2 Unix SMB/CIFS implementation.
3 Infrastructure for async ldap client requests
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 static bool tevent_req_is_ldap_error(struct tevent_req *req, int *perr)
24 enum tevent_req_state state;
27 if (!tevent_req_is_error(req, &state, &err)) {
31 case TEVENT_REQ_TIMED_OUT:
32 *perr = TLDAP_TIMEOUT;
34 case TEVENT_REQ_NO_MEMORY:
35 *perr = TLDAP_NO_MEMORY;
37 case TEVENT_REQ_USER_ERROR:
41 *perr = TLDAP_OPERATIONS_ERROR;
47 struct tldap_context {
54 struct tevent_queue *outgoing;
55 struct tevent_req **pending;
57 /* For the sync wrappers we need something like get_last_error... */
60 char *res_diagnosticmessage;
64 struct tldap_message {
65 struct asn1_data *data;
72 struct tldap_attribute *attribs;
75 static int tldap_next_msgid(struct tldap_context *ld)
80 if (ld->msgid == 2147483647) {
86 struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd)
88 struct tldap_context *ctx;
90 ctx = talloc_zero(mem_ctx, struct tldap_context);
97 ctx->outgoing = tevent_queue_create(ctx, "tldap_outgoing");
98 if (ctx->outgoing == NULL) {
105 struct read_ldap_state {
110 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data)
112 struct read_ldap_state *state = talloc_get_type_abort(
113 private_data, struct read_ldap_state);
118 /* We've been here, we're done */
123 * From ldap.h: LDAP_TAG_MESSAGE is 0x30
125 if (buf[0] != 0x30) {
130 if ((len & 0x80) == 0) {
135 lensize = (len & 0x7f);
139 /* Please get us the full length */
142 if (buflen > 2 + lensize) {
146 if (buflen != 2 + lensize) {
150 for (i=0; i<lensize; i++) {
151 len = (len << 8) | buf[2+i];
156 static void read_ldap_done(struct tevent_req *subreq);
158 static struct tevent_req *read_ldap_send(TALLOC_CTX *mem_ctx,
159 struct tevent_context *ev,
162 struct tevent_req *req, *subreq;
163 struct read_ldap_state *state;
165 req = tevent_req_create(mem_ctx, &state, struct read_ldap_state);
171 subreq = read_packet_send(state, ev, fd, 2, read_ldap_more, state);
172 if (tevent_req_nomem(subreq, req)) {
173 return tevent_req_post(req, ev);
175 tevent_req_set_callback(subreq, read_ldap_done, req);
179 static void read_ldap_done(struct tevent_req *subreq)
181 struct tevent_req *req = tevent_req_callback_data(
182 subreq, struct tevent_req);
183 struct read_ldap_state *state = tevent_req_data(
184 req, struct read_ldap_state);
188 nread = read_packet_recv(subreq, state, &state->buf, &err);
191 tevent_req_error(req, err);
194 tevent_req_done(req);
197 static ssize_t read_ldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
198 uint8_t **pbuf, int *perrno)
200 struct read_ldap_state *state = tevent_req_data(
201 req, struct read_ldap_state);
203 if (tevent_req_is_unix_error(req, perrno)) {
206 *pbuf = talloc_move(mem_ctx, &state->buf);
207 return talloc_get_size(*pbuf);
210 static bool asn1_blob(const struct asn1_data *asn1, DATA_BLOB *blob)
212 if (asn1->has_error) {
215 if (asn1->nesting != NULL) {
218 blob->data = asn1->data;
219 blob->length = asn1->length;
223 static void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len)
230 struct tldap_msg_state {
231 struct tldap_context *ld;
232 struct tevent_context *ev;
236 struct asn1_data *data;
240 static void tldap_msg_sent(struct tevent_req *subreq);
241 static void tldap_msg_received(struct tevent_req *subreq);
243 static struct tevent_req *tldap_msg_send(TALLOC_CTX *mem_ctx,
244 struct tevent_context *ev,
245 struct tldap_context *ld,
246 int id, struct asn1_data *data)
248 struct tevent_req *req, *subreq;
249 struct tldap_msg_state *state;
252 req = tevent_req_create(mem_ctx, &state, struct tldap_msg_state);
262 if (!asn1_blob(data, &blob)) {
263 tevent_req_error(req, TLDAP_ENCODING_ERROR);
264 return tevent_req_post(req, ev);
267 state->iov.iov_base = blob.data;
268 state->iov.iov_len = blob.length;
270 subreq = writev_send(state, ev, ld->outgoing, ld->fd, false,
272 if (tevent_req_nomem(subreq, req)) {
273 return tevent_req_post(req, ev);
275 tevent_req_set_callback(subreq, tldap_msg_sent, req);
279 static void tldap_msg_unset_pending(struct tevent_req *req)
281 struct tldap_msg_state *state = tevent_req_data(
282 req, struct tldap_msg_state);
283 struct tldap_context *ld = state->ld;
284 int num_pending = talloc_array_length(ld->pending);
287 if (num_pending == 1) {
288 TALLOC_FREE(ld->pending);
292 for (i=0; i<num_pending; i++) {
293 if (req == ld->pending[i]) {
297 if (i == num_pending) {
299 * Something's seriously broken. Just returning here is the
300 * right thing nevertheless, the point of this routine is to
301 * remove ourselves from cli->pending.
307 * Remove ourselves from the cli->pending array
309 if (num_pending > 1) {
310 ld->pending[i] = ld->pending[num_pending-1];
314 * No NULL check here, we're shrinking by sizeof(void *), and
315 * talloc_realloc just adjusts the size for this.
317 ld->pending = talloc_realloc(NULL, ld->pending, struct tevent_req *,
322 static int tldap_msg_destructor(struct tevent_req *req)
324 tldap_msg_unset_pending(req);
328 static bool tldap_msg_set_pending(struct tevent_req *req)
330 struct tldap_msg_state *state = tevent_req_data(
331 req, struct tldap_msg_state);
332 struct tldap_context *ld;
333 struct tevent_req **pending;
335 struct tevent_req *subreq;
338 num_pending = talloc_array_length(ld->pending);
340 pending = talloc_realloc(ld, ld->pending, struct tevent_req *,
342 if (pending == NULL) {
345 pending[num_pending] = req;
346 ld->pending = pending;
347 talloc_set_destructor(req, tldap_msg_destructor);
349 if (num_pending > 0) {
354 * We're the first ones, add the read_ldap request that waits for the
355 * answer from the server
357 subreq = read_ldap_send(ld->pending, state->ev, ld->fd);
358 if (subreq == NULL) {
359 tldap_msg_unset_pending(req);
362 tevent_req_set_callback(subreq, tldap_msg_received, ld);
366 static void tldap_msg_sent(struct tevent_req *subreq)
368 struct tevent_req *req = tevent_req_callback_data(
369 subreq, struct tevent_req);
373 nwritten = writev_recv(subreq, &err);
375 if (nwritten == -1) {
376 tevent_req_error(req, TLDAP_SERVER_DOWN);
380 if (!tldap_msg_set_pending(req)) {
381 tevent_req_nomem(NULL, req);
386 static int tldap_msg_msgid(struct tevent_req *req)
388 struct tldap_msg_state *state = tevent_req_data(
389 req, struct tldap_msg_state);
394 static void tldap_msg_received(struct tevent_req *subreq)
396 struct tldap_context *ld = tevent_req_callback_data(
397 subreq, struct tldap_context);
398 struct tevent_req *req;
399 struct tldap_msg_state *state;
400 struct tevent_context *ev;
401 struct asn1_data *data;
409 received = read_ldap_recv(subreq, talloc_tos(), &inbuf, &err);
411 if (received == -1) {
412 status = TLDAP_SERVER_DOWN;
416 data = asn1_init(talloc_tos());
418 status = TLDAP_NO_MEMORY;
421 asn1_load_nocopy(data, inbuf, received);
424 ok &= asn1_start_tag(data, ASN1_SEQUENCE(0));
425 ok &= asn1_read_Integer(data, &id);
428 status = TLDAP_PROTOCOL_ERROR;
432 num_pending = talloc_array_length(ld->pending);
434 for (i=0; i<num_pending; i++) {
435 if (id == tldap_msg_msgid(ld->pending[i])) {
439 if (i == num_pending) {
440 /* Dump unexpected reply */
445 req = ld->pending[i];
446 state = tevent_req_data(req, struct tldap_msg_state);
448 state->inbuf = talloc_move(state, &inbuf);
449 state->data = talloc_move(state, &data);
453 talloc_set_destructor(req, NULL);
454 tldap_msg_destructor(req);
455 tevent_req_done(req);
458 if (talloc_array_length(ld->pending) > 0) {
459 state = tevent_req_data(ld->pending[0],
460 struct tldap_msg_state);
461 subreq = read_ldap_send(ld->pending, state->ev, ld->fd);
462 if (subreq == NULL) {
463 status = TLDAP_NO_MEMORY;
466 tevent_req_set_callback(subreq, tldap_msg_received, ld);
471 while (talloc_array_length(ld->pending) > 0) {
472 req = ld->pending[0];
473 talloc_set_destructor(req, NULL);
474 tldap_msg_destructor(req);
475 tevent_req_error(req, status);
479 static int tldap_msg_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
480 struct tldap_message **pmsg)
482 struct tldap_msg_state *state = tevent_req_data(
483 req, struct tldap_msg_state);
484 struct tldap_message *msg;
488 if (tevent_req_is_ldap_error(req, &err)) {
492 if (!asn1_peek_uint8(state->data, &msgtype)) {
493 return TLDAP_PROTOCOL_ERROR;
497 return TLDAP_SUCCESS;
500 msg = talloc_zero(mem_ctx, struct tldap_message);
502 return TLDAP_NO_MEMORY;
506 msg->inbuf = talloc_move(msg, &state->inbuf);
507 msg->data = talloc_move(msg, &state->data);
511 return TLDAP_SUCCESS;
514 struct tldap_req_state {
516 struct asn1_data *out;
517 struct tldap_message *result;
521 char *res_diagnosticmessage;
525 static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
526 struct tldap_context *ld,
527 struct tldap_req_state **pstate)
529 struct tevent_req *req;
530 struct tldap_req_state *state;
532 req = tevent_req_create(mem_ctx, &state, struct tldap_req_state);
537 state->out = asn1_init(state);
538 if (state->out == NULL) {
542 state->result = NULL;
543 state->id = tldap_next_msgid(ld);
545 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
546 asn1_write_Integer(state->out, state->id);
552 static void tldap_save_errors(struct tldap_context *ctx,
553 struct tevent_req *req)
555 struct tldap_req_state *state = tevent_req_data(
556 req, struct tldap_req_state);
558 TALLOC_FREE(ctx->res_matcheddn);
559 TALLOC_FREE(ctx->res_diagnosticmessage);
560 TALLOC_FREE(ctx->res_referral);
562 ctx->lderr = state->lderr;
563 ctx->res_matcheddn = talloc_move(ctx, &state->res_matcheddn);
564 ctx->res_diagnosticmessage = talloc_move(
565 ctx, &state->res_diagnosticmessage);
566 ctx->res_referral = talloc_move(ctx, &state->res_referral);
569 static char *blob2string_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob)
571 char *result = talloc_array(mem_ctx, char, blob.length+1);
572 memcpy(result, blob.data, blob.length);
573 result[blob.length] = '\0';
577 static bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
578 struct asn1_data *data,
582 if (!asn1_read_OctetString(data, mem_ctx, &string))
584 *result = blob2string_talloc(mem_ctx, string);
585 data_blob_free(&string);
589 static bool tldap_decode_response(struct tldap_req_state *state)
591 struct asn1_data *data = state->result->data;
594 ok &= asn1_read_enumerated(data, &state->lderr);
595 ok &= asn1_read_OctetString_talloc(state, data, &state->res_matcheddn);
596 ok &= asn1_read_OctetString_talloc(state, data,
597 &state->res_diagnosticmessage);
598 if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
599 ok &= asn1_start_tag(data, ASN1_CONTEXT(3));
600 ok &= asn1_read_OctetString_talloc(
601 state, data, &state->res_referral);
602 ok &= asn1_end_tag(data);
604 state->res_referral = NULL;
610 static void tldap_sasl_bind_done(struct tevent_req *subreq);
612 struct tevent_req *tldap_sasl_bind_send(TALLOC_CTX *mem_ctx,
613 struct tevent_context *ev,
614 struct tldap_context *ld,
616 const char *mechanism,
618 struct tldap_control **sctrls,
619 struct tldap_control **cctrls)
621 struct tevent_req *req, *subreq;
622 struct tldap_req_state *state;
624 req = tldap_req_create(mem_ctx, ld, &state);
633 asn1_push_tag(state->out, TLDAP_REQ_BIND);
634 asn1_write_Integer(state->out, ld->ld_version);
635 asn1_write_OctetString(state->out, dn, (dn != NULL) ? strlen(dn) : 0);
637 if (mechanism == NULL) {
638 asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0));
639 asn1_write(state->out, creds->data, creds->length);
640 asn1_pop_tag(state->out);
642 asn1_push_tag(state->out, ASN1_CONTEXT(3));
643 asn1_write_OctetString(state->out, mechanism,
645 if ((creds != NULL) && (creds->data != NULL)) {
646 asn1_write_OctetString(state->out, creds->data,
649 asn1_pop_tag(state->out);
652 if (!asn1_pop_tag(state->out)) {
653 tevent_req_error(req, TLDAP_ENCODING_ERROR);
654 return tevent_req_post(req, ev);
657 subreq = tldap_msg_send(state, ev, ld, state->id, state->out);
658 if (tevent_req_nomem(subreq, req)) {
659 return tevent_req_post(req, ev);
661 tevent_req_set_callback(subreq, tldap_sasl_bind_done, req);
665 static void tldap_sasl_bind_done(struct tevent_req *subreq)
667 struct tevent_req *req = tevent_req_callback_data(
668 subreq, struct tevent_req);
669 struct tldap_req_state *state = tevent_req_data(
670 req, struct tldap_req_state);
673 err = tldap_msg_recv(subreq, state, &state->result);
675 if (err != TLDAP_SUCCESS) {
676 tevent_req_error(req, err);
679 if (state->result->type != TLDAP_RES_BIND) {
680 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
683 if (!asn1_start_tag(state->result->data, state->result->type) ||
684 !tldap_decode_response(state) ||
685 !asn1_end_tag(state->result->data)) {
686 tevent_req_error(req, TLDAP_DECODING_ERROR);
690 * TODO: pull the reply blob
692 if (state->lderr != TLDAP_SUCCESS) {
693 tevent_req_error(req, state->lderr);
696 tevent_req_done(req);
699 int tldap_sasl_bind_recv(struct tevent_req *req)
703 if (tevent_req_is_ldap_error(req, &err)) {
706 return TLDAP_SUCCESS;
709 int tldap_sasl_bind(struct tldap_context *ld,
711 const char *mechanism,
713 struct tldap_control **sctrls,
714 struct tldap_control **cctrls)
716 TALLOC_CTX *frame = talloc_stackframe();
717 struct tevent_context *ev;
718 struct tevent_req *req;
721 ev = event_context_init(frame);
723 result = TLDAP_NO_MEMORY;
727 req = tldap_sasl_bind_send(frame, ev, ld, dn, mechanism, creds,
730 result = TLDAP_NO_MEMORY;
734 if (!tevent_req_poll(req, ev)) {
735 result = TLDAP_OPERATIONS_ERROR;
739 result = tldap_sasl_bind_recv(req);
740 tldap_save_errors(ld, req);
746 struct tevent_req *tldap_simple_bind_send(TALLOC_CTX *mem_ctx,
747 struct tevent_context *ev,
748 struct tldap_context *ld,
754 if (passwd != NULL) {
755 cred.data = (uint8_t *)passwd;
756 cred.length = strlen(passwd);
758 cred.data = (uint8_t *)"";
761 return tldap_sasl_bind_send(mem_ctx, ev, ld, dn, NULL, &cred, NULL,
765 int tldap_simple_bind_recv(struct tevent_req *req)
767 return tldap_sasl_bind_recv(req);
770 int tldap_simple_bind(struct tldap_context *ld, const char *dn,
775 if (passwd != NULL) {
776 cred.data = (uint8_t *)passwd;
777 cred.length = strlen(passwd);
779 cred.data = (uint8_t *)"";
782 return tldap_sasl_bind(ld, dn, NULL, &cred, NULL, NULL);
785 /*****************************************************************************/
788 * This piece has a dependency on ldb, the ldb_parse_tree() function is used.
789 * In case we want to separate out tldap, we need to copy or rewrite it.
792 #include "lib/ldb/include/ldb.h"
793 #include "lib/ldb/include/ldb_errors.h"
795 static bool ldap_push_filter(struct asn1_data *data,
796 struct ldb_parse_tree *tree)
800 switch (tree->operation) {
804 ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1));
805 for (i=0; i<tree->u.list.num_elements; i++) {
806 if (!ldap_push_filter(data,
807 tree->u.list.elements[i])) {
815 asn1_push_tag(data, ASN1_CONTEXT(2));
816 if (!ldap_push_filter(data, tree->u.isnot.child)) {
822 case LDB_OP_EQUALITY:
824 asn1_push_tag(data, ASN1_CONTEXT(3));
825 asn1_write_OctetString(data, tree->u.equality.attr,
826 strlen(tree->u.equality.attr));
827 asn1_write_OctetString(data, tree->u.equality.value.data,
828 tree->u.equality.value.length);
832 case LDB_OP_SUBSTRING:
834 SubstringFilter ::= SEQUENCE {
835 type AttributeDescription,
836 -- at least one must be present
837 substrings SEQUENCE OF CHOICE {
838 initial [0] LDAPString,
840 final [2] LDAPString } }
842 asn1_push_tag(data, ASN1_CONTEXT(4));
843 asn1_write_OctetString(data, tree->u.substring.attr,
844 strlen(tree->u.substring.attr));
845 asn1_push_tag(data, ASN1_SEQUENCE(0));
847 if (!tree->u.substring.start_with_wildcard) {
848 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
849 asn1_write_DATA_BLOB_LDAPString(
850 data, tree->u.substring.chunks[i]);
854 while (tree->u.substring.chunks[i]) {
857 if ((!tree->u.substring.chunks[i + 1]) &&
858 (tree->u.substring.end_with_wildcard == 0)) {
863 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
864 asn1_write_DATA_BLOB_LDAPString(
865 data, tree->u.substring.chunks[i]);
874 /* greaterOrEqual test */
875 asn1_push_tag(data, ASN1_CONTEXT(5));
876 asn1_write_OctetString(data, tree->u.comparison.attr,
877 strlen(tree->u.comparison.attr));
878 asn1_write_OctetString(data, tree->u.comparison.value.data,
879 tree->u.comparison.value.length);
884 /* lessOrEqual test */
885 asn1_push_tag(data, ASN1_CONTEXT(6));
886 asn1_write_OctetString(data, tree->u.comparison.attr,
887 strlen(tree->u.comparison.attr));
888 asn1_write_OctetString(data, tree->u.comparison.value.data,
889 tree->u.comparison.value.length);
895 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7));
896 asn1_write_LDAPString(data, tree->u.present.attr);
898 return !data->has_error;
902 asn1_push_tag(data, ASN1_CONTEXT(8));
903 asn1_write_OctetString(data, tree->u.comparison.attr,
904 strlen(tree->u.comparison.attr));
905 asn1_write_OctetString(data, tree->u.comparison.value.data,
906 tree->u.comparison.value.length);
910 case LDB_OP_EXTENDED:
912 MatchingRuleAssertion ::= SEQUENCE {
913 matchingRule [1] MatchingRuleID OPTIONAL,
914 type [2] AttributeDescription OPTIONAL,
915 matchValue [3] AssertionValue,
916 dnAttributes [4] BOOLEAN DEFAULT FALSE
919 asn1_push_tag(data, ASN1_CONTEXT(9));
920 if (tree->u.extended.rule_id) {
921 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1));
922 asn1_write_LDAPString(data, tree->u.extended.rule_id);
925 if (tree->u.extended.attr) {
926 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2));
927 asn1_write_LDAPString(data, tree->u.extended.attr);
930 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3));
931 asn1_write_DATA_BLOB_LDAPString(data, &tree->u.extended.value);
933 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4));
934 asn1_write_uint8(data, tree->u.extended.dnAttributes);
942 return !data->has_error;
945 static bool tldap_push_filter(struct asn1_data *data, const char *filter)
947 struct ldb_parse_tree *tree;
950 tree = ldb_parse_tree(talloc_tos(), filter);
954 ret = ldap_push_filter(data, tree);
959 /*****************************************************************************/
961 static void tldap_search_done(struct tevent_req *subreq);
963 struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx,
964 struct tevent_context *ev,
965 struct tldap_context *ld,
966 const char *base, int scope,
971 struct tldap_control **sctrls,
972 struct tldap_control **cctrls,
977 struct tevent_req *req, *subreq;
978 struct tldap_req_state *state;
981 req = tldap_req_create(mem_ctx, ld, &state);
986 asn1_push_tag(state->out, TLDAP_REQ_SEARCH);
987 asn1_write_OctetString(state->out, base, strlen(base));
988 asn1_write_enumerated(state->out, scope);
989 asn1_write_enumerated(state->out, deref);
990 asn1_write_Integer(state->out, sizelimit);
991 asn1_write_Integer(state->out, timelimit);
992 asn1_write_BOOLEAN(state->out, attrsonly);
994 if (!tldap_push_filter(state->out, filter)) {
998 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
999 for (i=0; i<num_attrs; i++) {
1000 asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]));
1002 asn1_pop_tag(state->out);
1003 asn1_pop_tag(state->out);
1005 subreq = tldap_msg_send(state, ev, ld, state->id, state->out);
1006 if (tevent_req_nomem(subreq, req)) {
1007 return tevent_req_post(req, ev);
1009 tevent_req_set_callback(subreq, tldap_search_done, req);
1013 tevent_req_error(req, TLDAP_ENCODING_ERROR);
1014 return tevent_req_post(req, ev);
1017 static void tldap_search_done(struct tevent_req *subreq)
1019 struct tevent_req *req = tevent_req_callback_data(
1020 subreq, struct tevent_req);
1021 struct tldap_req_state *state = tevent_req_data(
1022 req, struct tldap_req_state);
1025 err = tldap_msg_recv(subreq, state, &state->result);
1026 if (err != TLDAP_SUCCESS) {
1027 tevent_req_error(req, err);
1030 switch (state->result->type) {
1031 case TLDAP_RES_SEARCH_ENTRY:
1032 case TLDAP_RES_SEARCH_REFERENCE:
1033 tevent_req_notify_callback(req);
1034 if (!tldap_msg_set_pending(subreq)) {
1035 tevent_req_nomem(NULL, req);
1039 case TLDAP_RES_SEARCH_RESULT:
1040 TALLOC_FREE(subreq);
1041 if (!asn1_start_tag(state->result->data,
1042 state->result->type) ||
1043 !tldap_decode_response(state) ||
1044 !asn1_end_tag(state->result->data)) {
1045 tevent_req_error(req, TLDAP_DECODING_ERROR);
1048 tevent_req_done(req);
1051 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
1056 int tldap_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1057 struct tldap_message **pmsg)
1059 struct tldap_req_state *state = tevent_req_data(
1060 req, struct tldap_req_state);
1063 if (!tevent_req_is_in_progress(req)
1064 && tevent_req_is_ldap_error(req, &err)) {
1068 if (tevent_req_is_in_progress(req)) {
1069 switch (state->result->type) {
1070 case TLDAP_RES_SEARCH_ENTRY:
1071 case TLDAP_RES_SEARCH_REFERENCE:
1074 return TLDAP_OPERATIONS_ERROR;
1078 *pmsg = state->result;
1079 return TLDAP_SUCCESS;
1082 struct tldap_sync_search_state {
1083 TALLOC_CTX *mem_ctx;
1084 struct tldap_message **entries;
1085 struct tldap_message **refs;
1089 static void tldap_search_cb(struct tevent_req *req)
1091 struct tldap_sync_search_state *state =
1092 (struct tldap_sync_search_state *)
1093 tevent_req_callback_data_void(req);
1094 struct tldap_message *msg, **tmp;
1095 int rc, num_entries, num_refs;
1097 rc = tldap_search_recv(req, talloc_tos(), &msg);
1098 if (rc != TLDAP_SUCCESS) {
1103 switch (tldap_msg_type(msg)) {
1104 case TLDAP_RES_SEARCH_ENTRY:
1105 num_entries = talloc_array_length(state->entries);
1106 tmp = talloc_realloc(state->mem_ctx, state->entries,
1107 struct tldap_message *, num_entries + 1);
1109 state->rc = TLDAP_NO_MEMORY;
1112 state->entries = tmp;
1113 state->entries[num_entries] = talloc_move(state->entries,
1116 case TLDAP_RES_SEARCH_REFERENCE:
1117 num_refs = talloc_array_length(state->refs);
1118 tmp = talloc_realloc(state->mem_ctx, state->refs,
1119 struct tldap_message *, num_refs + 1);
1121 state->rc = TLDAP_NO_MEMORY;
1125 state->refs[num_refs] = talloc_move(state->refs, &msg);
1127 case TLDAP_RES_SEARCH_RESULT:
1128 state->rc = TLDAP_SUCCESS;
1131 state->rc = TLDAP_PROTOCOL_ERROR;
1136 int tldap_search(struct tldap_context *ld,
1137 const char *base, int scope, const char *filter,
1138 const char **attrs, int num_attrs, int attrsonly,
1139 struct tldap_control **sctrls, struct tldap_control **cctrls,
1140 int timelimit, int sizelimit, int deref,
1141 TALLOC_CTX *mem_ctx, struct tldap_message ***entries,
1142 struct tldap_message ***refs)
1144 TALLOC_CTX *frame = talloc_stackframe();
1145 struct tevent_context *ev;
1146 struct tevent_req *req;
1147 struct tldap_sync_search_state state;
1150 state.mem_ctx = mem_ctx;
1151 state.rc = TLDAP_SUCCESS;
1153 ev = event_context_init(frame);
1155 state.rc = TLDAP_NO_MEMORY;
1159 req = tldap_search_send(frame, ev, ld, base, scope, filter,
1160 attrs, num_attrs, attrsonly,
1161 sctrls, cctrls, timelimit,
1164 state.rc = TLDAP_NO_MEMORY;
1168 tevent_req_set_callback(req, tldap_search_cb, &state);
1170 while (tevent_req_is_in_progress(req)
1171 && (state.rc == TLDAP_SUCCESS)) {
1172 if (tevent_loop_once(ev) == -1) {
1173 return TLDAP_OPERATIONS_ERROR;
1177 if (state.rc != TLDAP_SUCCESS) {
1181 if (entries != NULL) {
1182 *entries = state.entries;
1184 TALLOC_FREE(state.entries);
1189 TALLOC_FREE(state.refs);
1191 tldap_save_errors(ld, req);
1197 static bool tldap_parse_search_entry(struct tldap_message *msg)
1199 int num_attribs = 0;
1201 asn1_start_tag(msg->data, msg->type);
1205 asn1_read_OctetString_talloc(msg, msg->data, &msg->dn);
1206 if (msg->dn == NULL) {
1211 * Attributes: We overallocate msg->attribs by one, so that while
1212 * looping over the attributes we can directly parse into the last
1213 * array element. Same for the values in the inner loop.
1216 msg->attribs = talloc_array(msg, struct tldap_attribute, 1);
1217 if (msg->attribs == NULL) {
1221 asn1_start_tag(msg->data, ASN1_SEQUENCE(0));
1222 while (asn1_peek_tag(msg->data, ASN1_SEQUENCE(0))) {
1223 struct tldap_attribute *attrib;
1226 attrib = &msg->attribs[num_attribs];
1227 attrib->values = talloc_array(msg->attribs, DATA_BLOB, 1);
1228 if (attrib->values == NULL) {
1231 asn1_start_tag(msg->data, ASN1_SEQUENCE(0));
1232 asn1_read_OctetString_talloc(msg->attribs, msg->data,
1234 asn1_start_tag(msg->data, ASN1_SET);
1236 while (asn1_peek_tag(msg->data, ASN1_OCTET_STRING)) {
1237 asn1_read_OctetString(msg->data, msg,
1238 &attrib->values[num_values]);
1240 attrib->values = talloc_realloc(
1241 msg->attribs, attrib->values, DATA_BLOB,
1243 if (attrib->values == NULL) {
1248 attrib->values = talloc_realloc(msg->attribs, attrib->values,
1249 DATA_BLOB, num_values);
1250 attrib->num_values = num_values;
1252 asn1_end_tag(msg->data); /* ASN1_SET */
1253 asn1_end_tag(msg->data); /* ASN1_SEQUENCE(0) */
1254 msg->attribs = talloc_realloc(
1255 msg, msg->attribs, struct tldap_attribute,
1257 if (msg->attribs == NULL) {
1262 msg->attribs = talloc_realloc(
1263 msg, msg->attribs, struct tldap_attribute, num_attribs);
1264 asn1_end_tag(msg->data);
1265 if (msg->data->has_error) {
1271 bool tldap_entry_dn(struct tldap_message *msg, char **dn)
1273 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1280 bool tldap_entry_attributes(struct tldap_message *msg, int *num_attributes,
1281 struct tldap_attribute **attributes)
1283 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1286 *attributes = msg->attribs;
1287 *num_attributes = talloc_array_length(msg->attribs);
1291 static void tldap_simple_done(struct tevent_req *subreq, int type)
1293 struct tevent_req *req = tevent_req_callback_data(
1294 subreq, struct tevent_req);
1295 struct tldap_req_state *state = tevent_req_data(
1296 req, struct tldap_req_state);
1299 err = tldap_msg_recv(subreq, state, &state->result);
1300 TALLOC_FREE(subreq);
1301 if (err != TLDAP_SUCCESS) {
1302 tevent_req_error(req, err);
1305 if (state->result->type != type) {
1306 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
1309 if (!asn1_start_tag(state->result->data, state->result->type) ||
1310 !tldap_decode_response(state) ||
1311 !asn1_end_tag(state->result->data)) {
1312 tevent_req_error(req, TLDAP_DECODING_ERROR);
1315 if (state->lderr != TLDAP_SUCCESS) {
1316 tevent_req_error(req, state->lderr);
1319 tevent_req_done(req);
1322 static int tldap_simple_recv(struct tevent_req *req)
1325 if (tevent_req_is_ldap_error(req, &err)) {
1328 return TLDAP_SUCCESS;
1331 static void tldap_add_done(struct tevent_req *subreq);
1333 struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx,
1334 struct tevent_context *ev,
1335 struct tldap_context *ld,
1338 struct tldap_mod *attributes,
1339 struct tldap_control **sctrls,
1340 struct tldap_control **cctrls)
1342 struct tevent_req *req, *subreq;
1343 struct tldap_req_state *state;
1346 req = tldap_req_create(mem_ctx, ld, &state);
1351 asn1_push_tag(state->out, TLDAP_REQ_ADD);
1352 asn1_write_OctetString(state->out, dn, strlen(dn));
1353 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1355 for (i=0; i<num_attributes; i++) {
1356 struct tldap_mod *attrib = &attributes[i];
1357 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1358 asn1_write_OctetString(state->out, attrib->attribute,
1359 strlen(attrib->attribute));
1360 asn1_push_tag(state->out, ASN1_SET);
1361 for (j=0; j<attrib->num_values; j++) {
1362 asn1_write_OctetString(state->out,
1363 attrib->values[j].data,
1364 attrib->values[j].length);
1366 asn1_pop_tag(state->out);
1367 asn1_pop_tag(state->out);
1370 asn1_pop_tag(state->out);
1371 asn1_pop_tag(state->out);
1373 subreq = tldap_msg_send(state, ev, ld, state->id, state->out);
1374 if (tevent_req_nomem(subreq, req)) {
1375 return tevent_req_post(req, ev);
1377 tevent_req_set_callback(subreq, tldap_add_done, req);
1382 static void tldap_add_done(struct tevent_req *subreq)
1384 return tldap_simple_done(subreq, TLDAP_RES_ADD);
1387 int tldap_add_recv(struct tevent_req *req)
1389 return tldap_simple_recv(req);
1392 int tldap_add(struct tldap_context *ld, const char *dn,
1393 int num_attributes, struct tldap_mod *attributes,
1394 struct tldap_control **sctrls, struct tldap_control **cctrls)
1396 TALLOC_CTX *frame = talloc_stackframe();
1397 struct tevent_context *ev;
1398 struct tevent_req *req;
1401 ev = event_context_init(frame);
1403 result = TLDAP_NO_MEMORY;
1407 req = tldap_add_send(frame, ev, ld, dn, num_attributes, attributes,
1410 result = TLDAP_NO_MEMORY;
1414 if (!tevent_req_poll(req, ev)) {
1415 result = TLDAP_OPERATIONS_ERROR;
1419 result = tldap_add_recv(req);
1420 tldap_save_errors(ld, req);
1426 static void tldap_modify_done(struct tevent_req *subreq);
1428 struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx,
1429 struct tevent_context *ev,
1430 struct tldap_context *ld,
1432 int num_mods, struct tldap_mod *mods,
1433 struct tldap_control **sctrls,
1434 struct tldap_control **cctrls)
1436 struct tevent_req *req, *subreq;
1437 struct tldap_req_state *state;
1440 req = tldap_req_create(mem_ctx, ld, &state);
1445 asn1_push_tag(state->out, TLDAP_REQ_MODIFY);
1446 asn1_write_OctetString(state->out, dn, strlen(dn));
1447 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1449 for (i=0; i<num_mods; i++) {
1450 struct tldap_mod *mod = &mods[i];
1451 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1452 asn1_write_enumerated(state->out, mod->mod_op),
1453 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1454 asn1_write_OctetString(state->out, mod->attribute,
1455 strlen(mod->attribute));
1456 asn1_push_tag(state->out, ASN1_SET);
1457 for (j=0; j<mod->num_values; j++) {
1458 asn1_write_OctetString(state->out,
1459 mod->values[j].data,
1460 mod->values[j].length);
1462 asn1_pop_tag(state->out);
1463 asn1_pop_tag(state->out);
1464 asn1_pop_tag(state->out);
1467 asn1_pop_tag(state->out);
1468 asn1_pop_tag(state->out);
1470 subreq = tldap_msg_send(state, ev, ld, state->id, state->out);
1471 if (tevent_req_nomem(subreq, req)) {
1472 return tevent_req_post(req, ev);
1474 tevent_req_set_callback(subreq, tldap_modify_done, req);
1479 static void tldap_modify_done(struct tevent_req *subreq)
1481 return tldap_simple_done(subreq, TLDAP_RES_MODIFY);
1484 int tldap_modify_recv(struct tevent_req *req)
1486 return tldap_simple_recv(req);
1489 int tldap_modify(struct tldap_context *ld, const char *dn,
1490 int num_mods, struct tldap_mod *mods,
1491 struct tldap_control **sctrls, struct tldap_control **cctrls)
1493 TALLOC_CTX *frame = talloc_stackframe();
1494 struct tevent_context *ev;
1495 struct tevent_req *req;
1498 ev = event_context_init(frame);
1500 result = TLDAP_NO_MEMORY;
1504 req = tldap_modify_send(frame, ev, ld, dn, num_mods, mods,
1507 result = TLDAP_NO_MEMORY;
1511 if (!tevent_req_poll(req, ev)) {
1512 result = TLDAP_OPERATIONS_ERROR;
1516 result = tldap_modify_recv(req);
1517 tldap_save_errors(ld, req);
1523 static void tldap_delete_done(struct tevent_req *subreq);
1525 struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx,
1526 struct tevent_context *ev,
1527 struct tldap_context *ld,
1529 struct tldap_control **sctrls,
1530 struct tldap_control **cctrls)
1532 struct tevent_req *req, *subreq;
1533 struct tldap_req_state *state;
1535 req = tldap_req_create(mem_ctx, ld, &state);
1540 asn1_push_tag(state->out, TLDAP_REQ_DELETE);
1541 asn1_write_OctetString(state->out, dn, strlen(dn));
1542 asn1_pop_tag(state->out);
1544 subreq = tldap_msg_send(state, ev, ld, state->id, state->out);
1545 if (tevent_req_nomem(subreq, req)) {
1546 return tevent_req_post(req, ev);
1548 tevent_req_set_callback(subreq, tldap_delete_done, req);
1553 static void tldap_delete_done(struct tevent_req *subreq)
1555 return tldap_simple_done(subreq, TLDAP_RES_DELETE);
1558 int tldap_delete_recv(struct tevent_req *req)
1560 return tldap_simple_recv(req);
1563 int tldap_delete(struct tldap_context *ld, const char *dn,
1564 struct tldap_control **sctrls, struct tldap_control **cctrls)
1566 TALLOC_CTX *frame = talloc_stackframe();
1567 struct tevent_context *ev;
1568 struct tevent_req *req;
1571 ev = event_context_init(frame);
1573 result = TLDAP_NO_MEMORY;
1577 req = tldap_delete_send(frame, ev, ld, dn, sctrls, cctrls);
1579 result = TLDAP_NO_MEMORY;
1583 if (!tevent_req_poll(req, ev)) {
1584 result = TLDAP_OPERATIONS_ERROR;
1588 result = tldap_delete_recv(req);
1589 tldap_save_errors(ld, req);
1595 int tldap_msg_id(const struct tldap_message *msg)
1600 int tldap_msg_type(const struct tldap_message *msg)
1605 const char *tldap_req_matcheddn(struct tevent_req *req)
1607 struct tldap_req_state *state = tevent_req_data(
1608 req, struct tldap_req_state);
1609 return state->res_matcheddn;
1612 const char *tldap_req_diagnosticmessage(struct tevent_req *req)
1614 struct tldap_req_state *state = tevent_req_data(
1615 req, struct tldap_req_state);
1616 return state->res_diagnosticmessage;
1619 const char *tldap_req_referral(struct tevent_req *req)
1621 struct tldap_req_state *state = tevent_req_data(
1622 req, struct tldap_req_state);
1623 return state->res_referral;
1626 const char *tldap_ctx_matcheddn(struct tldap_context *ctx)
1628 return ctx->res_matcheddn;
1631 const char *tldap_ctx_diagnosticmessage(struct tldap_context *ctx)
1633 return ctx->res_diagnosticmessage;
1636 const char *tldap_ctx_referral(struct tldap_context *ctx)
1638 return ctx->res_referral;
1641 const char *tldap_err2string(int rc)
1643 const char *res = NULL;
1646 * This would normally be a table, but the error codes are not fully
1647 * sequential. Let the compiler figure out the optimum implementation
1653 res = "TLDAP_SUCCESS";
1655 case TLDAP_OPERATIONS_ERROR:
1656 res = "TLDAP_OPERATIONS_ERROR";
1658 case TLDAP_PROTOCOL_ERROR:
1659 res = "TLDAP_PROTOCOL_ERROR";
1661 case TLDAP_TIMELIMIT_EXCEEDED:
1662 res = "TLDAP_TIMELIMIT_EXCEEDED";
1664 case TLDAP_SIZELIMIT_EXCEEDED:
1665 res = "TLDAP_SIZELIMIT_EXCEEDED";
1667 case TLDAP_COMPARE_FALSE:
1668 res = "TLDAP_COMPARE_FALSE";
1670 case TLDAP_COMPARE_TRUE:
1671 res = "TLDAP_COMPARE_TRUE";
1673 case TLDAP_STRONG_AUTH_NOT_SUPPORTED:
1674 res = "TLDAP_STRONG_AUTH_NOT_SUPPORTED";
1676 case TLDAP_STRONG_AUTH_REQUIRED:
1677 res = "TLDAP_STRONG_AUTH_REQUIRED";
1679 case TLDAP_REFERRAL:
1680 res = "TLDAP_REFERRAL";
1682 case TLDAP_ADMINLIMIT_EXCEEDED:
1683 res = "TLDAP_ADMINLIMIT_EXCEEDED";
1685 case TLDAP_UNAVAILABLE_CRITICAL_EXTENSION:
1686 res = "TLDAP_UNAVAILABLE_CRITICAL_EXTENSION";
1688 case TLDAP_CONFIDENTIALITY_REQUIRED:
1689 res = "TLDAP_CONFIDENTIALITY_REQUIRED";
1691 case TLDAP_SASL_BIND_IN_PROGRESS:
1692 res = "TLDAP_SASL_BIND_IN_PROGRESS";
1694 case TLDAP_NO_SUCH_ATTRIBUTE:
1695 res = "TLDAP_NO_SUCH_ATTRIBUTE";
1697 case TLDAP_UNDEFINED_TYPE:
1698 res = "TLDAP_UNDEFINED_TYPE";
1700 case TLDAP_INAPPROPRIATE_MATCHING:
1701 res = "TLDAP_INAPPROPRIATE_MATCHING";
1703 case TLDAP_CONSTRAINT_VIOLATION:
1704 res = "TLDAP_CONSTRAINT_VIOLATION";
1706 case TLDAP_TYPE_OR_VALUE_EXISTS:
1707 res = "TLDAP_TYPE_OR_VALUE_EXISTS";
1709 case TLDAP_INVALID_SYNTAX:
1710 res = "TLDAP_INVALID_SYNTAX";
1712 case TLDAP_NO_SUCH_OBJECT:
1713 res = "TLDAP_NO_SUCH_OBJECT";
1715 case TLDAP_ALIAS_PROBLEM:
1716 res = "TLDAP_ALIAS_PROBLEM";
1718 case TLDAP_INVALID_DN_SYNTAX:
1719 res = "TLDAP_INVALID_DN_SYNTAX";
1722 res = "TLDAP_IS_LEAF";
1724 case TLDAP_ALIAS_DEREF_PROBLEM:
1725 res = "TLDAP_ALIAS_DEREF_PROBLEM";
1727 case TLDAP_INAPPROPRIATE_AUTH:
1728 res = "TLDAP_INAPPROPRIATE_AUTH";
1730 case TLDAP_INVALID_CREDENTIALS:
1731 res = "TLDAP_INVALID_CREDENTIALS";
1733 case TLDAP_INSUFFICIENT_ACCESS:
1734 res = "TLDAP_INSUFFICIENT_ACCESS";
1739 case TLDAP_UNAVAILABLE:
1740 res = "TLDAP_UNAVAILABLE";
1742 case TLDAP_UNWILLING_TO_PERFORM:
1743 res = "TLDAP_UNWILLING_TO_PERFORM";
1745 case TLDAP_LOOP_DETECT:
1746 res = "TLDAP_LOOP_DETECT";
1748 case TLDAP_NAMING_VIOLATION:
1749 res = "TLDAP_NAMING_VIOLATION";
1751 case TLDAP_OBJECT_CLASS_VIOLATION:
1752 res = "TLDAP_OBJECT_CLASS_VIOLATION";
1754 case TLDAP_NOT_ALLOWED_ON_NONLEAF:
1755 res = "TLDAP_NOT_ALLOWED_ON_NONLEAF";
1757 case TLDAP_NOT_ALLOWED_ON_RDN:
1758 res = "TLDAP_NOT_ALLOWED_ON_RDN";
1760 case TLDAP_ALREADY_EXISTS:
1761 res = "TLDAP_ALREADY_EXISTS";
1763 case TLDAP_NO_OBJECT_CLASS_MODS:
1764 res = "TLDAP_NO_OBJECT_CLASS_MODS";
1766 case TLDAP_RESULTS_TOO_LARGE:
1767 res = "TLDAP_RESULTS_TOO_LARGE";
1769 case TLDAP_AFFECTS_MULTIPLE_DSAS:
1770 res = "TLDAP_AFFECTS_MULTIPLE_DSAS";
1773 res = "TLDAP_OTHER";
1775 case TLDAP_SERVER_DOWN:
1776 res = "TLDAP_SERVER_DOWN";
1778 case TLDAP_LOCAL_ERROR:
1779 res = "TLDAP_LOCAL_ERROR";
1781 case TLDAP_ENCODING_ERROR:
1782 res = "TLDAP_ENCODING_ERROR";
1784 case TLDAP_DECODING_ERROR:
1785 res = "TLDAP_DECODING_ERROR";
1788 res = "TLDAP_TIMEOUT";
1790 case TLDAP_AUTH_UNKNOWN:
1791 res = "TLDAP_AUTH_UNKNOWN";
1793 case TLDAP_FILTER_ERROR:
1794 res = "TLDAP_FILTER_ERROR";
1796 case TLDAP_USER_CANCELLED:
1797 res = "TLDAP_USER_CANCELLED";
1799 case TLDAP_PARAM_ERROR:
1800 res = "TLDAP_PARAM_ERROR";
1802 case TLDAP_NO_MEMORY:
1803 res = "TLDAP_NO_MEMORY";
1805 case TLDAP_CONNECT_ERROR:
1806 res = "TLDAP_CONNECT_ERROR";
1808 case TLDAP_NOT_SUPPORTED:
1809 res = "TLDAP_NOT_SUPPORTED";
1811 case TLDAP_CONTROL_NOT_FOUND:
1812 res = "TLDAP_CONTROL_NOT_FOUND";
1814 case TLDAP_NO_RESULTS_RETURNED:
1815 res = "TLDAP_NO_RESULTS_RETURNED";
1817 case TLDAP_MORE_RESULTS_TO_RETURN:
1818 res = "TLDAP_MORE_RESULTS_TO_RETURN";
1820 case TLDAP_CLIENT_LOOP:
1821 res = "TLDAP_CLIENT_LOOP";
1823 case TLDAP_REFERRAL_LIMIT_EXCEEDED:
1824 res = "TLDAP_REFERRAL_LIMIT_EXCEEDED";
1827 res = talloc_asprintf(talloc_tos(), "Unknown LDAP Error (%d)",
1832 res = "Unknown LDAP Error";