/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- ildb_msg_to_mods
- ildb_map_error
- ildb_request_timeout
- ildb_callback
- init_ildb_handle
- ildb_request_send
- ildb_request_noop
- ildb_search
- ildb_add
- ildb_modify
- ildb_delete
- ildb_rename
- ildb_start_trans
- ildb_end_trans
- ildb_del_trans
- ildb_request
- ildb_wait
- ildb_connect
- ldb_ildap_init
1 /*
2 ldb database library - ildap backend
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Simo Sorce 2006
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * Name: ldb_ildap
27 *
28 * Component: ldb ildap backend
29 *
30 * Description: This is a ldb backend for the internal ldap
31 * client library in Samba4. By using this backend we are
32 * independent of a system ldap library
33 *
34 * Author: Andrew Tridgell
35 *
36 * Modifications:
37 *
38 * - description: make the module use asyncronous calls
39 * date: Feb 2006
40 * author: Simo Sorce
41 */
42
43
44 #include "includes.h"
45 #include "ldb/include/includes.h"
46
47 #include "lib/events/events.h"
48 #include "libcli/ldap/ldap.h"
49 #include "libcli/ldap/ldap_client.h"
50 #include "auth/auth.h"
51 #include "auth/credentials/credentials.h"
52
53 struct ildb_private {
54 struct ldap_connection *ldap;
55 struct ldb_context *ldb;
56 };
57
58 struct ildb_context {
59 struct ldb_module *module;
60 struct ldap_request *req;
61 void *context;
62 int (*callback)(struct ldb_context *, void *, struct ldb_reply *);
63 };
64
65 /*
66 convert a ldb_message structure to a list of ldap_mod structures
67 ready for ildap_add() or ildap_modify()
68 */
69 static struct ldap_mod **ildb_msg_to_mods(void *mem_ctx, int *num_mods,
/* [<][>][^][v][top][bottom][index][help] */
70 const struct ldb_message *msg, int use_flags)
71 {
72 struct ldap_mod **mods;
73 unsigned int i;
74 int n = 0;
75
76 /* allocate maximum number of elements needed */
77 mods = talloc_array(mem_ctx, struct ldap_mod *, msg->num_elements+1);
78 if (!mods) {
79 errno = ENOMEM;
80 return NULL;
81 }
82 mods[0] = NULL;
83
84 for (i = 0; i < msg->num_elements; i++) {
85 const struct ldb_message_element *el = &msg->elements[i];
86
87 mods[n] = talloc(mods, struct ldap_mod);
88 if (!mods[n]) {
89 goto failed;
90 }
91 mods[n + 1] = NULL;
92 mods[n]->type = 0;
93 mods[n]->attrib = *el;
94 if (use_flags) {
95 switch (el->flags & LDB_FLAG_MOD_MASK) {
96 case LDB_FLAG_MOD_ADD:
97 mods[n]->type = LDAP_MODIFY_ADD;
98 break;
99 case LDB_FLAG_MOD_DELETE:
100 mods[n]->type = LDAP_MODIFY_DELETE;
101 break;
102 case LDB_FLAG_MOD_REPLACE:
103 mods[n]->type = LDAP_MODIFY_REPLACE;
104 break;
105 }
106 }
107 n++;
108 }
109
110 *num_mods = n;
111 return mods;
112
113 failed:
114 talloc_free(mods);
115 return NULL;
116 }
117
118
119 /*
120 map an ildap NTSTATUS to a ldb error code
121 */
122 static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status)
/* [<][>][^][v][top][bottom][index][help] */
123 {
124 if (NT_STATUS_IS_OK(status)) {
125 return LDB_SUCCESS;
126 }
127 ldb_set_errstring(ildb->ldb, ldap_errstr(ildb->ldap, status));
128 if (NT_STATUS_IS_LDAP(status)) {
129 return NT_STATUS_LDAP_CODE(status);
130 }
131 return LDB_ERR_OPERATIONS_ERROR;
132 }
133
134 static void ildb_request_timeout(struct event_context *ev, struct timed_event *te,
/* [<][>][^][v][top][bottom][index][help] */
135 struct timeval t, void *private_data)
136 {
137 struct ldb_handle *handle = talloc_get_type(private_data, struct ldb_handle);
138 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
139
140 if (ac->req->state == LDAP_REQUEST_PENDING) {
141 DLIST_REMOVE(ac->req->conn->pending, ac->req);
142 }
143
144 handle->status = LDB_ERR_TIME_LIMIT_EXCEEDED;
145
146 return;
147 }
148
149 static void ildb_callback(struct ldap_request *req)
/* [<][>][^][v][top][bottom][index][help] */
150 {
151 struct ldb_handle *handle = talloc_get_type(req->async.private_data, struct ldb_handle);
152 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
153 struct ildb_private *ildb = talloc_get_type(ac->module->private_data, struct ildb_private);
154 NTSTATUS status;
155 int i;
156
157 handle->status = LDB_SUCCESS;
158
159 if (!NT_STATUS_IS_OK(req->status)) {
160 handle->status = ildb_map_error(ildb, req->status);
161 return;
162 }
163
164 if (req->num_replies < 1) {
165 handle->status = LDB_ERR_OPERATIONS_ERROR;
166 return;
167 }
168
169 switch (req->type) {
170
171 case LDAP_TAG_ModifyRequest:
172 if (req->replies[0]->type != LDAP_TAG_ModifyResponse) {
173 handle->status = LDB_ERR_PROTOCOL_ERROR;
174 return;
175 }
176 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
177 handle->status = ildb_map_error(ildb, status);
178 if (ac->callback && handle->status == LDB_SUCCESS) {
179 /* FIXME: build a corresponding ares to pass on */
180 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
181 }
182 handle->state = LDB_ASYNC_DONE;
183 break;
184
185 case LDAP_TAG_AddRequest:
186 if (req->replies[0]->type != LDAP_TAG_AddResponse) {
187 handle->status = LDB_ERR_PROTOCOL_ERROR;
188 return;
189 }
190 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
191 handle->status = ildb_map_error(ildb, status);
192 if (ac->callback && handle->status == LDB_SUCCESS) {
193 /* FIXME: build a corresponding ares to pass on */
194 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
195 }
196 handle->state = LDB_ASYNC_DONE;
197 break;
198
199 case LDAP_TAG_DelRequest:
200 if (req->replies[0]->type != LDAP_TAG_DelResponse) {
201 handle->status = LDB_ERR_PROTOCOL_ERROR;
202 return;
203 }
204 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
205 handle->status = ildb_map_error(ildb, status);
206 if (ac->callback && handle->status == LDB_SUCCESS) {
207 /* FIXME: build a corresponding ares to pass on */
208 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
209 }
210 handle->state = LDB_ASYNC_DONE;
211 break;
212
213 case LDAP_TAG_ModifyDNRequest:
214 if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) {
215 handle->status = LDB_ERR_PROTOCOL_ERROR;
216 return;
217 }
218 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
219 handle->status = ildb_map_error(ildb, status);
220 if (ac->callback && handle->status == LDB_SUCCESS) {
221 /* FIXME: build a corresponding ares to pass on */
222 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
223 }
224 handle->state = LDB_ASYNC_DONE;
225 break;
226
227 case LDAP_TAG_SearchRequest:
228 /* loop over all messages */
229 for (i = 0; i < req->num_replies; i++) {
230 struct ldap_SearchResEntry *search;
231 struct ldb_reply *ares = NULL;
232 struct ldap_message *msg;
233 int ret;
234
235 ares = talloc_zero(ac, struct ldb_reply);
236 if (!ares) {
237 handle->status = LDB_ERR_OPERATIONS_ERROR;
238 return;
239 }
240
241 msg = req->replies[i];
242 switch (msg->type) {
243
244 case LDAP_TAG_SearchResultDone:
245
246 status = ldap_check_response(req->conn, &msg->r.GeneralResult);
247 if (!NT_STATUS_IS_OK(status)) {
248 handle->status = ildb_map_error(ildb, status);
249 return;
250 }
251
252 ares->controls = talloc_move(ares, &msg->controls);
253 if (msg->r.SearchResultDone.resultcode) {
254 if (msg->r.SearchResultDone.errormessage) {
255 ldb_set_errstring(ac->module->ldb, msg->r.SearchResultDone.errormessage);
256 }
257 }
258
259 handle->status = msg->r.SearchResultDone.resultcode;
260 handle->state = LDB_ASYNC_DONE;
261 ares->type = LDB_REPLY_DONE;
262 break;
263
264 case LDAP_TAG_SearchResultEntry:
265
266
267 ares->message = ldb_msg_new(ares);
268 if (!ares->message) {
269 handle->status = LDB_ERR_OPERATIONS_ERROR;
270 return;
271 }
272
273 search = &(msg->r.SearchResultEntry);
274
275 ares->message->dn = ldb_dn_explode_or_special(ares->message, search->dn);
276 if (ares->message->dn == NULL) {
277 handle->status = LDB_ERR_OPERATIONS_ERROR;
278 return;
279 }
280 ares->message->num_elements = search->num_attributes;
281 ares->message->elements = talloc_move(ares->message,
282 &search->attributes);
283
284 handle->status = LDB_SUCCESS;
285 handle->state = LDB_ASYNC_PENDING;
286 ares->type = LDB_REPLY_ENTRY;
287 break;
288
289 case LDAP_TAG_SearchResultReference:
290
291 ares->referral = talloc_strdup(ares, msg->r.SearchResultReference.referral);
292
293 handle->status = LDB_SUCCESS;
294 handle->state = LDB_ASYNC_PENDING;
295 ares->type = LDB_REPLY_REFERRAL;
296 break;
297
298 default:
299 /* TAG not handled, fail ! */
300 handle->status = LDB_ERR_PROTOCOL_ERROR;
301 return;
302 }
303
304 ret = ac->callback(ac->module->ldb, ac->context, ares);
305 if (ret) {
306 handle->status = ret;
307 }
308 }
309
310 talloc_free(req->replies);
311 req->replies = NULL;
312 req->num_replies = 0;
313
314 break;
315
316 default:
317 handle->status = LDB_ERR_PROTOCOL_ERROR;
318 return;
319 }
320 }
321
322 static struct ldb_handle *init_ildb_handle(struct ldb_module *module,
/* [<][>][^][v][top][bottom][index][help] */
323 void *context,
324 int (*callback)(struct ldb_context *, void *, struct ldb_reply *))
325 {
326 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
327 struct ildb_context *ildb_ac;
328 struct ldb_handle *h;
329
330 h = talloc_zero(ildb->ldap, struct ldb_handle);
331 if (h == NULL) {
332 ldb_set_errstring(module->ldb, "Out of Memory");
333 return NULL;
334 }
335
336 h->module = module;
337
338 ildb_ac = talloc(h, struct ildb_context);
339 if (ildb_ac == NULL) {
340 ldb_set_errstring(module->ldb, "Out of Memory");
341 talloc_free(h);
342 return NULL;
343 }
344
345 h->private_data = (void *)ildb_ac;
346
347 h->state = LDB_ASYNC_INIT;
348 h->status = LDB_SUCCESS;
349
350 ildb_ac->module = module;
351 ildb_ac->context = context;
352 ildb_ac->callback = callback;
353
354 return h;
355 }
356
357 static int ildb_request_send(struct ldb_module *module, struct ldap_message *msg,
/* [<][>][^][v][top][bottom][index][help] */
358 void *context,
359 int (*callback)(struct ldb_context *, void *, struct ldb_reply *),
360 int timeout,
361 struct ldb_handle **handle)
362 {
363 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
364 struct ldb_handle *h = init_ildb_handle(module, context, callback);
365 struct ildb_context *ildb_ac;
366 struct ldap_request *req;
367
368 if (!h) {
369 return LDB_ERR_OPERATIONS_ERROR;
370 }
371
372 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
373
374 req = ldap_request_send(ildb->ldap, msg);
375 if (req == NULL) {
376 ldb_set_errstring(module->ldb, "async send request failed");
377 return LDB_ERR_OPERATIONS_ERROR;
378 }
379
380 if (!req->conn) {
381 ldb_set_errstring(module->ldb, "connection to remote LDAP server dropped?");
382 return LDB_ERR_OPERATIONS_ERROR;
383 }
384
385 talloc_free(req->time_event);
386 req->time_event = NULL;
387 if (timeout) {
388 req->time_event = event_add_timed(req->conn->event.event_ctx, h,
389 timeval_current_ofs(timeout, 0),
390 ildb_request_timeout, h);
391 }
392
393 req->async.fn = ildb_callback;
394 req->async.private_data = (void *)h;
395 ildb_ac->req = talloc_move(ildb_ac, &req);
396
397 *handle = h;
398 return LDB_SUCCESS;
399 }
400
401 static int ildb_request_noop(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
402 {
403 struct ldb_handle *h = init_ildb_handle(module, req->context, req->callback);
404 struct ildb_context *ildb_ac;
405 int ret = LDB_SUCCESS;
406
407 if (!h) {
408 return LDB_ERR_OPERATIONS_ERROR;
409 }
410
411 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
412
413 req->handle = h;
414
415 if (ildb_ac->callback) {
416 ret = ildb_ac->callback(module->ldb, ildb_ac->context, NULL);
417 }
418 req->handle->state = LDB_ASYNC_DONE;
419 return ret;
420 }
421
422 /*
423 search for matching records using an asynchronous function
424 */
425 static int ildb_search(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
426 {
427 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
428 struct ldap_message *msg;
429 int n;
430
431 req->handle = NULL;
432
433 if (!req->callback || !req->context) {
434 ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context");
435 return LDB_ERR_OPERATIONS_ERROR;
436 }
437
438 if (req->op.search.tree == NULL) {
439 ldb_set_errstring(module->ldb, "Invalid expression parse tree");
440 return LDB_ERR_OPERATIONS_ERROR;
441 }
442
443 msg = new_ldap_message(ildb);
444 if (msg == NULL) {
445 ldb_set_errstring(module->ldb, "Out of Memory");
446 return LDB_ERR_OPERATIONS_ERROR;
447 }
448
449 msg->type = LDAP_TAG_SearchRequest;
450
451 if (req->op.search.base == NULL) {
452 msg->r.SearchRequest.basedn = talloc_strdup(msg, "");
453 } else {
454 msg->r.SearchRequest.basedn = ldb_dn_linearize(msg, req->op.search.base);
455 }
456 if (msg->r.SearchRequest.basedn == NULL) {
457 ldb_set_errstring(module->ldb, "Unable to determine baseDN");
458 talloc_free(msg);
459 return LDB_ERR_OPERATIONS_ERROR;
460 }
461
462 if (req->op.search.scope == LDB_SCOPE_DEFAULT) {
463 msg->r.SearchRequest.scope = LDB_SCOPE_SUBTREE;
464 } else {
465 msg->r.SearchRequest.scope = req->op.search.scope;
466 }
467
468 msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
469 msg->r.SearchRequest.timelimit = 0;
470 msg->r.SearchRequest.sizelimit = 0;
471 msg->r.SearchRequest.attributesonly = 0;
472 msg->r.SearchRequest.tree = discard_const_p(struct ldb_parse_tree, req->op.search.tree);
473
474 for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* noop */ ;
475 msg->r.SearchRequest.num_attributes = n;
476 msg->r.SearchRequest.attributes = discard_const_p(char *, req->op.search.attrs),
477
478 msg->controls = req->controls;
479
480 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
481 }
482
483 /*
484 add a record
485 */
486 static int ildb_add(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
487 {
488 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
489 struct ldap_message *msg;
490 struct ldap_mod **mods;
491 int i,n;
492
493 req->handle = NULL;
494
495 /* ignore ltdb specials */
496 if (ldb_dn_is_special(req->op.add.message->dn)) {
497 return ildb_request_noop(module, req);
498 }
499
500 msg = new_ldap_message(ildb->ldap);
501 if (msg == NULL) {
502 return LDB_ERR_OPERATIONS_ERROR;
503 }
504
505 msg->type = LDAP_TAG_AddRequest;
506
507 msg->r.AddRequest.dn = ldb_dn_linearize(msg, req->op.add.message->dn);
508 if (msg->r.AddRequest.dn == NULL) {
509 talloc_free(msg);
510 return LDB_ERR_INVALID_DN_SYNTAX;
511 }
512
513 mods = ildb_msg_to_mods(msg, &n, req->op.add.message, 0);
514 if (mods == NULL) {
515 talloc_free(msg);
516 return LDB_ERR_OPERATIONS_ERROR;
517 }
518
519 msg->r.AddRequest.num_attributes = n;
520 msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
521 if (msg->r.AddRequest.attributes == NULL) {
522 talloc_free(msg);
523 return LDB_ERR_OPERATIONS_ERROR;
524 }
525
526 for (i = 0; i < n; i++) {
527 msg->r.AddRequest.attributes[i] = mods[i]->attrib;
528 }
529
530 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
531 }
532
533 /*
534 modify a record
535 */
536 static int ildb_modify(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
537 {
538 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
539 struct ldap_message *msg;
540 struct ldap_mod **mods;
541 int i,n;
542
543 req->handle = NULL;
544
545 /* ignore ltdb specials */
546 if (ldb_dn_is_special(req->op.mod.message->dn)) {
547 return ildb_request_noop(module, req);
548 }
549
550 msg = new_ldap_message(ildb->ldap);
551 if (msg == NULL) {
552 return LDB_ERR_OPERATIONS_ERROR;
553 }
554
555 msg->type = LDAP_TAG_ModifyRequest;
556
557 msg->r.ModifyRequest.dn = ldb_dn_linearize(msg, req->op.mod.message->dn);
558 if (msg->r.ModifyRequest.dn == NULL) {
559 talloc_free(msg);
560 return LDB_ERR_INVALID_DN_SYNTAX;
561 }
562
563 mods = ildb_msg_to_mods(msg, &n, req->op.mod.message, 1);
564 if (mods == NULL) {
565 talloc_free(msg);
566 return LDB_ERR_OPERATIONS_ERROR;
567 }
568
569 msg->r.ModifyRequest.num_mods = n;
570 msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
571 if (msg->r.ModifyRequest.mods == NULL) {
572 talloc_free(msg);
573 return LDB_ERR_OPERATIONS_ERROR;
574 }
575
576 for (i = 0; i < n; i++) {
577 msg->r.ModifyRequest.mods[i] = *mods[i];
578 }
579
580 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
581 }
582
583 /*
584 delete a record
585 */
586 static int ildb_delete(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
587 {
588 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
589 struct ldap_message *msg;
590
591 req->handle = NULL;
592
593 /* ignore ltdb specials */
594 if (ldb_dn_is_special(req->op.del.dn)) {
595 return ildb_request_noop(module, req);
596 }
597
598 msg = new_ldap_message(ildb->ldap);
599 if (msg == NULL) {
600 return LDB_ERR_OPERATIONS_ERROR;
601 }
602
603 msg->type = LDAP_TAG_DelRequest;
604
605 msg->r.DelRequest.dn = ldb_dn_linearize(msg, req->op.del.dn);
606 if (msg->r.DelRequest.dn == NULL) {
607 talloc_free(msg);
608 return LDB_ERR_INVALID_DN_SYNTAX;
609 }
610
611 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
612 }
613
614 /*
615 rename a record
616 */
617 static int ildb_rename(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
618 {
619 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
620 struct ldap_message *msg;
621
622 req->handle = NULL;
623
624 /* ignore ltdb specials */
625 if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) {
626 return ildb_request_noop(module, req);
627 }
628
629 msg = new_ldap_message(ildb->ldap);
630 if (msg == NULL) {
631 return LDB_ERR_OPERATIONS_ERROR;
632 }
633
634 msg->type = LDAP_TAG_ModifyDNRequest;
635 msg->r.ModifyDNRequest.dn = ldb_dn_linearize(msg, req->op.rename.olddn);
636 if (msg->r.ModifyDNRequest.dn == NULL) {
637 talloc_free(msg);
638 return LDB_ERR_INVALID_DN_SYNTAX;
639 }
640
641 msg->r.ModifyDNRequest.newrdn =
642 talloc_asprintf(msg, "%s=%s",
643 ldb_dn_get_rdn_name(req->op.rename.newdn),
644 ldb_dn_escape_value(msg, *ldb_dn_get_rdn_val(req->op.rename.newdn)));
645 if (msg->r.ModifyDNRequest.newrdn == NULL) {
646 talloc_free(msg);
647 return LDB_ERR_OPERATIONS_ERROR;
648 }
649
650 msg->r.ModifyDNRequest.newsuperior =
651 ldb_dn_linearize(msg,
652 ldb_dn_get_parent(msg, req->op.rename.newdn));
653 if (msg->r.ModifyDNRequest.newsuperior == NULL) {
654 talloc_free(msg);
655 return LDB_ERR_INVALID_DN_SYNTAX;
656 }
657
658 msg->r.ModifyDNRequest.deleteolddn = True;
659
660 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
661 }
662
663 static int ildb_start_trans(struct ldb_module *module)
/* [<][>][^][v][top][bottom][index][help] */
664 {
665 /* TODO implement a local locking mechanism here */
666
667 return LDB_SUCCESS;
668 }
669
670 static int ildb_end_trans(struct ldb_module *module)
/* [<][>][^][v][top][bottom][index][help] */
671 {
672 /* TODO implement a local transaction mechanism here */
673
674 return LDB_SUCCESS;
675 }
676
677 static int ildb_del_trans(struct ldb_module *module)
/* [<][>][^][v][top][bottom][index][help] */
678 {
679 /* TODO implement a local locking mechanism here */
680
681 return LDB_SUCCESS;
682 }
683
684 static int ildb_request(struct ldb_module *module, struct ldb_request *req)
/* [<][>][^][v][top][bottom][index][help] */
685 {
686 return LDB_ERR_OPERATIONS_ERROR;
687 }
688
689 static int ildb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
/* [<][>][^][v][top][bottom][index][help] */
690 {
691 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
692
693 if (handle->state == LDB_ASYNC_DONE) {
694 return handle->status;
695 }
696
697 if (!ac) {
698 return LDB_ERR_OPERATIONS_ERROR;
699 }
700
701 handle->state = LDB_ASYNC_INIT;
702
703 switch(type) {
704 case LDB_WAIT_NONE:
705 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
706 return LDB_ERR_OTHER;
707 }
708 break;
709 case LDB_WAIT_ALL:
710 while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) {
711 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
712 return LDB_ERR_OTHER;
713 }
714 }
715 break;
716 default:
717 return LDB_ERR_OPERATIONS_ERROR;
718 }
719
720 return handle->status;
721 }
722
723 static const struct ldb_module_ops ildb_ops = {
724 .name = "ldap",
725 .search = ildb_search,
726 .add = ildb_add,
727 .modify = ildb_modify,
728 .del = ildb_delete,
729 .rename = ildb_rename,
730 .request = ildb_request,
731 .start_transaction = ildb_start_trans,
732 .end_transaction = ildb_end_trans,
733 .del_transaction = ildb_del_trans,
734 .wait = ildb_wait
735 };
736
737 /*
738 connect to the database
739 */
740 static int ildb_connect(struct ldb_context *ldb, const char *url,
/* [<][>][^][v][top][bottom][index][help] */
741 unsigned int flags, const char *options[],
742 struct ldb_module **module)
743 {
744 struct ildb_private *ildb = NULL;
745 NTSTATUS status;
746 struct cli_credentials *creds;
747
748 ildb = talloc(ldb, struct ildb_private);
749 if (!ildb) {
750 ldb_oom(ldb);
751 goto failed;
752 }
753
754 ildb->ldb = ldb;
755
756 ildb->ldap = ldap4_new_connection(ildb, ldb_get_opaque(ldb, "EventContext"));
757 if (!ildb->ldap) {
758 ldb_oom(ldb);
759 goto failed;
760 }
761
762 if (flags & LDB_FLG_RECONNECT) {
763 ldap_set_reconn_params(ildb->ldap, 10);
764 }
765
766 status = ldap_connect(ildb->ldap, url);
767 if (!NT_STATUS_IS_OK(status)) {
768 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
769 url, ldap_errstr(ildb->ldap, status));
770 goto failed;
771 }
772
773
774 *module = talloc(ldb, struct ldb_module);
775 if (!module) {
776 ldb_oom(ldb);
777 talloc_free(ildb);
778 return -1;
779 }
780 talloc_set_name_const(*module, "ldb_ildap backend");
781 (*module)->ldb = ldb;
782 (*module)->prev = (*module)->next = NULL;
783 (*module)->private_data = ildb;
784 (*module)->ops = &ildb_ops;
785
786 /* caller can optionally setup credentials using the opaque token 'credentials' */
787 creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
788 if (creds == NULL) {
789 struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
790 if (session_info) {
791 creds = session_info->credentials;
792 }
793 }
794
795 if (creds != NULL && cli_credentials_authentication_requested(creds)) {
796 const char *bind_dn = cli_credentials_get_bind_dn(creds);
797 if (bind_dn) {
798 const char *password = cli_credentials_get_password(creds);
799 status = ldap_bind_simple(ildb->ldap, bind_dn, password);
800 if (!NT_STATUS_IS_OK(status)) {
801 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
802 ldap_errstr(ildb->ldap, status));
803 goto failed;
804 }
805 } else {
806 status = ldap_bind_sasl(ildb->ldap, creds);
807 if (!NT_STATUS_IS_OK(status)) {
808 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
809 ldap_errstr(ildb->ldap, status));
810 goto failed;
811 }
812 }
813 }
814
815 return 0;
816
817 failed:
818 talloc_free(ildb);
819 return -1;
820 }
821
822 int ldb_ildap_init(void)
/* [<][>][^][v][top][bottom][index][help] */
823 {
824 return ldb_register_backend("ldap", ildb_connect) +
825 ldb_register_backend("ldapi", ildb_connect) +
826 ldb_register_backend("ldaps", ildb_connect);
827 }