root/source3/libads/ldap_utils.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. ads_do_search_retry_internal
  2. ads_do_search_retry
  3. ads_do_search_retry_args
  4. ads_search_retry
  5. ads_search_retry_dn
  6. ads_search_retry_extended_dn
  7. ads_search_retry_dn_sd_flags
  8. ads_search_retry_extended_dn_ranged
  9. ads_search_retry_sid
  10. ads_ranged_search
  11. ads_ranged_search_internal

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    Some Helpful wrappers on LDAP 
   5 
   6    Copyright (C) Andrew Tridgell 2001
   7    Copyright (C) Guenther Deschner 2006,2007
   8    
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13    
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18    
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 
  25 #ifdef HAVE_LDAP
  26 /*
  27   a wrapper around ldap_search_s that retries depending on the error code
  28   this is supposed to catch dropped connections and auto-reconnect
  29 */
  30 static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope, 
     /* [<][>][^][v][top][bottom][index][help] */
  31                                                const char *expr,
  32                                                const char **attrs, void *args,
  33                                                LDAPMessage **res)
  34 {
  35         ADS_STATUS status = ADS_SUCCESS;
  36         int count = 3;
  37         char *bp;
  38 
  39         *res = NULL;
  40 
  41         if (!ads->ldap.ld &&
  42             time(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) {
  43                 return ADS_ERROR(LDAP_SERVER_DOWN);
  44         }
  45 
  46         bp = SMB_STRDUP(bind_path);
  47 
  48         if (!bp) {
  49                 return ADS_ERROR(LDAP_NO_MEMORY);
  50         }
  51 
  52         *res = NULL;
  53 
  54         /* when binding anonymously, we cannot use the paged search LDAP
  55          * control - Guenther */
  56 
  57         if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
  58                 status = ads_do_search(ads, bp, scope, expr, attrs, res);
  59         } else {
  60                 status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
  61         }
  62         if (ADS_ERR_OK(status)) {
  63                DEBUG(5,("Search for %s in <%s> gave %d replies\n",
  64                         expr, bp, ads_count_replies(ads, *res)));
  65                 SAFE_FREE(bp);
  66                 return status;
  67         }
  68 
  69         while (--count) {
  70 
  71                 if (*res) 
  72                         ads_msgfree(ads, *res);
  73                 *res = NULL;
  74                 
  75                 DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n", 
  76                          ads->config.realm, ads_errstr(status)));
  77                          
  78                 ads_disconnect(ads);
  79                 status = ads_connect(ads);
  80                 
  81                 if (!ADS_ERR_OK(status)) {
  82                         DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
  83                                  ads_errstr(status)));
  84                         ads_destroy(&ads);
  85                         SAFE_FREE(bp);
  86                         return status;
  87                 }
  88 
  89                 *res = NULL;
  90 
  91                 /* when binding anonymously, we cannot use the paged search LDAP
  92                  * control - Guenther */
  93 
  94                 if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
  95                         status = ads_do_search(ads, bp, scope, expr, attrs, res);
  96                 } else {
  97                         status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
  98                 }
  99 
 100                 if (ADS_ERR_OK(status)) {
 101                         DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
 102                                  expr, bp, ads_count_replies(ads, *res)));
 103                         SAFE_FREE(bp);
 104                         return status;
 105                 }
 106         }
 107         SAFE_FREE(bp);
 108 
 109         if (!ADS_ERR_OK(status)) {
 110                 DEBUG(1,("ads reopen failed after error %s\n", 
 111                          ads_errstr(status)));
 112         }
 113         return status;
 114 }
 115 
 116  ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path,
     /* [<][>][^][v][top][bottom][index][help] */
 117                                 int scope, const char *expr,
 118                                 const char **attrs, LDAPMessage **res)
 119 {
 120         return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, NULL, res);
 121 }
 122 
 123  ADS_STATUS ads_do_search_retry_args(ADS_STRUCT *ads, const char *bind_path,
     /* [<][>][^][v][top][bottom][index][help] */
 124                                      int scope, const char *expr,
 125                                      const char **attrs, void *args,
 126                                      LDAPMessage **res)
 127 {
 128         return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, args, res);
 129 }
 130 
 131 
 132  ADS_STATUS ads_search_retry(ADS_STRUCT *ads, LDAPMessage **res, 
     /* [<][>][^][v][top][bottom][index][help] */
 133                              const char *expr, const char **attrs)
 134 {
 135         return ads_do_search_retry(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
 136                                    expr, attrs, res);
 137 }
 138 
 139  ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, LDAPMessage **res, 
     /* [<][>][^][v][top][bottom][index][help] */
 140                                 const char *dn, 
 141                                 const char **attrs)
 142 {
 143         return ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
 144                                    "(objectclass=*)", attrs, res);
 145 }
 146 
 147  ADS_STATUS ads_search_retry_extended_dn(ADS_STRUCT *ads, LDAPMessage **res, 
     /* [<][>][^][v][top][bottom][index][help] */
 148                                          const char *dn, 
 149                                          const char **attrs,
 150                                          enum ads_extended_dn_flags flags)
 151 {
 152         ads_control args;
 153 
 154         args.control = ADS_EXTENDED_DN_OID;
 155         args.val = flags;
 156         args.critical = True;
 157 
 158         return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
 159                                         "(objectclass=*)", attrs, &args, res);
 160 }
 161 
 162  ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, 
     /* [<][>][^][v][top][bottom][index][help] */
 163                                          uint32 sd_flags,
 164                                          const char *dn, 
 165                                          const char **attrs)
 166 {
 167         ads_control args;
 168 
 169         args.control = ADS_SD_FLAGS_OID;
 170         args.val = sd_flags;
 171         args.critical = True;
 172 
 173         return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
 174                                         "(objectclass=*)", attrs, &args, res);
 175 }
 176 
 177  ADS_STATUS ads_search_retry_extended_dn_ranged(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
 178                                                 const char *dn, 
 179                                                 const char **attrs,
 180                                                 enum ads_extended_dn_flags flags,
 181                                                 char ***strings,
 182                                                 size_t *num_strings)
 183 {
 184         ads_control args;
 185 
 186         args.control = ADS_EXTENDED_DN_OID;
 187         args.val = flags;
 188         args.critical = True;
 189 
 190         /* we can only range process one attribute */
 191         if (!attrs || !attrs[0] || attrs[1]) {
 192                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 193         }
 194 
 195         return ads_ranged_search(ads, mem_ctx, LDAP_SCOPE_BASE, dn, 
 196                                  "(objectclass=*)", &args, attrs[0],
 197                                  strings, num_strings);
 198 
 199 }
 200 
 201  ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res, 
     /* [<][>][^][v][top][bottom][index][help] */
 202                                  const DOM_SID *sid,
 203                                  const char **attrs)
 204 {
 205         char *dn, *sid_string;
 206         ADS_STATUS status;
 207         
 208         sid_string = sid_binstring_hex(sid);
 209         if (sid_string == NULL) {
 210                 return ADS_ERROR(LDAP_NO_MEMORY);
 211         }
 212 
 213         if (!asprintf(&dn, "<SID=%s>", sid_string)) {
 214                 SAFE_FREE(sid_string);
 215                 return ADS_ERROR(LDAP_NO_MEMORY);
 216         }
 217 
 218         status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
 219                                    "(objectclass=*)", attrs, res);
 220         SAFE_FREE(dn);
 221         SAFE_FREE(sid_string);
 222         return status;
 223 }
 224 
 225 ADS_STATUS ads_ranged_search(ADS_STRUCT *ads, 
     /* [<][>][^][v][top][bottom][index][help] */
 226                              TALLOC_CTX *mem_ctx,
 227                              int scope,
 228                              const char *base,
 229                              const char *filter,
 230                              void *args,
 231                              const char *range_attr,
 232                              char ***strings,
 233                              size_t *num_strings)
 234 {
 235         ADS_STATUS status;
 236         uint32 first_usn;
 237         int num_retries = 0;
 238         const char **attrs;
 239         bool more_values = False;
 240 
 241         *num_strings = 0;
 242         *strings = NULL;
 243 
 244         attrs = TALLOC_ARRAY(mem_ctx, const char *, 3);
 245         ADS_ERROR_HAVE_NO_MEMORY(attrs);
 246 
 247         attrs[0] = talloc_strdup(mem_ctx, range_attr);
 248         attrs[1] = talloc_strdup(mem_ctx, "usnChanged");
 249         attrs[2] = NULL;
 250 
 251         ADS_ERROR_HAVE_NO_MEMORY(attrs[0]);
 252         ADS_ERROR_HAVE_NO_MEMORY(attrs[1]);
 253 
 254         do {
 255                 status = ads_ranged_search_internal(ads, mem_ctx, 
 256                                                     scope, base, filter, 
 257                                                     attrs, args, range_attr, 
 258                                                     strings, num_strings,
 259                                                     &first_usn, &num_retries, 
 260                                                     &more_values);
 261 
 262                 if (NT_STATUS_EQUAL(STATUS_MORE_ENTRIES, ads_ntstatus(status))) {
 263                         continue;
 264                 }
 265 
 266                 if (!ADS_ERR_OK(status)) {
 267                         *num_strings = 0;
 268                         strings = NULL;
 269                         goto done;
 270                 }
 271 
 272         } while (more_values);
 273 
 274  done:
 275         DEBUG(10,("returning with %d strings\n", (int)*num_strings));
 276 
 277         return status;
 278 }
 279 
 280 ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads, 
     /* [<][>][^][v][top][bottom][index][help] */
 281                                       TALLOC_CTX *mem_ctx,
 282                                       int scope,
 283                                       const char *base,
 284                                       const char *filter,
 285                                       const char **attrs,
 286                                       void *args,
 287                                       const char *range_attr,
 288                                       char ***strings,
 289                                       size_t *num_strings,
 290                                       uint32 *first_usn,
 291                                       int *num_retries,
 292                                       bool *more_values)
 293 {
 294         LDAPMessage *res = NULL;
 295         ADS_STATUS status;
 296         int count;
 297         uint32 current_usn;
 298 
 299         DEBUG(10, ("Searching for attrs[0] = %s, attrs[1] = %s\n", attrs[0], attrs[1]));
 300 
 301         *more_values = False;
 302 
 303         status = ads_do_search_retry_internal(ads, base, scope, filter, attrs, args, &res);
 304 
 305         if (!ADS_ERR_OK(status)) {
 306                 DEBUG(1,("ads_search: %s\n",
 307                          ads_errstr(status)));
 308                 return status;
 309         }
 310         
 311         if (!res) {
 312                 return ADS_ERROR(LDAP_NO_MEMORY);
 313         }
 314 
 315         count = ads_count_replies(ads, res);
 316         if (count == 0) {
 317                 ads_msgfree(ads, res);
 318                 return ADS_ERROR(LDAP_SUCCESS);
 319         }
 320 
 321         if (*num_strings == 0) {
 322                 if (!ads_pull_uint32(ads, res, "usnChanged", first_usn)) {
 323                         DEBUG(1, ("could not pull first usnChanged!\n"));
 324                         ads_msgfree(ads, res);
 325                         return ADS_ERROR(LDAP_NO_MEMORY);
 326                 }
 327         }
 328 
 329         if (!ads_pull_uint32(ads, res, "usnChanged", &current_usn)) {
 330                 DEBUG(1, ("could not pull current usnChanged!\n"));
 331                 ads_msgfree(ads, res);
 332                 return ADS_ERROR(LDAP_NO_MEMORY);
 333         }
 334 
 335         if (*first_usn != current_usn) {
 336                 DEBUG(5, ("USN on this record changed"
 337                           " - restarting search\n"));
 338                 if (*num_retries < 5) {
 339                         (*num_retries)++;
 340                         *num_strings = 0;
 341                         ads_msgfree(ads, res);
 342                         return ADS_ERROR_NT(STATUS_MORE_ENTRIES);
 343                 } else {
 344                         DEBUG(5, ("USN on this record changed"
 345                                   " - restarted search too many times, aborting!\n"));
 346                         ads_msgfree(ads, res);
 347                         return ADS_ERROR(LDAP_NO_MEMORY);
 348                 }
 349         }
 350 
 351         *strings = ads_pull_strings_range(ads, mem_ctx, res,
 352                                          range_attr,
 353                                          *strings,
 354                                          &attrs[0],
 355                                          num_strings,
 356                                          more_values);
 357 
 358         ads_msgfree(ads, res);
 359 
 360         /* paranoia checks */
 361         if (*strings == NULL && *more_values) {
 362                 DEBUG(0,("no strings found but more values???\n"));
 363                 return ADS_ERROR(LDAP_NO_MEMORY);
 364         }
 365         if (*num_strings == 0 && *more_values) {
 366                 DEBUG(0,("no strings found but more values???\n"));
 367                 return ADS_ERROR(LDAP_NO_MEMORY);
 368         }
 369 
 370         return (*more_values) ? ADS_ERROR_NT(STATUS_MORE_ENTRIES) : ADS_ERROR(LDAP_SUCCESS);
 371 }
 372 
 373 #endif

/* [<][>][^][v][top][bottom][index][help] */