root/source4/ldap_server/ldap_backend.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. map_ldb_error
  2. ldapsrv_backend_Init
  3. ldapsrv_init_reply
  4. ldapsrv_queue_reply
  5. ldapsrv_unwilling
  6. ldapsrv_SearchRequest
  7. ldapsrv_ModifyRequest
  8. ldapsrv_AddRequest
  9. ldapsrv_DelRequest
  10. ldapsrv_ModifyDNRequest
  11. ldapsrv_CompareRequest
  12. ldapsrv_AbandonRequest
  13. ldapsrv_do_call

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    LDAP server
   4    Copyright (C) Stefan Metzmacher 2004
   5    
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10    
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15    
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 
  20 #include "includes.h"
  21 #include "ldap_server/ldap_server.h"
  22 #include "../lib/util/dlinklist.h"
  23 #include "libcli/ldap/ldap.h"
  24 #include "auth/credentials/credentials.h"
  25 #include "auth/gensec/gensec.h"
  26 #include "param/param.h"
  27 #include "smbd/service_stream.h"
  28 #include "dsdb/samdb/samdb.h"
  29 #include "lib/ldb/include/ldb_errors.h"
  30 #include "lib/ldb_wrap.h"
  31 
  32 #define VALID_DN_SYNTAX(dn) do {\
  33         if (!(dn)) {\
  34                 return NT_STATUS_NO_MEMORY;\
  35         } else if ( ! ldb_dn_validate(dn)) {\
  36                 result = LDAP_INVALID_DN_SYNTAX;\
  37                 errstr = "Invalid DN format";\
  38                 goto reply;\
  39         }\
  40 } while(0)
  41 
  42 static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstring)
     /* [<][>][^][v][top][bottom][index][help] */
  43 {
  44         *errstring = ldb_errstring(ldb);
  45         
  46         /* its 1:1 for now */
  47         return err;
  48 }
  49 
  50 /*
  51   connect to the sam database
  52 */
  53 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
     /* [<][>][^][v][top][bottom][index][help] */
  54 {
  55         conn->ldb = ldb_wrap_connect(conn, 
  56                                      conn->connection->event.ctx,
  57                                      conn->lp_ctx,
  58                                      lp_sam_url(conn->lp_ctx), 
  59                                      conn->session_info,
  60                                      samdb_credentials(conn, conn->connection->event.ctx, conn->lp_ctx), 
  61                                      conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
  62         if (conn->ldb == NULL) {
  63                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  64         }
  65 
  66         if (conn->server_credentials) {
  67                 char **sasl_mechs = NULL;
  68                 struct gensec_security_ops **backends = gensec_security_all();
  69                 struct gensec_security_ops **ops
  70                         = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
  71                 int i, j = 0;
  72                 for (i = 0; ops && ops[i]; i++) {
  73                         if (!gensec_security_ops_enabled(ops[i], conn->lp_ctx))
  74                                 continue;
  75 
  76                         if (ops[i]->sasl_name && ops[i]->server_start) {
  77                                 char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
  78 
  79                                 if (!sasl_name) {
  80                                         return NT_STATUS_NO_MEMORY;
  81                                 }
  82                                 sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
  83                                 if (!sasl_mechs) {
  84                                         return NT_STATUS_NO_MEMORY;
  85                                 }
  86                                 sasl_mechs[j] = sasl_name;
  87                                 talloc_steal(sasl_mechs, sasl_name);
  88                                 sasl_mechs[j+1] = NULL;
  89                                 j++;
  90                         }
  91                 }
  92                 talloc_free(ops);
  93                 ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
  94         }
  95 
  96         return NT_STATUS_OK;
  97 }
  98 
  99 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
     /* [<][>][^][v][top][bottom][index][help] */
 100 {
 101         struct ldapsrv_reply *reply;
 102 
 103         reply = talloc(call, struct ldapsrv_reply);
 104         if (!reply) {
 105                 return NULL;
 106         }
 107         reply->msg = talloc(reply, struct ldap_message);
 108         if (reply->msg == NULL) {
 109                 talloc_free(reply);
 110                 return NULL;
 111         }
 112 
 113         reply->msg->messageid = call->request->messageid;
 114         reply->msg->type = type;
 115         reply->msg->controls = NULL;
 116 
 117         return reply;
 118 }
 119 
 120 void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
     /* [<][>][^][v][top][bottom][index][help] */
 121 {
 122         DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
 123 }
 124 
 125 static NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
     /* [<][>][^][v][top][bottom][index][help] */
 126 {
 127         struct ldapsrv_reply *reply;
 128         struct ldap_ExtendedResponse *r;
 129 
 130         DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request->type, call->request->messageid));
 131 
 132         reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
 133         if (!reply) {
 134                 return NT_STATUS_NO_MEMORY;
 135         }
 136 
 137         r = &reply->msg->r.ExtendedResponse;
 138         r->response.resultcode = error;
 139         r->response.dn = NULL;
 140         r->response.errormessage = NULL;
 141         r->response.referral = NULL;
 142         r->oid = NULL;
 143         r->value = NULL;
 144 
 145         ldapsrv_queue_reply(call, reply);
 146         return NT_STATUS_OK;
 147 }
 148 
 149 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 150 {
 151         struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
 152         struct ldap_SearchResEntry *ent;
 153         struct ldap_Result *done;
 154         struct ldapsrv_reply *ent_r, *done_r;
 155         void *local_ctx;
 156         struct ldb_context *samdb = talloc_get_type(call->conn->ldb, struct ldb_context);
 157         struct ldb_dn *basedn;
 158         struct ldb_result *res = NULL;
 159         struct ldb_request *lreq;
 160         struct ldb_control *search_control;
 161         struct ldb_search_options_control *search_options;
 162         struct ldb_control *extended_dn_control;
 163         struct ldb_extended_dn_control *extended_dn_decoded = NULL;
 164         enum ldb_scope scope = LDB_SCOPE_DEFAULT;
 165         const char **attrs = NULL;
 166         const char *scope_str, *errstr = NULL;
 167         int success_limit = 1;
 168         int result = -1;
 169         int ldb_ret = -1;
 170         int i, j;
 171         int extended_type = 1;
 172 
 173         DEBUG(10, ("SearchRequest"));
 174         DEBUGADD(10, (" basedn: %s", req->basedn));
 175         DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
 176 
 177         local_ctx = talloc_new(call);
 178         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 179 
 180         basedn = ldb_dn_new(local_ctx, samdb, req->basedn);
 181         VALID_DN_SYNTAX(basedn);
 182 
 183         DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn));
 184         DEBUG(10, ("SearchRequest: filter: [%s]\n", ldb_filter_from_tree(call, req->tree)));
 185 
 186         switch (req->scope) {
 187                 case LDAP_SEARCH_SCOPE_BASE:
 188                         scope_str = "BASE";
 189                         scope = LDB_SCOPE_BASE;
 190                         success_limit = 0;
 191                         break;
 192                 case LDAP_SEARCH_SCOPE_SINGLE:
 193                         scope_str = "ONE";
 194                         scope = LDB_SCOPE_ONELEVEL;
 195                         success_limit = 0;
 196                         break;
 197                 case LDAP_SEARCH_SCOPE_SUB:
 198                         scope_str = "SUB";
 199                         scope = LDB_SCOPE_SUBTREE;
 200                         success_limit = 0;
 201                         break;
 202                 default:
 203                         result = LDAP_PROTOCOL_ERROR;
 204                         errstr = "Invalid scope";
 205                         goto reply;
 206         }
 207         DEBUG(10,("SearchRequest: scope: [%s]\n", scope_str));
 208 
 209         if (req->num_attributes >= 1) {
 210                 attrs = talloc_array(local_ctx, const char *, req->num_attributes+1);
 211                 NT_STATUS_HAVE_NO_MEMORY(attrs);
 212 
 213                 for (i=0; i < req->num_attributes; i++) {
 214                         DEBUG(10,("SearchRequest: attrs: [%s]\n",req->attributes[i]));
 215                         attrs[i] = req->attributes[i];
 216                 }
 217                 attrs[i] = NULL;
 218         }
 219 
 220         DEBUG(5,("ldb_request %s dn=%s filter=%s\n", 
 221                  scope_str, req->basedn, ldb_filter_from_tree(call, req->tree)));
 222 
 223         res = talloc_zero(local_ctx, struct ldb_result);
 224         NT_STATUS_HAVE_NO_MEMORY(res);
 225 
 226         ldb_ret = ldb_build_search_req_ex(&lreq, samdb, local_ctx,
 227                                           basedn, scope,
 228                                           req->tree, attrs,
 229                                           call->request->controls,
 230                                           res, ldb_search_default_callback,
 231                                           NULL);
 232 
 233         if (ldb_ret != LDB_SUCCESS) {
 234                 goto reply;
 235         }
 236 
 237         if (call->conn->global_catalog) {
 238                 search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID);
 239 
 240                 search_options = NULL;
 241                 if (search_control) {
 242                         search_options = talloc_get_type(search_control->data, struct ldb_search_options_control);
 243                         search_options->search_options |= LDB_SEARCH_OPTION_PHANTOM_ROOT;
 244                 } else {
 245                         search_options = talloc(lreq, struct ldb_search_options_control);
 246                         NT_STATUS_HAVE_NO_MEMORY(search_options);
 247                         search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
 248                         ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options);
 249                 }
 250         }
 251 
 252         extended_dn_control = ldb_request_get_control(lreq, LDB_CONTROL_EXTENDED_DN_OID);
 253 
 254         if (extended_dn_control) {
 255                 if (extended_dn_control->data) {
 256                         extended_dn_decoded = talloc_get_type(extended_dn_control->data, struct ldb_extended_dn_control);
 257                         extended_type = extended_dn_decoded->type;
 258                 } else {
 259                         extended_type = 0;
 260                 }
 261         }
 262 
 263         ldb_set_timeout(samdb, lreq, req->timelimit);
 264 
 265         ldb_ret = ldb_request(samdb, lreq);
 266 
 267         if (ldb_ret != LDB_SUCCESS) {
 268                 goto reply;
 269         }
 270 
 271         ldb_ret = ldb_wait(lreq->handle, LDB_WAIT_ALL);
 272 
 273         if (ldb_ret == LDB_SUCCESS) {
 274                 for (i = 0; i < res->count; i++) {
 275                         ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
 276                         NT_STATUS_HAVE_NO_MEMORY(ent_r);
 277 
 278                         /* Better to have the whole message kept here,
 279                          * than to find someone further up didn't put
 280                          * a value in the right spot in the talloc tree */
 281                         talloc_steal(ent_r, res->msgs[i]);
 282                         
 283                         ent = &ent_r->msg->r.SearchResultEntry;
 284                         ent->dn = ldb_dn_get_extended_linearized(ent_r, res->msgs[i]->dn, extended_type);
 285                         ent->num_attributes = 0;
 286                         ent->attributes = NULL;
 287                         if (res->msgs[i]->num_elements == 0) {
 288                                 goto queue_reply;
 289                         }
 290                         ent->num_attributes = res->msgs[i]->num_elements;
 291                         ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
 292                         NT_STATUS_HAVE_NO_MEMORY(ent->attributes);
 293                         for (j=0; j < ent->num_attributes; j++) {
 294                                 ent->attributes[j].name = talloc_steal(ent->attributes, res->msgs[i]->elements[j].name);
 295                                 ent->attributes[j].num_values = 0;
 296                                 ent->attributes[j].values = NULL;
 297                                 if (req->attributesonly && (res->msgs[i]->elements[j].num_values == 0)) {
 298                                         continue;
 299                                 }
 300                                 ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
 301                                 ent->attributes[j].values = res->msgs[i]->elements[j].values;
 302                                 talloc_steal(ent->attributes, res->msgs[i]->elements[j].values);
 303                         }
 304 queue_reply:
 305                         ldapsrv_queue_reply(call, ent_r);
 306                 }
 307         }
 308 
 309 reply:
 310         done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
 311         NT_STATUS_HAVE_NO_MEMORY(done_r);
 312 
 313         done = &done_r->msg->r.SearchResultDone;
 314         done->dn = NULL;
 315         done->referral = NULL;
 316 
 317         if (result != -1) {
 318         } else if (ldb_ret == LDB_SUCCESS) {
 319                 if (res->count >= success_limit) {
 320                         DEBUG(10,("SearchRequest: results: [%d]\n", res->count));
 321                         result = LDAP_SUCCESS;
 322                         errstr = NULL;
 323                 }
 324                 if (res->controls) {
 325                         done_r->msg->controls = res->controls;
 326                         talloc_steal(done_r, res->controls);
 327                 }
 328         } else {
 329                 DEBUG(10,("SearchRequest: error\n"));
 330                 result = map_ldb_error(samdb, ldb_ret, &errstr);
 331         }
 332 
 333         done->resultcode = result;
 334         done->errormessage = (errstr?talloc_strdup(done_r, errstr):NULL);
 335 
 336         talloc_free(local_ctx);
 337 
 338         ldapsrv_queue_reply(call, done_r);
 339         return NT_STATUS_OK;
 340 }
 341 
 342 static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 343 {
 344         struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
 345         struct ldap_Result *modify_result;
 346         struct ldapsrv_reply *modify_reply;
 347         void *local_ctx;
 348         struct ldb_context *samdb = call->conn->ldb;
 349         struct ldb_message *msg = NULL;
 350         struct ldb_dn *dn;
 351         const char *errstr = NULL;
 352         int result = LDAP_SUCCESS;
 353         int ldb_ret;
 354         int i,j;
 355 
 356         DEBUG(10, ("ModifyRequest"));
 357         DEBUGADD(10, (" dn: %s", req->dn));
 358 
 359         local_ctx = talloc_named(call, 0, "ModifyRequest local memory context");
 360         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 361 
 362         dn = ldb_dn_new(local_ctx, samdb, req->dn);
 363         VALID_DN_SYNTAX(dn);
 364 
 365         DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
 366 
 367         msg = talloc(local_ctx, struct ldb_message);
 368         NT_STATUS_HAVE_NO_MEMORY(msg);
 369 
 370         msg->dn = dn;
 371         msg->num_elements = 0;
 372         msg->elements = NULL;
 373 
 374         if (req->num_mods > 0) {
 375                 msg->num_elements = req->num_mods;
 376                 msg->elements = talloc_array(msg, struct ldb_message_element, req->num_mods);
 377                 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
 378 
 379                 for (i=0; i < msg->num_elements; i++) {
 380                         msg->elements[i].name = discard_const_p(char, req->mods[i].attrib.name);
 381                         msg->elements[i].num_values = 0;
 382                         msg->elements[i].values = NULL;
 383 
 384                         switch (req->mods[i].type) {
 385                         default:
 386                                 result = LDAP_PROTOCOL_ERROR;
 387                                 errstr = "Invalid LDAP_MODIFY_* type";
 388                                 goto reply;
 389                         case LDAP_MODIFY_ADD:
 390                                 msg->elements[i].flags = LDB_FLAG_MOD_ADD;
 391                                 break;
 392                         case LDAP_MODIFY_DELETE:
 393                                 msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
 394                                 break;
 395                         case LDAP_MODIFY_REPLACE:
 396                                 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
 397                                 break;
 398                         }
 399 
 400                         msg->elements[i].num_values = req->mods[i].attrib.num_values;
 401                         if (msg->elements[i].num_values > 0) {
 402                                 msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
 403                                                                        msg->elements[i].num_values);
 404                                 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
 405 
 406                                 for (j=0; j < msg->elements[i].num_values; j++) {
 407                                         if (!(req->mods[i].attrib.values[j].length > 0)) {
 408                                                 result = LDAP_OTHER;
 409                                                 errstr = "Empty attribute values are not allowed";
 410                                                 goto reply;
 411                                         }
 412                                         msg->elements[i].values[j].length = req->mods[i].attrib.values[j].length;
 413                                         msg->elements[i].values[j].data = req->mods[i].attrib.values[j].data;                   
 414                                 }
 415                         }
 416                 }
 417         } else {
 418                 result = LDAP_OTHER;
 419                 errstr = "No mods are not allowed";
 420                 goto reply;
 421         }
 422 
 423 reply:
 424         modify_reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse);
 425         NT_STATUS_HAVE_NO_MEMORY(modify_reply);
 426 
 427         if (result == LDAP_SUCCESS) {
 428                 ldb_ret = ldb_modify(samdb, msg);
 429                 result = map_ldb_error(samdb, ldb_ret, &errstr);
 430         }
 431 
 432         modify_result = &modify_reply->msg->r.AddResponse;
 433         modify_result->dn = NULL;
 434         modify_result->resultcode = result;
 435         modify_result->errormessage = (errstr?talloc_strdup(modify_reply, errstr):NULL);
 436         modify_result->referral = NULL;
 437 
 438         talloc_free(local_ctx);
 439 
 440         ldapsrv_queue_reply(call, modify_reply);
 441         return NT_STATUS_OK;
 442 
 443 }
 444 
 445 static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 446 {
 447         struct ldap_AddRequest *req = &call->request->r.AddRequest;
 448         struct ldap_Result *add_result;
 449         struct ldapsrv_reply *add_reply;
 450         void *local_ctx;
 451         struct ldb_context *samdb = call->conn->ldb;
 452         struct ldb_message *msg = NULL;
 453         struct ldb_dn *dn;
 454         const char *errstr = NULL;
 455         int result = LDAP_SUCCESS;
 456         int ldb_ret;
 457         int i,j;
 458 
 459         DEBUG(10, ("AddRequest"));
 460         DEBUGADD(10, (" dn: %s", req->dn));
 461 
 462         local_ctx = talloc_named(call, 0, "AddRequest local memory context");
 463         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 464 
 465         dn = ldb_dn_new(local_ctx, samdb, req->dn);
 466         VALID_DN_SYNTAX(dn);
 467 
 468         DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn));
 469 
 470         msg = talloc(local_ctx, struct ldb_message);
 471         NT_STATUS_HAVE_NO_MEMORY(msg);
 472 
 473         msg->dn = dn;
 474         msg->num_elements = 0;
 475         msg->elements = NULL;
 476 
 477         if (req->num_attributes > 0) {
 478                 msg->num_elements = req->num_attributes;
 479                 msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements);
 480                 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
 481 
 482                 for (i=0; i < msg->num_elements; i++) {
 483                         msg->elements[i].name = discard_const_p(char, req->attributes[i].name);
 484                         msg->elements[i].flags = 0;
 485                         msg->elements[i].num_values = 0;
 486                         msg->elements[i].values = NULL;
 487                         
 488                         if (req->attributes[i].num_values > 0) {
 489                                 msg->elements[i].num_values = req->attributes[i].num_values;
 490                                 msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
 491                                                                        msg->elements[i].num_values);
 492                                 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
 493 
 494                                 for (j=0; j < msg->elements[i].num_values; j++) {
 495                                         if (!(req->attributes[i].values[j].length > 0)) {
 496                                                 result = LDAP_OTHER;
 497                                                 errstr = "Empty attribute values are not allowed";
 498                                                 goto reply;
 499                                         }
 500                                         msg->elements[i].values[j].length = req->attributes[i].values[j].length;
 501                                         msg->elements[i].values[j].data = req->attributes[i].values[j].data;                    
 502                                 }
 503                         } else {
 504                                 result = LDAP_OTHER;
 505                                 errstr = "No attribute values are not allowed";
 506                                 goto reply;
 507                         }
 508                 }
 509         } else {
 510                 result = LDAP_OTHER;
 511                 errstr = "No attributes are not allowed";
 512                 goto reply;
 513         }
 514 
 515 reply:
 516         add_reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse);
 517         NT_STATUS_HAVE_NO_MEMORY(add_reply);
 518 
 519         if (result == LDAP_SUCCESS) {
 520                 ldb_ret = ldb_add(samdb, msg);
 521                 result = map_ldb_error(samdb, ldb_ret, &errstr);
 522         }
 523 
 524         add_result = &add_reply->msg->r.AddResponse;
 525         add_result->dn = NULL;
 526         add_result->resultcode = result;
 527         add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
 528         add_result->referral = NULL;
 529 
 530         talloc_free(local_ctx);
 531 
 532         ldapsrv_queue_reply(call, add_reply);
 533         return NT_STATUS_OK;
 534 
 535 }
 536 
 537 static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 538 {
 539         struct ldap_DelRequest *req = &call->request->r.DelRequest;
 540         struct ldap_Result *del_result;
 541         struct ldapsrv_reply *del_reply;
 542         void *local_ctx;
 543         struct ldb_context *samdb = call->conn->ldb;
 544         struct ldb_dn *dn;
 545         const char *errstr = NULL;
 546         int result = LDAP_SUCCESS;
 547         int ldb_ret;
 548 
 549         DEBUG(10, ("DelRequest"));
 550         DEBUGADD(10, (" dn: %s", req->dn));
 551 
 552         local_ctx = talloc_named(call, 0, "DelRequest local memory context");
 553         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 554 
 555         dn = ldb_dn_new(local_ctx, samdb, req->dn);
 556         VALID_DN_SYNTAX(dn);
 557 
 558         DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn));
 559 
 560 reply:
 561         del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
 562         NT_STATUS_HAVE_NO_MEMORY(del_reply);
 563 
 564         if (result == LDAP_SUCCESS) {
 565                 ldb_ret = ldb_delete(samdb, dn);
 566                 result = map_ldb_error(samdb, ldb_ret, &errstr);
 567         }
 568 
 569         del_result = &del_reply->msg->r.DelResponse;
 570         del_result->dn = NULL;
 571         del_result->resultcode = result;
 572         del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
 573         del_result->referral = NULL;
 574 
 575         talloc_free(local_ctx);
 576 
 577         ldapsrv_queue_reply(call, del_reply);
 578         return NT_STATUS_OK;
 579 }
 580 
 581 static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 582 {
 583         struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
 584         struct ldap_Result *modifydn;
 585         struct ldapsrv_reply *modifydn_r;
 586         void *local_ctx;
 587         struct ldb_context *samdb = call->conn->ldb;
 588         struct ldb_dn *olddn, *newdn=NULL, *newrdn;
 589         struct ldb_dn *parentdn = NULL;
 590         const char *errstr = NULL;
 591         int result = LDAP_SUCCESS;
 592         int ldb_ret;
 593 
 594         DEBUG(10, ("ModifyDNRequrest"));
 595         DEBUGADD(10, (" dn: %s", req->dn));
 596         DEBUGADD(10, (" newrdn: %s", req->newrdn));
 597 
 598         local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context");
 599         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 600 
 601         olddn = ldb_dn_new(local_ctx, samdb, req->dn);
 602         VALID_DN_SYNTAX(olddn);
 603 
 604         newrdn = ldb_dn_new(local_ctx, samdb, req->newrdn);
 605         VALID_DN_SYNTAX(newrdn);
 606 
 607         DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
 608         DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
 609 
 610         /* we can't handle the rename if we should not remove the old dn */
 611         if (!req->deleteolddn) {
 612                 result = LDAP_UNWILLING_TO_PERFORM;
 613                 errstr = "Old RDN must be deleted";
 614                 goto reply;
 615         }
 616 
 617         if (req->newsuperior) {
 618                 parentdn = ldb_dn_new(local_ctx, samdb, req->newsuperior);
 619                 VALID_DN_SYNTAX(parentdn);
 620                 DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior));
 621                 
 622                 if (ldb_dn_get_comp_num(parentdn) < 1) {
 623                         result = LDAP_AFFECTS_MULTIPLE_DSAS;
 624                         errstr = "Error new Superior DN invalid";
 625                         goto reply;
 626                 }
 627         }
 628 
 629         if (!parentdn) {
 630                 parentdn = ldb_dn_get_parent(local_ctx, olddn);
 631                 NT_STATUS_HAVE_NO_MEMORY(parentdn);
 632         }
 633 
 634         if ( ! ldb_dn_add_child_fmt(parentdn,
 635                                 "%s=%s",
 636                                 ldb_dn_get_rdn_name(newrdn),
 637                                 (char *)ldb_dn_get_rdn_val(newrdn)->data)) {
 638                 result = LDAP_OTHER;
 639                 goto reply;
 640         }
 641         newdn = parentdn;
 642 
 643 reply:
 644         modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
 645         NT_STATUS_HAVE_NO_MEMORY(modifydn_r);
 646 
 647         if (result == LDAP_SUCCESS) {
 648                 ldb_ret = ldb_rename(samdb, olddn, newdn);
 649                 result = map_ldb_error(samdb, ldb_ret, &errstr);
 650         }
 651 
 652         modifydn = &modifydn_r->msg->r.ModifyDNResponse;
 653         modifydn->dn = NULL;
 654         modifydn->resultcode = result;
 655         modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
 656         modifydn->referral = NULL;
 657 
 658         talloc_free(local_ctx);
 659 
 660         ldapsrv_queue_reply(call, modifydn_r);
 661         return NT_STATUS_OK;
 662 }
 663 
 664 static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 665 {
 666         struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
 667         struct ldap_Result *compare;
 668         struct ldapsrv_reply *compare_r;
 669         void *local_ctx;
 670         struct ldb_context *samdb = call->conn->ldb;
 671         struct ldb_result *res = NULL;
 672         struct ldb_dn *dn;
 673         const char *attrs[1];
 674         const char *errstr = NULL;
 675         const char *filter = NULL;
 676         int result = LDAP_SUCCESS;
 677         int ldb_ret;
 678 
 679         DEBUG(10, ("CompareRequest"));
 680         DEBUGADD(10, (" dn: %s", req->dn));
 681 
 682         local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context");
 683         NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 684 
 685         dn = ldb_dn_new(local_ctx, samdb, req->dn);
 686         VALID_DN_SYNTAX(dn);
 687 
 688         DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn));
 689         filter = talloc_asprintf(local_ctx, "(%s=%*s)", req->attribute, 
 690                                  (int)req->value.length, req->value.data);
 691         NT_STATUS_HAVE_NO_MEMORY(filter);
 692 
 693         DEBUGADD(10, ("CompareRequest: attribute: [%s]\n", filter));
 694 
 695         attrs[0] = NULL;
 696 
 697 reply:
 698         compare_r = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse);
 699         NT_STATUS_HAVE_NO_MEMORY(compare_r);
 700 
 701         if (result == LDAP_SUCCESS) {
 702                 ldb_ret = ldb_search(samdb, local_ctx, &res,
 703                                      dn, LDB_SCOPE_BASE, attrs, "%s", filter);
 704                 if (ldb_ret != LDB_SUCCESS) {
 705                         result = map_ldb_error(samdb, ldb_ret, &errstr);
 706                         DEBUG(10,("CompareRequest: error: %s\n", errstr));
 707                 } else if (res->count == 0) {
 708                         DEBUG(10,("CompareRequest: doesn't matched\n"));
 709                         result = LDAP_COMPARE_FALSE;
 710                         errstr = NULL;
 711                 } else if (res->count == 1) {
 712                         DEBUG(10,("CompareRequest: matched\n"));
 713                         result = LDAP_COMPARE_TRUE;
 714                         errstr = NULL;
 715                 } else if (res->count > 1) {
 716                         result = LDAP_OTHER;
 717                         errstr = "too many objects match";
 718                         DEBUG(10,("CompareRequest: %d results: %s\n", res->count, errstr));
 719                 }
 720         }
 721 
 722         compare = &compare_r->msg->r.CompareResponse;
 723         compare->dn = NULL;
 724         compare->resultcode = result;
 725         compare->errormessage = (errstr?talloc_strdup(compare_r,errstr):NULL);
 726         compare->referral = NULL;
 727 
 728         talloc_free(local_ctx);
 729 
 730         ldapsrv_queue_reply(call, compare_r);
 731         return NT_STATUS_OK;
 732 }
 733 
 734 static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 735 {
 736 /*      struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/
 737         DEBUG(10, ("AbandonRequest\n"));
 738         return NT_STATUS_OK;
 739 }
 740 
 741 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
     /* [<][>][^][v][top][bottom][index][help] */
 742 {
 743         int i;
 744         struct ldap_message *msg = call->request;
 745         /* Check for undecoded critical extensions */
 746         for (i=0; msg->controls && msg->controls[i]; i++) {
 747                 if (!msg->controls_decoded[i] && 
 748                     msg->controls[i]->critical) {
 749                         DEBUG(3, ("ldapsrv_do_call: Critical extension %s is not known to this server\n",
 750                                   msg->controls[i]->oid));
 751                         return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
 752                 }
 753         }
 754 
 755         switch(call->request->type) {
 756         case LDAP_TAG_BindRequest:
 757                 return ldapsrv_BindRequest(call);
 758         case LDAP_TAG_UnbindRequest:
 759                 return ldapsrv_UnbindRequest(call);
 760         case LDAP_TAG_SearchRequest:
 761                 return ldapsrv_SearchRequest(call);
 762         case LDAP_TAG_ModifyRequest:
 763                 return ldapsrv_ModifyRequest(call);
 764         case LDAP_TAG_AddRequest:
 765                 return ldapsrv_AddRequest(call);
 766         case LDAP_TAG_DelRequest:
 767                 return ldapsrv_DelRequest(call);
 768         case LDAP_TAG_ModifyDNRequest:
 769                 return ldapsrv_ModifyDNRequest(call);
 770         case LDAP_TAG_CompareRequest:
 771                 return ldapsrv_CompareRequest(call);
 772         case LDAP_TAG_AbandonRequest:
 773                 return ldapsrv_AbandonRequest(call);
 774         case LDAP_TAG_ExtendedRequest:
 775                 return ldapsrv_ExtendedRequest(call);
 776         default:
 777                 return ldapsrv_unwilling(call, 2);
 778         }
 779 }

/* [<][>][^][v][top][bottom][index][help] */