2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
5 Copyright (C) Simo Sorce 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "libcli/util/asn_1.h"
25 #include "libcli/ldap/ldap.h"
26 #include "lib/ldb/include/ldb.h"
28 struct control_handler {
30 BOOL (*decode)(void *mem_ctx, DATA_BLOB in, void **out);
31 BOOL (*encode)(void *mem_ctx, void *in, DATA_BLOB *out);
34 static BOOL decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void **out)
37 struct asn1_data data;
38 struct ldb_sort_resp_control *lsrc;
40 if (!asn1_load(&data, in)) {
44 lsrc = talloc(mem_ctx, struct ldb_sort_resp_control);
49 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
53 if (!asn1_read_enumerated(&data, &(lsrc->result))) {
57 lsrc->attr_desc = NULL;
58 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
59 if (!asn1_read_OctetString(&data, &attr)) {
62 lsrc->attr_desc = talloc_strndup(lsrc, (const char *)attr.data, attr.length);
63 if (!lsrc->attr_desc) {
68 if (!asn1_end_tag(&data)) {
77 static BOOL decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void **out)
81 struct asn1_data data;
82 struct ldb_server_sort_control **lssc;
85 if (!asn1_load(&data, in)) {
89 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
95 for (num = 0; asn1_peek_tag(&data, ASN1_SEQUENCE(0)); num++) {
96 lssc = talloc_realloc(mem_ctx, lssc, struct ldb_server_sort_control *, num + 2);
100 lssc[num] = talloc_zero(lssc, struct ldb_server_sort_control);
105 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
109 if (!asn1_read_OctetString(&data, &attr)) {
113 lssc[num]->attributeName = talloc_strndup(lssc[num], (const char *)attr.data, attr.length);
114 if (!lssc [num]->attributeName) {
118 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
119 if (!asn1_read_OctetString(&data, &rule)) {
122 lssc[num]->orderingRule = talloc_strndup(lssc[num], (const char *)rule.data, rule.length);
123 if (!lssc[num]->orderingRule) {
128 if (asn1_peek_tag(&data, ASN1_BOOLEAN)) {
130 if (!asn1_read_BOOLEAN(&data, &reverse)) {
133 lssc[num]->reverse = reverse;
136 if (!asn1_end_tag(&data)) {
145 if (!asn1_end_tag(&data)) {
154 static BOOL decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
156 struct asn1_data data;
157 struct ldb_extended_dn_control *ledc;
159 if (!asn1_load(&data, in)) {
163 ledc = talloc(mem_ctx, struct ldb_extended_dn_control);
168 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
172 if (!asn1_read_Integer(&data, &(ledc->type))) {
176 if (!asn1_end_tag(&data)) {
185 static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
187 struct asn1_data data;
188 struct ldb_sd_flags_control *lsdfc;
190 if (!asn1_load(&data, in)) {
194 lsdfc = talloc(mem_ctx, struct ldb_sd_flags_control);
199 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
203 if (!asn1_read_Integer(&data, &(lsdfc->secinfo_flags))) {
207 if (!asn1_end_tag(&data)) {
216 static BOOL decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **out)
218 struct asn1_data data;
219 struct ldb_search_options_control *lsoc;
221 if (!asn1_load(&data, in)) {
225 lsoc = talloc(mem_ctx, struct ldb_search_options_control);
230 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
234 if (!asn1_read_Integer(&data, &(lsoc->search_options))) {
238 if (!asn1_end_tag(&data)) {
247 static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
250 struct asn1_data data;
251 struct ldb_paged_control *lprc;
253 if (!asn1_load(&data, in)) {
257 lprc = talloc(mem_ctx, struct ldb_paged_control);
262 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
266 if (!asn1_read_Integer(&data, &(lprc->size))) {
270 if (!asn1_read_OctetString(&data, &cookie)) {
273 lprc->cookie_len = cookie.length;
274 if (lprc->cookie_len) {
275 lprc->cookie = talloc_memdup(lprc, cookie.data, cookie.length);
277 if (!(lprc->cookie)) {
284 if (!asn1_end_tag(&data)) {
293 static BOOL decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out)
296 struct asn1_data data;
297 struct ldb_dirsync_control *ldc;
299 if (!asn1_load(&data, in)) {
303 ldc = talloc(mem_ctx, struct ldb_dirsync_control);
308 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
312 if (!asn1_read_Integer(&data, &(ldc->flags))) {
316 if (!asn1_read_Integer(&data, &(ldc->max_attributes))) {
320 if (!asn1_read_OctetString(&data, &cookie)) {
323 ldc->cookie_len = cookie.length;
324 if (ldc->cookie_len) {
325 ldc->cookie = talloc_memdup(ldc, cookie.data, cookie.length);
327 if (!(ldc->cookie)) {
334 if (!asn1_end_tag(&data)) {
343 /* seem that this controls has 2 forms one in case it is used with
344 * a Search Request and another when used ina Search Response
346 static BOOL decode_asq_control(void *mem_ctx, DATA_BLOB in, void **out)
348 DATA_BLOB source_attribute;
349 struct asn1_data data;
350 struct ldb_asq_control *lac;
352 if (!asn1_load(&data, in)) {
356 lac = talloc(mem_ctx, struct ldb_asq_control);
361 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
365 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
367 if (!asn1_read_OctetString(&data, &source_attribute)) {
370 lac->src_attr_len = source_attribute.length;
371 if (lac->src_attr_len) {
372 lac->source_attribute = talloc_strndup(lac, (const char *)source_attribute.data, source_attribute.length);
374 if (!(lac->source_attribute)) {
378 lac->source_attribute = NULL;
383 } else if (asn1_peek_tag(&data, ASN1_ENUMERATED)) {
385 if (!asn1_read_enumerated(&data, &(lac->result))) {
395 if (!asn1_end_tag(&data)) {
404 static BOOL decode_domain_scope_request(void *mem_ctx, DATA_BLOB in, void **out)
406 if (in.length != 0) {
413 static BOOL decode_notification_request(void *mem_ctx, DATA_BLOB in, void **out)
415 if (in.length != 0) {
422 static BOOL decode_show_deleted_request(void *mem_ctx, DATA_BLOB in, void **out)
424 if (in.length != 0) {
431 static BOOL decode_permissive_modify_request(void *mem_ctx, DATA_BLOB in, void **out)
433 if (in.length != 0) {
440 static BOOL decode_manageDSAIT_request(void *mem_ctx, DATA_BLOB in, void **out)
442 if (in.length != 0) {
449 static BOOL decode_vlv_request(void *mem_ctx, DATA_BLOB in, void **out)
451 DATA_BLOB assertion_value, context_id;
452 struct asn1_data data;
453 struct ldb_vlv_req_control *lvrc;
455 if (!asn1_load(&data, in)) {
459 lvrc = talloc(mem_ctx, struct ldb_vlv_req_control);
464 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
468 if (!asn1_read_Integer(&data, &(lvrc->beforeCount))) {
472 if (!asn1_read_Integer(&data, &(lvrc->afterCount))) {
476 if (asn1_peek_tag(&data, ASN1_CONTEXT(0))) {
480 if (!asn1_start_tag(&data, ASN1_CONTEXT(0))) {
484 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
488 if (!asn1_read_Integer(&data, &(lvrc->match.byOffset.offset))) {
492 if (!asn1_read_Integer(&data, &(lvrc->match.byOffset.contentCount))) {
496 if (!asn1_end_tag(&data)) { /*SEQUENCE*/
500 if (!asn1_end_tag(&data)) { /*CONTEXT*/
508 if (!asn1_start_tag(&data, ASN1_CONTEXT(1))) {
512 if (!asn1_read_OctetString(&data, &assertion_value)) {
515 lvrc->match.gtOrEq.value_len = assertion_value.length;
516 if (lvrc->match.gtOrEq.value_len) {
517 lvrc->match.gtOrEq.value = talloc_memdup(lvrc, assertion_value.data, assertion_value.length);
519 if (!(lvrc->match.gtOrEq.value)) {
523 lvrc->match.gtOrEq.value = NULL;
526 if (!asn1_end_tag(&data)) { /*CONTEXT*/
531 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
532 if (!asn1_read_OctetString(&data, &context_id)) {
535 lvrc->ctxid_len = context_id.length;
536 if (lvrc->ctxid_len) {
537 lvrc->contextId = talloc_memdup(lvrc, context_id.data, context_id.length);
539 if (!(lvrc->contextId)) {
543 lvrc->contextId = NULL;
546 lvrc->contextId = NULL;
550 if (!asn1_end_tag(&data)) {
559 static BOOL decode_vlv_response(void *mem_ctx, DATA_BLOB in, void **out)
561 DATA_BLOB context_id;
562 struct asn1_data data;
563 struct ldb_vlv_resp_control *lvrc;
565 if (!asn1_load(&data, in)) {
569 lvrc = talloc(mem_ctx, struct ldb_vlv_resp_control);
574 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
578 if (!asn1_read_Integer(&data, &(lvrc->targetPosition))) {
582 if (!asn1_read_Integer(&data, &(lvrc->contentCount))) {
586 if (!asn1_read_enumerated(&data, &(lvrc->vlv_result))) {
590 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
591 if (!asn1_read_OctetString(&data, &context_id)) {
594 lvrc->contextId = talloc_strndup(lvrc, (const char *)context_id.data, context_id.length);
595 if (!lvrc->contextId) {
598 lvrc->ctxid_len = context_id.length;
600 lvrc->contextId = NULL;
604 if (!asn1_end_tag(&data)) {
613 static BOOL encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out)
615 struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control);
616 struct asn1_data data;
620 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
624 if (!asn1_write_enumerated(&data, lsrc->result)) {
628 if (lsrc->attr_desc) {
629 if (!asn1_write_OctetString(&data, lsrc->attr_desc, strlen(lsrc->attr_desc))) {
634 if (!asn1_pop_tag(&data)) {
638 *out = data_blob_talloc(mem_ctx, data.data, data.length);
639 if (out->data == NULL) {
646 static BOOL encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out)
648 struct ldb_server_sort_control **lssc = talloc_get_type(in, struct ldb_server_sort_control *);
649 struct asn1_data data;
654 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
658 for (num = 0; lssc[num]; num++) {
659 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
663 if (!asn1_write_OctetString(&data, lssc[num]->attributeName, strlen(lssc[num]->attributeName))) {
667 if (lssc[num]->orderingRule) {
668 if (!asn1_write_OctetString(&data, lssc[num]->orderingRule, strlen(lssc[num]->orderingRule))) {
673 if (lssc[num]->reverse) {
674 if (!asn1_write_BOOLEAN(&data, lssc[num]->reverse)) {
679 if (!asn1_pop_tag(&data)) {
684 if (!asn1_pop_tag(&data)) {
688 *out = data_blob_talloc(mem_ctx, data.data, data.length);
689 if (out->data == NULL) {
696 static BOOL encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
698 struct ldb_extended_dn_control *ledc = talloc_get_type(in, struct ldb_extended_dn_control);
699 struct asn1_data data;
703 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
707 if (!asn1_write_Integer(&data, ledc->type)) {
711 if (!asn1_pop_tag(&data)) {
715 *out = data_blob_talloc(mem_ctx, data.data, data.length);
716 if (out->data == NULL) {
723 static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
725 struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control);
726 struct asn1_data data;
730 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
734 if (!asn1_write_Integer(&data, lsdfc->secinfo_flags)) {
738 if (!asn1_pop_tag(&data)) {
742 *out = data_blob_talloc(mem_ctx, data.data, data.length);
743 if (out->data == NULL) {
750 static BOOL encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out)
752 struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control);
753 struct asn1_data data;
757 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
761 if (!asn1_write_Integer(&data, lsoc->search_options)) {
765 if (!asn1_pop_tag(&data)) {
769 *out = data_blob_talloc(mem_ctx, data.data, data.length);
770 if (out->data == NULL) {
777 static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
779 struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
780 struct asn1_data data;
784 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
788 if (!asn1_write_Integer(&data, lprc->size)) {
792 if (!asn1_write_OctetString(&data, lprc->cookie, lprc->cookie_len)) {
796 if (!asn1_pop_tag(&data)) {
800 *out = data_blob_talloc(mem_ctx, data.data, data.length);
801 if (out->data == NULL) {
808 /* seem that this controls has 2 forms one in case it is used with
809 * a Search Request and another when used ina Search Response
811 static BOOL encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out)
813 struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control);
814 struct asn1_data data;
818 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
824 if (!asn1_write_OctetString(&data, lac->source_attribute, lac->src_attr_len)) {
828 if (!asn1_write_enumerated(&data, lac->result)) {
833 if (!asn1_pop_tag(&data)) {
837 *out = data_blob_talloc(mem_ctx, data.data, data.length);
838 if (out->data == NULL) {
845 static BOOL encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out)
847 struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control);
848 struct asn1_data data;
852 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
856 if (!asn1_write_Integer(&data, ldc->flags)) {
860 if (!asn1_write_Integer(&data, ldc->max_attributes)) {
864 if (!asn1_write_OctetString(&data, ldc->cookie, ldc->cookie_len)) {
868 if (!asn1_pop_tag(&data)) {
872 *out = data_blob_talloc(mem_ctx, data.data, data.length);
873 if (out->data == NULL) {
880 static BOOL encode_domain_scope_request(void *mem_ctx, void *in, DATA_BLOB *out)
886 *out = data_blob(NULL, 0);
890 static BOOL encode_notification_request(void *mem_ctx, void *in, DATA_BLOB *out)
896 *out = data_blob(NULL, 0);
900 static BOOL encode_show_deleted_request(void *mem_ctx, void *in, DATA_BLOB *out)
906 *out = data_blob(NULL, 0);
910 static BOOL encode_permissive_modify_request(void *mem_ctx, void *in, DATA_BLOB *out)
916 *out = data_blob(NULL, 0);
920 static BOOL encode_manageDSAIT_request(void *mem_ctx, void *in, DATA_BLOB *out)
926 *out = data_blob(NULL, 0);
930 static BOOL encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
932 struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control);
933 struct asn1_data data;
937 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
941 if (!asn1_write_Integer(&data, lvrc->beforeCount)) {
945 if (!asn1_write_Integer(&data, lvrc->afterCount)) {
949 if (lvrc->type == 0) {
950 if (!asn1_push_tag(&data, ASN1_CONTEXT(0))) {
954 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
958 if (!asn1_write_Integer(&data, lvrc->match.byOffset.offset)) {
962 if (!asn1_write_Integer(&data, lvrc->match.byOffset.contentCount)) {
966 if (!asn1_pop_tag(&data)) { /*SEQUENCE*/
970 if (!asn1_pop_tag(&data)) { /*CONTEXT*/
974 if (!asn1_push_tag(&data, ASN1_CONTEXT(1))) {
978 if (!asn1_write_OctetString(&data, lvrc->match.gtOrEq.value, lvrc->match.gtOrEq.value_len)) {
982 if (!asn1_pop_tag(&data)) { /*CONTEXT*/
987 if (lvrc->ctxid_len) {
988 if (!asn1_write_OctetString(&data, lvrc->contextId, lvrc->ctxid_len)) {
993 if (!asn1_pop_tag(&data)) {
997 *out = data_blob_talloc(mem_ctx, data.data, data.length);
998 if (out->data == NULL) {
1005 static BOOL encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out)
1007 struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control);
1008 struct asn1_data data;
1012 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
1016 if (!asn1_write_Integer(&data, lvrc->targetPosition)) {
1020 if (!asn1_write_Integer(&data, lvrc->contentCount)) {
1024 if (!asn1_write_enumerated(&data, lvrc->vlv_result)) {
1028 if (lvrc->ctxid_len) {
1029 if (!asn1_write_OctetString(&data, lvrc->contextId, lvrc->ctxid_len)) {
1034 if (!asn1_pop_tag(&data)) {
1038 *out = data_blob_talloc(mem_ctx, data.data, data.length);
1039 if (out->data == NULL) {
1046 struct control_handler ldap_known_controls[] = {
1047 { "1.2.840.113556.1.4.319", decode_paged_results_request, encode_paged_results_request },
1048 { "1.2.840.113556.1.4.529", decode_extended_dn_request, encode_extended_dn_request },
1049 { "1.2.840.113556.1.4.473", decode_server_sort_request, encode_server_sort_request },
1050 { "1.2.840.113556.1.4.474", decode_server_sort_response, encode_server_sort_response },
1051 { "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control },
1052 { "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
1053 { "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request },
1054 { "1.2.840.113556.1.4.417", decode_show_deleted_request, encode_show_deleted_request },
1055 { "1.2.840.113556.1.4.1413", decode_permissive_modify_request, encode_permissive_modify_request },
1056 { "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request },
1057 { "1.2.840.113556.1.4.1339", decode_domain_scope_request, encode_domain_scope_request },
1058 { "1.2.840.113556.1.4.1340", decode_search_options_request, encode_search_options_request },
1059 { "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request },
1060 { "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
1061 { "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },
1062 { NULL, NULL, NULL }
1065 BOOL ldap_decode_control(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl)
1071 if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
1075 if (!asn1_read_OctetString(data, &oid)) {
1078 ctrl->oid = talloc_strndup(mem_ctx, (char *)oid.data, oid.length);
1083 if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
1085 if (!asn1_read_BOOLEAN(data, &critical)) {
1088 ctrl->critical = critical;
1090 ctrl->critical = False;
1095 if (!asn1_peek_tag(data, ASN1_OCTET_STRING)) {
1099 if (!asn1_read_OctetString(data, &value)) {
1103 for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
1104 if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
1105 if (!ldap_known_controls[i].decode(mem_ctx, value, &ctrl->data)) {
1111 if (ldap_known_controls[i].oid == NULL) {
1116 if (!asn1_end_tag(data)) {
1123 BOOL ldap_encode_control(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl)
1128 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
1132 if (!asn1_write_OctetString(data, ctrl->oid, strlen(ctrl->oid))) {
1136 if (ctrl->critical) {
1137 if (!asn1_write_BOOLEAN(data, ctrl->critical)) {
1146 for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
1147 if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
1148 if (!ldap_known_controls[i].encode(mem_ctx, ctrl->data, &value)) {
1154 if (ldap_known_controls[i].oid == NULL) {
1158 if (!asn1_write_OctetString(data, value.data, value.length)) {
1163 if (!asn1_pop_tag(data)) {