2025-02-08 05:57:51 +03:00 · 2004-08-12 04:55:59 +00:00 · 2004-08-12 04:55:59 +00:00 · 48939adca1
commit 48939adca1
parent 0949b72645
8 changed files with 2380 additions and 29 deletions
--- a/source/configure.in
+++ b/source/configure.in
@ -20,6 +20,7 @@ SMB_INCLUDE_M4(lib/cmdline/config.m4)
 SMB_INCLUDE_M4(param/config.m4)
 SMB_INCLUDE_M4(libcli/auth/config.m4)
 SMB_INCLUDE_M4(libcli/auth/gensec.m4)
+SMB_INCLUDE_M4(libcli/ldap/config.m4)
 SMB_INCLUDE_M4(libcli/config.m4)
 SMB_INCLUDE_M4(librpc/config.m4)
 SMB_INCLUDE_M4(libcli/libsmb.m4)
--- a/source/include/asn_1.h
+++ b/source/include/asn_1.h
@ -35,10 +35,11 @@ typedef struct {
 	BOOL has_error;
 } ASN1_DATA;

-
 #define ASN1_APPLICATION(x) ((x)+0x60)
+#define ASN1_APPLICATION_SIMPLE(x) ((x)+0x40)
 #define ASN1_SEQUENCE(x) ((x)+0x30)
 #define ASN1_CONTEXT(x) ((x)+0xa0)
+#define ASN1_CONTEXT_SIMPLE(x) ((x)+0x80)
 #define ASN1_GENERAL_STRING 0x1b
 #define ASN1_OCTET_STRING 0x4
 #define ASN1_OID 0x6
--- a/source/include/includes.h
+++ b/source/include/includes.h
@ -641,6 +641,7 @@ extern int errno;
 #include "rewrite.h"
 #include "smb.h"
 #include "ads.h"
+#include "libcli/ldap/ldap.h"
 #include "nameserv.h"
 #include "secrets.h"

--- a/source/libcli/ldap/config.m4
+++ b/source/libcli/ldap/config.m4
@ -0,0 +1 @@
+SMB_SUBSYSTEM_MK(LIBCLI_LDAP,libcli/ldap/config.mk)
--- a/source/libcli/ldap/config.mk
+++ b/source/libcli/ldap/config.mk
@ -0,0 +1,6 @@
+#################################
+# Start SUBSYSTEM LIBCLI_LDAP
+[SUBSYSTEM::LIBCLI_LDAP]
+ADD_OBJ_FILES = libcli/ldap/ldap.o
+# End SUBSYSTEM LIBCLI_LDAP
+#################################
--- a/source/libcli/ldap/ldap.c
+++ b/source/libcli/ldap/ldap.c
--- a/source/libcli/ldap/ldap.h
+++ b/source/libcli/ldap/ldap.h
@ -0,0 +1,246 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP protocol helper functions for SAMBA
+   Copyright (C) Volker Lendecke 2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#ifndef _SMB_LDAP_H
+#define _SMB_LDAP_H
+
+enum ldap_request_tag {
+	LDAP_TAG_BindRequest = 0,
+	LDAP_TAG_BindResponse = 1,
+	LDAP_TAG_UnbindRequest = 2,
+	LDAP_TAG_SearchRequest = 3,
+	LDAP_TAG_SearchResultEntry = 4,
+	LDAP_TAG_SearchResultDone = 5,
+	LDAP_TAG_ModifyRequest = 6,
+	LDAP_TAG_ModifyResponse = 7,
+	LDAP_TAG_AddRequest = 8,
+	LDAP_TAG_AddResponse = 9,
+	LDAP_TAG_DelRequest = 10,
+	LDAP_TAG_DelResponse = 11,
+	LDAP_TAG_ModifyDNRequest = 12,
+	LDAP_TAG_ModifyDNResponse = 13,
+	LDAP_TAG_CompareRequest = 14,
+	LDAP_TAG_CompareResponse = 15,
+	LDAP_TAG_AbandonRequest = 16,
+	LDAP_TAG_SearchResultReference = 19,
+	LDAP_TAG_ExtendedRequest = 23,
+	LDAP_TAG_ExtendedResponse = 24
+};
+
+enum ldap_auth_mechanism {
+	LDAP_AUTH_MECH_SIMPLE = 0,
+	LDAP_AUTH_MECH_SASL = 3
+};
+
+struct ldap_Result {
+	int resultcode;
+	const char *dn;
+	const char *errormessage;
+	const char *referral;
+};
+
+struct ldap_attribute {
+	const char *name;
+	int num_values;
+	DATA_BLOB *values;
+};
+
+struct ldap_BindRequest {
+	int version;
+	const char *dn;
+	enum ldap_auth_mechanism mechanism;
+	union {
+		const char *password;
+		struct {
+			const char *mechanism;
+			DATA_BLOB creds;
+		} SASL;
+	} creds;
+};
+
+struct ldap_BindResponse {
+	struct ldap_Result response;
+	union {
+		DATA_BLOB credentials;
+	} SASL_Credentials;
+};
+
+struct ldap_UnbindRequest {
+};
+
+enum ldap_scope {
+	LDAP_SEARCH_SCOPE_BASE = 0,
+	LDAP_SEARCH_SCOPE_SINGLE = 1,
+	LDAP_SEARCH_SCOPE_SUB = 2
+};
+
+enum ldap_deref {
+	LDAP_DEREFERENCE_NEVER = 0,
+	LDAP_DEREFERENCE_IN_SEARCHING = 1,
+	LDAP_DEREFERENCE_FINDING_BASE = 2,
+	LDAP_DEREFERENCE_ALWAYS
+};
+
+struct ldap_SearchRequest {
+	const char *basedn;
+	enum ldap_scope scope;
+	enum ldap_deref deref;
+	uint32 timelimit;
+	uint32 sizelimit;
+	BOOL attributesonly;
+	char *filter;
+	int num_attributes;
+	const char **attributes;
+};
+
+struct ldap_SearchResEntry {
+	const char *dn;
+	int num_attributes;
+	struct ldap_attribute *attributes;
+};
+
+struct ldap_SearchResRef {
+	int num_referrals;
+	const char **referrals;
+};
+
+enum ldap_modify_type {
+	LDAP_MODIFY_NONE = -1,
+	LDAP_MODIFY_ADD = 0,
+	LDAP_MODIFY_DELETE = 1,
+	LDAP_MODIFY_REPLACE = 2
+};
+
+struct ldap_mod {
+	enum ldap_modify_type type;
+	struct ldap_attribute attrib;
+};
+
+struct ldap_ModifyRequest {
+	const char *dn;
+	int num_mods;
+	struct ldap_mod *mods;
+};
+
+struct ldap_AddRequest {
+	const char *dn;
+	int num_attributes;
+	struct ldap_attribute *attributes;
+};
+
+struct ldap_DelRequest {
+	const char *dn;
+};
+
+struct ldap_ModifyDNRequest {
+	const char *dn;
+	const char *newrdn;
+	BOOL deleteolddn;
+	const char *newsuperior;
+};
+
+struct ldap_CompareRequest {
+	const char *dn;
+	const char *attribute;
+	const char *value;
+};
+
+struct ldap_AbandonRequest {
+	uint32 messageid;
+};
+
+struct ldap_ExtendedRequest {
+	const char *oid;
+	DATA_BLOB value;
+};
+
+struct ldap_ExtendedResponse {
+	struct ldap_Result response;
+	const char *name;
+	DATA_BLOB value;
+};
+
+union ldap_Request {
+	struct ldap_BindRequest 	BindRequest;
+	struct ldap_BindResponse 	BindResponse;
+	struct ldap_UnbindRequest 	UnbindRequest;
+	struct ldap_SearchRequest 	SearchRequest;
+	struct ldap_SearchResEntry 	SearchResultEntry;
+	struct ldap_Result 		SearchResultDone;
+	struct ldap_SearchResRef 	SearchResultReference;
+	struct ldap_ModifyRequest 	ModifyRequest;
+	struct ldap_Result 		ModifyResponse;
+	struct ldap_AddRequest 		AddRequest;
+	struct ldap_Result 		AddResponse;
+	struct ldap_DelRequest 		DelRequest;
+	struct ldap_Result 		DelResponse;
+	struct ldap_ModifyDNRequest 	ModifyDNRequest;
+	struct ldap_Result 		ModifyDNResponse;
+	struct ldap_CompareRequest 	CompareRequest;
+	struct ldap_Result 		CompareResponse;
+	struct ldap_AbandonRequest 	AbandonRequest;
+	struct ldap_ExtendedRequest 	ExtendedRequest;
+	struct ldap_ExtendedResponse 	ExtendedResponse;
+};
+
+struct ldap_Control {
+	const char *oid;
+	BOOL        critical;
+	DATA_BLOB   value;
+};
+
+struct ldap_message {
+	TALLOC_CTX	       *mem_ctx;
+	uint32                  messageid;
+	uint8                   type;
+	union  ldap_Request     r;
+	int			num_controls;
+	struct ldap_Control    *controls;
+};
+
+struct ldap_queue_entry {
+	struct ldap_queue_entry *next, *prev;
+	int msgid;
+	struct ldap_message *msg;
+};
+
+struct ldap_connection {
+	TALLOC_CTX *mem_ctx;
+	int sock;
+	int next_msgid;
+	char *host;
+	uint16 port;
+	BOOL ldaps;
+
+	const char *auth_dn;
+	const char *simple_pw;
+
+	/* Current outstanding search entry */
+	int searchid;
+
+	/* List for incoming search entries */
+	struct ldap_queue_entry *search_entries;
+
+	/* Outstanding LDAP requests that have not yet been replied to */
+	struct ldap_queue_entry *outstanding;
+};
+
+#endif
--- a/source/libcli/util/asn1.c
+++ b/source/libcli/util/asn1.c
@ -184,6 +184,14 @@ BOOL asn1_write_BOOLEAN2(ASN1_DATA *data, BOOL v)
 	return !data->has_error;
 }

+BOOL asn1_read_BOOLEAN2(ASN1_DATA *data, BOOL *v)
+{
+	asn1_start_tag(data, ASN1_BOOLEAN);
+	asn1_read_uint8(data, (uint8 *)v);
+	asn1_end_tag(data);
+	return !data->has_error;
+}
+
 /* check a BOOLEAN */
 BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
 {
@ -216,19 +224,27 @@ BOOL asn1_load(ASN1_DATA *data, DATA_BLOB blob)
 	return True;
 }

+/* Peek into an ASN1 buffer, not advancing the pointer */
+BOOL asn1_peek(ASN1_DATA *data, void *p, int len)
+{
+	if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
+		return False;
+
+	if (data->ofs + len > data->length)
+		return False;
+
+	memcpy(p, data->data + data->ofs, len);
+	return True;
+}
+
 /* read from a ASN1 buffer, advancing the buffer pointer */
 BOOL asn1_read(ASN1_DATA *data, void *p, int len)
 {
-	if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) {
+	if (!asn1_peek(data, p, len)) {
 		data->has_error = True;
 		return False;
 	}

-	if (data->ofs + len > data->length) {
-		data->has_error = True;
-		return False;
-	}
-	memcpy(p, data->data + data->ofs, len);
 	data->ofs += len;
 	return True;
 }
@ -239,28 +255,21 @@ BOOL asn1_read_uint8(ASN1_DATA *data, uint8_t *v)
 	return asn1_read(data, v, 1);
 }

-/* read from a ASN1 buffer, advancing the buffer pointer */
-BOOL asn1_peek(ASN1_DATA *data, void *p, int len)
-{
-	if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) {
-		data->has_error = True;
-		return False;
-	}
-
-	if (data->ofs + len > data->length) {
-		data->has_error = True;
-		return False;
-	}
-	memcpy(p, data->data + data->ofs, len);
-	return True;
-}
-
-/* read a uint8_t from a ASN1 buffer */
 BOOL asn1_peek_uint8(ASN1_DATA *data, uint8_t *v)
 {
 	return asn1_peek(data, v, 1);
 }

+BOOL asn1_peek_tag(ASN1_DATA *data, uint8_t tag)
+{
+	uint8_t b;
+
+	if (!asn1_peek(data, &b, sizeof(b)))
+		return False;
+
+	return (b == tag);
+}
+
 /* start reading a nested asn1 structure */
 BOOL asn1_start_tag(ASN1_DATA *data, uint8_t tag)
 {
@ -304,6 +313,89 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8_t tag)
 	return !data->has_error;
 }

+#if 0
+static BOOL read_one_uint8(int sock, uint8_t *result, ASN1_DATA *data,
+			   const struct timeval *endtime)
+{
+	if (read_data_until(sock, result, 1, endtime) != 1)
+		return False;
+
+	return asn1_write(data, result, 1);
+}
+
+/* Read a complete ASN sequence (ie LDAP result) from a socket */
+BOOL asn1_read_sequence_until(int sock, ASN1_DATA *data,
+			      const struct timeval *endtime)
+{
+	uint8_t b;
+	size_t len;
+	char *buf;
+
+	ZERO_STRUCTP(data);
+
+	if (!read_one_uint8(sock, &b, data, endtime))
+		return False;
+
+	if (b != 0x30) {
+		data->has_error = True;
+		return False;
+	}
+
+	if (!read_one_uint8(sock, &b, data, endtime))
+		return False;
+
+	if (b & 0x80) {
+		int n = b & 0x7f;
+		if (!read_one_uint8(sock, &b, data, endtime))
+			return False;
+		len = b;
+		while (n > 1) {
+			if (!read_one_uint8(sock, &b, data, endtime))
+				return False;
+			len = (len<<8) | b;
+			n--;
+		}
+	} else {
+		len = b;
+	}
+
+	buf = malloc(len);
+	if (buf == NULL)
+		return False;
+
+	if (read_data_until(sock, buf, len, endtime) != len)
+		return False;
+
+	if (!asn1_write(data, buf, len))
+		return False;
+
+	free(buf);
+
+	data->ofs = 0;
+	
+	return True;
+}
+#endif
+
+/* Get the length to be expected in buf */
+BOOL asn1_object_length(uint8_t *buf, size_t buf_length,
+			uint8_t tag, size_t *result)
+{
+	ASN1_DATA data;
+
+	/* Fake the asn1_load to avoid the memdup, this is just to be able to
+	 * re-use the length-reading in asn1_start_tag */
+	ZERO_STRUCT(data);
+	data.data = buf;
+	data.length = buf_length;
+	if (!asn1_start_tag(&data, tag))
+		return False;
+	*result = asn1_tag_remaining(&data)+data.ofs;
+	/* We can't use asn1_end_tag here, as we did not consume the complete
+	 * tag, so asn1_end_tag would flag an error and not free nesting */
+	free(data.nesting);
+	return True;
+}

 /* stop reading a tag */
 BOOL asn1_end_tag(ASN1_DATA *data)
@ -342,7 +434,7 @@ int asn1_tag_remaining(ASN1_DATA *data)
 BOOL asn1_read_OID(ASN1_DATA *data, char **OID)
 {
 	uint8_t b;
-	char *oid = NULL;
+	char *tmp_oid = NULL;
 	TALLOC_CTX *mem_ctx = talloc_init("asn1_read_OID");
 	if (!mem_ctx) {
 		return False;
@ -351,8 +443,8 @@ BOOL asn1_read_OID(ASN1_DATA *data, char **OID)
 	if (!asn1_start_tag(data, ASN1_OID)) return False;
 	asn1_read_uint8(data, &b);

-	oid = talloc_asprintf(mem_ctx, "%u",  b/40);
-	oid = talloc_asprintf_append(mem_ctx, oid, " %u",  b%40);
+	tmp_oid = talloc_asprintf(mem_ctx, "%u",  b/40);
+	tmp_oid = talloc_asprintf_append(mem_ctx, tmp_oid, " %u",  b%40);

 	while (!data->has_error && asn1_tag_remaining(data) > 0) {
 		uint_t v = 0;
@ -360,12 +452,12 @@ BOOL asn1_read_OID(ASN1_DATA *data, char **OID)
 			asn1_read_uint8(data, &b);
 			v = (v<<7) | (b&0x7f);
 		} while (!data->has_error && b & 0x80);
-		oid = talloc_asprintf_append(mem_ctx, oid, " %u",  v);
+		tmp_oid = talloc_asprintf_append(mem_ctx, tmp_oid, " %u",  v);
 	}

 	asn1_end_tag(data);

-	*OID = strdup(oid);
+	*OID = strdup(tmp_oid);
 	talloc_destroy(mem_ctx);

 	return (*OID && !data->has_error);
@ -439,6 +531,20 @@ BOOL asn1_read_Integer(ASN1_DATA *data, int *i)
 	
 }

+/* read an interger */
+BOOL asn1_read_enumerated(ASN1_DATA *data, int *v)
+{
+	*v = 0;
+	
+	if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
+	while (asn1_tag_remaining(data)>0) {
+		uint8_t b;
+		asn1_read_uint8(data, &b);
+		*v = (*v << 8) + b;
+	}
+	return asn1_end_tag(data);	
+}
+
 /* check a enumarted value is correct */
 BOOL asn1_check_enumerated(ASN1_DATA *data, int v)
 {
				`@ -0,0 +1 @@`
				`SMB_SUBSYSTEM_MK(LIBCLI_LDAP,libcli/ldap/config.mk)`