2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Volker Lendecke 2004
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "system/network.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "auth/credentials/credentials.h"
29 #include "librpc/gen_ndr/ndr_samr.h"
30 #include "../lib/util/dlinklist.h"
31 #include "../lib/util/asn1.h"
32 #include "ldap_server/ldap_server.h"
33 #include "smbd/service_task.h"
34 #include "smbd/service_stream.h"
35 #include "smbd/service.h"
36 #include "smbd/process_model.h"
37 #include "lib/tls/tls.h"
38 #include "lib/messaging/irpc.h"
39 #include "lib/ldb/include/ldb.h"
40 #include "lib/ldb/include/ldb_errors.h"
41 #include "libcli/ldap/ldap_proto.h"
42 #include "system/network.h"
43 #include "lib/socket/netif.h"
44 #include "dsdb/samdb/samdb.h"
45 #include "param/param.h"
46 #include "../lib/tsocket/tsocket.h"
47 #include "../lib/util/tevent_ntstatus.h"
48 #include "../libcli/util/tstream.h"
50 static void ldapsrv_terminate_connection_done(struct tevent_req *subreq);
53 close the socket and shutdown a server_context
55 static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn,
58 struct tevent_req *subreq;
60 if (conn->limits.reason) {
64 conn->limits.endtime = timeval_current_ofs(0, 500);
66 DEBUG(2,("ldapsrv_terminate_connection: %s - disconnecting\n",
69 tevent_queue_stop(conn->sockets.send_queue);
70 if (conn->active_call) {
71 tevent_req_cancel(conn->active_call);
72 conn->active_call = NULL;
75 conn->limits.reason = talloc_strdup(conn, reason);
76 if (conn->limits.reason == NULL) {
77 TALLOC_FREE(conn->sockets.tls);
78 TALLOC_FREE(conn->sockets.sasl);
79 TALLOC_FREE(conn->sockets.raw);
80 stream_terminate_connection(conn->connection, reason);
84 subreq = tstream_disconnect_send(conn,
85 conn->connection->event.ctx,
86 conn->sockets.active);
88 TALLOC_FREE(conn->sockets.tls);
89 TALLOC_FREE(conn->sockets.sasl);
90 TALLOC_FREE(conn->sockets.raw);
91 stream_terminate_connection(conn->connection, reason);
94 tevent_req_set_endtime(subreq,
95 conn->connection->event.ctx,
96 conn->limits.endtime);
97 tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
100 static void ldapsrv_terminate_connection_done(struct tevent_req *subreq)
102 struct ldapsrv_connection *conn =
103 tevent_req_callback_data(subreq,
104 struct ldapsrv_connection);
108 ret = tstream_disconnect_recv(subreq, &sys_errno);
111 if (conn->sockets.active == conn->sockets.raw) {
112 TALLOC_FREE(conn->sockets.tls);
113 TALLOC_FREE(conn->sockets.sasl);
114 TALLOC_FREE(conn->sockets.raw);
115 stream_terminate_connection(conn->connection,
116 conn->limits.reason);
120 TALLOC_FREE(conn->sockets.tls);
121 TALLOC_FREE(conn->sockets.sasl);
122 conn->sockets.active = conn->sockets.raw;
124 subreq = tstream_disconnect_send(conn,
125 conn->connection->event.ctx,
126 conn->sockets.active);
127 if (subreq == NULL) {
128 TALLOC_FREE(conn->sockets.raw);
129 stream_terminate_connection(conn->connection,
130 conn->limits.reason);
133 tevent_req_set_endtime(subreq,
134 conn->connection->event.ctx,
135 conn->limits.endtime);
136 tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
140 called when a LDAP socket becomes readable
142 void ldapsrv_recv(struct stream_connection *c, uint16_t flags)
144 smb_panic(__location__);
148 called when a LDAP socket becomes writable
150 static void ldapsrv_send(struct stream_connection *c, uint16_t flags)
152 smb_panic(__location__);
155 static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
158 const char *attrs[] = { "configurationNamingContext", NULL };
159 const char *attrs2[] = { "lDAPAdminLimits", NULL };
160 struct ldb_message_element *el;
161 struct ldb_result *res = NULL;
162 struct ldb_dn *basedn;
163 struct ldb_dn *conf_dn;
164 struct ldb_dn *policy_dn;
168 /* set defaults limits in case of failure */
169 conn->limits.initial_timeout = 120;
170 conn->limits.conn_idle_time = 900;
171 conn->limits.max_page_size = 1000;
172 conn->limits.search_timeout = 120;
175 tmp_ctx = talloc_new(conn);
176 if (tmp_ctx == NULL) {
180 basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL);
181 if ( ! ldb_dn_validate(basedn)) {
185 ret = ldb_search(conn->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs, NULL);
186 if (ret != LDB_SUCCESS) {
190 if (res->count != 1) {
194 conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext");
195 if (conf_dn == NULL) {
199 policy_dn = ldb_dn_copy(tmp_ctx, conf_dn);
200 ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
201 if (policy_dn == NULL) {
205 ret = ldb_search(conn->ldb, tmp_ctx, &res, policy_dn, LDB_SCOPE_BASE, attrs2, NULL);
206 if (ret != LDB_SUCCESS) {
210 if (res->count != 1) {
214 el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
219 for (i = 0; i < el->num_values; i++) {
220 char policy_name[256];
223 s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
224 if (ret != 2 || policy_value == 0)
227 if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
228 conn->limits.initial_timeout = policy_value;
231 if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
232 conn->limits.conn_idle_time = policy_value;
235 if (strcasecmp("MaxPageSize", policy_name) == 0) {
236 conn->limits.max_page_size = policy_value;
239 if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
240 conn->limits.search_timeout = policy_value;
248 DEBUG(0, ("Failed to load ldap server query policies\n"));
249 talloc_free(tmp_ctx);
253 static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
254 struct tevent_context *ev,
255 struct tevent_queue *call_queue,
256 struct ldapsrv_call *call);
257 static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req);
259 static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn);
260 static void ldapsrv_accept_tls_done(struct tevent_req *subreq);
263 initialise a server_context from a open socket and register a event handler
264 for reading from that socket
266 static void ldapsrv_accept(struct stream_connection *c,
267 struct auth_session_info *session_info)
269 struct ldapsrv_service *ldapsrv_service =
270 talloc_get_type(c->private_data, struct ldapsrv_service);
271 struct ldapsrv_connection *conn;
272 struct cli_credentials *server_credentials;
273 struct socket_address *socket_address;
277 struct tevent_req *subreq;
278 struct timeval endtime;
280 conn = talloc_zero(c, struct ldapsrv_connection);
282 stream_terminate_connection(c, "ldapsrv_accept: out of memory");
286 conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
287 if (conn->sockets.send_queue == NULL) {
288 stream_terminate_connection(c,
289 "ldapsrv_accept: tevent_queue_create failed");
293 TALLOC_FREE(c->event.fde);
296 * Clone the fd that the connection isn't closed if we create a client
299 ret = tstream_bsd_existing_socket(conn,
300 socket_get_fd(c->socket),
303 stream_terminate_connection(c,
304 "ldapsrv_accept: out of memory");
307 socket_set_flags(c->socket, SOCKET_FLAG_NOCLOSE);
309 conn->connection = c;
310 conn->service = ldapsrv_service;
311 conn->lp_ctx = ldapsrv_service->task->lp_ctx;
313 c->private_data = conn;
315 socket_address = socket_get_my_addr(c->socket, conn);
316 if (!socket_address) {
317 ldapsrv_terminate_connection(conn, "ldapsrv_accept: failed to obtain local socket address!");
320 port = socket_address->port;
321 talloc_free(socket_address);
322 if (port == 3268) /* Global catalog */ {
323 conn->global_catalog = true;
326 server_credentials = cli_credentials_init(conn);
327 if (!server_credentials) {
328 stream_terminate_connection(c, "Failed to init server credentials\n");
332 cli_credentials_set_conf(server_credentials, conn->lp_ctx);
333 status = cli_credentials_set_machine_account(server_credentials, conn->lp_ctx);
334 if (!NT_STATUS_IS_OK(status)) {
335 stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status)));
338 conn->server_credentials = server_credentials;
340 conn->session_info = talloc_move(conn, &session_info);
342 if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
343 ldapsrv_terminate_connection(conn, "backend Init failed");
347 /* load limits from the conf partition */
348 ldapsrv_load_limits(conn); /* should we fail on error ? */
350 /* register the server */
351 irpc_add_name(c->msg_ctx, "ldap_server");
353 conn->sockets.active = conn->sockets.raw;
356 ldapsrv_call_read_next(conn);
360 endtime = timeval_current_ofs(conn->limits.conn_idle_time, 0);
362 subreq = tstream_tls_accept_send(conn,
363 conn->connection->event.ctx,
365 conn->service->tls_params);
366 if (subreq == NULL) {
367 ldapsrv_terminate_connection(conn, "ldapsrv_accept: "
368 "no memory for tstream_tls_accept_send");
371 tevent_req_set_endtime(subreq,
372 conn->connection->event.ctx,
374 tevent_req_set_callback(subreq, ldapsrv_accept_tls_done, conn);
377 static void ldapsrv_accept_tls_done(struct tevent_req *subreq)
379 struct ldapsrv_connection *conn =
380 tevent_req_callback_data(subreq,
381 struct ldapsrv_connection);
385 ret = tstream_tls_accept_recv(subreq, &sys_errno,
386 conn, &conn->sockets.tls);
391 reason = talloc_asprintf(conn, "ldapsrv_accept_tls_loop: "
392 "tstream_tls_accept_recv() - %d:%s",
393 sys_errno, strerror(sys_errno));
395 reason = "ldapsrv_accept_tls_loop: "
396 "tstream_tls_accept_recv() - failed";
399 ldapsrv_terminate_connection(conn, reason);
403 conn->sockets.active = conn->sockets.tls;
404 ldapsrv_call_read_next(conn);
407 static void ldapsrv_call_read_done(struct tevent_req *subreq);
409 static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn)
411 struct tevent_req *subreq;
413 if (timeval_is_zero(&conn->limits.endtime)) {
414 conn->limits.endtime =
415 timeval_current_ofs(conn->limits.initial_timeout, 0);
417 conn->limits.endtime =
418 timeval_current_ofs(conn->limits.conn_idle_time, 0);
422 * The minimun size of a LDAP pdu is 7 bytes
424 * dumpasn1 -hh ldap-unbind-min.dat
426 * <30 05 02 01 09 42 00>
431 * 5 0: [APPLICATION 2]
432 * : Error: Object has zero length.
435 * dumpasn1 -hh ldap-unbind-windows.dat
437 * <30 84 00 00 00 05 02 01 09 42 00>
442 * 9 0: [APPLICATION 2]
443 * : Error: Object has zero length.
446 * This means using an initial read size
449 subreq = tstream_read_pdu_blob_send(conn,
450 conn->connection->event.ctx,
451 conn->sockets.active,
452 7, /* initial_read_size */
455 if (subreq == NULL) {
456 ldapsrv_terminate_connection(conn, "ldapsrv_call_read_next: "
457 "no memory for tstream_read_pdu_blob_send");
460 tevent_req_set_endtime(subreq,
461 conn->connection->event.ctx,
462 conn->limits.endtime);
463 tevent_req_set_callback(subreq, ldapsrv_call_read_done, conn);
467 static void ldapsrv_call_process_done(struct tevent_req *subreq);
469 static void ldapsrv_call_read_done(struct tevent_req *subreq)
471 struct ldapsrv_connection *conn =
472 tevent_req_callback_data(subreq,
473 struct ldapsrv_connection);
475 struct ldapsrv_call *call;
476 struct asn1_data *asn1;
479 call = talloc_zero(conn, struct ldapsrv_call);
481 ldapsrv_terminate_connection(conn, "no memory");
487 status = tstream_read_pdu_blob_recv(subreq,
491 if (!NT_STATUS_IS_OK(status)) {
494 reason = talloc_asprintf(call, "ldapsrv_call_loop: "
495 "tstream_read_pdu_blob_recv() - %s",
498 reason = nt_errstr(status);
501 ldapsrv_terminate_connection(conn, reason);
505 asn1 = asn1_init(call);
507 ldapsrv_terminate_connection(conn, "no memory");
511 call->request = talloc(call, struct ldap_message);
512 if (call->request == NULL) {
513 ldapsrv_terminate_connection(conn, "no memory");
517 if (!asn1_load(asn1, blob)) {
518 ldapsrv_terminate_connection(conn, "asn1_load failed");
522 status = ldap_decode(asn1, samba_ldap_control_handlers(),
524 if (!NT_STATUS_IS_OK(status)) {
525 ldapsrv_terminate_connection(conn, nt_errstr(status));
529 data_blob_free(&blob);
532 /* queue the call in the global queue */
533 subreq = ldapsrv_process_call_send(call,
534 conn->connection->event.ctx,
535 conn->service->call_queue,
537 if (subreq == NULL) {
538 ldapsrv_terminate_connection(conn, "ldapsrv_process_call_send failed");
541 tevent_req_set_callback(subreq, ldapsrv_call_process_done, call);
542 conn->active_call = subreq;
545 static void ldapsrv_call_writev_done(struct tevent_req *subreq);
547 static void ldapsrv_call_process_done(struct tevent_req *subreq)
549 struct ldapsrv_call *call =
550 tevent_req_callback_data(subreq,
551 struct ldapsrv_call);
552 struct ldapsrv_connection *conn = call->conn;
554 DATA_BLOB blob = data_blob_null;
556 conn->active_call = NULL;
558 status = ldapsrv_process_call_recv(subreq);
560 if (!NT_STATUS_IS_OK(status)) {
561 ldapsrv_terminate_connection(conn, nt_errstr(status));
565 /* build all the replies into a single blob */
566 while (call->replies) {
570 if (!ldap_encode(call->replies->msg, samba_ldap_control_handlers(), &b, call)) {
571 DEBUG(0,("Failed to encode ldap reply of type %d\n",
572 call->replies->msg->type));
573 ldapsrv_terminate_connection(conn, "ldap_encode failed");
577 ret = data_blob_append(call, &blob, b.data, b.length);
580 talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet");
583 ldapsrv_terminate_connection(conn, "data_blob_append failed");
587 DLIST_REMOVE(call->replies, call->replies);
590 if (blob.length == 0) {
593 ldapsrv_call_read_next(conn);
597 call->out_iov.iov_base = blob.data;
598 call->out_iov.iov_len = blob.length;
600 subreq = tstream_writev_queue_send(call,
601 conn->connection->event.ctx,
602 conn->sockets.active,
603 conn->sockets.send_queue,
605 if (subreq == NULL) {
606 ldapsrv_terminate_connection(conn, "stream_writev_queue_send failed");
609 tevent_req_set_callback(subreq, ldapsrv_call_writev_done, call);
612 static void ldapsrv_call_postprocess_done(struct tevent_req *subreq);
614 static void ldapsrv_call_writev_done(struct tevent_req *subreq)
616 struct ldapsrv_call *call =
617 tevent_req_callback_data(subreq,
618 struct ldapsrv_call);
619 struct ldapsrv_connection *conn = call->conn;
623 rc = tstream_writev_queue_recv(subreq, &sys_errno);
628 reason = talloc_asprintf(call, "ldapsrv_call_writev_done: "
629 "tstream_writev_queue_recv() - %d:%s",
630 sys_errno, strerror(sys_errno));
631 if (reason == NULL) {
632 reason = "ldapsrv_call_writev_done: "
633 "tstream_writev_queue_recv() failed";
636 ldapsrv_terminate_connection(conn, reason);
640 if (call->postprocess_send) {
641 subreq = call->postprocess_send(call,
642 conn->connection->event.ctx,
643 call->postprocess_private);
644 if (subreq == NULL) {
645 ldapsrv_terminate_connection(conn, "ldapsrv_call_writev_done: "
646 "call->postprocess_send - no memory");
649 tevent_req_set_callback(subreq,
650 ldapsrv_call_postprocess_done,
657 ldapsrv_call_read_next(conn);
660 static void ldapsrv_call_postprocess_done(struct tevent_req *subreq)
662 struct ldapsrv_call *call =
663 tevent_req_callback_data(subreq,
664 struct ldapsrv_call);
665 struct ldapsrv_connection *conn = call->conn;
668 status = call->postprocess_recv(subreq);
670 if (!NT_STATUS_IS_OK(status)) {
673 reason = talloc_asprintf(call, "ldapsrv_call_postprocess_done: "
674 "call->postprocess_recv() - %s",
676 if (reason == NULL) {
677 reason = nt_errstr(status);
680 ldapsrv_terminate_connection(conn, reason);
686 ldapsrv_call_read_next(conn);
689 struct ldapsrv_process_call_state {
690 struct ldapsrv_call *call;
693 static void ldapsrv_process_call_trigger(struct tevent_req *req,
696 static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
697 struct tevent_context *ev,
698 struct tevent_queue *call_queue,
699 struct ldapsrv_call *call)
701 struct tevent_req *req;
702 struct ldapsrv_process_call_state *state;
705 req = tevent_req_create(mem_ctx, &state,
706 struct ldapsrv_process_call_state);
713 ok = tevent_queue_add(call_queue, ev, req,
714 ldapsrv_process_call_trigger, NULL);
716 tevent_req_nomem(NULL, req);
717 return tevent_req_post(req, ev);
723 static void ldapsrv_process_call_trigger(struct tevent_req *req,
726 struct ldapsrv_process_call_state *state =
728 struct ldapsrv_process_call_state);
732 status = ldapsrv_do_call(state->call);
733 if (!NT_STATUS_IS_OK(status)) {
734 tevent_req_nterror(req, status);
738 tevent_req_done(req);
741 static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req)
745 if (tevent_req_is_nterror(req, &status)) {
746 tevent_req_received(req);
750 tevent_req_received(req);
754 static void ldapsrv_accept_nonpriv(struct stream_connection *c)
756 struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
757 c->private_data, struct ldapsrv_service);
758 struct auth_session_info *session_info;
761 status = auth_anonymous_session_info(
762 c, ldapsrv_service->task->lp_ctx, &session_info);
763 if (!NT_STATUS_IS_OK(status)) {
764 stream_terminate_connection(c, "failed to setup anonymous "
768 ldapsrv_accept(c, session_info);
771 static const struct stream_server_ops ldap_stream_nonpriv_ops = {
773 .accept_connection = ldapsrv_accept_nonpriv,
774 .recv_handler = ldapsrv_recv,
775 .send_handler = ldapsrv_send,
778 /* The feature removed behind an #ifdef until we can do it properly
779 * with an EXTERNAL bind. */
781 #define WITH_LDAPI_PRIV_SOCKET
783 #ifdef WITH_LDAPI_PRIV_SOCKET
784 static void ldapsrv_accept_priv(struct stream_connection *c)
786 struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
787 c->private_data, struct ldapsrv_service);
788 struct auth_session_info *session_info;
790 session_info = system_session(ldapsrv_service->task->lp_ctx);
792 stream_terminate_connection(c, "failed to setup system "
796 ldapsrv_accept(c, session_info);
799 static const struct stream_server_ops ldap_stream_priv_ops = {
801 .accept_connection = ldapsrv_accept_priv,
802 .recv_handler = ldapsrv_recv,
803 .send_handler = ldapsrv_send,
808 add a socket address to the list of events, one event per port
810 static NTSTATUS add_socket(struct tevent_context *event_context,
811 struct loadparm_context *lp_ctx,
812 const struct model_ops *model_ops,
813 const char *address, struct ldapsrv_service *ldap_service)
817 struct ldb_context *ldb;
819 status = stream_setup_socket(event_context, lp_ctx,
820 model_ops, &ldap_stream_nonpriv_ops,
821 "ipv4", address, &port,
822 lpcfg_socket_options(lp_ctx),
824 if (!NT_STATUS_IS_OK(status)) {
825 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
826 address, port, nt_errstr(status)));
830 if (tstream_tls_params_enabled(ldap_service->tls_params)) {
831 /* add ldaps server */
833 status = stream_setup_socket(event_context, lp_ctx,
835 &ldap_stream_nonpriv_ops,
836 "ipv4", address, &port,
837 lpcfg_socket_options(lp_ctx),
839 if (!NT_STATUS_IS_OK(status)) {
840 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
841 address, port, nt_errstr(status)));
846 /* Load LDAP database, but only to read our settings */
847 ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx,
848 lp_ctx, system_session(lp_ctx));
850 return NT_STATUS_INTERNAL_DB_CORRUPTION;
853 if (samdb_is_gc(ldb)) {
855 status = stream_setup_socket(event_context, lp_ctx,
857 &ldap_stream_nonpriv_ops,
858 "ipv4", address, &port,
859 lpcfg_socket_options(lp_ctx),
861 if (!NT_STATUS_IS_OK(status)) {
862 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
863 address, port, nt_errstr(status)));
868 /* And once we are bound, free the tempoary ldb, it will
869 * connect again on each incoming LDAP connection */
870 talloc_unlink(ldap_service, ldb);
876 open the ldap server sockets
878 static void ldapsrv_task_init(struct task_server *task)
881 #ifdef WITH_LDAPI_PRIV_SOCKET
884 const char *dns_host_name;
885 struct ldapsrv_service *ldap_service;
887 const struct model_ops *model_ops;
889 switch (lpcfg_server_role(task->lp_ctx)) {
890 case ROLE_STANDALONE:
891 task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration",
894 case ROLE_DOMAIN_MEMBER:
895 task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration",
898 case ROLE_DOMAIN_CONTROLLER:
899 /* Yes, we want an LDAP server */
903 task_server_set_title(task, "task[ldapsrv]");
905 /* run the ldap server as a single process */
906 model_ops = process_model_startup(task->event_ctx, "single");
907 if (!model_ops) goto failed;
909 ldap_service = talloc_zero(task, struct ldapsrv_service);
910 if (ldap_service == NULL) goto failed;
912 ldap_service->task = task;
914 dns_host_name = talloc_asprintf(ldap_service, "%s.%s",
915 lpcfg_netbios_name(task->lp_ctx),
916 lpcfg_dnsdomain(task->lp_ctx));
917 if (dns_host_name == NULL) goto failed;
919 status = tstream_tls_params_server(ldap_service,
921 lpcfg_tls_enabled(task->lp_ctx),
922 lpcfg_tls_keyfile(ldap_service, task->lp_ctx),
923 lpcfg_tls_certfile(ldap_service, task->lp_ctx),
924 lpcfg_tls_cafile(ldap_service, task->lp_ctx),
925 lpcfg_tls_crlfile(ldap_service, task->lp_ctx),
926 lpcfg_tls_dhpfile(ldap_service, task->lp_ctx),
927 &ldap_service->tls_params);
928 if (!NT_STATUS_IS_OK(status)) {
929 DEBUG(0,("ldapsrv failed tstream_tls_patams_server - %s\n",
934 ldap_service->call_queue = tevent_queue_create(ldap_service, "ldapsrv_call_queue");
935 if (ldap_service->call_queue == NULL) goto failed;
937 if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
938 struct interface *ifaces;
942 load_interfaces(task, lpcfg_interfaces(task->lp_ctx), &ifaces);
943 num_interfaces = iface_count(ifaces);
945 /* We have been given an interfaces line, and been
946 told to only bind to those interfaces. Create a
947 socket per interface and bind to only these.
949 for(i = 0; i < num_interfaces; i++) {
950 const char *address = iface_n_ip(ifaces, i);
951 status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service);
952 if (!NT_STATUS_IS_OK(status)) goto failed;
955 status = add_socket(task->event_ctx, task->lp_ctx, model_ops,
956 lpcfg_socket_address(task->lp_ctx), ldap_service);
957 if (!NT_STATUS_IS_OK(status)) goto failed;
960 ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi");
965 status = stream_setup_socket(task->event_ctx, task->lp_ctx,
966 model_ops, &ldap_stream_nonpriv_ops,
967 "unix", ldapi_path, NULL,
968 lpcfg_socket_options(task->lp_ctx),
970 talloc_free(ldapi_path);
971 if (!NT_STATUS_IS_OK(status)) {
972 DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
973 ldapi_path, nt_errstr(status)));
976 #ifdef WITH_LDAPI_PRIV_SOCKET
977 priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv");
978 if (priv_dir == NULL) {
982 * Make sure the directory for the privileged ldapi socket exists, and
983 * is of the correct permissions
985 if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) {
986 task_server_terminate(task, "Cannot create ldap "
987 "privileged ldapi directory", true);
990 ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir);
991 talloc_free(priv_dir);
992 if (ldapi_path == NULL) {
996 status = stream_setup_socket(task->event_ctx, task->lp_ctx,
997 model_ops, &ldap_stream_priv_ops,
998 "unix", ldapi_path, NULL,
999 lpcfg_socket_options(task->lp_ctx),
1001 talloc_free(ldapi_path);
1002 if (!NT_STATUS_IS_OK(status)) {
1003 DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
1004 ldapi_path, nt_errstr(status)));
1011 task_server_terminate(task, "Failed to startup ldap server task", true);
1015 NTSTATUS server_service_ldap_init(void)
1017 return register_server_service("ldap", ldapsrv_task_init);
git.samba.org / metze / samba / wip.git / blob