sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code
samba-mirror/source4/ldap_server/ldap_backend.c

254 lines
6.5 KiB
C
Raw Normal View History

r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
/*
Unix SMB/CIFS implementation.
LDAP server
Copyright (C) Stefan Metzmacher 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
r3464: split out registry.h, rap.h and ldap_server.h (This used to be commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e)
2004-11-02 06:52:59 +00:00
#include "ldap_server/ldap_server.h"
r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2004-11-02 06:42:15 +00:00
#include "dlinklist.h"
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
r5305: removed libcli/ldap/ldap.h from includes.h (This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2005-02-10 07:08:40 +00:00
struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
{
struct ldapsrv_reply *reply;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 07:08:20 +00:00
reply = talloc(call, struct ldapsrv_reply);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!reply) {
return NULL;
}
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
reply->msg = talloc(reply, struct ldap_message);
if (reply->msg == NULL) {
talloc_free(reply);
return NULL;
}
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
reply->msg->messageid = call->request->messageid;
reply->msg->type = type;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
return reply;
}
r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2005-06-19 09:31:34 +00:00
void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
{
DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
}
r5305: removed libcli/ldap/ldap.h from includes.h (This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2005-02-10 07:08:40 +00:00
struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, uint8_t scope)
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
{
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
return conn->default_partition;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
}
NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
{
struct ldapsrv_reply *reply;
struct ldap_ExtendedResponse *r;
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request->type, call->request->messageid));
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
if (!reply) {
return NT_STATUS_NO_MEMORY;
}
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
r = &reply->msg->r.ExtendedResponse;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
r->response.resultcode = error;
r->response.dn = NULL;
r->response.errormessage = NULL;
r->response.referral = NULL;
r->name = NULL;
r->value.data = NULL;
r->value.length = 0;
r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2005-06-19 09:31:34 +00:00
ldapsrv_queue_reply(call, reply);
return NT_STATUS_OK;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
}
static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("SearchRequest"));
DEBUGADD(10, (" basedn: %s", req->basedn));
r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2005-06-13 09:10:17 +00:00
DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->basedn, req->scope);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->Search) {
struct ldap_Result *done;
struct ldapsrv_reply *done_r;
done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
if (!done_r) {
return NT_STATUS_NO_MEMORY;
}
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
done = &done_r->msg->r.SearchResultDone;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
done->resultcode = 53;
done->dn = NULL;
done->errormessage = NULL;
done->referral = NULL;
r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2005-06-19 09:31:34 +00:00
ldapsrv_queue_reply(call, done_r);
return NT_STATUS_OK;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
}
return part->ops->Search(part, call, req);
}
static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("ModifyRequest"));
DEBUGADD(10, (" dn: %s", req->dn));
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->Modify) {
return ldapsrv_unwilling(call, 53);
}
return part->ops->Modify(part, call, req);
}
static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_AddRequest *req = &call->request->r.AddRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("AddRequest"));
DEBUGADD(10, (" dn: %s", req->dn));
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->Add) {
return ldapsrv_unwilling(call, 53);
}
return part->ops->Add(part, call, req);
}
static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_DelRequest *req = &call->request->r.DelRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("DelRequest"));
DEBUGADD(10, (" dn: %s", req->dn));
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->Del) {
return ldapsrv_unwilling(call, 53);
}
return part->ops->Del(part, call, req);
}
static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("ModifyDNRequrest"));
DEBUGADD(10, (" dn: %s", req->dn));
DEBUGADD(10, (" newrdn: %s", req->newrdn));
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->ModifyDN) {
return ldapsrv_unwilling(call, 53);
}
return part->ops->ModifyDN(part, call, req);
}
static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
struct ldapsrv_partition *part;
DEBUG(10, ("CompareRequest"));
DEBUGADD(10, (" dn: %s", req->dn));
r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2004-10-10 02:24:42 +00:00
part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
if (!part->ops->Compare) {
return ldapsrv_unwilling(call, 53);
}
return part->ops->Compare(part, call, req);
}
static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
{
/* struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/
DEBUG(10, ("AbandonRequest\n"));
return NT_STATUS_OK;
}
static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
{
/* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/
struct ldapsrv_reply *reply;
DEBUG(10, ("Extended\n"));
reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
if (!reply) {
return NT_STATUS_NO_MEMORY;
}
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
ZERO_STRUCT(reply->msg->r);
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2005-06-19 09:31:34 +00:00
ldapsrv_queue_reply(call, reply);
return NT_STATUS_OK;
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
}
NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
{
r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2005-06-15 00:27:51 +00:00
switch(call->request->type) {
r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2004-10-08 12:26:14 +00:00
case LDAP_TAG_BindRequest:
return ldapsrv_BindRequest(call);
case LDAP_TAG_UnbindRequest:
return ldapsrv_UnbindRequest(call);
case LDAP_TAG_SearchRequest:
return ldapsrv_SearchRequest(call);
case LDAP_TAG_ModifyRequest:
return ldapsrv_ModifyRequest(call);
case LDAP_TAG_AddRequest:
return ldapsrv_AddRequest(call);
case LDAP_TAG_DelRequest:
return ldapsrv_DelRequest(call);
case LDAP_TAG_ModifyDNRequest:
return ldapsrv_ModifyDNRequest(call);
case LDAP_TAG_CompareRequest:
return ldapsrv_CompareRequest(call);
case LDAP_TAG_AbandonRequest:
return ldapsrv_AbandonRequest(call);
case LDAP_TAG_ExtendedRequest:
return ldapsrv_ExtendedRequest(call);
default:
return ldapsrv_unwilling(call, 2);
}
}
r7777: allow for overriding the location of the sam databasein the ldap server, using ldapsrv:samdb option. This allows the following: sam database=ldap://localhost ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb which allows us to test putting the sam on an ldap server using our own ldap server. This is a great stress test for the ldap code. (This used to be commit 40948ba3848e2cfd69ee5ef77031170a652e389b)
2005-06-20 04:59:10 +00:00
Copy Permalink