4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2006
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb ldap backend
30 * Description: core files for LDAP backend
32 * Author: Andrew Tridgell
36 * - description: make the module use asyncronous calls
41 #include "ldb_includes.h"
43 #define LDAP_DEPRECATED 1
51 struct ldb_module *module;
52 struct ldb_request *req;
54 struct lldb_private *lldb;
56 struct ldb_control **controls;
60 static int lldb_ldap_to_ldb(int err) {
61 /* Ldap errors and ldb errors are defined to the same values */
66 convert a ldb_message structure to a list of LDAPMod structures
67 ready for ldap_add() or ldap_modify()
69 static LDAPMod **lldb_msg_to_mods(void *mem_ctx, const struct ldb_message *msg, int use_flags)
75 /* allocate maximum number of elements needed */
76 mods = talloc_array(mem_ctx, LDAPMod *, msg->num_elements+1);
83 for (i=0;i<msg->num_elements;i++) {
84 const struct ldb_message_element *el = &msg->elements[i];
86 mods[num_mods] = talloc(mods, LDAPMod);
87 if (!mods[num_mods]) {
90 mods[num_mods+1] = NULL;
91 mods[num_mods]->mod_op = LDAP_MOD_BVALUES;
93 switch (el->flags & LDB_FLAG_MOD_MASK) {
94 case LDB_FLAG_MOD_ADD:
95 mods[num_mods]->mod_op |= LDAP_MOD_ADD;
97 case LDB_FLAG_MOD_DELETE:
98 mods[num_mods]->mod_op |= LDAP_MOD_DELETE;
100 case LDB_FLAG_MOD_REPLACE:
101 mods[num_mods]->mod_op |= LDAP_MOD_REPLACE;
105 mods[num_mods]->mod_type = discard_const_p(char, el->name);
106 mods[num_mods]->mod_vals.modv_bvals = talloc_array(mods[num_mods],
109 if (!mods[num_mods]->mod_vals.modv_bvals) {
113 for (j=0;j<el->num_values;j++) {
114 mods[num_mods]->mod_vals.modv_bvals[j] = talloc(mods[num_mods]->mod_vals.modv_bvals,
116 if (!mods[num_mods]->mod_vals.modv_bvals[j]) {
119 mods[num_mods]->mod_vals.modv_bvals[j]->bv_val = el->values[j].data;
120 mods[num_mods]->mod_vals.modv_bvals[j]->bv_len = el->values[j].length;
122 mods[num_mods]->mod_vals.modv_bvals[j] = NULL;
134 add a single set of ldap message values to a ldb_message
136 static int lldb_add_msg_attr(struct ldb_context *ldb,
137 struct ldb_message *msg,
138 const char *attr, struct berval **bval)
141 struct ldb_message_element *el;
143 count = ldap_count_values_len(bval);
149 el = talloc_realloc(msg, msg->elements, struct ldb_message_element,
150 msg->num_elements + 1);
158 el = &msg->elements[msg->num_elements];
160 el->name = talloc_strdup(msg->elements, attr);
168 el->values = talloc_array(msg->elements, struct ldb_val, count);
174 for (i=0;i<count;i++) {
175 /* we have to ensure this is null terminated so that
176 ldb_msg_find_attr_as_string() can work */
177 el->values[i].data = talloc_size(el->values, bval[i]->bv_len+1);
178 if (!el->values[i].data) {
182 memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len);
183 el->values[i].data[bval[i]->bv_len] = 0;
184 el->values[i].length = bval[i]->bv_len;
194 search for matching records
196 static int lldb_search(struct lldb_context *lldb_ac)
198 struct lldb_private *lldb = lldb_ac->lldb;
199 struct ldb_module *module = lldb_ac->module;
200 struct ldb_request *req = lldb_ac->req;
207 if (!req->callback || !req->context) {
208 ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context");
209 return LDB_ERR_OPERATIONS_ERROR;
212 if (req->op.search.tree == NULL) {
213 ldb_set_errstring(module->ldb, "Invalid expression parse tree");
214 return LDB_ERR_OPERATIONS_ERROR;
217 if (req->controls != NULL) {
218 ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls are not yet supported by ldb_ldap backend!\n");
221 req->handle->state = LDB_ASYNC_PENDING;
223 search_base = ldb_dn_alloc_linearized(lldb_ac, req->op.search.base);
224 if (req->op.search.base == NULL) {
225 search_base = talloc_strdup(lldb_ac, "");
227 if (search_base == NULL) {
228 return LDB_ERR_OPERATIONS_ERROR;
231 expression = ldb_filter_from_tree(lldb_ac, req->op.search.tree);
232 if (expression == NULL) {
233 return LDB_ERR_OPERATIONS_ERROR;
236 switch (req->op.search.scope) {
238 ldap_scope = LDAP_SCOPE_BASE;
240 case LDB_SCOPE_ONELEVEL:
241 ldap_scope = LDAP_SCOPE_ONELEVEL;
244 ldap_scope = LDAP_SCOPE_SUBTREE;
248 tv.tv_sec = req->timeout;
251 ret = ldap_search_ext(lldb->ldap, search_base, ldap_scope,
253 discard_const_p(char *, req->op.search.attrs),
261 if (ret != LDAP_SUCCESS) {
262 ldb_set_errstring(module->ldb, ldap_err2string(ret));
265 return lldb_ldap_to_ldb(ret);
271 static int lldb_add(struct lldb_context *lldb_ac)
273 struct lldb_private *lldb = lldb_ac->lldb;
274 struct ldb_module *module = lldb_ac->module;
275 struct ldb_request *req = lldb_ac->req;
280 req->handle->state = LDB_ASYNC_PENDING;
282 mods = lldb_msg_to_mods(lldb_ac, req->op.add.message, 0);
284 return LDB_ERR_OPERATIONS_ERROR;
287 dn = ldb_dn_alloc_linearized(lldb_ac, req->op.add.message->dn);
289 return LDB_ERR_OPERATIONS_ERROR;
292 ret = ldap_add_ext(lldb->ldap, dn, mods,
297 if (ret != LDAP_SUCCESS) {
298 ldb_set_errstring(module->ldb, ldap_err2string(ret));
301 return lldb_ldap_to_ldb(ret);
307 static int lldb_modify(struct lldb_context *lldb_ac)
309 struct lldb_private *lldb = lldb_ac->lldb;
310 struct ldb_module *module = lldb_ac->module;
311 struct ldb_request *req = lldb_ac->req;
316 req->handle->state = LDB_ASYNC_PENDING;
318 mods = lldb_msg_to_mods(lldb_ac, req->op.mod.message, 1);
320 return LDB_ERR_OPERATIONS_ERROR;
323 dn = ldb_dn_alloc_linearized(lldb_ac, req->op.mod.message->dn);
325 return LDB_ERR_OPERATIONS_ERROR;
328 ret = ldap_modify_ext(lldb->ldap, dn, mods,
333 if (ret != LDAP_SUCCESS) {
334 ldb_set_errstring(module->ldb, ldap_err2string(ret));
337 return lldb_ldap_to_ldb(ret);
343 static int lldb_delete(struct lldb_context *lldb_ac)
345 struct lldb_private *lldb = lldb_ac->lldb;
346 struct ldb_module *module = lldb_ac->module;
347 struct ldb_request *req = lldb_ac->req;
351 req->handle->state = LDB_ASYNC_PENDING;
353 dnstr = ldb_dn_alloc_linearized(lldb_ac, req->op.del.dn);
355 ret = ldap_delete_ext(lldb->ldap, dnstr,
360 if (ret != LDAP_SUCCESS) {
361 ldb_set_errstring(module->ldb, ldap_err2string(ret));
364 return lldb_ldap_to_ldb(ret);
370 static int lldb_rename(struct lldb_context *lldb_ac)
372 struct lldb_private *lldb = lldb_ac->lldb;
373 struct ldb_module *module = lldb_ac->module;
374 struct ldb_request *req = lldb_ac->req;
380 req->handle->state = LDB_ASYNC_PENDING;
382 old_dn = ldb_dn_alloc_linearized(lldb_ac, req->op.rename.olddn);
383 if (old_dn == NULL) {
384 return LDB_ERR_OPERATIONS_ERROR;
387 newrdn = talloc_asprintf(lldb_ac, "%s=%s",
388 ldb_dn_get_rdn_name(req->op.rename.newdn),
389 ldb_dn_escape_value(lldb, *(ldb_dn_get_rdn_val(req->op.rename.newdn))));
391 return LDB_ERR_OPERATIONS_ERROR;
394 parentdn = ldb_dn_alloc_linearized(lldb_ac, ldb_dn_get_parent(lldb_ac, req->op.rename.newdn));
396 return LDB_ERR_OPERATIONS_ERROR;
399 ret = ldap_rename(lldb->ldap, old_dn, newrdn, parentdn,
403 if (ret != LDAP_SUCCESS) {
404 ldb_set_errstring(module->ldb, ldap_err2string(ret));
407 return lldb_ldap_to_ldb(ret);
410 static int lldb_start_trans(struct ldb_module *module)
412 /* TODO implement a local transaction mechanism here */
417 static int lldb_end_trans(struct ldb_module *module)
419 /* TODO implement a local transaction mechanism here */
424 static int lldb_del_trans(struct ldb_module *module)
426 /* TODO implement a local transaction mechanism here */
431 void lldb_request_done(struct ldb_request *req,
432 struct ldb_control **ctrls, int error)
434 struct ldb_reply *ares;
436 ares = talloc_zero(req, struct ldb_reply);
438 ldb_oom(req->handle->ldb);
439 req->callback(req, NULL);
442 ares->type = LDB_REPLY_DONE;
443 ares->controls = talloc_steal(ares, ctrls);
446 req->callback(req, ares);
449 /* return false if the request is still in progress
450 * return true if the request is completed
452 static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
454 struct lldb_private *lldb = ac->lldb;
455 LDAPControl **serverctrlsp = NULL;
456 char **referralsp = NULL;
457 char *matcheddnp = NULL;
458 char *errmsgp = NULL;
461 struct ldb_message *ldbmsg;
463 bool callback_failed;
469 type = ldap_msgtype(result);
470 callback_failed = false;
471 request_done = false;
474 case LDAP_RES_SEARCH_ENTRY:
476 msg = ldap_first_entry(lldb->ldap, result);
478 BerElement *berptr = NULL;
481 ldbmsg = ldb_msg_new(ac);
483 ret = LDB_ERR_OPERATIONS_ERROR;
487 dn = ldap_get_dn(lldb->ldap, msg);
490 ret = LDB_ERR_OPERATIONS_ERROR;
493 ldbmsg->dn = ldb_dn_new(ldbmsg, ac->module->ldb, dn);
494 if ( ! ldb_dn_validate(ldbmsg->dn)) {
496 ret = LDB_ERR_OPERATIONS_ERROR;
501 ldbmsg->num_elements = 0;
502 ldbmsg->elements = NULL;
504 /* loop over all attributes */
505 for (attr=ldap_first_attribute(lldb->ldap, msg, &berptr);
507 attr=ldap_next_attribute(lldb->ldap, msg, berptr)) {
508 struct berval **bval;
509 bval = ldap_get_values_len(lldb->ldap, msg, attr);
512 lldb_add_msg_attr(ac->module->ldb, ldbmsg, attr, bval);
513 ldap_value_free_len(bval);
516 if (berptr) ber_free(berptr, 0);
518 ret = ldb_module_send_entry(ac->req, ldbmsg, NULL /* controls not yet supported */);
519 if (ret != LDB_SUCCESS) {
521 callback_failed = true;
524 ret = LDB_ERR_OPERATIONS_ERROR;
528 case LDAP_RES_SEARCH_REFERENCE:
530 if (ldap_parse_result(lldb->ldap, result, &ret,
531 &matcheddnp, &errmsgp,
532 &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) {
533 ret = LDB_ERR_OPERATIONS_ERROR;
535 if (ret != LDB_SUCCESS) {
538 if (referralsp == NULL) {
539 ret = LDB_ERR_PROTOCOL_ERROR;
543 for (i = 0; referralsp[i]; i++) {
544 referral = talloc_strdup(ac, referralsp[i]);
546 ret = ldb_module_send_referral(ac->req, referral);
547 if (ret != LDB_SUCCESS) {
548 callback_failed = true;
554 case LDAP_RES_SEARCH_RESULT:
555 case LDAP_RES_MODIFY:
557 case LDAP_RES_DELETE:
560 if (ldap_parse_result(lldb->ldap, result, &ret,
561 &matcheddnp, &errmsgp,
562 &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) {
563 ret = LDB_ERR_OPERATIONS_ERROR;
565 if (ret != LDB_SUCCESS) {
569 if (serverctrlsp != NULL) {
570 /* FIXME: transform the LDAPControl list into an ldb_control one */
578 ret = LDB_ERR_PROTOCOL_ERROR;
582 if (ret != LDB_SUCCESS) {
584 /* if the callback failed the caller will have freed the
585 * request. Just return and don't try to use it */
586 if (callback_failed) {
588 /* tell lldb_wait to remove the request from the
591 goto free_and_return;
598 lldb_request_done(ac->req, ac->controls, ret);
600 goto free_and_return;
607 if (matcheddnp) ldap_memfree(matcheddnp);
608 if (errmsgp && *errmsgp) {
609 ldb_set_errstring(ac->module->ldb, errmsgp);
612 ldap_memfree(errmsgp);
614 if (referralsp) ldap_value_free(referralsp);
615 if (serverctrlsp) ldap_controls_free(serverctrlsp);
617 ldap_msgfree(result);
622 static void lldb_timeout(struct tevent_context *ev,
623 struct tevent_timer *te,
627 struct lldb_context *ac;
628 ac = talloc_get_type(private_data, struct lldb_context);
630 lldb_request_done(ac->req, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED);
633 static void lldb_callback(struct tevent_context *ev,
634 struct tevent_timer *te,
638 struct lldb_context *ac;
639 struct tevent_timer *lte;
644 ac = talloc_get_type(private_data, struct lldb_context);
647 lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR);
653 lret = ldap_result(ac->lldb->ldap, ac->msgid, 0, &tv, &result);
658 lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR);
662 if ( ! lldb_parse_result(ac, result)) {
671 lte = event_add_timed(ev, ac, tv, lldb_callback, ac);
673 lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR);
677 static bool lldb_dn_is_special(struct ldb_request *req)
679 struct ldb_dn *dn = NULL;
681 switch (req->operation) {
683 dn = req->op.add.message->dn;
686 dn = req->op.mod.message->dn;
692 dn = req->op.rename.olddn;
698 if (dn && ldb_dn_is_special(dn)) {
704 static void lldb_auto_done_callback(struct tevent_context *ev,
705 struct tevent_timer *te,
709 struct lldb_context *ac;
711 ac = talloc_get_type(private_data, struct lldb_context);
712 lldb_request_done(ac->req, NULL, LDB_SUCCESS);
715 static int lldb_handle_request(struct ldb_module *module, struct ldb_request *req)
717 struct lldb_private *lldb;
718 struct lldb_context *ac;
719 struct tevent_context *ev;
720 struct tevent_timer *te;
724 lldb = talloc_get_type(module->private_data, struct lldb_private);
726 if (req->starttime == 0 || req->timeout == 0) {
727 ldb_set_errstring(module->ldb, "Invalid timeout settings");
728 return LDB_ERR_TIME_LIMIT_EXCEEDED;
731 ev = ldb_get_event_context(module->ldb);
733 return LDB_ERR_OPERATIONS_ERROR;
736 ac = talloc_zero(module->ldb, struct lldb_context);
738 ldb_set_errstring(module->ldb, "Out of Memory");
739 return LDB_ERR_OPERATIONS_ERROR;
747 if (lldb_dn_is_special(req)) {
750 te = event_add_timed(ev, ac, tv,
751 lldb_auto_done_callback, ac);
753 return LDB_ERR_OPERATIONS_ERROR;
759 switch (ac->req->operation) {
761 ret = lldb_search(ac);
767 ret = lldb_modify(ac);
770 ret = lldb_delete(ac);
773 ret = lldb_rename(ac);
776 /* no other op supported */
777 ret = LDB_ERR_OPERATIONS_ERROR;
781 if (ret != LDB_SUCCESS) {
782 lldb_request_done(req, NULL, ret);
788 te = event_add_timed(ev, ac, tv, lldb_callback, ac);
790 return LDB_ERR_OPERATIONS_ERROR;
794 tv.tv_sec = req->starttime + req->timeout;
796 te = event_add_timed(ev, ac, tv, lldb_timeout, ac);
798 return LDB_ERR_OPERATIONS_ERROR;
804 static const struct ldb_module_ops lldb_ops = {
806 .search = lldb_handle_request,
807 .add = lldb_handle_request,
808 .modify = lldb_handle_request,
809 .del = lldb_handle_request,
810 .rename = lldb_handle_request,
811 .request = lldb_handle_request,
812 .start_transaction = lldb_start_trans,
813 .end_transaction = lldb_end_trans,
814 .del_transaction = lldb_del_trans,
818 static int lldb_destructor(struct lldb_private *lldb)
820 ldap_unbind(lldb->ldap);
825 connect to the database
827 static int lldb_connect(struct ldb_context *ldb,
830 const char *options[],
831 struct ldb_module **_module)
833 struct ldb_module *module;
834 struct lldb_private *lldb;
838 module = talloc(ldb, struct ldb_module);
839 if (module == NULL) {
844 talloc_set_name_const(module, "ldb_ldap backend");
846 module->prev = module->next = NULL;
847 module->ops = &lldb_ops;
849 lldb = talloc(module, struct lldb_private);
854 module->private_data = lldb;
857 ret = ldap_initialize(&lldb->ldap, url);
858 if (ret != LDAP_SUCCESS) {
859 ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s\n",
860 url, ldap_err2string(ret));
864 talloc_set_destructor(lldb, lldb_destructor);
866 ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
867 if (ret != LDAP_SUCCESS) {
868 ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s\n",
869 ldap_err2string(ret));
881 const struct ldb_backend_ops ldb_ldap_backend_ops = {
883 .connect_fn = lldb_connect
886 const struct ldb_backend_ops ldb_ldapi_backend_ops = {
888 .connect_fn = lldb_connect
891 const struct ldb_backend_ops ldb_ldaps_backend_ops = {
893 .connect_fn = lldb_connect