4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2006
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb ldap backend
30 * Description: core files for LDAP backend
32 * Author: Andrew Tridgell
36 * - description: make the module use asyncronous calls
41 #include "ldb_module.h"
43 #define LDAP_DEPRECATED 1
51 struct ldb_module *module;
52 struct ldb_request *req;
54 struct lldb_private *lldb;
56 struct ldb_control **controls;
60 static int lldb_ldap_to_ldb(int err) {
61 /* Ldap errors and ldb errors are defined to the same values */
66 convert a ldb_message structure to a list of LDAPMod structures
67 ready for ldap_add() or ldap_modify()
69 static LDAPMod **lldb_msg_to_mods(void *mem_ctx, const struct ldb_message *msg, int use_flags)
75 /* allocate maximum number of elements needed */
76 mods = talloc_array(mem_ctx, LDAPMod *, msg->num_elements+1);
83 for (i=0;i<msg->num_elements;i++) {
84 const struct ldb_message_element *el = &msg->elements[i];
86 mods[num_mods] = talloc(mods, LDAPMod);
87 if (!mods[num_mods]) {
90 mods[num_mods+1] = NULL;
91 mods[num_mods]->mod_op = LDAP_MOD_BVALUES;
93 switch (el->flags & LDB_FLAG_MOD_MASK) {
94 case LDB_FLAG_MOD_ADD:
95 mods[num_mods]->mod_op |= LDAP_MOD_ADD;
97 case LDB_FLAG_MOD_DELETE:
98 mods[num_mods]->mod_op |= LDAP_MOD_DELETE;
100 case LDB_FLAG_MOD_REPLACE:
101 mods[num_mods]->mod_op |= LDAP_MOD_REPLACE;
105 mods[num_mods]->mod_type = discard_const_p(char, el->name);
106 mods[num_mods]->mod_vals.modv_bvals = talloc_array(mods[num_mods],
109 if (!mods[num_mods]->mod_vals.modv_bvals) {
113 for (j=0;j<el->num_values;j++) {
114 mods[num_mods]->mod_vals.modv_bvals[j] = talloc(mods[num_mods]->mod_vals.modv_bvals,
116 if (!mods[num_mods]->mod_vals.modv_bvals[j]) {
119 mods[num_mods]->mod_vals.modv_bvals[j]->bv_val = el->values[j].data;
120 mods[num_mods]->mod_vals.modv_bvals[j]->bv_len = el->values[j].length;
122 mods[num_mods]->mod_vals.modv_bvals[j] = NULL;
134 add a single set of ldap message values to a ldb_message
136 static int lldb_add_msg_attr(struct ldb_context *ldb,
137 struct ldb_message *msg,
138 const char *attr, struct berval **bval)
141 struct ldb_message_element *el;
143 count = ldap_count_values_len(bval);
149 el = talloc_realloc(msg, msg->elements, struct ldb_message_element,
150 msg->num_elements + 1);
158 el = &msg->elements[msg->num_elements];
160 el->name = talloc_strdup(msg->elements, attr);
168 el->values = talloc_array(msg->elements, struct ldb_val, count);
174 for (i=0;i<count;i++) {
175 /* we have to ensure this is null terminated so that
176 ldb_msg_find_attr_as_string() can work */
177 el->values[i].data = talloc_size(el->values, bval[i]->bv_len+1);
178 if (!el->values[i].data) {
182 memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len);
183 el->values[i].data[bval[i]->bv_len] = 0;
184 el->values[i].length = bval[i]->bv_len;
194 search for matching records
196 static int lldb_search(struct lldb_context *lldb_ac)
198 struct ldb_context *ldb;
199 struct lldb_private *lldb = lldb_ac->lldb;
200 struct ldb_module *module = lldb_ac->module;
201 struct ldb_request *req = lldb_ac->req;
208 ldb = ldb_module_get_ctx(module);
210 if (!req->callback || !req->context) {
211 ldb_set_errstring(ldb, "Async interface called with NULL callback function or NULL context");
212 return LDB_ERR_OPERATIONS_ERROR;
215 if (req->op.search.tree == NULL) {
216 ldb_set_errstring(ldb, "Invalid expression parse tree");
217 return LDB_ERR_OPERATIONS_ERROR;
220 if (req->controls != NULL) {
221 ldb_debug(ldb, LDB_DEBUG_WARNING, "Controls are not yet supported by ldb_ldap backend!\n");
224 ldb_request_set_state(req, LDB_ASYNC_PENDING);
226 search_base = ldb_dn_alloc_linearized(lldb_ac, req->op.search.base);
227 if (req->op.search.base == NULL) {
228 search_base = talloc_strdup(lldb_ac, "");
230 if (search_base == NULL) {
231 return LDB_ERR_OPERATIONS_ERROR;
234 expression = ldb_filter_from_tree(lldb_ac, req->op.search.tree);
235 if (expression == NULL) {
236 return LDB_ERR_OPERATIONS_ERROR;
239 switch (req->op.search.scope) {
241 ldap_scope = LDAP_SCOPE_BASE;
243 case LDB_SCOPE_ONELEVEL:
244 ldap_scope = LDAP_SCOPE_ONELEVEL;
247 ldap_scope = LDAP_SCOPE_SUBTREE;
251 tv.tv_sec = req->timeout;
254 ret = ldap_search_ext(lldb->ldap, search_base, ldap_scope,
256 discard_const_p(char *, req->op.search.attrs),
264 if (ret != LDAP_SUCCESS) {
265 ldb_set_errstring(ldb, ldap_err2string(ret));
268 return lldb_ldap_to_ldb(ret);
274 static int lldb_add(struct lldb_context *lldb_ac)
276 struct ldb_context *ldb;
277 struct lldb_private *lldb = lldb_ac->lldb;
278 struct ldb_module *module = lldb_ac->module;
279 struct ldb_request *req = lldb_ac->req;
284 ldb_module_get_ctx(module);
286 ldb_request_set_state(req, LDB_ASYNC_PENDING);
288 mods = lldb_msg_to_mods(lldb_ac, req->op.add.message, 0);
290 return LDB_ERR_OPERATIONS_ERROR;
293 dn = ldb_dn_alloc_linearized(lldb_ac, req->op.add.message->dn);
295 return LDB_ERR_OPERATIONS_ERROR;
298 ret = ldap_add_ext(lldb->ldap, dn, mods,
303 if (ret != LDAP_SUCCESS) {
304 ldb_set_errstring(ldb, ldap_err2string(ret));
307 return lldb_ldap_to_ldb(ret);
313 static int lldb_modify(struct lldb_context *lldb_ac)
315 struct ldb_context *ldb;
316 struct lldb_private *lldb = lldb_ac->lldb;
317 struct ldb_module *module = lldb_ac->module;
318 struct ldb_request *req = lldb_ac->req;
323 ldb_module_get_ctx(module);
325 ldb_request_set_state(req, LDB_ASYNC_PENDING);
327 mods = lldb_msg_to_mods(lldb_ac, req->op.mod.message, 1);
329 return LDB_ERR_OPERATIONS_ERROR;
332 dn = ldb_dn_alloc_linearized(lldb_ac, req->op.mod.message->dn);
334 return LDB_ERR_OPERATIONS_ERROR;
337 ret = ldap_modify_ext(lldb->ldap, dn, mods,
342 if (ret != LDAP_SUCCESS) {
343 ldb_set_errstring(ldb, ldap_err2string(ret));
346 return lldb_ldap_to_ldb(ret);
352 static int lldb_delete(struct lldb_context *lldb_ac)
354 struct ldb_context *ldb;
355 struct lldb_private *lldb = lldb_ac->lldb;
356 struct ldb_module *module = lldb_ac->module;
357 struct ldb_request *req = lldb_ac->req;
361 ldb_module_get_ctx(module);
363 ldb_request_set_state(req, LDB_ASYNC_PENDING);
365 dnstr = ldb_dn_alloc_linearized(lldb_ac, req->op.del.dn);
367 ret = ldap_delete_ext(lldb->ldap, dnstr,
372 if (ret != LDAP_SUCCESS) {
373 ldb_set_errstring(ldb, ldap_err2string(ret));
376 return lldb_ldap_to_ldb(ret);
382 static int lldb_rename(struct lldb_context *lldb_ac)
384 struct ldb_context *ldb;
385 struct lldb_private *lldb = lldb_ac->lldb;
386 struct ldb_module *module = lldb_ac->module;
387 struct ldb_request *req = lldb_ac->req;
393 ldb_module_get_ctx(module);
395 ldb_request_set_state(req, LDB_ASYNC_PENDING);
397 old_dn = ldb_dn_alloc_linearized(lldb_ac, req->op.rename.olddn);
398 if (old_dn == NULL) {
399 return LDB_ERR_OPERATIONS_ERROR;
402 newrdn = talloc_asprintf(lldb_ac, "%s=%s",
403 ldb_dn_get_rdn_name(req->op.rename.newdn),
404 ldb_dn_escape_value(lldb, *(ldb_dn_get_rdn_val(req->op.rename.newdn))));
406 return LDB_ERR_OPERATIONS_ERROR;
409 parentdn = ldb_dn_alloc_linearized(lldb_ac, ldb_dn_get_parent(lldb_ac, req->op.rename.newdn));
411 return LDB_ERR_OPERATIONS_ERROR;
414 ret = ldap_rename(lldb->ldap, old_dn, newrdn, parentdn,
418 if (ret != LDAP_SUCCESS) {
419 ldb_set_errstring(ldb, ldap_err2string(ret));
422 return lldb_ldap_to_ldb(ret);
425 static int lldb_start_trans(struct ldb_module *module)
427 /* TODO implement a local transaction mechanism here */
432 static int lldb_end_trans(struct ldb_module *module)
434 /* TODO implement a local transaction mechanism here */
439 static int lldb_del_trans(struct ldb_module *module)
441 /* TODO implement a local transaction mechanism here */
446 void lldb_request_done(struct lldb_context *ac,
447 struct ldb_control **ctrls, int error)
449 struct ldb_request *req;
450 struct ldb_reply *ares;
454 ares = talloc_zero(req, struct ldb_reply);
456 ldb_oom(ldb_module_get_ctx(ac->module));
457 req->callback(req, NULL);
460 ares->type = LDB_REPLY_DONE;
461 ares->controls = talloc_steal(ares, ctrls);
464 req->callback(req, ares);
467 /* return false if the request is still in progress
468 * return true if the request is completed
470 static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result)
472 struct ldb_context *ldb;
473 struct lldb_private *lldb = ac->lldb;
474 LDAPControl **serverctrlsp = NULL;
475 char **referralsp = NULL;
476 char *matcheddnp = NULL;
477 char *errmsgp = NULL;
480 struct ldb_message *ldbmsg;
482 bool callback_failed;
488 ldb = ldb_module_get_ctx(ac->module);
490 type = ldap_msgtype(result);
491 callback_failed = false;
492 request_done = false;
495 case LDAP_RES_SEARCH_ENTRY:
497 msg = ldap_first_entry(lldb->ldap, result);
499 BerElement *berptr = NULL;
502 ldbmsg = ldb_msg_new(ac);
504 ret = LDB_ERR_OPERATIONS_ERROR;
508 dn = ldap_get_dn(lldb->ldap, msg);
511 ret = LDB_ERR_OPERATIONS_ERROR;
514 ldbmsg->dn = ldb_dn_new(ldbmsg, ldb, dn);
515 if ( ! ldb_dn_validate(ldbmsg->dn)) {
517 ret = LDB_ERR_OPERATIONS_ERROR;
522 ldbmsg->num_elements = 0;
523 ldbmsg->elements = NULL;
525 /* loop over all attributes */
526 for (attr=ldap_first_attribute(lldb->ldap, msg, &berptr);
528 attr=ldap_next_attribute(lldb->ldap, msg, berptr)) {
529 struct berval **bval;
530 bval = ldap_get_values_len(lldb->ldap, msg, attr);
533 lldb_add_msg_attr(ldb, ldbmsg, attr, bval);
534 ldap_value_free_len(bval);
537 if (berptr) ber_free(berptr, 0);
539 ret = ldb_module_send_entry(ac->req, ldbmsg, NULL /* controls not yet supported */);
540 if (ret != LDB_SUCCESS) {
542 callback_failed = true;
545 ret = LDB_ERR_OPERATIONS_ERROR;
549 case LDAP_RES_SEARCH_REFERENCE:
551 if (ldap_parse_result(lldb->ldap, result, &ret,
552 &matcheddnp, &errmsgp,
553 &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) {
554 ret = LDB_ERR_OPERATIONS_ERROR;
556 if (ret != LDB_SUCCESS) {
559 if (referralsp == NULL) {
560 ret = LDB_ERR_PROTOCOL_ERROR;
564 for (i = 0; referralsp[i]; i++) {
565 referral = talloc_strdup(ac, referralsp[i]);
567 ret = ldb_module_send_referral(ac->req, referral);
568 if (ret != LDB_SUCCESS) {
569 callback_failed = true;
575 case LDAP_RES_SEARCH_RESULT:
576 case LDAP_RES_MODIFY:
578 case LDAP_RES_DELETE:
581 if (ldap_parse_result(lldb->ldap, result, &ret,
582 &matcheddnp, &errmsgp,
583 &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) {
584 ret = LDB_ERR_OPERATIONS_ERROR;
586 if (ret != LDB_SUCCESS) {
590 if (serverctrlsp != NULL) {
591 /* FIXME: transform the LDAPControl list into an ldb_control one */
599 ret = LDB_ERR_PROTOCOL_ERROR;
603 if (ret != LDB_SUCCESS) {
605 /* if the callback failed the caller will have freed the
606 * request. Just return and don't try to use it */
607 if (callback_failed) {
609 /* tell lldb_wait to remove the request from the
612 goto free_and_return;
619 lldb_request_done(ac, ac->controls, ret);
621 goto free_and_return;
628 if (matcheddnp) ldap_memfree(matcheddnp);
629 if (errmsgp && *errmsgp) {
630 ldb_set_errstring(ldb, errmsgp);
633 ldap_memfree(errmsgp);
635 if (referralsp) ldap_value_free(referralsp);
636 if (serverctrlsp) ldap_controls_free(serverctrlsp);
638 ldap_msgfree(result);
643 static void lldb_timeout(struct tevent_context *ev,
644 struct tevent_timer *te,
648 struct lldb_context *ac;
649 ac = talloc_get_type(private_data, struct lldb_context);
651 lldb_request_done(ac, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED);
654 static void lldb_callback(struct tevent_context *ev,
655 struct tevent_timer *te,
659 struct lldb_context *ac;
660 struct tevent_timer *lte;
665 ac = talloc_get_type(private_data, struct lldb_context);
668 lldb_request_done(ac, NULL, LDB_ERR_OPERATIONS_ERROR);
674 lret = ldap_result(ac->lldb->ldap, ac->msgid, 0, &tv, &result);
679 lldb_request_done(ac, NULL, LDB_ERR_OPERATIONS_ERROR);
683 if ( ! lldb_parse_result(ac, result)) {
692 lte = tevent_add_timer(ev, ac, tv, lldb_callback, ac);
694 lldb_request_done(ac, NULL, LDB_ERR_OPERATIONS_ERROR);
698 static bool lldb_dn_is_special(struct ldb_request *req)
700 struct ldb_dn *dn = NULL;
702 switch (req->operation) {
704 dn = req->op.add.message->dn;
707 dn = req->op.mod.message->dn;
713 dn = req->op.rename.olddn;
719 if (dn && ldb_dn_is_special(dn)) {
725 static void lldb_auto_done_callback(struct tevent_context *ev,
726 struct tevent_timer *te,
730 struct lldb_context *ac;
732 ac = talloc_get_type(private_data, struct lldb_context);
733 lldb_request_done(ac, NULL, LDB_SUCCESS);
736 static int lldb_handle_request(struct ldb_module *module, struct ldb_request *req)
738 struct ldb_context *ldb;
739 struct lldb_private *lldb;
740 struct lldb_context *ac;
741 struct tevent_context *ev;
742 struct tevent_timer *te;
746 lldb = talloc_get_type(ldb_module_get_private(module), struct lldb_private);
747 ldb = ldb_module_get_ctx(module);
749 if (req->starttime == 0 || req->timeout == 0) {
750 ldb_set_errstring(ldb, "Invalid timeout settings");
751 return LDB_ERR_TIME_LIMIT_EXCEEDED;
754 ev = ldb_get_event_context(ldb);
756 return LDB_ERR_OPERATIONS_ERROR;
759 ac = talloc_zero(ldb, struct lldb_context);
761 ldb_set_errstring(ldb, "Out of Memory");
762 return LDB_ERR_OPERATIONS_ERROR;
770 if (lldb_dn_is_special(req)) {
773 te = tevent_add_timer(ev, ac, tv,
774 lldb_auto_done_callback, ac);
776 return LDB_ERR_OPERATIONS_ERROR;
782 switch (ac->req->operation) {
784 ret = lldb_search(ac);
790 ret = lldb_modify(ac);
793 ret = lldb_delete(ac);
796 ret = lldb_rename(ac);
799 /* no other op supported */
800 ret = LDB_ERR_OPERATIONS_ERROR;
804 if (ret != LDB_SUCCESS) {
805 lldb_request_done(ac, NULL, ret);
811 te = tevent_add_timer(ev, ac, tv, lldb_callback, ac);
813 return LDB_ERR_OPERATIONS_ERROR;
817 tv.tv_sec = req->starttime + req->timeout;
819 te = tevent_add_timer(ev, ac, tv, lldb_timeout, ac);
821 return LDB_ERR_OPERATIONS_ERROR;
827 static const struct ldb_module_ops lldb_ops = {
829 .search = lldb_handle_request,
830 .add = lldb_handle_request,
831 .modify = lldb_handle_request,
832 .del = lldb_handle_request,
833 .rename = lldb_handle_request,
834 .request = lldb_handle_request,
835 .start_transaction = lldb_start_trans,
836 .end_transaction = lldb_end_trans,
837 .del_transaction = lldb_del_trans,
841 static int lldb_destructor(struct lldb_private *lldb)
843 ldap_unbind(lldb->ldap);
848 connect to the database
850 static int lldb_connect(struct ldb_context *ldb,
853 const char *options[],
854 struct ldb_module **_module)
856 struct ldb_module *module;
857 struct lldb_private *lldb;
861 module = ldb_module_new(ldb, ldb, "ldb_ldap backend", &lldb_ops);
862 if (!module) return -1;
864 lldb = talloc_zero(module, struct lldb_private);
869 ldb_module_set_private(module, lldb);
871 ret = ldap_initialize(&lldb->ldap, url);
872 if (ret != LDAP_SUCCESS) {
873 ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s\n",
874 url, ldap_err2string(ret));
878 talloc_set_destructor(lldb, lldb_destructor);
880 ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
881 if (ret != LDAP_SUCCESS) {
882 ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s\n",
883 ldap_err2string(ret));
895 const struct ldb_backend_ops ldb_ldap_backend_ops = {
897 .connect_fn = lldb_connect
900 const struct ldb_backend_ops ldb_ldapi_backend_ops = {
902 .connect_fn = lldb_connect
905 const struct ldb_backend_ops ldb_ldaps_backend_ops = {
907 .connect_fn = lldb_connect