host name as the target for gensec */
 339                 conn->host = talloc_asprintf(conn, "%s.%s", lp_netbios_name(conn->lp_ctx),  lp_realm(conn->lp_ctx));
 340                 if (composite_nomem(conn->host, state->ctx)) {
 341                         return result;
 342                 }
 343 
 344                 /* The %c specifier doesn't null terminate :-( */
 345                 ZERO_STRUCT(path);
 346                 ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
 347                 if (ret < 2) {
 348                         composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
 349                         return result;
 350                 }
 351 
 352                 rfc1738_unescape(path);
 353         
 354                 unix_addr = socket_address_from_strings(conn, conn->sock->backend_name, 
 355                                                         path, 0);
 356                 if (!unix_addr) {
 357                         return NULL;
 358                 }
 359 
 360                 ctx = socket_connect_send(conn->sock, NULL, unix_addr, 
 361                                           0, conn->event.event_ctx);
 362                 ctx->async.fn = ldap_connect_recv_unix_conn;
 363                 ctx->async.private_data = state;
 364                 return result;
 365         } else {
 366                 NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
 367                                                           &conn->port, &conn->ldaps);
 368                 if (!NT_STATUS_IS_OK(state->ctx->status)) {
 369                         composite_error(state->ctx, status);
 370                         return result;
 371                 }
 372                 
 373                 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
 374                                                 lp_resolve_context(conn->lp_ctx), conn->event.event_ctx);
 375                 if (ctx == NULL) goto failed;
 376 
 377                 ctx->async.fn = ldap_connect_recv_tcp_conn;
 378                 ctx->async.private_data = state;
 379                 return result;
 380         }
 381  failed:
 382         talloc_free(result);
 383         return NULL;
 384 }
 385 
 386 static void ldap_connect_got_sock(struct composite_context *ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
 387                                   struct ldap_connection *conn) 
 388 {
 389         /* setup a handler for events on this socket */
 390         conn->event.fde = tevent_add_fd(conn->event.event_ctx, conn->sock,
 391                                         socket_get_fd(conn->sock),
 392                                         TEVENT_FD_READ, ldap_io_handler, conn);
 393         if (conn->event.fde == NULL) {
 394                 composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
 395                 return;
 396         }
 397 
 398         tevent_fd_set_close_fn(conn->event.fde, socket_tevent_fd_close_fn);
 399         socket_set_flags(conn->sock, SOCKET_FLAG_NOCLOSE);
 400 
 401         talloc_steal(conn, conn->sock);
 402         if (conn->ldaps) {
 403                 struct socket_context *tls_socket;
 404                 struct socket_context *tmp_socket;
 405                 char *cafile = lp_tls_cafile(conn->sock, conn->lp_ctx);
 406 
 407                 if (!cafile || !*cafile) {
 408                         talloc_free(conn->sock);
 409                         return;
 410                 }
 411 
 412                 tls_socket = tls_init_client(conn->sock, conn->event.fde, cafile);
 413                 talloc_free(cafile);
 414 
 415                 if (tls_socket == NULL) {
 416                         talloc_free(conn->sock);
 417                         return;
 418                 }
 419 
 420                 /* the original socket, must become a child of the tls socket */
 421                 tmp_socket = conn->sock;
 422                 conn->sock = talloc_steal(conn, tls_socket);
 423                 talloc_steal(conn->sock, tmp_socket);
 424         }
 425 
 426         conn->packet = packet_init(conn);
 427         if (conn->packet == NULL) {
 428                 talloc_free(conn->sock);
 429                 return;
 430         }
 431 
 432         packet_set_private(conn->packet, conn);
 433         packet_set_socket(conn->packet, conn->sock);
 434         packet_set_callback(conn->packet, ldap_recv_handler);
 435         packet_set_full_request(conn->packet, ldap_full_packet);
 436         packet_set_error_handler(conn->packet, ldap_error_handler);
 437         packet_set_event_context(conn->packet, conn->event.event_ctx);
 438         packet_set_fde(conn->packet, conn->event.fde);
 439 /*      packet_set_serialise(conn->packet); */
 440 
 441         if (conn->ldaps) {
 442                 packet_set_unreliable_select(conn->packet);
 443         }
 444 
 445         composite_done(ctx);
 446 }
 447 
 448 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
     /* [<][>][^][v][top][bottom][index][help] */
 449 {
 450         struct ldap_connect_state *state =
 451                 talloc_get_type(ctx->async.private_data,
 452                                 struct ldap_connect_state);
 453         struct ldap_connection *conn = state->conn;
 454         uint16_t port;
 455         NTSTATUS status = socket_connect_multi_recv(ctx, state, &conn->sock,
 456                                                        &port);
 457         if (!NT_STATUS_IS_OK(status)) {
 458                 composite_error(state->ctx, status);
 459                 return;
 460         }
 461 
 462         ldap_connect_got_sock(state->ctx, conn);
 463 }
 464 
 465 static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
     /* [<][>][^][v][top][bottom][index][help] */
 466 {
 467         struct ldap_connect_state *state =
 468                 talloc_get_type(ctx->async.private_data,
 469                                 struct ldap_connect_state);
 470         struct ldap_connection *conn = state->conn;
 471 
 472         NTSTATUS status = socket_connect_recv(ctx);
 473 
 474         if (!NT_STATUS_IS_OK(state->ctx->status)) {
 475                 composite_error(state->ctx, status);
 476                 return;
 477         }
 478 
 479         ldap_connect_got_sock(state->ctx, conn);
 480 }
 481 
 482 _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
     /* [<][>][^][v][top][bottom][index][help] */
 483 {
 484         NTSTATUS status = composite_wait(ctx);
 485         talloc_free(ctx);
 486         return status;
 487 }
 488 
 489 _PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
     /* [<][>][^][v][top][bottom][index][help] */
 490 {
 491         struct composite_context *ctx = ldap_connect_send(conn, url);
 492         return ldap_connect_recv(ctx);
 493 }
 494 
 495 /* set reconnect parameters */
 496 
 497 _PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
     /* [<][>][^][v][top][bottom][index][help] */
 498 {
 499         if (conn) {
 500                 conn->reconnect.max_retries = max_retries;
 501                 conn->reconnect.retries = 0;
 502                 conn->reconnect.previous = time(NULL);
 503         }
 504 }
 505 
 506 /* Actually this function is NOT ASYNC safe, FIXME? */
 507 static void ldap_reconnect(struct ldap_connection *conn)
     /* [<][>][^][v][top][bottom][index][help] */
 508 {
 509         NTSTATUS status;
 510         time_t now = time(NULL);
 511 
 512         /* do we have set up reconnect ? */
 513         if (conn->reconnect.max_retries == 0) return;
 514 
 515         /* is the retry time expired ? */
 516         if (now > conn->reconnect.previous + 30) {
 517                 conn->reconnect.retries = 0;
 518                 conn->reconnect.previous = now;
 519         }
 520 
 521         /* are we reconnectind too often and too fast? */
 522         if (conn->reconnect.retries > conn->reconnect.max_retries) return;
 523 
 524         /* keep track of the number of reconnections */
 525         conn->reconnect.retries++;
 526 
 527         /* reconnect */
 528         status = ldap_connect(conn, conn->reconnect.url);
 529         if ( ! NT_STATUS_IS_OK(status)) {
 530                 return;
 531         }
 532 
 533         /* rebind */
 534         status = ldap_rebind(conn);
 535         if ( ! NT_STATUS_IS_OK(status)) {
 536                 ldap_connection_dead(conn);
 537         }
 538 }
 539 
 540 /* destroy an open ldap request */
 541 static int ldap_request_destructor(struct ldap_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 542 {
 543         if (req->state == LDAP_REQUEST_PENDING) {
 544                 DLIST_REMOVE(req->conn->pending, req);
 545         }
 546         return 0;
 547 }
 548 
 549 /*
 550   called on timeout of a ldap request
 551 */
 552 static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te, 
     /* [<][>][^][v][top][bottom][index][help] */
 553                                       struct timeval t, void *private_data)
 554 {
 555         struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
 556         req->status = NT_STATUS_IO_TIMEOUT;
 557         if (req->state == LDAP_REQUEST_PENDING) {
 558                 DLIST_REMOVE(req->conn->pending, req);
 559         }
 560         req->state = LDAP_REQUEST_DONE;
 561         if (req->async.fn) {
 562                 req->async.fn(req);
 563         }
 564 }
 565 
 566 
 567 /*
 568   called on completion of a one-way ldap request
 569 */
 570 static void ldap_request_complete(struct tevent_context *ev, struct tevent_timer *te, 
     /* [<][>][^][v][top][bottom][index][help] */
 571                                   struct timeval t, void *private_data)
 572 {
 573         struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
 574         if (req->async.fn) {
 575                 req->async.fn(req);
 576         }
 577 }
 578 
 579 /*
 580   send a ldap message - async interface
 581 */
 582 _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 583                                        struct ldap_message *msg)
 584 {
 585         struct ldap_request *req;
 586         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 587 
 588         req = talloc_zero(conn, struct ldap_request);
 589         if (req == NULL) return NULL;
 590 
 591         if (conn->sock == NULL) {
 592                 status = NT_STATUS_INVALID_CONNECTION;
 593                 goto failed;
 594         }
 595 
 596         req->state       = LDAP_REQUEST_SEND;
 597         req->conn        = conn;
 598         req->messageid   = conn->next_messageid++;
 599         if (conn->next_messageid == 0) {
 600                 conn->next_messageid = 1;
 601         }
 602         req->type        = msg->type;
 603         if (req->messageid == -1) {
 604                 goto failed;
 605         }
 606 
 607         talloc_set_destructor(req, ldap_request_destructor);
 608 
 609         msg->messageid = req->messageid;
 610 
 611         if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
 612                 status = NT_STATUS_INTERNAL_ERROR;
 613                 goto failed;            
 614         }
 615 
 616         status = packet_send(conn->packet, req->data);
 617         if (!NT_STATUS_IS_OK(status)) {
 618                 goto failed;
 619         }
 620 
 621         /* some requests don't expect a reply, so don't add those to the
 622            pending queue */
 623         if (req->type == LDAP_TAG_AbandonRequest ||
 624             req->type == LDAP_TAG_UnbindRequest) {
 625                 req->status = NT_STATUS_OK;
 626                 req->state = LDAP_REQUEST_DONE;
 627                 /* we can't call the async callback now, as it isn't setup, so
 628                    call it as next event */
 629                 tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
 630                                  ldap_request_complete, req);
 631                 return req;
 632         }
 633 
 634         req->state = LDAP_REQUEST_PENDING;
 635         DLIST_ADD(conn->pending, req);
 636 
 637         /* put a timeout on the request */
 638         req->time_event = tevent_add_timer(conn->event.event_ctx, req,
 639                                            timeval_current_ofs(conn->timeout, 0),
 640                                            ldap_request_timeout, req);
 641 
 642         return req;
 643 
 644 failed:
 645         req->status = status;
 646         req->state = LDAP_REQUEST_ERROR;
 647         tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
 648                          ldap_request_complete, req);
 649 
 650         return req;
 651 }
 652 
 653 
 654 /*
 655   wait for a request to complete
 656   note that this does not destroy the request
 657 */
 658 _PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 659 {
 660         while (req->state < LDAP_REQUEST_DONE) {
 661                 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
 662                         req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
 663                         break;
 664                 }
 665         }
 666         return req->status;
 667 }
 668 
 669 
 670 /*
 671   a mapping of ldap response code to strings
 672 */
 673 static const struct {
 674         enum ldap_result_code code;
 675         const char *str;
 676 } ldap_code_map[] = {
 677 #define _LDAP_MAP_CODE(c) { c, #c }
 678         _LDAP_MAP_CODE(LDAP_SUCCESS),
 679         _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
 680         _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
 681         _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
 682         _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
 683         _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
 684         _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
 685         _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
 686         _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
 687         _LDAP_MAP_CODE(LDAP_REFERRAL),
 688         _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
 689         _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
 690         _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
 691         _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
 692         _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
 693         _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
 694         _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
 695         _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
 696         _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
 697         _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
 698         _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
 699         _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
 700         _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
 701         _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
 702         _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
 703         _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
 704         _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
 705         _LDAP_MAP_CODE(LDAP_BUSY),
 706         _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
 707         _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
 708         _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
 709         _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
 710         _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
 711         _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
 712         _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
 713         _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
 714         _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
 715         _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
 716         _LDAP_MAP_CODE(LDAP_OTHER)
 717 };
 718 
 719 /*
 720   used to setup the status code from a ldap response
 721 */
 722 _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
     /* [<][>][^][v][top][bottom][index][help] */
 723 {
 724         int i;
 725         const char *codename = "unknown";
 726 
 727         if (r->resultcode == LDAP_SUCCESS) {
 728                 return NT_STATUS_OK;
 729         }
 730 
 731         if (conn->last_error) {
 732                 talloc_free(conn->last_error);
 733         }
 734 
 735         for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
 736                 if (r->resultcode == ldap_code_map[i].code) {
 737                         codename = ldap_code_map[i].str;
 738                         break;
 739                 }
 740         }
 741 
 742         conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>", 
 743                                            r->resultcode,
 744                                            codename,
 745                                            r->dn?r->dn:"(NULL)", 
 746                                            r->errormessage?r->errormessage:"", 
 747                                            r->referral?r->referral:"");
 748         
 749         return NT_STATUS_LDAP(r->resultcode);
 750 }
 751 
 752 /*
 753   return error string representing the last error
 754 */
 755 _PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn, 
     /* [<][>][^][v][top][bottom][index][help] */
 756                         TALLOC_CTX *mem_ctx, 
 757                         NTSTATUS status)
 758 {
 759         if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
 760                 return talloc_strdup(mem_ctx, conn->last_error);
 761         }
 762         return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
 763 }
 764 
 765 
 766 /*
 767   return the Nth result message, waiting if necessary
 768 */
 769 _PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
     /* [<][>][^][v][top][bottom][index][help] */
 770 {
 771         *msg = NULL;
 772 
 773         NT_STATUS_HAVE_NO_MEMORY(req);
 774 
 775         while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
 776                 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
 777                         return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
 778                 }
 779         }
 780 
 781         if (n < req->num_replies) {
 782                 *msg = req->replies[n];
 783                 return NT_STATUS_OK;
 784         }
 785 
 786         if (!NT_STATUS_IS_OK(req->status)) {
 787                 return req->status;
 788         }
 789 
 790         return NT_STATUS_NO_MORE_ENTRIES;
 791 }
 792 
 793 
 794 /*
 795   return a single result message, checking if it is of the expected LDAP type
 796 */
 797 _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
     /* [<][>][^][v][top][bottom][index][help] */
 798 {
 799         NTSTATUS status;
 800         status = ldap_result_n(req, 0, msg);
 801         if (!NT_STATUS_IS_OK(status)) {
 802                 return status;
 803         }
 804         if ((*msg)->type != type) {
 805                 *msg = NULL;
 806                 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
 807         }
 808         return status;
 809 }
 810 
 811 /*
 812   a simple ldap transaction, for single result requests that only need a status code
 813   this relies on single valued requests having the response type == request type + 1
 814 */
 815 _PUBLIC_ NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
     /* [<][>][^][v][top][bottom][index][help] */
 816 {
 817         struct ldap_request *req = ldap_request_send(conn, msg);
 818         struct ldap_message *res;
 819         NTSTATUS status;
 820         status = ldap_result_n(req, 0, &res);
 821         if (!NT_STATUS_IS_OK(status)) {
 822                 talloc_free(req);
 823                 return status;
 824         }
 825         if (res->type != msg->type + 1) {
 826                 talloc_free(req);
 827                 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
 828         }
 829         status = ldap_check_response(conn, &res->r.GeneralResult);
 830         talloc_free(req);
 831         return status;
 832 }

/* [<][>][^][v][top][bottom][index][help] */