search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libcli: Speed up sddl_decode_ace()
[samba.git] / source3 / lib / tldap.c
blob88f636952fb6f9a83eca7e6600bbb23958d3c51b
1 /*
2 Unix SMB/CIFS implementation.
3 Infrastructure for async ldap client requests
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "replace.h"
21 #include "tldap.h"
22 #include "system/network.h"
23 #include "system/locale.h"
24 #include "lib/util/talloc_stack.h"
25 #include "lib/util/samba_util.h"
26 #include "lib/util_tsock.h"
27 #include "../lib/util/asn1.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "../lib/util/tevent_unix.h"
30 #include "../libcli/util/ntstatus.h"
31 #include "../source4/lib/tls/tls.h"
32
33 static TLDAPRC tldap_simple_recv(struct tevent_req *req);
34 static bool tldap_msg_set_pending(struct tevent_req *req);
35
36 #define TEVENT_TLDAP_RC_MAGIC (0x87bcd26e)
37
38 bool tevent_req_ldap_error(struct tevent_req *req, TLDAPRC rc)
39 {
40 uint64_t err;
41
42 if (TLDAP_RC_IS_SUCCESS(rc)) {
43 return false;
44 }
45
46 err = TEVENT_TLDAP_RC_MAGIC;
47 err <<= 32;
48 err |= TLDAP_RC_V(rc);
49
50 return tevent_req_error(req, err);
51 }
52
53 bool tevent_req_is_ldap_error(struct tevent_req *req, TLDAPRC *perr)
54 {
55 enum tevent_req_state state;
56 uint64_t err;
57
58 if (!tevent_req_is_error(req, &state, &err)) {
59 return false;
60 }
61 switch (state) {
62 case TEVENT_REQ_TIMED_OUT:
63 *perr = TLDAP_TIMEOUT;
64 break;
65 case TEVENT_REQ_NO_MEMORY:
66 *perr = TLDAP_NO_MEMORY;
67 break;
68 case TEVENT_REQ_USER_ERROR:
69 if ((err >> 32) != TEVENT_TLDAP_RC_MAGIC) {
70 abort();
71 }
72 *perr = TLDAP_RC(err & 0xffffffff);
73 break;
74 default:
75 *perr = TLDAP_OPERATIONS_ERROR;
76 break;
77 }
78 return true;
79 }
80
81 struct tldap_ctx_attribute {
82 char *name;
83 void *ptr;
84 };
85
86 struct tldap_context {
87 int ld_version;
88 struct tstream_context *plain;
89 struct tstream_context *tls;
90 struct tstream_context *gensec;
91 struct tstream_context *active;
92 int msgid;
93 struct tevent_queue *outgoing;
94 struct tevent_req **pending;
95 struct tevent_req *read_req;
96
97 /* For the sync wrappers we need something like get_last_error... */
98 struct tldap_message *last_msg;
99
100 /* debug */
101 void (*log_fn)(void *context, enum tldap_debug_level level,
102 const char *fmt, va_list ap);
103 void *log_private;
104
105 struct tldap_ctx_attribute *ctx_attrs;
106 };
107
108 struct tldap_message {
109 struct asn1_data *data;
110 uint8_t *inbuf;
111 int type;
112 int id;
113
114 /* RESULT_ENTRY */
115 char *dn;
116 struct tldap_attribute *attribs;
117
118 /* Error data sent by the server */
119 TLDAPRC lderr;
120 char *res_matcheddn;
121 char *res_diagnosticmessage;
122 char *res_referral;
123 DATA_BLOB res_serverSaslCreds;
124 struct {
125 char *oid;
126 DATA_BLOB blob;
127 } res_extended;
128 struct tldap_control *res_sctrls;
129
130 /* Controls sent by the server */
131 struct tldap_control *ctrls;
132 };
133
134 void tldap_set_debug(struct tldap_context *ld,
135 void (*log_fn)(void *log_private,
136 enum tldap_debug_level level,
137 const char *fmt,
138 va_list ap) PRINTF_ATTRIBUTE(3,0),
139 void *log_private)
140 {
141 ld->log_fn = log_fn;
142 ld->log_private = log_private;
143 }
144
145 static void tldap_debug(
146 struct tldap_context *ld,
147 enum tldap_debug_level level,
148 const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
149
150 static void tldap_debug(struct tldap_context *ld,
151 enum tldap_debug_level level,
152 const char *fmt, ...)
153 {
154 va_list ap;
155 if (!ld) {
156 return;
157 }
158 if (ld->log_fn == NULL) {
159 return;
160 }
161 va_start(ap, fmt);
162 ld->log_fn(ld->log_private, level, fmt, ap);
163 va_end(ap);
164 }
165
166 static int tldap_next_msgid(struct tldap_context *ld)
167 {
168 int result;
169
170 result = ld->msgid++;
171 if (ld->msgid == INT_MAX) {
172 ld->msgid = 1;
173 }
174 return result;
175 }
176
177 struct tldap_context *tldap_context_create_from_plain_stream(
178 TALLOC_CTX *mem_ctx, struct tstream_context **stream)
179 {
180 struct tldap_context *ctx;
181
182 ctx = talloc_zero(mem_ctx, struct tldap_context);
183 if (ctx == NULL) {
184 return NULL;
185 }
186 ctx->plain = talloc_move(ctx, stream);
187 ctx->active = ctx->plain;
188 ctx->msgid = 1;
189 ctx->ld_version = 3;
190 ctx->outgoing = tevent_queue_create(ctx, "tldap_outgoing");
191 if (ctx->outgoing == NULL) {
192 TALLOC_FREE(ctx);
193 return NULL;
194 }
195 return ctx;
196 }
197
198 struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd)
199 {
200 struct tldap_context *ctx = NULL;
201 struct tstream_context *stream = NULL;
202 int ret;
203
204 ret = tstream_bsd_existing_socket(mem_ctx, fd, &stream);
205 if (ret == -1) {
206 return NULL;
207 }
208
209 ctx = tldap_context_create_from_plain_stream(mem_ctx, &stream);
210 if (ctx == NULL) {
211 TALLOC_FREE(stream);
212 return NULL;
213 }
214 return ctx;
215 }
216
217 bool tldap_connection_ok(struct tldap_context *ld)
218 {
219 int ret;
220
221 if (ld == NULL) {
222 return false;
223 }
224
225 if (ld->active == NULL) {
226 return false;
227 }
228
229 ret = tstream_pending_bytes(ld->active);
230 if (ret == -1) {
231 return false;
232 }
233
234 return true;
235 }
236
237 static size_t tldap_pending_reqs(struct tldap_context *ld)
238 {
239 return talloc_array_length(ld->pending);
240 }
241
242 struct tstream_context *tldap_get_plain_tstream(struct tldap_context *ld)
243 {
244 return ld->plain;
245 }
246
247 bool tldap_has_tls_tstream(struct tldap_context *ld)
248 {
249 return ld->tls != NULL && ld->active == ld->tls;
250 }
251
252 const DATA_BLOB *tldap_tls_channel_bindings(struct tldap_context *ld)
253 {
254 return tstream_tls_channel_bindings(ld->tls);
255 }
256
257 void tldap_set_tls_tstream(struct tldap_context *ld,
258 struct tstream_context **stream)
259 {
260 TALLOC_FREE(ld->tls);
261 if (stream != NULL) {
262 ld->tls = talloc_move(ld, stream);
263 }
264 if (ld->tls != NULL) {
265 ld->active = ld->tls;
266 } else {
267 ld->active = ld->plain;
268 }
269 }
270
271 bool tldap_has_gensec_tstream(struct tldap_context *ld)
272 {
273 return ld->gensec != NULL && ld->active == ld->gensec;
274 }
275
276 void tldap_set_gensec_tstream(struct tldap_context *ld,
277 struct tstream_context **stream)
278 {
279 TALLOC_FREE(ld->gensec);
280 if (stream != NULL) {
281 ld->gensec = talloc_move(ld, stream);
282 }
283 if (ld->gensec != NULL) {
284 ld->active = ld->gensec;
285 } else {
286 ld->active = ld->plain;
287 }
288 }
289
290 static struct tldap_ctx_attribute *tldap_context_findattr(
291 struct tldap_context *ld, const char *name)
292 {
293 size_t i, num_attrs;
294
295 num_attrs = talloc_array_length(ld->ctx_attrs);
296
297 for (i=0; i<num_attrs; i++) {
298 if (strcmp(ld->ctx_attrs[i].name, name) == 0) {
299 return &ld->ctx_attrs[i];
300 }
301 }
302 return NULL;
303 }
304
305 bool tldap_context_setattr(struct tldap_context *ld,
306 const char *name, const void *_pptr)
307 {
308 struct tldap_ctx_attribute *tmp, *attr;
309 char *tmpname;
310 int num_attrs;
311 void **pptr = (void **)discard_const_p(void,_pptr);
312
313 attr = tldap_context_findattr(ld, name);
314 if (attr != NULL) {
315 /*
316 * We don't actually delete attrs, we don't expect tons of
317 * attributes being shuffled around.
318 */
319 TALLOC_FREE(attr->ptr);
320 if (*pptr != NULL) {
321 attr->ptr = talloc_move(ld->ctx_attrs, pptr);
322 *pptr = NULL;
323 }
324 return true;
325 }
326
327 tmpname = talloc_strdup(ld, name);
328 if (tmpname == NULL) {
329 return false;
330 }
331
332 num_attrs = talloc_array_length(ld->ctx_attrs);
333
334 tmp = talloc_realloc(ld, ld->ctx_attrs, struct tldap_ctx_attribute,
335 num_attrs+1);
336 if (tmp == NULL) {
337 TALLOC_FREE(tmpname);
338 return false;
339 }
340 tmp[num_attrs].name = talloc_move(tmp, &tmpname);
341 if (*pptr != NULL) {
342 tmp[num_attrs].ptr = talloc_move(tmp, pptr);
343 } else {
344 tmp[num_attrs].ptr = NULL;
345 }
346 *pptr = NULL;
347 ld->ctx_attrs = tmp;
348 return true;
349 }
350
351 void *tldap_context_getattr(struct tldap_context *ld, const char *name)
352 {
353 struct tldap_ctx_attribute *attr = tldap_context_findattr(ld, name);
354
355 if (attr == NULL) {
356 return NULL;
357 }
358 return attr->ptr;
359 }
360
361 struct read_ldap_state {
362 uint8_t *buf;
363 };
364
365 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data);
366 static void read_ldap_done(struct tevent_req *subreq);
367
368 static struct tevent_req *read_ldap_send(TALLOC_CTX *mem_ctx,
369 struct tevent_context *ev,
370 struct tstream_context *conn)
371 {
372 struct tevent_req *req, *subreq;
373 struct read_ldap_state *state;
374
375 req = tevent_req_create(mem_ctx, &state, struct read_ldap_state);
376 if (req == NULL) {
377 return NULL;
378 }
379
380 subreq = tstream_read_packet_send(state, ev, conn, 7, read_ldap_more,
381 state);
382 if (tevent_req_nomem(subreq, req)) {
383 return tevent_req_post(req, ev);
384 }
385 tevent_req_set_callback(subreq, read_ldap_done, req);
386 return req;
387 }
388
389 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data)
390 {
391 const DATA_BLOB blob = data_blob_const(buf, buflen);
392 size_t pdu_len = 0;
393 int ret;
394
395 if (buflen < 7) {
396 /*
397 * We need at least 6 bytes to workout the length
398 * of the pdu.
399 *
400 * And we have asked for 7 because the that's
401 * the size of the smallest possible LDAP pdu.
402 */
403 return -1;
404 }
405
406 ret = asn1_peek_full_tag(blob, ASN1_SEQUENCE(0), &pdu_len);
407 if (ret == 0) {
408 return 0;
409 }
410 if (ret == EAGAIN) {
411 return pdu_len - buflen;
412 }
413
414 return -1;
415 }
416
417 static void read_ldap_done(struct tevent_req *subreq)
418 {
419 struct tevent_req *req = tevent_req_callback_data(
420 subreq, struct tevent_req);
421 struct read_ldap_state *state = tevent_req_data(
422 req, struct read_ldap_state);
423 ssize_t nread;
424 int err;
425
426 nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
427 TALLOC_FREE(subreq);
428 if (nread == -1) {
429 tevent_req_error(req, err);
430 return;
431 }
432 tevent_req_done(req);
433 }
434
435 static ssize_t read_ldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
436 uint8_t **pbuf, int *perrno)
437 {
438 struct read_ldap_state *state = tevent_req_data(
439 req, struct read_ldap_state);
440
441 if (tevent_req_is_unix_error(req, perrno)) {
442 return -1;
443 }
444 *pbuf = talloc_move(mem_ctx, &state->buf);
445 return talloc_get_size(*pbuf);
446 }
447
448 struct tldap_msg_state {
449 struct tldap_context *ld;
450 struct tevent_context *ev;
451 int id;
452 struct iovec iov;
453
454 struct asn1_data *data;
455 uint8_t *inbuf;
456 };
457
458 static bool tldap_push_controls(struct asn1_data *data,
459 struct tldap_control *sctrls,
460 int num_sctrls)
461 {
462 int i;
463
464 if ((sctrls == NULL) || (num_sctrls == 0)) {
465 return true;
466 }
467
468 if (!asn1_push_tag(data, ASN1_CONTEXT(0))) return false;
469
470 for (i=0; i<num_sctrls; i++) {
471 struct tldap_control *c = &sctrls[i];
472 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
473 if (!asn1_write_OctetString(data, c->oid, strlen(c->oid))) return false;
474 if (c->critical) {
475 if (!asn1_write_BOOLEAN(data, true)) return false;
476 }
477 if (c->value.data != NULL) {
478 if (!asn1_write_OctetString(data, c->value.data,
479 c->value.length)) return false;
480 }
481 if (!asn1_pop_tag(data)) return false; /* ASN1_SEQUENCE(0) */
482 }
483
484 return asn1_pop_tag(data); /* ASN1_CONTEXT(0) */
485 }
486
487 #define tldap_context_disconnect(ld, status) \
488 _tldap_context_disconnect(ld, status, __location__)
489
490 static void _tldap_context_disconnect(struct tldap_context *ld,
491 TLDAPRC status,
492 const char *location)
493 {
494 if (ld->active == NULL) {
495 /*
496 * We don't need to tldap_debug() on
497 * a potential 2nd run.
498 *
499 * The rest of the function would just
500 * be a noop for the 2nd run anyway.
501 */
502 return;
503 }
504
505 tldap_debug(ld, TLDAP_DEBUG_WARNING,
506 "tldap_context_disconnect: %s at %s\n",
507 tldap_rc2string(status),
508 location);
509 tevent_queue_stop(ld->outgoing);
510 TALLOC_FREE(ld->read_req);
511 ld->active = NULL;
512 TALLOC_FREE(ld->gensec);
513 TALLOC_FREE(ld->tls);
514 TALLOC_FREE(ld->plain);
515
516 while (talloc_array_length(ld->pending) > 0) {
517 struct tevent_req *req = NULL;
518 struct tldap_msg_state *state = NULL;
519
520 req = ld->pending[0];
521 state = tevent_req_data(req, struct tldap_msg_state);
522 tevent_req_defer_callback(req, state->ev);
523 tevent_req_ldap_error(req, status);
524 }
525 }
526
527 static void tldap_msg_sent(struct tevent_req *subreq);
528 static void tldap_msg_received(struct tevent_req *subreq);
529
530 static struct tevent_req *tldap_msg_send(TALLOC_CTX *mem_ctx,
531 struct tevent_context *ev,
532 struct tldap_context *ld,
533 int id, struct asn1_data *data,
534 struct tldap_control *sctrls,
535 int num_sctrls)
536 {
537 struct tevent_req *req, *subreq;
538 struct tldap_msg_state *state;
539 DATA_BLOB blob;
540 bool ok;
541
542 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_send: sending msg %d\n",
543 id);
544
545 req = tevent_req_create(mem_ctx, &state, struct tldap_msg_state);
546 if (req == NULL) {
547 return NULL;
548 }
549 state->ld = ld;
550 state->ev = ev;
551 state->id = id;
552
553 ok = tldap_connection_ok(ld);
554 if (!ok) {
555 tevent_req_ldap_error(req, TLDAP_SERVER_DOWN);
556 return tevent_req_post(req, ev);
557 }
558
559 if (!tldap_push_controls(data, sctrls, num_sctrls)) {
560 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
561 return tevent_req_post(req, ev);
562 }
563
564
565 if (!asn1_pop_tag(data)) {
566 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
567 return tevent_req_post(req, ev);
568 }
569
570 if (!asn1_blob(data, &blob)) {
571 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
572 return tevent_req_post(req, ev);
573 }
574
575 if (!tldap_msg_set_pending(req)) {
576 tevent_req_oom(req);
577 return tevent_req_post(req, ev);;
578 }
579
580 state->iov.iov_base = (void *)blob.data;
581 state->iov.iov_len = blob.length;
582
583 subreq = tstream_writev_queue_send(state, ev, ld->active, ld->outgoing,
584 &state->iov, 1);
585 if (tevent_req_nomem(subreq, req)) {
586 return tevent_req_post(req, ev);
587 }
588 tevent_req_set_callback(subreq, tldap_msg_sent, req);
589 return req;
590 }
591
592 static void tldap_msg_unset_pending(struct tevent_req *req)
593 {
594 struct tldap_msg_state *state = tevent_req_data(
595 req, struct tldap_msg_state);
596 struct tldap_context *ld = state->ld;
597 int num_pending = tldap_pending_reqs(ld);
598 int i;
599
600 tevent_req_set_cleanup_fn(req, NULL);
601
602 for (i=0; i<num_pending; i++) {
603 if (req == ld->pending[i]) {
604 break;
605 }
606 }
607 if (i == num_pending) {
608 /*
609 * Something's seriously broken. Just returning here is the
610 * right thing nevertheless, the point of this routine is to
611 * remove ourselves from cli->pending.
612 */
613 return;
614 }
615
616 if (num_pending == 1) {
617 TALLOC_FREE(ld->pending);
618 return;
619 }
620
621 /*
622 * Remove ourselves from the cli->pending array
623 */
624 if (num_pending > 1) {
625 ld->pending[i] = ld->pending[num_pending-1];
626 }
627
628 /*
629 * No NULL check here, we're shrinking by sizeof(void *), and
630 * talloc_realloc just adjusts the size for this.
631 */
632 ld->pending = talloc_realloc(NULL, ld->pending, struct tevent_req *,
633 num_pending - 1);
634 }
635
636 static void tldap_msg_cleanup(struct tevent_req *req,
637 enum tevent_req_state req_state)
638 {
639 tldap_msg_unset_pending(req);
640 }
641
642 static bool tldap_msg_set_pending(struct tevent_req *req)
643 {
644 struct tldap_msg_state *state = tevent_req_data(
645 req, struct tldap_msg_state);
646 struct tldap_context *ld;
647 struct tevent_req **pending;
648 int num_pending;
649
650 ld = state->ld;
651 num_pending = tldap_pending_reqs(ld);
652
653 pending = talloc_realloc(ld, ld->pending, struct tevent_req *,
654 num_pending+1);
655 if (pending == NULL) {
656 return false;
657 }
658 pending[num_pending] = req;
659 ld->pending = pending;
660 tevent_req_set_cleanup_fn(req, tldap_msg_cleanup);
661
662 if (ld->read_req != NULL) {
663 return true;
664 }
665
666 /*
667 * We're the first one, add the read_ldap request that waits for the
668 * answer from the server
669 */
670 ld->read_req = read_ldap_send(ld->pending, state->ev, ld->active);
671 if (ld->read_req == NULL) {
672 tldap_msg_unset_pending(req);
673 return false;
674 }
675 tevent_req_set_callback(ld->read_req, tldap_msg_received, ld);
676 return true;
677 }
678
679 static void tldap_msg_sent(struct tevent_req *subreq)
680 {
681 struct tevent_req *req = tevent_req_callback_data(
682 subreq, struct tevent_req);
683 struct tldap_msg_state *state = tevent_req_data(
684 req, struct tldap_msg_state);
685 ssize_t nwritten;
686 int err;
687
688 nwritten = tstream_writev_queue_recv(subreq, &err);
689 TALLOC_FREE(subreq);
690 if (nwritten == -1) {
691 tldap_context_disconnect(state->ld, TLDAP_SERVER_DOWN);
692 return;
693 }
694 }
695
696 static int tldap_msg_msgid(struct tevent_req *req)
697 {
698 struct tldap_msg_state *state = tevent_req_data(
699 req, struct tldap_msg_state);
700
701 return state->id;
702 }
703
704 static void tldap_msg_received(struct tevent_req *subreq)
705 {
706 struct tldap_context *ld = tevent_req_callback_data(
707 subreq, struct tldap_context);
708 struct tevent_req *req;
709 struct tldap_msg_state *state;
710 struct asn1_data *data;
711 uint8_t *inbuf;
712 ssize_t received;
713 size_t num_pending;
714 size_t i;
715 int err;
716 TLDAPRC status = TLDAP_PROTOCOL_ERROR;
717 int id;
718 uint8_t type;
719 bool ok;
720
721 received = read_ldap_recv(subreq, talloc_tos(), &inbuf, &err);
722 TALLOC_FREE(subreq);
723 ld->read_req = NULL;
724 if (received == -1) {
725 status = TLDAP_SERVER_DOWN;
726 goto fail;
727 }
728
729 data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
730 if (data == NULL) {
731 /*
732 * We have to disconnect all, we can't tell which of
733 * the requests this reply is for.
734 */
735 status = TLDAP_NO_MEMORY;
736 goto fail;
737 }
738 asn1_load_nocopy(data, inbuf, received);
739
740 ok = true;
741 ok &= asn1_start_tag(data, ASN1_SEQUENCE(0));
742 ok &= asn1_read_Integer(data, &id);
743 ok &= asn1_peek_uint8(data, &type);
744
745 if (!ok) {
746 status = TLDAP_PROTOCOL_ERROR;
747 goto fail;
748 }
749
750 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_received: got msg %d "
751 "type %d\n", id, (int)type);
752
753 if (id == 0) {
754 tldap_debug(
755 ld,
756 TLDAP_DEBUG_WARNING,
757 "tldap_msg_received: got msgid 0 of "
758 "type %"PRIu8", disconnecting\n",
759 type);
760 tldap_context_disconnect(ld, TLDAP_SERVER_DOWN);
761 return;
762 }
763
764 num_pending = talloc_array_length(ld->pending);
765
766 for (i=0; i<num_pending; i++) {
767 if (id == tldap_msg_msgid(ld->pending[i])) {
768 break;
769 }
770 }
771 if (i == num_pending) {
772 /* Dump unexpected reply */
773 tldap_debug(ld, TLDAP_DEBUG_WARNING, "tldap_msg_received: "
774 "No request pending for msg %d\n", id);
775 TALLOC_FREE(data);
776 TALLOC_FREE(inbuf);
777 goto done;
778 }
779
780 req = ld->pending[i];
781 state = tevent_req_data(req, struct tldap_msg_state);
782
783 state->inbuf = talloc_move(state, &inbuf);
784 state->data = talloc_move(state, &data);
785
786 tldap_msg_unset_pending(req);
787 num_pending = talloc_array_length(ld->pending);
788
789 tevent_req_defer_callback(req, state->ev);
790 tevent_req_done(req);
791
792 done:
793 if (num_pending == 0) {
794 return;
795 }
796
797 state = tevent_req_data(ld->pending[0], struct tldap_msg_state);
798 ld->read_req = read_ldap_send(ld->pending, state->ev, ld->active);
799 if (ld->read_req == NULL) {
800 status = TLDAP_NO_MEMORY;
801 goto fail;
802 }
803 tevent_req_set_callback(ld->read_req, tldap_msg_received, ld);
804 return;
805
806 fail:
807 tldap_context_disconnect(ld, status);
808 }
809
810 static TLDAPRC tldap_msg_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
811 struct tldap_message **pmsg)
812 {
813 struct tldap_msg_state *state = tevent_req_data(
814 req, struct tldap_msg_state);
815 struct tldap_message *msg;
816 TLDAPRC err;
817 uint8_t msgtype;
818
819 if (tevent_req_is_ldap_error(req, &err)) {
820 return err;
821 }
822
823 if (!asn1_peek_uint8(state->data, &msgtype)) {
824 return TLDAP_PROTOCOL_ERROR;
825 }
826
827 if (pmsg == NULL) {
828 return TLDAP_SUCCESS;
829 }
830
831 msg = talloc_zero(mem_ctx, struct tldap_message);
832 if (msg == NULL) {
833 return TLDAP_NO_MEMORY;
834 }
835 msg->id = state->id;
836
837 msg->inbuf = talloc_move(msg, &state->inbuf);
838 msg->data = talloc_move(msg, &state->data);
839 msg->type = msgtype;
840
841 *pmsg = msg;
842 return TLDAP_SUCCESS;
843 }
844
845 struct tldap_req_state {
846 int id;
847 struct asn1_data *out;
848 struct tldap_message *result;
849 };
850
851 static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
852 struct tldap_context *ld,
853 struct tldap_req_state **pstate)
854 {
855 struct tevent_req *req;
856 struct tldap_req_state *state;
857
858 req = tevent_req_create(mem_ctx, &state, struct tldap_req_state);
859 if (req == NULL) {
860 return NULL;
861 }
862 state->out = asn1_init(state, ASN1_MAX_TREE_DEPTH);
863 if (state->out == NULL) {
864 goto err;
865 }
866 state->id = tldap_next_msgid(ld);
867
868 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
869 if (!asn1_write_Integer(state->out, state->id)) goto err;
870
871 *pstate = state;
872 return req;
873
874 err:
875
876 TALLOC_FREE(req);
877 return NULL;
878 }
879
880 static void tldap_save_msg(struct tldap_context *ld, struct tevent_req *req)
881 {
882 struct tldap_req_state *state = tevent_req_data(
883 req, struct tldap_req_state);
884
885 TALLOC_FREE(ld->last_msg);
886 ld->last_msg = talloc_move(ld, &state->result);
887 }
888
889 static char *blob2string_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob)
890 {
891 char *result = talloc_array(mem_ctx, char, blob.length+1);
892
893 if (result == NULL) {
894 return NULL;
895 }
896
897 memcpy(result, blob.data, blob.length);
898 result[blob.length] = '\0';
899 return result;
900 }
901
902 static bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
903 struct asn1_data *data,
904 char **presult)
905 {
906 DATA_BLOB string;
907 char *result;
908 if (!asn1_read_OctetString(data, mem_ctx, &string))
909 return false;
910
911 result = blob2string_talloc(mem_ctx, string);
912
913 data_blob_free(&string);
914
915 if (result == NULL) {
916 return false;
917 }
918 *presult = result;
919 return true;
920 }
921
922 static bool tldap_decode_controls(struct tldap_req_state *state);
923
924 static bool tldap_decode_response(struct tldap_req_state *state)
925 {
926 struct asn1_data *data = state->result->data;
927 struct tldap_message *msg = state->result;
928 int rc;
929 bool ok = true;
930
931 ok &= asn1_read_enumerated(data, &rc);
932 if (ok) {
933 msg->lderr = TLDAP_RC(rc);
934 }
935
936 ok &= asn1_read_OctetString_talloc(msg, data, &msg->res_matcheddn);
937 ok &= asn1_read_OctetString_talloc(msg, data,
938 &msg->res_diagnosticmessage);
939 if (!ok) return ok;
940 if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
941 ok &= asn1_start_tag(data, ASN1_CONTEXT(3));
942 ok &= asn1_read_OctetString_talloc(msg, data,
943 &msg->res_referral);
944 ok &= asn1_end_tag(data);
945 } else {
946 msg->res_referral = NULL;
947 }
948
949 return ok;
950 }
951
952 static void tldap_sasl_bind_done(struct tevent_req *subreq);
953
954 struct tevent_req *tldap_sasl_bind_send(TALLOC_CTX *mem_ctx,
955 struct tevent_context *ev,
956 struct tldap_context *ld,
957 const char *dn,
958 const char *mechanism,
959 DATA_BLOB *creds,
960 struct tldap_control *sctrls,
961 int num_sctrls,
962 struct tldap_control *cctrls,
963 int num_cctrls)
964 {
965 struct tevent_req *req, *subreq;
966 struct tldap_req_state *state;
967
968 req = tldap_req_create(mem_ctx, ld, &state);
969 if (req == NULL) {
970 return NULL;
971 }
972
973 if (dn == NULL) {
974 dn = "";
975 }
976
977 if (!asn1_push_tag(state->out, TLDAP_REQ_BIND)) goto err;
978 if (!asn1_write_Integer(state->out, ld->ld_version)) goto err;
979 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
980
981 if (mechanism == NULL) {
982 if (!asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0))) goto err;
983 if (!asn1_write(state->out, creds->data, creds->length)) goto err;
984 if (!asn1_pop_tag(state->out)) goto err;
985 } else {
986 if (!asn1_push_tag(state->out, ASN1_CONTEXT(3))) goto err;
987 if (!asn1_write_OctetString(state->out, mechanism,
988 strlen(mechanism))) goto err;
989 if ((creds != NULL) && (creds->data != NULL)) {
990 if (!asn1_write_OctetString(state->out, creds->data,
991 creds->length)) goto err;
992 }
993 if (!asn1_pop_tag(state->out)) goto err;
994 }
995
996 if (!asn1_pop_tag(state->out)) goto err;
997
998 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
999 sctrls, num_sctrls);
1000 if (tevent_req_nomem(subreq, req)) {
1001 return tevent_req_post(req, ev);
1002 }
1003 tevent_req_set_callback(subreq, tldap_sasl_bind_done, req);
1004 return req;
1005
1006 err:
1007
1008 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
1009 return tevent_req_post(req, ev);
1010 }
1011
1012 static void tldap_sasl_bind_done(struct tevent_req *subreq)
1013 {
1014 struct tevent_req *req = tevent_req_callback_data(
1015 subreq, struct tevent_req);
1016 struct tldap_req_state *state = tevent_req_data(
1017 req, struct tldap_req_state);
1018 TLDAPRC rc;
1019 bool ok;
1020
1021 rc = tldap_msg_recv(subreq, state, &state->result);
1022 TALLOC_FREE(subreq);
1023 if (tevent_req_ldap_error(req, rc)) {
1024 return;
1025 }
1026 if (state->result->type != TLDAP_RES_BIND) {
1027 tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
1028 return;
1029 }
1030
1031 ok = asn1_start_tag(state->result->data, TLDAP_RES_BIND);
1032 ok &= tldap_decode_response(state);
1033
1034 if (asn1_peek_tag(state->result->data, ASN1_CONTEXT_SIMPLE(7))) {
1035 int len;
1036
1037 ok &= asn1_start_tag(state->result->data,
1038 ASN1_CONTEXT_SIMPLE(7));
1039 if (!ok) {
1040 goto decode_error;
1041 }
1042
1043 len = asn1_tag_remaining(state->result->data);
1044 if (len == -1) {
1045 goto decode_error;
1046 }
1047
1048 state->result->res_serverSaslCreds =
1049 data_blob_talloc(state->result, NULL, len);
1050 if (state->result->res_serverSaslCreds.data == NULL) {
1051 goto decode_error;
1052 }
1053
1054 ok = asn1_read(state->result->data,
1055 state->result->res_serverSaslCreds.data,
1056 state->result->res_serverSaslCreds.length);
1057
1058 ok &= asn1_end_tag(state->result->data);
1059 }
1060
1061 ok &= asn1_end_tag(state->result->data);
1062
1063 if (!ok) {
1064 goto decode_error;
1065 }
1066
1067 if (!TLDAP_RC_IS_SUCCESS(state->result->lderr) &&
1068 !TLDAP_RC_EQUAL(state->result->lderr,
1069 TLDAP_SASL_BIND_IN_PROGRESS)) {
1070 tevent_req_ldap_error(req, state->result->lderr);
1071 return;
1072 }
1073 tevent_req_done(req);
1074 return;
1075
1076 decode_error:
1077 tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
1078 return;
1079 }
1080
1081 TLDAPRC tldap_sasl_bind_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1082 DATA_BLOB *serverSaslCreds)
1083 {
1084 struct tldap_req_state *state = tevent_req_data(
1085 req, struct tldap_req_state);
1086 TLDAPRC rc;
1087
1088 if (tevent_req_is_ldap_error(req, &rc)) {
1089 return rc;
1090 }
1091
1092 if (serverSaslCreds != NULL) {
1093 serverSaslCreds->data = talloc_move(
1094 mem_ctx, &state->result->res_serverSaslCreds.data);
1095 serverSaslCreds->length =
1096 state->result->res_serverSaslCreds.length;
1097 }
1098
1099 return state->result->lderr;
1100 }
1101
1102 TLDAPRC tldap_sasl_bind(struct tldap_context *ld,
1103 const char *dn,
1104 const char *mechanism,
1105 DATA_BLOB *creds,
1106 struct tldap_control *sctrls,
1107 int num_sctrls,
1108 struct tldap_control *cctrls,
1109 int num_cctrls,
1110 TALLOC_CTX *mem_ctx,
1111 DATA_BLOB *serverSaslCreds)
1112 {
1113 TALLOC_CTX *frame = talloc_stackframe();
1114 struct tevent_context *ev;
1115 struct tevent_req *req;
1116 TLDAPRC rc = TLDAP_NO_MEMORY;
1117
1118 ev = samba_tevent_context_init(frame);
1119 if (ev == NULL) {
1120 goto fail;
1121 }
1122 req = tldap_sasl_bind_send(frame, ev, ld, dn, mechanism, creds,
1123 sctrls, num_sctrls, cctrls, num_cctrls);
1124 if (req == NULL) {
1125 goto fail;
1126 }
1127 if (!tevent_req_poll(req, ev)) {
1128 rc = TLDAP_OPERATIONS_ERROR;
1129 goto fail;
1130 }
1131 rc = tldap_sasl_bind_recv(req, mem_ctx, serverSaslCreds);
1132 tldap_save_msg(ld, req);
1133 fail:
1134 TALLOC_FREE(frame);
1135 return rc;
1136 }
1137
1138 struct tevent_req *tldap_simple_bind_send(TALLOC_CTX *mem_ctx,
1139 struct tevent_context *ev,
1140 struct tldap_context *ld,
1141 const char *dn,
1142 const char *passwd)
1143 {
1144 DATA_BLOB cred;
1145
1146 if (passwd != NULL) {
1147 cred.data = discard_const_p(uint8_t, passwd);
1148 cred.length = strlen(passwd);
1149 } else {
1150 cred.data = discard_const_p(uint8_t, "");
1151 cred.length = 0;
1152 }
1153 return tldap_sasl_bind_send(mem_ctx, ev, ld, dn, NULL, &cred, NULL, 0,
1154 NULL, 0);
1155 }
1156
1157 TLDAPRC tldap_simple_bind_recv(struct tevent_req *req)
1158 {
1159 return tldap_sasl_bind_recv(req, NULL, NULL);
1160 }
1161
1162 TLDAPRC tldap_simple_bind(struct tldap_context *ld, const char *dn,
1163 const char *passwd)
1164 {
1165 DATA_BLOB cred;
1166
1167 if (passwd != NULL) {
1168 cred.data = discard_const_p(uint8_t, passwd);
1169 cred.length = strlen(passwd);
1170 } else {
1171 cred.data = discard_const_p(uint8_t, "");
1172 cred.length = 0;
1173 }
1174 return tldap_sasl_bind(ld, dn, NULL, &cred, NULL, 0, NULL, 0,
1175 NULL, NULL);
1176 }
1177
1178 /*****************************************************************************/
1179
1180 /* can't use isalpha() as only a strict set is valid for LDAP */
1181
1182 static bool tldap_is_alpha(char c)
1183 {
1184 return (((c >= 'a') && (c <= 'z')) || \
1185 ((c >= 'A') && (c <= 'Z')));
1186 }
1187
1188 static bool tldap_is_adh(char c)
1189 {
1190 return tldap_is_alpha(c) || isdigit(c) || (c == '-');
1191 }
1192
1193 #define TLDAP_FILTER_AND ASN1_CONTEXT(0)
1194 #define TLDAP_FILTER_OR ASN1_CONTEXT(1)
1195 #define TLDAP_FILTER_NOT ASN1_CONTEXT(2)
1196 #define TLDAP_FILTER_EQ ASN1_CONTEXT(3)
1197 #define TLDAP_FILTER_SUB ASN1_CONTEXT(4)
1198 #define TLDAP_FILTER_LE ASN1_CONTEXT(5)
1199 #define TLDAP_FILTER_GE ASN1_CONTEXT(6)
1200 #define TLDAP_FILTER_PRES ASN1_CONTEXT_SIMPLE(7)
1201 #define TLDAP_FILTER_APX ASN1_CONTEXT(8)
1202 #define TLDAP_FILTER_EXT ASN1_CONTEXT(9)
1203
1204 #define TLDAP_SUB_INI ASN1_CONTEXT_SIMPLE(0)
1205 #define TLDAP_SUB_ANY ASN1_CONTEXT_SIMPLE(1)
1206 #define TLDAP_SUB_FIN ASN1_CONTEXT_SIMPLE(2)
1207
1208
1209 /* oid's should be numerical only in theory,
1210 * but apparently some broken servers may have alphanum aliases instead.
1211 * Do like openldap libraries and allow alphanum aliases for oids, but
1212 * do not allow Tagging options in that case.
1213 */
1214 static bool tldap_is_attrdesc(const char *s, int len, bool no_tagopts)
1215 {
1216 bool is_oid = false;
1217 bool dot = false;
1218 int i;
1219
1220 /* first char has stricter rules */
1221 if (isdigit(*s)) {
1222 is_oid = true;
1223 } else if (!tldap_is_alpha(*s)) {
1224 /* bad first char */
1225 return false;
1226 }
1227
1228 for (i = 1; i < len; i++) {
1229
1230 if (is_oid) {
1231 if (isdigit(s[i])) {
1232 dot = false;
1233 continue;
1234 }
1235 if (s[i] == '.') {
1236 if (dot) {
1237 /* malformed */
1238 return false;
1239 }
1240 dot = true;
1241 continue;
1242 }
1243 } else {
1244 if (tldap_is_adh(s[i])) {
1245 continue;
1246 }
1247 }
1248
1249 if (s[i] == ';') {
1250 if (no_tagopts) {
1251 /* no tagging options */
1252 return false;
1253 }
1254 if (dot) {
1255 /* malformed */
1256 return false;
1257 }
1258 if ((i + 1) == len) {
1259 /* malformed */
1260 return false;
1261 }
1262
1263 is_oid = false;
1264 continue;
1265 }
1266 }
1267
1268 if (dot) {
1269 /* malformed */
1270 return false;
1271 }
1272
1273 return true;
1274 }
1275
1276 /* this function copies the value until the closing parenthesis is found. */
1277 static char *tldap_get_val(TALLOC_CTX *memctx,
1278 const char *value, const char **_s)
1279 {
1280 const char *s = value;
1281
1282 /* find terminator */
1283 while (*s) {
1284 s = strchr(s, ')');
1285 if (s && (*(s - 1) == '\\')) {
1286 s++;
1287 continue;
1288 }
1289 break;
1290 }
1291 if (!s || !(*s == ')')) {
1292 /* malformed filter */
1293 return NULL;
1294 }
1295
1296 *_s = s;
1297
1298 return talloc_strndup(memctx, value, s - value);
1299 }
1300
1301 static int tldap_hex2char(const char *x)
1302 {
1303 if (isxdigit(x[0]) && isxdigit(x[1])) {
1304 const char h1 = x[0], h2 = x[1];
1305 int c = 0;
1306
1307 if (h1 >= 'a') c = h1 - (int)'a' + 10;
1308 else if (h1 >= 'A') c = h1 - (int)'A' + 10;
1309 else if (h1 >= '0') c = h1 - (int)'0';
1310 c = c << 4;
1311 if (h2 >= 'a') c += h2 - (int)'a' + 10;
1312 else if (h2 >= 'A') c += h2 - (int)'A' + 10;
1313 else if (h2 >= '0') c += h2 - (int)'0';
1314
1315 return c;
1316 }
1317
1318 return -1;
1319 }
1320
1321 static bool tldap_find_first_star(const char *val, const char **star)
1322 {
1323 const char *s;
1324
1325 for (s = val; *s; s++) {
1326 switch (*s) {
1327 case '\\':
1328 if (isxdigit(s[1]) && isxdigit(s[2])) {
1329 s += 2;
1330 break;
1331 }
1332 /* not hex based escape, check older syntax */
1333 switch (s[1]) {
1334 case '(':
1335 case ')':
1336 case '*':
1337 case '\\':
1338 s++;
1339 break;
1340 default:
1341 /* invalid escape sequence */
1342 return false;
1343 }
1344 break;
1345 case ')':
1346 /* end of val, nothing found */
1347 *star = s;
1348 return true;
1349
1350 case '*':
1351 *star = s;
1352 return true;
1353 }
1354 }
1355
1356 /* string ended without closing parenthesis, filter is malformed */
1357 return false;
1358 }
1359
1360 static bool tldap_unescape_inplace(char *value, size_t *val_len)
1361 {
1362 int c;
1363 size_t i, p;
1364
1365 for (i = 0,p = 0; i < *val_len; i++) {
1366
1367 switch (value[i]) {
1368 case '(':
1369 case ')':
1370 case '*':
1371 /* these must be escaped */
1372 return false;
1373
1374 case '\\':
1375 if (!value[i + 1]) {
1376 /* invalid EOL */
1377 return false;
1378 }
1379 i++;
1380
1381 /* LDAPv3 escaped */
1382 c = tldap_hex2char(&value[i]);
1383 if (c >= 0 && c < 256) {
1384 value[p] = c;
1385 i++;
1386 p++;
1387 break;
1388 }
1389
1390 /* LDAPv2 escaped */
1391 switch (value[i]) {
1392 case '(':
1393 case ')':
1394 case '*':
1395 case '\\':
1396 value[p] = value[i];
1397 p++;
1398
1399 break;
1400 default:
1401 /* invalid */
1402 return false;
1403 }
1404 break;
1405
1406 default:
1407 value[p] = value[i];
1408 p++;
1409 }
1410 }
1411 value[p] = '\0';
1412 *val_len = p;
1413 return true;
1414 }
1415
1416 static bool tldap_push_filter_basic(struct tldap_context *ld,
1417 struct asn1_data *data,
1418 const char **_s);
1419 static bool tldap_push_filter_substring(struct tldap_context *ld,
1420 struct asn1_data *data,
1421 const char *val,
1422 const char **_s);
1423 static bool tldap_push_filter_int(struct tldap_context *ld,
1424 struct asn1_data *data,
1425 const char **_s)
1426 {
1427 const char *s = *_s;
1428 bool ret;
1429
1430 if (*s != '(') {
1431 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1432 "Incomplete or malformed filter\n");
1433 return false;
1434 }
1435 s++;
1436
1437 /* we are right after a parenthesis,
1438 * find out what op we have at hand */
1439 switch (*s) {
1440 case '&':
1441 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: AND\n");
1442 if (!asn1_push_tag(data, TLDAP_FILTER_AND)) return false;
1443 s++;
1444 break;
1445
1446 case '|':
1447 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: OR\n");
1448 if (!asn1_push_tag(data, TLDAP_FILTER_OR)) return false;
1449 s++;
1450 break;
1451
1452 case '!':
1453 tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: NOT\n");
1454 if (!asn1_push_tag(data, TLDAP_FILTER_NOT)) return false;
1455 s++;
1456 ret = tldap_push_filter_int(ld, data, &s);
1457 if (!ret) {
1458 return false;
1459 }
1460 if (!asn1_pop_tag(data)) return false;
1461 goto done;
1462
1463 case '(':
1464 case ')':
1465 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1466 "Invalid parenthesis '%c'\n", *s);
1467 return false;
1468
1469 case '\0':
1470 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1471 "Invalid filter termination\n");
1472 return false;
1473
1474 default:
1475 ret = tldap_push_filter_basic(ld, data, &s);
1476 if (!ret) {
1477 return false;
1478 }
1479 goto done;
1480 }
1481
1482 /* only and/or filters get here.
1483 * go through the list of filters */
1484
1485 if (*s == ')') {
1486 /* RFC 4526: empty and/or */
1487 if (!asn1_pop_tag(data)) return false;
1488 goto done;
1489 }
1490
1491 while (*s) {
1492 ret = tldap_push_filter_int(ld, data, &s);
1493 if (!ret) {
1494 return false;
1495 }
1496
1497 if (*s == ')') {
1498 /* end of list, return */
1499 if (!asn1_pop_tag(data)) return false;
1500 break;
1501 }
1502 }
1503
1504 done:
1505 if (*s != ')') {
1506 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1507 "Incomplete or malformed filter\n");
1508 return false;
1509 }
1510 s++;
1511
1512 if (asn1_has_error(data)) {
1513 return false;
1514 }
1515
1516 *_s = s;
1517 return true;
1518 }
1519
1520
1521 static bool tldap_push_filter_basic(struct tldap_context *ld,
1522 struct asn1_data *data,
1523 const char **_s)
1524 {
1525 TALLOC_CTX *tmpctx = talloc_tos();
1526 const char *s = *_s;
1527 const char *e;
1528 const char *eq;
1529 const char *val;
1530 const char *type;
1531 const char *dn;
1532 const char *rule;
1533 const char *star;
1534 size_t type_len = 0;
1535 char *uval;
1536 size_t uval_len;
1537 bool write_octect = true;
1538 bool ret;
1539
1540 eq = strchr(s, '=');
1541 if (!eq) {
1542 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1543 "Invalid filter, missing equal sign\n");
1544 return false;
1545 }
1546
1547 val = eq + 1;
1548 e = eq - 1;
1549
1550 switch (*e) {
1551 case '<':
1552 if (!asn1_push_tag(data, TLDAP_FILTER_LE)) return false;
1553 break;
1554
1555 case '>':
1556 if (!asn1_push_tag(data, TLDAP_FILTER_GE)) return false;
1557 break;
1558
1559 case '~':
1560 if (!asn1_push_tag(data, TLDAP_FILTER_APX)) return false;
1561 break;
1562
1563 case ':':
1564 if (!asn1_push_tag(data, TLDAP_FILTER_EXT)) return false;
1565 write_octect = false;
1566
1567 type = NULL;
1568 dn = NULL;
1569 rule = NULL;
1570
1571 if (*s == ':') { /* [:dn]:rule:= value */
1572 if (s == e) {
1573 /* malformed filter */
1574 return false;
1575 }
1576 dn = s;
1577 } else { /* type[:dn][:rule]:= value */
1578 type = s;
1579 dn = strchr(s, ':');
1580 type_len = dn - type;
1581 if (dn == e) { /* type:= value */
1582 dn = NULL;
1583 }
1584 }
1585 if (dn) {
1586 dn++;
1587
1588 rule = strchr(dn, ':');
1589 if (rule == NULL) {
1590 return false;
1591 }
1592 if ((rule == dn + 1) || rule + 1 == e) {
1593 /* malformed filter, contains "::" */
1594 return false;
1595 }
1596
1597 if (strncasecmp_m(dn, "dn:", 3) != 0) {
1598 if (rule == e) {
1599 rule = dn;
1600 dn = NULL;
1601 } else {
1602 /* malformed filter. With two
1603 * optionals, the first must be "dn"
1604 */
1605 return false;
1606 }
1607 } else {
1608 if (rule == e) {
1609 rule = NULL;
1610 } else {
1611 rule++;
1612 }
1613 }
1614 }
1615
1616 if (!type && !dn && !rule) {
1617 /* malformed filter, there must be at least one */
1618 return false;
1619 }
1620
1621 /*
1622 MatchingRuleAssertion ::= SEQUENCE {
1623 matchingRule [1] MatchingRuleID OPTIONAL,
1624 type [2] AttributeDescription OPTIONAL,
1625 matchValue [3] AssertionValue,
1626 dnAttributes [4] BOOLEAN DEFAULT FALSE
1627 }
1628 */
1629
1630 /* check and add rule */
1631 if (rule) {
1632 ret = tldap_is_attrdesc(rule, e - rule, true);
1633 if (!ret) {
1634 return false;
1635 }
1636 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) return false;
1637 if (!asn1_write(data, rule, e - rule)) return false;
1638 if (!asn1_pop_tag(data)) return false;
1639 }
1640
1641 /* check and add type */
1642 if (type) {
1643 ret = tldap_is_attrdesc(type, type_len, false);
1644 if (!ret) {
1645 return false;
1646 }
1647 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2))) return false;
1648 if (!asn1_write(data, type, type_len)) return false;
1649 if (!asn1_pop_tag(data)) return false;
1650 }
1651
1652 uval = tldap_get_val(tmpctx, val, _s);
1653 if (!uval) {
1654 return false;
1655 }
1656 uval_len = *_s - val;
1657 ret = tldap_unescape_inplace(uval, &uval_len);
1658 if (!ret) {
1659 return false;
1660 }
1661
1662 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3))) return false;
1663 if (!asn1_write(data, uval, uval_len)) return false;
1664 if (!asn1_pop_tag(data)) return false;
1665
1666 if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4))) return false;
1667 if (!asn1_write_uint8(data, dn?1:0)) return false;
1668 if (!asn1_pop_tag(data)) return false;
1669 break;
1670
1671 default:
1672 e = eq;
1673
1674 ret = tldap_is_attrdesc(s, e - s, false);
1675 if (!ret) {
1676 return false;
1677 }
1678
1679 if (strncmp(val, "*)", 2) == 0) {
1680 /* presence */
1681 if (!asn1_push_tag(data, TLDAP_FILTER_PRES)) return false;
1682 if (!asn1_write(data, s, e - s)) return false;
1683 *_s = val + 1;
1684 write_octect = false;
1685 break;
1686 }
1687
1688 ret = tldap_find_first_star(val, &star);
1689 if (!ret) {
1690 return false;
1691 }
1692 if (*star == '*') {
1693 /* substring */
1694 if (!asn1_push_tag(data, TLDAP_FILTER_SUB)) return false;
1695 if (!asn1_write_OctetString(data, s, e - s)) return false;
1696 ret = tldap_push_filter_substring(ld, data, val, &s);
1697 if (!ret) {
1698 return false;
1699 }
1700 *_s = s;
1701 write_octect = false;
1702 break;
1703 }
1704
1705 /* if nothing else, then it is just equality */
1706 if (!asn1_push_tag(data, TLDAP_FILTER_EQ)) return false;
1707 write_octect = true;
1708 break;
1709 }
1710
1711 if (write_octect) {
1712 uval = tldap_get_val(tmpctx, val, _s);
1713 if (!uval) {
1714 return false;
1715 }
1716 uval_len = *_s - val;
1717 ret = tldap_unescape_inplace(uval, &uval_len);
1718 if (!ret) {
1719 return false;
1720 }
1721
1722 if (!asn1_write_OctetString(data, s, e - s)) return false;
1723 if (!asn1_write_OctetString(data, uval, uval_len)) return false;
1724 }
1725
1726 if (asn1_has_error(data)) {
1727 return false;
1728 }
1729 return asn1_pop_tag(data);
1730 }
1731
1732 static bool tldap_push_filter_substring(struct tldap_context *ld,
1733 struct asn1_data *data,
1734 const char *val,
1735 const char **_s)
1736 {
1737 TALLOC_CTX *tmpctx = talloc_tos();
1738 bool initial = true;
1739 const char *star;
1740 char *chunk;
1741 size_t chunk_len;
1742 bool ret;
1743
1744 /*
1745 SubstringFilter ::= SEQUENCE {
1746 type AttributeDescription,
1747 -- at least one must be present
1748 substrings SEQUENCE OF CHOICE {
1749 initial [0] LDAPString,
1750 any [1] LDAPString,
1751 final [2] LDAPString } }
1752 */
1753 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
1754
1755 do {
1756 ret = tldap_find_first_star(val, &star);
1757 if (!ret) {
1758 return false;
1759 }
1760 chunk_len = star - val;
1761
1762 switch (*star) {
1763 case '*':
1764 if (!initial && chunk_len == 0) {
1765 /* found '**', which is illegal */
1766 return false;
1767 }
1768 break;
1769 case ')':
1770 if (initial) {
1771 /* no stars ?? */
1772 return false;
1773 }
1774 /* we are done */
1775 break;
1776 default:
1777 /* ?? */
1778 return false;
1779 }
1780
1781 if (initial && chunk_len == 0) {
1782 val = star + 1;
1783 initial = false;
1784 continue;
1785 }
1786
1787 chunk = talloc_strndup(tmpctx, val, chunk_len);
1788 if (!chunk) {
1789 return false;
1790 }
1791 ret = tldap_unescape_inplace(chunk, &chunk_len);
1792 if (!ret) {
1793 return false;
1794 }
1795 switch (*star) {
1796 case '*':
1797 if (initial) {
1798 if (!asn1_push_tag(data, TLDAP_SUB_INI)) return false;
1799 initial = false;
1800 } else {
1801 if (!asn1_push_tag(data, TLDAP_SUB_ANY)) return false;
1802 }
1803 break;
1804 case ')':
1805 if (!asn1_push_tag(data, TLDAP_SUB_FIN)) return false;
1806 break;
1807 default:
1808 /* ?? */
1809 return false;
1810 }
1811 if (!asn1_write(data, chunk, chunk_len)) return false;
1812 if (!asn1_pop_tag(data)) return false;
1813
1814 val = star + 1;
1815
1816 } while (*star == '*');
1817
1818 *_s = star;
1819
1820 /* end of sequence */
1821 return asn1_pop_tag(data);
1822 }
1823
1824 /* NOTE: although openldap libraries allow for spaces in some places, mostly
1825 * around parentheses, we do not allow any spaces (except in values of
1826 * course) as I couldn't find any place in RFC 4512 or RFC 4515 where
1827 * leading or trailing spaces were allowed.
1828 */
1829 static bool tldap_push_filter(struct tldap_context *ld,
1830 struct asn1_data *data,
1831 const char *filter)
1832 {
1833 const char *s = filter;
1834 bool ret;
1835
1836 ret = tldap_push_filter_int(ld, data, &s);
1837 if (ret && *s) {
1838 tldap_debug(ld, TLDAP_DEBUG_ERROR,
1839 "Incomplete or malformed filter\n");
1840 return false;
1841 }
1842 return ret;
1843 }
1844
1845 /*****************************************************************************/
1846
1847 static void tldap_search_done(struct tevent_req *subreq);
1848
1849 struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx,
1850 struct tevent_context *ev,
1851 struct tldap_context *ld,
1852 const char *base, int scope,
1853 const char *filter,
1854 const char **attrs,
1855 int num_attrs,
1856 int attrsonly,
1857 struct tldap_control *sctrls,
1858 int num_sctrls,
1859 struct tldap_control *cctrls,
1860 int num_cctrls,
1861 int timelimit,
1862 int sizelimit,
1863 int deref)
1864 {
1865 struct tevent_req *req, *subreq;
1866 struct tldap_req_state *state;
1867 int i;
1868
1869 req = tldap_req_create(mem_ctx, ld, &state);
1870 if (req == NULL) {
1871 return NULL;
1872 }
1873
1874 if (!asn1_push_tag(state->out, TLDAP_REQ_SEARCH)) goto encoding_error;
1875 if (!asn1_write_OctetString(state->out, base, strlen(base))) goto encoding_error;
1876 if (!asn1_write_enumerated(state->out, scope)) goto encoding_error;
1877 if (!asn1_write_enumerated(state->out, deref)) goto encoding_error;
1878 if (!asn1_write_Integer(state->out, sizelimit)) goto encoding_error;
1879 if (!asn1_write_Integer(state->out, timelimit)) goto encoding_error;
1880 if (!asn1_write_BOOLEAN(state->out, attrsonly)) goto encoding_error;
1881
1882 if (!tldap_push_filter(ld, state->out, filter)) {
1883 goto encoding_error;
1884 }
1885
1886 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto encoding_error;
1887 for (i=0; i<num_attrs; i++) {
1888 if (!asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]))) goto encoding_error;
1889 }
1890 if (!asn1_pop_tag(state->out)) goto encoding_error;
1891 if (!asn1_pop_tag(state->out)) goto encoding_error;
1892
1893 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1894 sctrls, num_sctrls);
1895 if (tevent_req_nomem(subreq, req)) {
1896 return tevent_req_post(req, ev);
1897 }
1898 tevent_req_set_callback(subreq, tldap_search_done, req);
1899 return req;
1900
1901 encoding_error:
1902 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
1903 return tevent_req_post(req, ev);
1904 }
1905
1906 static void tldap_search_done(struct tevent_req *subreq)
1907 {
1908 struct tevent_req *req = tevent_req_callback_data(
1909 subreq, struct tevent_req);
1910 struct tldap_req_state *state = tevent_req_data(
1911 req, struct tldap_req_state);
1912 TLDAPRC rc;
1913
1914 rc = tldap_msg_recv(subreq, state, &state->result);
1915 if (tevent_req_ldap_error(req, rc)) {
1916 return;
1917 }
1918 switch (state->result->type) {
1919 case TLDAP_RES_SEARCH_ENTRY:
1920 case TLDAP_RES_SEARCH_REFERENCE:
1921 if (!tldap_msg_set_pending(subreq)) {
1922 tevent_req_oom(req);
1923 return;
1924 }
1925 tevent_req_notify_callback(req);
1926 break;
1927 case TLDAP_RES_SEARCH_RESULT:
1928 TALLOC_FREE(subreq);
1929 if (!asn1_start_tag(state->result->data,
1930 state->result->type) ||
1931 !tldap_decode_response(state) ||
1932 !asn1_end_tag(state->result->data) ||
1933 !tldap_decode_controls(state)) {
1934 tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
1935 return;
1936 }
1937 tevent_req_done(req);
1938 break;
1939 default:
1940 tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
1941 return;
1942 }
1943 }
1944
1945 TLDAPRC tldap_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1946 struct tldap_message **pmsg)
1947 {
1948 struct tldap_req_state *state = tevent_req_data(
1949 req, struct tldap_req_state);
1950 TLDAPRC rc;
1951
1952 if (!tevent_req_is_in_progress(req)
1953 && tevent_req_is_ldap_error(req, &rc)) {
1954 return rc;
1955 }
1956
1957 if (tevent_req_is_in_progress(req)) {
1958 switch (state->result->type) {
1959 case TLDAP_RES_SEARCH_ENTRY:
1960 case TLDAP_RES_SEARCH_REFERENCE:
1961 break;
1962 default:
1963 return TLDAP_OPERATIONS_ERROR;
1964 }
1965 }
1966
1967 *pmsg = talloc_move(mem_ctx, &state->result);
1968 return TLDAP_SUCCESS;
1969 }
1970
1971 struct tldap_search_all_state {
1972 struct tldap_message **msgs;
1973 struct tldap_message *result;
1974 };
1975
1976 static void tldap_search_all_done(struct tevent_req *subreq);
1977
1978 struct tevent_req *tldap_search_all_send(
1979 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
1980 struct tldap_context *ld, const char *base, int scope,
1981 const char *filter, const char **attrs, int num_attrs, int attrsonly,
1982 struct tldap_control *sctrls, int num_sctrls,
1983 struct tldap_control *cctrls, int num_cctrls,
1984 int timelimit, int sizelimit, int deref)
1985 {
1986 struct tevent_req *req, *subreq;
1987 struct tldap_search_all_state *state;
1988
1989 req = tevent_req_create(mem_ctx, &state,
1990 struct tldap_search_all_state);
1991 if (req == NULL) {
1992 return NULL;
1993 }
1994
1995 subreq = tldap_search_send(state, ev, ld, base, scope, filter,
1996 attrs, num_attrs, attrsonly,
1997 sctrls, num_sctrls, cctrls, num_cctrls,
1998 timelimit, sizelimit, deref);
1999 if (tevent_req_nomem(subreq, req)) {
2000 return tevent_req_post(req, ev);
2001 }
2002 tevent_req_set_callback(subreq, tldap_search_all_done, req);
2003 return req;
2004 }
2005
2006 static void tldap_search_all_done(struct tevent_req *subreq)
2007 {
2008 struct tevent_req *req = tevent_req_callback_data(
2009 subreq, struct tevent_req);
2010 struct tldap_search_all_state *state = tevent_req_data(
2011 req, struct tldap_search_all_state);
2012 struct tldap_message *msg, **tmp;
2013 size_t num_msgs;
2014 TLDAPRC rc;
2015 int msgtype;
2016
2017 rc = tldap_search_recv(subreq, state, &msg);
2018 /* No TALLOC_FREE(subreq), this is multi-step */
2019 if (tevent_req_ldap_error(req, rc)) {
2020 return;
2021 }
2022
2023 msgtype = tldap_msg_type(msg);
2024 if (msgtype == TLDAP_RES_SEARCH_RESULT) {
2025 state->result = msg;
2026 tevent_req_done(req);
2027 return;
2028 }
2029
2030 num_msgs = talloc_array_length(state->msgs);
2031
2032 tmp = talloc_realloc(state, state->msgs, struct tldap_message *,
2033 num_msgs + 1);
2034 if (tevent_req_nomem(tmp, req)) {
2035 return;
2036 }
2037 state->msgs = tmp;
2038 state->msgs[num_msgs] = talloc_move(state->msgs, &msg);
2039 }
2040
2041 TLDAPRC tldap_search_all_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
2042 struct tldap_message ***msgs,
2043 struct tldap_message **result)
2044 {
2045 struct tldap_search_all_state *state = tevent_req_data(
2046 req, struct tldap_search_all_state);
2047 TLDAPRC rc;
2048
2049 if (tevent_req_is_ldap_error(req, &rc)) {
2050 return rc;
2051 }
2052
2053 if (msgs != NULL) {
2054 *msgs = talloc_move(mem_ctx, &state->msgs);
2055 }
2056 if (result != NULL) {
2057 *result = talloc_move(mem_ctx, &state->result);
2058 }
2059
2060 return TLDAP_SUCCESS;
2061 }
2062
2063 TLDAPRC tldap_search(struct tldap_context *ld,
2064 const char *base, int scope, const char *filter,
2065 const char **attrs, int num_attrs, int attrsonly,
2066 struct tldap_control *sctrls, int num_sctrls,
2067 struct tldap_control *cctrls, int num_cctrls,
2068 int timelimit, int sizelimit, int deref,
2069 TALLOC_CTX *mem_ctx, struct tldap_message ***pmsgs)
2070 {
2071 TALLOC_CTX *frame;
2072 struct tevent_context *ev;
2073 struct tevent_req *req;
2074 TLDAPRC rc = TLDAP_NO_MEMORY;
2075 struct tldap_message **msgs;
2076 struct tldap_message *result;
2077
2078 if (tldap_pending_reqs(ld)) {
2079 return TLDAP_BUSY;
2080 }
2081
2082 frame = talloc_stackframe();
2083
2084 ev = samba_tevent_context_init(frame);
2085 if (ev == NULL) {
2086 goto fail;
2087 }
2088 req = tldap_search_all_send(frame, ev, ld, base, scope, filter,
2089 attrs, num_attrs, attrsonly,
2090 sctrls, num_sctrls, cctrls, num_cctrls,
2091 timelimit, sizelimit, deref);
2092 if (req == NULL) {
2093 goto fail;
2094 }
2095 if (!tevent_req_poll(req, ev)) {
2096 rc = TLDAP_OPERATIONS_ERROR;
2097 goto fail;
2098 }
2099 rc = tldap_search_all_recv(req, frame, &msgs, &result);
2100 TALLOC_FREE(req);
2101 if (!TLDAP_RC_IS_SUCCESS(rc)) {
2102 goto fail;
2103 }
2104
2105 TALLOC_FREE(ld->last_msg);
2106 ld->last_msg = talloc_move(ld, &result);
2107
2108 if (pmsgs != NULL) {
2109 *pmsgs = talloc_move(mem_ctx, &msgs);
2110 }
2111 fail:
2112 TALLOC_FREE(frame);
2113 return rc;
2114 }
2115
2116 static bool tldap_parse_search_entry(struct tldap_message *msg)
2117 {
2118 int num_attribs = 0;
2119
2120 if (msg->type != TLDAP_RES_SEARCH_ENTRY) {
2121 return false;
2122 }
2123 if (!asn1_start_tag(msg->data, TLDAP_RES_SEARCH_ENTRY)) {
2124 return false;
2125 }
2126
2127 /* dn */
2128
2129 if (!asn1_read_OctetString_talloc(msg, msg->data, &msg->dn)) return false;
2130
2131 if (msg->dn == NULL) {
2132 return false;
2133 }
2134
2135 /*
2136 * Attributes: We overallocate msg->attribs by one, so that while
2137 * looping over the attributes we can directly parse into the last
2138 * array element. Same for the values in the inner loop.
2139 */
2140
2141 msg->attribs = talloc_array(msg, struct tldap_attribute, 1);
2142 if (msg->attribs == NULL) {
2143 return false;
2144 }
2145
2146 if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
2147 while (asn1_peek_tag(msg->data, ASN1_SEQUENCE(0))) {
2148 struct tldap_attribute *attrib;
2149 int num_values = 0;
2150
2151 attrib = &msg->attribs[num_attribs];
2152 attrib->values = talloc_array(msg->attribs, DATA_BLOB, 1);
2153 if (attrib->values == NULL) {
2154 return false;
2155 }
2156 if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
2157 if (!asn1_read_OctetString_talloc(msg->attribs, msg->data,
2158 &attrib->name)) return false;
2159 if (!asn1_start_tag(msg->data, ASN1_SET)) return false;
2160
2161 while (asn1_peek_tag(msg->data, ASN1_OCTET_STRING)) {
2162 if (!asn1_read_OctetString(msg->data, msg,
2163 &attrib->values[num_values])) return false;
2164
2165 attrib->values = talloc_realloc(
2166 msg->attribs, attrib->values, DATA_BLOB,
2167 num_values + 2);
2168 if (attrib->values == NULL) {
2169 return false;
2170 }
2171 num_values += 1;
2172 }
2173 attrib->values = talloc_realloc(msg->attribs, attrib->values,
2174 DATA_BLOB, num_values);
2175 attrib->num_values = num_values;
2176
2177 if (!asn1_end_tag(msg->data)) return false; /* ASN1_SET */
2178 if (!asn1_end_tag(msg->data)) return false; /* ASN1_SEQUENCE(0) */
2179 msg->attribs = talloc_realloc(
2180 msg, msg->attribs, struct tldap_attribute,
2181 num_attribs + 2);
2182 if (msg->attribs == NULL) {
2183 return false;
2184 }
2185 num_attribs += 1;
2186 }
2187 msg->attribs = talloc_realloc(
2188 msg, msg->attribs, struct tldap_attribute, num_attribs);
2189 return asn1_end_tag(msg->data);
2190 }
2191
2192 bool tldap_entry_dn(struct tldap_message *msg, char **dn)
2193 {
2194 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
2195 return false;
2196 }
2197 *dn = msg->dn;
2198 return true;
2199 }
2200
2201 bool tldap_entry_attributes(struct tldap_message *msg,
2202 struct tldap_attribute **attributes,
2203 int *num_attributes)
2204 {
2205 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
2206 return false;
2207 }
2208 *attributes = msg->attribs;
2209 *num_attributes = talloc_array_length(msg->attribs);
2210 return true;
2211 }
2212
2213 static bool tldap_decode_controls(struct tldap_req_state *state)
2214 {
2215 struct tldap_message *msg = state->result;
2216 struct asn1_data *data = msg->data;
2217 struct tldap_control *sctrls = NULL;
2218 int num_controls = 0;
2219 bool ret = false;
2220
2221 msg->res_sctrls = NULL;
2222
2223 if (!asn1_peek_tag(data, ASN1_CONTEXT(0))) {
2224 return true;
2225 }
2226
2227 if (!asn1_start_tag(data, ASN1_CONTEXT(0))) goto out;
2228
2229 while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
2230 struct tldap_control *c;
2231 char *oid = NULL;
2232
2233 sctrls = talloc_realloc(msg, sctrls, struct tldap_control,
2234 num_controls + 1);
2235 if (sctrls == NULL) {
2236 goto out;
2237 }
2238 c = &sctrls[num_controls];
2239
2240 if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto out;
2241 if (!asn1_read_OctetString_talloc(msg, data, &oid)) goto out;
2242 if (asn1_has_error(data) || (oid == NULL)) {
2243 goto out;
2244 }
2245 c->oid = oid;
2246 if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
2247 if (!asn1_read_BOOLEAN(data, &c->critical)) goto out;
2248 } else {
2249 c->critical = false;
2250 }
2251 c->value = data_blob_null;
2252 if (asn1_peek_tag(data, ASN1_OCTET_STRING) &&
2253 !asn1_read_OctetString(data, msg, &c->value)) {
2254 goto out;
2255 }
2256 if (!asn1_end_tag(data)) goto out; /* ASN1_SEQUENCE(0) */
2257
2258 num_controls += 1;
2259 }
2260
2261 if (!asn1_end_tag(data)) goto out; /* ASN1_CONTEXT(0) */
2262
2263 ret = true;
2264
2265 out:
2266
2267 if (ret) {
2268 msg->res_sctrls = sctrls;
2269 } else {
2270 TALLOC_FREE(sctrls);
2271 }
2272 return ret;
2273 }
2274
2275 static void tldap_simple_done(struct tevent_req *subreq, int type)
2276 {
2277 struct tevent_req *req = tevent_req_callback_data(
2278 subreq, struct tevent_req);
2279 struct tldap_req_state *state = tevent_req_data(
2280 req, struct tldap_req_state);
2281 TLDAPRC rc;
2282
2283 rc = tldap_msg_recv(subreq, state, &state->result);
2284 TALLOC_FREE(subreq);
2285 if (tevent_req_ldap_error(req, rc)) {
2286 return;
2287 }
2288 if (state->result->type != type) {
2289 tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
2290 return;
2291 }
2292 if (!asn1_start_tag(state->result->data, state->result->type) ||
2293 !tldap_decode_response(state) ||
2294 !asn1_end_tag(state->result->data) ||
2295 !tldap_decode_controls(state)) {
2296 tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
2297 return;
2298 }
2299 if (!TLDAP_RC_IS_SUCCESS(state->result->lderr)) {
2300 tevent_req_ldap_error(req, state->result->lderr);
2301 return;
2302 }
2303 tevent_req_done(req);
2304 }
2305
2306 static TLDAPRC tldap_simple_recv(struct tevent_req *req)
2307 {
2308 TLDAPRC rc;
2309 if (tevent_req_is_ldap_error(req, &rc)) {
2310 return rc;
2311 }
2312 return TLDAP_SUCCESS;
2313 }
2314
2315 static void tldap_add_done(struct tevent_req *subreq);
2316
2317 struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx,
2318 struct tevent_context *ev,
2319 struct tldap_context *ld,
2320 const char *dn,
2321 struct tldap_mod *attributes,
2322 int num_attributes,
2323 struct tldap_control *sctrls,
2324 int num_sctrls,
2325 struct tldap_control *cctrls,
2326 int num_cctrls)
2327 {
2328 struct tevent_req *req, *subreq;
2329 struct tldap_req_state *state;
2330 int i, j;
2331
2332 req = tldap_req_create(mem_ctx, ld, &state);
2333 if (req == NULL) {
2334 return NULL;
2335 }
2336
2337 if (!asn1_push_tag(state->out, TLDAP_REQ_ADD)) goto err;
2338 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
2339 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2340
2341 for (i=0; i<num_attributes; i++) {
2342 struct tldap_mod *attrib = &attributes[i];
2343 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2344 if (!asn1_write_OctetString(state->out, attrib->attribute,
2345 strlen(attrib->attribute))) goto err;
2346 if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
2347 for (j=0; j<attrib->num_values; j++) {
2348 if (!asn1_write_OctetString(state->out,
2349 attrib->values[j].data,
2350 attrib->values[j].length)) goto err;
2351 }
2352 if (!asn1_pop_tag(state->out)) goto err;
2353 if (!asn1_pop_tag(state->out)) goto err;
2354 }
2355
2356 if (!asn1_pop_tag(state->out)) goto err;
2357 if (!asn1_pop_tag(state->out)) goto err;
2358
2359 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2360 sctrls, num_sctrls);
2361 if (tevent_req_nomem(subreq, req)) {
2362 return tevent_req_post(req, ev);
2363 }
2364 tevent_req_set_callback(subreq, tldap_add_done, req);
2365 return req;
2366
2367 err:
2368
2369 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
2370 return tevent_req_post(req, ev);
2371 }
2372
2373 static void tldap_add_done(struct tevent_req *subreq)
2374 {
2375 tldap_simple_done(subreq, TLDAP_RES_ADD);
2376 }
2377
2378 TLDAPRC tldap_add_recv(struct tevent_req *req)
2379 {
2380 return tldap_simple_recv(req);
2381 }
2382
2383 TLDAPRC tldap_add(struct tldap_context *ld, const char *dn,
2384 struct tldap_mod *attributes, int num_attributes,
2385 struct tldap_control *sctrls, int num_sctrls,
2386 struct tldap_control *cctrls, int num_cctrls)
2387 {
2388 TALLOC_CTX *frame = talloc_stackframe();
2389 struct tevent_context *ev;
2390 struct tevent_req *req;
2391 TLDAPRC rc = TLDAP_NO_MEMORY;
2392
2393 ev = samba_tevent_context_init(frame);
2394 if (ev == NULL) {
2395 goto fail;
2396 }
2397 req = tldap_add_send(frame, ev, ld, dn, attributes, num_attributes,
2398 sctrls, num_sctrls, cctrls, num_cctrls);
2399 if (req == NULL) {
2400 goto fail;
2401 }
2402 if (!tevent_req_poll(req, ev)) {
2403 rc = TLDAP_OPERATIONS_ERROR;
2404 goto fail;
2405 }
2406 rc = tldap_add_recv(req);
2407 tldap_save_msg(ld, req);
2408 fail:
2409 TALLOC_FREE(frame);
2410 return rc;
2411 }
2412
2413 static void tldap_modify_done(struct tevent_req *subreq);
2414
2415 struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx,
2416 struct tevent_context *ev,
2417 struct tldap_context *ld,
2418 const char *dn,
2419 struct tldap_mod *mods, int num_mods,
2420 struct tldap_control *sctrls,
2421 int num_sctrls,
2422 struct tldap_control *cctrls,
2423 int num_cctrls)
2424 {
2425 struct tevent_req *req, *subreq;
2426 struct tldap_req_state *state;
2427 int i, j;
2428
2429 req = tldap_req_create(mem_ctx, ld, &state);
2430 if (req == NULL) {
2431 return NULL;
2432 }
2433
2434 if (!asn1_push_tag(state->out, TLDAP_REQ_MODIFY)) goto err;
2435 if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
2436 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2437
2438 for (i=0; i<num_mods; i++) {
2439 struct tldap_mod *mod = &mods[i];
2440 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2441 if (!asn1_write_enumerated(state->out, mod->mod_op)) goto err;
2442 if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
2443 if (!asn1_write_OctetString(state->out, mod->attribute,
2444 strlen(mod->attribute))) goto err;
2445 if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
2446 for (j=0; j<mod->num_values; j++) {
2447 if (!asn1_write_OctetString(state->out,
2448 mod->values[j].data,
2449 mod->values[j].length)) goto err;
2450 }
2451 if (!asn1_pop_tag(state->out)) goto err;
2452 if (!asn1_pop_tag(state->out)) goto err;
2453 if (!asn1_pop_tag(state->out)) goto err;
2454 }
2455
2456 if (!asn1_pop_tag(state->out)) goto err;
2457 if (!asn1_pop_tag(state->out)) goto err;
2458
2459 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2460 sctrls, num_sctrls);
2461 if (tevent_req_nomem(subreq, req)) {
2462 return tevent_req_post(req, ev);
2463 }
2464 tevent_req_set_callback(subreq, tldap_modify_done, req);
2465 return req;
2466
2467 err:
2468
2469 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
2470 return tevent_req_post(req, ev);
2471 }
2472
2473 static void tldap_modify_done(struct tevent_req *subreq)
2474 {
2475 tldap_simple_done(subreq, TLDAP_RES_MODIFY);
2476 }
2477
2478 TLDAPRC tldap_modify_recv(struct tevent_req *req)
2479 {
2480 return tldap_simple_recv(req);
2481 }
2482
2483 TLDAPRC tldap_modify(struct tldap_context *ld, const char *dn,
2484 struct tldap_mod *mods, int num_mods,
2485 struct tldap_control *sctrls, int num_sctrls,
2486 struct tldap_control *cctrls, int num_cctrls)
2487 {
2488 TALLOC_CTX *frame = talloc_stackframe();
2489 struct tevent_context *ev;
2490 struct tevent_req *req;
2491 TLDAPRC rc = TLDAP_NO_MEMORY;
2492
2493 ev = samba_tevent_context_init(frame);
2494 if (ev == NULL) {
2495 goto fail;
2496 }
2497 req = tldap_modify_send(frame, ev, ld, dn, mods, num_mods,
2498 sctrls, num_sctrls, cctrls, num_cctrls);
2499 if (req == NULL) {
2500 goto fail;
2501 }
2502 if (!tevent_req_poll(req, ev)) {
2503 rc = TLDAP_OPERATIONS_ERROR;
2504 goto fail;
2505 }
2506 rc = tldap_modify_recv(req);
2507 tldap_save_msg(ld, req);
2508 fail:
2509 TALLOC_FREE(frame);
2510 return rc;
2511 }
2512
2513 static void tldap_delete_done(struct tevent_req *subreq);
2514
2515 struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx,
2516 struct tevent_context *ev,
2517 struct tldap_context *ld,
2518 const char *dn,
2519 struct tldap_control *sctrls,
2520 int num_sctrls,
2521 struct tldap_control *cctrls,
2522 int num_cctrls)
2523 {
2524 struct tevent_req *req, *subreq;
2525 struct tldap_req_state *state;
2526
2527 req = tldap_req_create(mem_ctx, ld, &state);
2528 if (req == NULL) {
2529 return NULL;
2530 }
2531
2532 if (!asn1_push_tag(state->out, TLDAP_REQ_DELETE)) goto err;
2533 if (!asn1_write(state->out, dn, strlen(dn))) goto err;
2534 if (!asn1_pop_tag(state->out)) goto err;
2535
2536 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2537 sctrls, num_sctrls);
2538 if (tevent_req_nomem(subreq, req)) {
2539 return tevent_req_post(req, ev);
2540 }
2541 tevent_req_set_callback(subreq, tldap_delete_done, req);
2542 return req;
2543
2544 err:
2545
2546 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
2547 return tevent_req_post(req, ev);
2548 }
2549
2550 static void tldap_delete_done(struct tevent_req *subreq)
2551 {
2552 tldap_simple_done(subreq, TLDAP_RES_DELETE);
2553 }
2554
2555 TLDAPRC tldap_delete_recv(struct tevent_req *req)
2556 {
2557 return tldap_simple_recv(req);
2558 }
2559
2560 TLDAPRC tldap_delete(struct tldap_context *ld, const char *dn,
2561 struct tldap_control *sctrls, int num_sctrls,
2562 struct tldap_control *cctrls, int num_cctrls)
2563 {
2564 TALLOC_CTX *frame = talloc_stackframe();
2565 struct tevent_context *ev;
2566 struct tevent_req *req;
2567 TLDAPRC rc = TLDAP_NO_MEMORY;
2568
2569 ev = samba_tevent_context_init(frame);
2570 if (ev == NULL) {
2571 goto fail;
2572 }
2573 req = tldap_delete_send(frame, ev, ld, dn, sctrls, num_sctrls,
2574 cctrls, num_cctrls);
2575 if (req == NULL) {
2576 goto fail;
2577 }
2578 if (!tevent_req_poll(req, ev)) {
2579 rc = TLDAP_OPERATIONS_ERROR;
2580 goto fail;
2581 }
2582 rc = tldap_delete_recv(req);
2583 tldap_save_msg(ld, req);
2584 fail:
2585 TALLOC_FREE(frame);
2586 return rc;
2587 }
2588
2589 static void tldap_extended_done(struct tevent_req *subreq);
2590
2591 struct tevent_req *tldap_extended_send(TALLOC_CTX *mem_ctx,
2592 struct tevent_context *ev,
2593 struct tldap_context *ld,
2594 const char *in_oid,
2595 const DATA_BLOB *in_blob,
2596 struct tldap_control *sctrls,
2597 int num_sctrls,
2598 struct tldap_control *cctrls,
2599 int num_cctrls)
2600 {
2601 struct tevent_req *req, *subreq;
2602 struct tldap_req_state *state;
2603
2604 req = tldap_req_create(mem_ctx, ld, &state);
2605 if (req == NULL) {
2606 return NULL;
2607 }
2608
2609 if (!asn1_push_tag(state->out, TLDAP_REQ_EXTENDED)) goto err;
2610
2611 if (!asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0))) goto err;
2612 if (!asn1_write(state->out, in_oid, strlen(in_oid))) goto err;
2613 if (!asn1_pop_tag(state->out)) goto err;
2614
2615 if (in_blob != NULL) {
2616 if (!asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(1))) goto err;
2617 if (!asn1_write_OctetString(state->out, in_blob->data, in_blob->length)) goto err;
2618 if (!asn1_pop_tag(state->out)) goto err;
2619 }
2620
2621 if (!asn1_pop_tag(state->out)) goto err;
2622
2623 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
2624 sctrls, num_sctrls);
2625 if (tevent_req_nomem(subreq, req)) {
2626 return tevent_req_post(req, ev);
2627 }
2628 tevent_req_set_callback(subreq, tldap_extended_done, req);
2629 return req;
2630
2631 err:
2632
2633 tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
2634 return tevent_req_post(req, ev);
2635 }
2636
2637 static void tldap_extended_done(struct tevent_req *subreq)
2638 {
2639 struct tevent_req *req = tevent_req_callback_data(
2640 subreq, struct tevent_req);
2641 struct tldap_req_state *state = tevent_req_data(
2642 req, struct tldap_req_state);
2643 TLDAPRC rc;
2644 bool ok;
2645
2646 rc = tldap_msg_recv(subreq, state, &state->result);
2647 TALLOC_FREE(subreq);
2648 if (tevent_req_ldap_error(req, rc)) {
2649 return;
2650 }
2651 if (state->result->type != TLDAP_RES_EXTENDED) {
2652 tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
2653 return;
2654 }
2655
2656 ok = asn1_start_tag(state->result->data, TLDAP_RES_EXTENDED);
2657 ok &= tldap_decode_response(state);
2658
2659 if (asn1_peek_tag(state->result->data, ASN1_CONTEXT_SIMPLE(10))) {
2660 ok &= asn1_start_tag(state->result->data,
2661 ASN1_CONTEXT_SIMPLE(10));
2662 if (!ok) {
2663 goto decode_error;
2664 }
2665
2666 ok &= asn1_read_LDAPString(state->result->data,
2667 state->result,
2668 &state->result->res_extended.oid);
2669
2670 ok &= asn1_end_tag(state->result->data);
2671 }
2672
2673 if (asn1_peek_tag(state->result->data, ASN1_CONTEXT_SIMPLE(11))) {
2674 int len;
2675
2676 ok &= asn1_start_tag(state->result->data,
2677 ASN1_CONTEXT_SIMPLE(11));
2678 if (!ok) {
2679 goto decode_error;
2680 }
2681
2682 len = asn1_tag_remaining(state->result->data);
2683 if (len == -1) {
2684 goto decode_error;
2685 }
2686
2687 state->result->res_extended.blob =
2688 data_blob_talloc(state->result, NULL, len);
2689 if (state->result->res_extended.blob.data == NULL) {
2690 goto decode_error;
2691 }
2692
2693 ok = asn1_read(state->result->data,
2694 state->result->res_extended.blob.data,
2695 state->result->res_extended.blob.length);
2696
2697 ok &= asn1_end_tag(state->result->data);
2698 }
2699
2700 ok &= asn1_end_tag(state->result->data);
2701
2702 if (!ok) {
2703 goto decode_error;
2704 }
2705
2706 if (!TLDAP_RC_IS_SUCCESS(state->result->lderr)) {
2707 tevent_req_ldap_error(req, state->result->lderr);
2708 return;
2709 }
2710 tevent_req_done(req);
2711 return;
2712
2713 decode_error:
2714 tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
2715 return;
2716 }
2717
2718 TLDAPRC tldap_extended_recv(struct tevent_req *req,
2719 TALLOC_CTX *mem_ctx,
2720 char **out_oid,
2721 DATA_BLOB *out_blob)
2722 {
2723 struct tldap_req_state *state = tevent_req_data(
2724 req, struct tldap_req_state);
2725 TLDAPRC rc;
2726
2727 if (tevent_req_is_ldap_error(req, &rc)) {
2728 return rc;
2729 }
2730
2731 if (out_oid != NULL) {
2732 *out_oid = talloc_move(mem_ctx,
2733 &state->result->res_extended.oid);
2734 }
2735
2736 if (out_blob != NULL) {
2737 out_blob->data = talloc_move(mem_ctx,
2738 &state->result->res_extended.blob.data);
2739 out_blob->length =
2740 state->result->res_extended.blob.length;
2741 }
2742
2743 return state->result->lderr;
2744 }
2745
2746 TLDAPRC tldap_extended(struct tldap_context *ld,
2747 const char *in_oid,
2748 const DATA_BLOB *in_blob,
2749 struct tldap_control *sctrls,
2750 int num_sctrls,
2751 struct tldap_control *cctrls,
2752 int num_cctrls,
2753 TALLOC_CTX *mem_ctx,
2754 char **out_oid,
2755 DATA_BLOB *out_blob)
2756 {
2757 TALLOC_CTX *frame = talloc_stackframe();
2758 struct tevent_context *ev;
2759 struct tevent_req *req;
2760 TLDAPRC rc = TLDAP_NO_MEMORY;
2761
2762 ev = samba_tevent_context_init(frame);
2763 if (ev == NULL) {
2764 goto fail;
2765 }
2766 req = tldap_extended_send(frame, ev, ld,
2767 in_oid, in_blob,
2768 sctrls, num_sctrls,
2769 cctrls, num_cctrls);
2770 if (req == NULL) {
2771 goto fail;
2772 }
2773 if (!tevent_req_poll(req, ev)) {
2774 rc = TLDAP_OPERATIONS_ERROR;
2775 goto fail;
2776 }
2777 rc = tldap_extended_recv(req, mem_ctx, out_oid, out_blob);
2778 tldap_save_msg(ld, req);
2779 fail:
2780 TALLOC_FREE(frame);
2781 return rc;
2782 }
2783
2784 int tldap_msg_id(const struct tldap_message *msg)
2785 {
2786 return msg->id;
2787 }
2788
2789 int tldap_msg_type(const struct tldap_message *msg)
2790 {
2791 return msg->type;
2792 }
2793
2794 const char *tldap_msg_matcheddn(struct tldap_message *msg)
2795 {
2796 if (msg == NULL) {
2797 return NULL;
2798 }
2799 return msg->res_matcheddn;
2800 }
2801
2802 const char *tldap_msg_diagnosticmessage(struct tldap_message *msg)
2803 {
2804 if (msg == NULL) {
2805 return NULL;
2806 }
2807 return msg->res_diagnosticmessage;
2808 }
2809
2810 const char *tldap_msg_referral(struct tldap_message *msg)
2811 {
2812 if (msg == NULL) {
2813 return NULL;
2814 }
2815 return msg->res_referral;
2816 }
2817
2818 void tldap_msg_sctrls(struct tldap_message *msg, int *num_sctrls,
2819 struct tldap_control **sctrls)
2820 {
2821 if (msg == NULL) {
2822 *sctrls = NULL;
2823 *num_sctrls = 0;
2824 return;
2825 }
2826 *sctrls = msg->res_sctrls;
2827 *num_sctrls = talloc_array_length(msg->res_sctrls);
2828 }
2829
2830 struct tldap_message *tldap_ctx_lastmsg(struct tldap_context *ld)
2831 {
2832 return ld->last_msg;
2833 }
2834
2835 static const struct { TLDAPRC rc; const char *string; } tldaprc_errmap[] =
2836 {
2837 { TLDAP_SUCCESS,
2838 "TLDAP_SUCCESS" },
2839 { TLDAP_OPERATIONS_ERROR,
2840 "TLDAP_OPERATIONS_ERROR" },
2841 { TLDAP_PROTOCOL_ERROR,
2842 "TLDAP_PROTOCOL_ERROR" },
2843 { TLDAP_TIMELIMIT_EXCEEDED,
2844 "TLDAP_TIMELIMIT_EXCEEDED" },
2845 { TLDAP_SIZELIMIT_EXCEEDED,
2846 "TLDAP_SIZELIMIT_EXCEEDED" },
2847 { TLDAP_COMPARE_FALSE,
2848 "TLDAP_COMPARE_FALSE" },
2849 { TLDAP_COMPARE_TRUE,
2850 "TLDAP_COMPARE_TRUE" },
2851 { TLDAP_STRONG_AUTH_NOT_SUPPORTED,
2852 "TLDAP_STRONG_AUTH_NOT_SUPPORTED" },
2853 { TLDAP_STRONG_AUTH_REQUIRED,
2854 "TLDAP_STRONG_AUTH_REQUIRED" },
2855 { TLDAP_REFERRAL,
2856 "TLDAP_REFERRAL" },
2857 { TLDAP_ADMINLIMIT_EXCEEDED,
2858 "TLDAP_ADMINLIMIT_EXCEEDED" },
2859 { TLDAP_UNAVAILABLE_CRITICAL_EXTENSION,
2860 "TLDAP_UNAVAILABLE_CRITICAL_EXTENSION" },
2861 { TLDAP_CONFIDENTIALITY_REQUIRED,
2862 "TLDAP_CONFIDENTIALITY_REQUIRED" },
2863 { TLDAP_SASL_BIND_IN_PROGRESS,
2864 "TLDAP_SASL_BIND_IN_PROGRESS" },
2865 { TLDAP_NO_SUCH_ATTRIBUTE,
2866 "TLDAP_NO_SUCH_ATTRIBUTE" },
2867 { TLDAP_UNDEFINED_TYPE,
2868 "TLDAP_UNDEFINED_TYPE" },
2869 { TLDAP_INAPPROPRIATE_MATCHING,
2870 "TLDAP_INAPPROPRIATE_MATCHING" },
2871 { TLDAP_CONSTRAINT_VIOLATION,
2872 "TLDAP_CONSTRAINT_VIOLATION" },
2873 { TLDAP_TYPE_OR_VALUE_EXISTS,
2874 "TLDAP_TYPE_OR_VALUE_EXISTS" },
2875 { TLDAP_INVALID_SYNTAX,
2876 "TLDAP_INVALID_SYNTAX" },
2877 { TLDAP_NO_SUCH_OBJECT,
2878 "TLDAP_NO_SUCH_OBJECT" },
2879 { TLDAP_ALIAS_PROBLEM,
2880 "TLDAP_ALIAS_PROBLEM" },
2881 { TLDAP_INVALID_DN_SYNTAX,
2882 "TLDAP_INVALID_DN_SYNTAX" },
2883 { TLDAP_IS_LEAF,
2884 "TLDAP_IS_LEAF" },
2885 { TLDAP_ALIAS_DEREF_PROBLEM,
2886 "TLDAP_ALIAS_DEREF_PROBLEM" },
2887 { TLDAP_INAPPROPRIATE_AUTH,
2888 "TLDAP_INAPPROPRIATE_AUTH" },
2889 { TLDAP_INVALID_CREDENTIALS,
2890 "TLDAP_INVALID_CREDENTIALS" },
2891 { TLDAP_INSUFFICIENT_ACCESS,
2892 "TLDAP_INSUFFICIENT_ACCESS" },
2893 { TLDAP_BUSY,
2894 "TLDAP_BUSY" },
2895 { TLDAP_UNAVAILABLE,
2896 "TLDAP_UNAVAILABLE" },
2897 { TLDAP_UNWILLING_TO_PERFORM,
2898 "TLDAP_UNWILLING_TO_PERFORM" },
2899 { TLDAP_LOOP_DETECT,
2900 "TLDAP_LOOP_DETECT" },
2901 { TLDAP_NAMING_VIOLATION,
2902 "TLDAP_NAMING_VIOLATION" },
2903 { TLDAP_OBJECT_CLASS_VIOLATION,
2904 "TLDAP_OBJECT_CLASS_VIOLATION" },
2905 { TLDAP_NOT_ALLOWED_ON_NONLEAF,
2906 "TLDAP_NOT_ALLOWED_ON_NONLEAF" },
2907 { TLDAP_NOT_ALLOWED_ON_RDN,
2908 "TLDAP_NOT_ALLOWED_ON_RDN" },
2909 { TLDAP_ALREADY_EXISTS,
2910 "TLDAP_ALREADY_EXISTS" },
2911 { TLDAP_NO_OBJECT_CLASS_MODS,
2912 "TLDAP_NO_OBJECT_CLASS_MODS" },
2913 { TLDAP_RESULTS_TOO_LARGE,
2914 "TLDAP_RESULTS_TOO_LARGE" },
2915 { TLDAP_AFFECTS_MULTIPLE_DSAS,
2916 "TLDAP_AFFECTS_MULTIPLE_DSAS" },
2917 { TLDAP_OTHER,
2918 "TLDAP_OTHER" },
2919 { TLDAP_SERVER_DOWN,
2920 "TLDAP_SERVER_DOWN" },
2921 { TLDAP_LOCAL_ERROR,
2922 "TLDAP_LOCAL_ERROR" },
2923 { TLDAP_ENCODING_ERROR,
2924 "TLDAP_ENCODING_ERROR" },
2925 { TLDAP_DECODING_ERROR,
2926 "TLDAP_DECODING_ERROR" },
2927 { TLDAP_TIMEOUT,
2928 "TLDAP_TIMEOUT" },
2929 { TLDAP_AUTH_UNKNOWN,
2930 "TLDAP_AUTH_UNKNOWN" },
2931 { TLDAP_FILTER_ERROR,
2932 "TLDAP_FILTER_ERROR" },
2933 { TLDAP_USER_CANCELLED,
2934 "TLDAP_USER_CANCELLED" },
2935 { TLDAP_PARAM_ERROR,
2936 "TLDAP_PARAM_ERROR" },
2937 { TLDAP_NO_MEMORY,
2938 "TLDAP_NO_MEMORY" },
2939 { TLDAP_CONNECT_ERROR,
2940 "TLDAP_CONNECT_ERROR" },
2941 { TLDAP_NOT_SUPPORTED,
2942 "TLDAP_NOT_SUPPORTED" },
2943 { TLDAP_CONTROL_NOT_FOUND,
2944 "TLDAP_CONTROL_NOT_FOUND" },
2945 { TLDAP_NO_RESULTS_RETURNED,
2946 "TLDAP_NO_RESULTS_RETURNED" },
2947 { TLDAP_MORE_RESULTS_TO_RETURN,
2948 "TLDAP_MORE_RESULTS_TO_RETURN" },
2949 { TLDAP_CLIENT_LOOP,
2950 "TLDAP_CLIENT_LOOP" },
2951 { TLDAP_REFERRAL_LIMIT_EXCEEDED,
2952 "TLDAP_REFERRAL_LIMIT_EXCEEDED" },
2953 };
2954
2955 const char *tldap_rc2string(TLDAPRC rc)
2956 {
2957 size_t i;
2958
2959 for (i=0; i<ARRAY_SIZE(tldaprc_errmap); i++) {
2960 if (TLDAP_RC_EQUAL(rc, tldaprc_errmap[i].rc)) {
2961 return tldaprc_errmap[i].string;
2962 }
2963 }
2964
2965 return "Unknown LDAP Error";
2966 }
Samba git mirror