2 ldb database library - ildap backend
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Simo Sorce 2006
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 2 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, write to the Free Software
23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 * Component: ldb ildap backend
31 * Description: This is a ldb backend for the internal ldap
32 * client library in Samba4. By using this backend we are
33 * independent of a system ldap library
35 * Author: Andrew Tridgell
39 * - description: make the module use asyncronous calls
46 #include "ldb/include/includes.h"
48 #include "lib/events/events.h"
49 #include "libcli/ldap/ldap.h"
50 #include "libcli/ldap/ldap_client.h"
51 #include "auth/auth.h"
54 struct ldap_connection *ldap;
55 struct ldb_context *ldb;
59 struct ldb_module *module;
60 struct ldap_request *req;
62 int (*callback)(struct ldb_context *, void *, struct ldb_reply *);
66 convert a ldb_message structure to a list of ldap_mod structures
67 ready for ildap_add() or ildap_modify()
69 static struct ldap_mod **ildb_msg_to_mods(void *mem_ctx, int *num_mods,
70 const struct ldb_message *msg, int use_flags)
72 struct ldap_mod **mods;
76 /* allocate maximum number of elements needed */
77 mods = talloc_array(mem_ctx, struct ldap_mod *, msg->num_elements+1);
84 for (i = 0; i < msg->num_elements; i++) {
85 const struct ldb_message_element *el = &msg->elements[i];
87 mods[n] = talloc(mods, struct ldap_mod);
93 mods[n]->attrib = *el;
95 switch (el->flags & LDB_FLAG_MOD_MASK) {
96 case LDB_FLAG_MOD_ADD:
97 mods[n]->type = LDAP_MODIFY_ADD;
99 case LDB_FLAG_MOD_DELETE:
100 mods[n]->type = LDAP_MODIFY_DELETE;
102 case LDB_FLAG_MOD_REPLACE:
103 mods[n]->type = LDAP_MODIFY_REPLACE;
120 map an ildap NTSTATUS to a ldb error code
122 static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status)
124 if (NT_STATUS_IS_OK(status)) {
127 talloc_free(ildb->ldb->err_string);
128 ildb->ldb->err_string = talloc_strdup(ildb, ldap_errstr(ildb->ldap, status));
129 if (NT_STATUS_IS_LDAP(status)) {
130 return NT_STATUS_LDAP_CODE(status);
132 return LDB_ERR_OPERATIONS_ERROR;
135 static void ildb_request_timeout(struct event_context *ev, struct timed_event *te,
136 struct timeval t, void *private_data)
138 struct ldb_handle *handle = talloc_get_type(private_data, struct ldb_handle);
139 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
141 if (ac->req->state == LDAP_REQUEST_PENDING) {
142 DLIST_REMOVE(ac->req->conn->pending, ac->req);
145 handle->status = LDB_ERR_TIME_LIMIT_EXCEEDED;
150 static void ildb_callback(struct ldap_request *req)
152 struct ldb_handle *handle = talloc_get_type(req->async.private_data, struct ldb_handle);
153 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
154 struct ildb_private *ildb = talloc_get_type(ac->module->private_data, struct ildb_private);
158 handle->status = LDB_SUCCESS;
160 if (!NT_STATUS_IS_OK(req->status)) {
161 handle->status = ildb_map_error(ildb, req->status);
165 if (req->num_replies < 1) {
166 handle->status = LDB_ERR_OPERATIONS_ERROR;
172 case LDAP_TAG_ModifyRequest:
173 if (req->replies[0]->type != LDAP_TAG_ModifyResponse) {
174 handle->status = LDB_ERR_PROTOCOL_ERROR;
177 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
178 handle->status = ildb_map_error(ildb, status);
179 if (ac->callback && handle->status == LDB_SUCCESS) {
180 /* FIXME: build a corresponding ares to pass on */
181 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
183 handle->state = LDB_ASYNC_DONE;
186 case LDAP_TAG_AddRequest:
187 if (req->replies[0]->type != LDAP_TAG_AddResponse) {
188 handle->status = LDB_ERR_PROTOCOL_ERROR;
191 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
192 handle->status = ildb_map_error(ildb, status);
193 if (ac->callback && handle->status == LDB_SUCCESS) {
194 /* FIXME: build a corresponding ares to pass on */
195 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
197 handle->state = LDB_ASYNC_DONE;
200 case LDAP_TAG_DelRequest:
201 if (req->replies[0]->type != LDAP_TAG_DelResponse) {
202 handle->status = LDB_ERR_PROTOCOL_ERROR;
205 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
206 handle->status = ildb_map_error(ildb, status);
207 if (ac->callback && handle->status == LDB_SUCCESS) {
208 /* FIXME: build a corresponding ares to pass on */
209 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
211 handle->state = LDB_ASYNC_DONE;
214 case LDAP_TAG_ModifyDNRequest:
215 if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) {
216 handle->status = LDB_ERR_PROTOCOL_ERROR;
219 status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult);
220 handle->status = ildb_map_error(ildb, status);
221 if (ac->callback && handle->status == LDB_SUCCESS) {
222 /* FIXME: build a corresponding ares to pass on */
223 handle->status = ac->callback(ac->module->ldb, ac->context, NULL);
225 handle->state = LDB_ASYNC_DONE;
228 case LDAP_TAG_SearchRequest:
229 /* loop over all messages */
230 for (i = 0; i < req->num_replies; i++) {
231 struct ldap_SearchResEntry *search;
232 struct ldb_reply *ares = NULL;
233 struct ldap_message *msg;
236 ares = talloc_zero(ac, struct ldb_reply);
238 handle->status = LDB_ERR_OPERATIONS_ERROR;
242 msg = req->replies[i];
245 case LDAP_TAG_SearchResultDone:
247 status = ldap_check_response(req->conn, &msg->r.GeneralResult);
248 if (!NT_STATUS_IS_OK(status)) {
249 ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Error: %s\n" ,ldap_errstr(req->conn, status));
250 handle->status = ildb_map_error(ildb, status);
255 ares->controls = talloc_steal(ares, msg->controls);
257 if (msg->r.SearchResultDone.resultcode) {
258 if (msg->r.SearchResultDone.errormessage) {
259 ldb_set_errstring(ac->module->ldb, msg->r.SearchResultDone.errormessage);
263 handle->status = msg->r.SearchResultDone.resultcode;
264 handle->state = LDB_ASYNC_DONE;
265 ares->type = LDB_REPLY_DONE;
268 case LDAP_TAG_SearchResultEntry:
271 ares->message = ldb_msg_new(ares);
272 if (!ares->message) {
273 handle->status = LDB_ERR_OPERATIONS_ERROR;
277 search = &(msg->r.SearchResultEntry);
279 ares->message->dn = ldb_dn_explode_or_special(ares->message, search->dn);
280 if (ares->message->dn == NULL) {
281 handle->status = LDB_ERR_OPERATIONS_ERROR;
284 ares->message->num_elements = search->num_attributes;
285 ares->message->elements = talloc_steal(ares->message, search->attributes);
287 handle->status = LDB_SUCCESS;
288 handle->state = LDB_ASYNC_PENDING;
289 ares->type = LDB_REPLY_ENTRY;
292 case LDAP_TAG_SearchResultReference:
294 ares->referral = talloc_strdup(ares, msg->r.SearchResultReference.referral);
296 handle->status = LDB_SUCCESS;
297 handle->state = LDB_ASYNC_PENDING;
298 ares->type = LDB_REPLY_REFERRAL;
302 /* TAG not handled, fail ! */
303 handle->status = LDB_ERR_PROTOCOL_ERROR;
307 ret = ac->callback(ac->module->ldb, ac->context, ares);
309 handle->status = ret;
313 talloc_free(req->replies);
315 req->num_replies = 0;
320 handle->status = LDB_ERR_PROTOCOL_ERROR;
325 static struct ldb_handle *init_ildb_handle(struct ldb_module *module,
327 int (*callback)(struct ldb_context *, void *, struct ldb_reply *))
329 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
330 struct ildb_context *ildb_ac;
331 struct ldb_handle *h;
333 h = talloc_zero(ildb->ldap, struct ldb_handle);
335 ldb_set_errstring(module->ldb, "Out of Memory");
341 ildb_ac = talloc(h, struct ildb_context);
342 if (ildb_ac == NULL) {
343 ldb_set_errstring(module->ldb, "Out of Memory");
348 h->private_data = (void *)ildb_ac;
350 h->state = LDB_ASYNC_INIT;
351 h->status = LDB_SUCCESS;
353 ildb_ac->module = module;
354 ildb_ac->context = context;
355 ildb_ac->callback = callback;
360 static int ildb_request_send(struct ldb_module *module, struct ldap_message *msg,
362 int (*callback)(struct ldb_context *, void *, struct ldb_reply *),
364 struct ldb_handle **handle)
366 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
367 struct ldb_handle *h = init_ildb_handle(module, context, callback);
368 struct ildb_context *ildb_ac;
369 struct ldap_request *req;
372 return LDB_ERR_OPERATIONS_ERROR;
375 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
377 req = ldap_request_send(ildb->ldap, msg);
379 ldb_set_errstring(module->ldb, "async send request failed");
380 return LDB_ERR_OPERATIONS_ERROR;
384 ldb_set_errstring(module->ldb, "connection to remote LDAP server dropped?");
385 return LDB_ERR_OPERATIONS_ERROR;
388 ildb_ac->req = talloc_steal(ildb_ac, req);
389 talloc_free(req->time_event);
390 req->time_event = NULL;
392 req->time_event = event_add_timed(req->conn->event.event_ctx, h,
393 timeval_current_ofs(timeout, 0),
394 ildb_request_timeout, h);
397 req->async.fn = ildb_callback;
398 req->async.private_data = (void *)h;
404 static int ildb_request_noop(struct ldb_module *module, struct ldb_request *req)
406 struct ldb_handle *h = init_ildb_handle(module, req->context, req->callback);
407 struct ildb_context *ildb_ac;
408 int ret = LDB_SUCCESS;
411 return LDB_ERR_OPERATIONS_ERROR;
414 ildb_ac = talloc_get_type(h->private_data, struct ildb_context);
418 if (ildb_ac->callback) {
419 ret = ildb_ac->callback(module->ldb, ildb_ac->context, NULL);
421 req->handle->state = LDB_ASYNC_DONE;
426 search for matching records using an asynchronous function
428 static int ildb_search(struct ldb_module *module, struct ldb_request *req)
430 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
431 struct ldap_message *msg;
436 if (!req->callback || !req->context) {
437 ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context");
438 return LDB_ERR_OPERATIONS_ERROR;
441 if (req->op.search.tree == NULL) {
442 ldb_set_errstring(module->ldb, "Invalid expression parse tree");
443 return LDB_ERR_OPERATIONS_ERROR;
446 msg = new_ldap_message(ildb);
448 ldb_set_errstring(module->ldb, "Out of Memory");
449 return LDB_ERR_OPERATIONS_ERROR;
452 msg->type = LDAP_TAG_SearchRequest;
454 if (req->op.search.base == NULL) {
455 msg->r.SearchRequest.basedn = talloc_strdup(msg, "");
457 msg->r.SearchRequest.basedn = ldb_dn_linearize(msg, req->op.search.base);
459 if (msg->r.SearchRequest.basedn == NULL) {
460 ldb_set_errstring(module->ldb, "Unable to determine baseDN");
462 return LDB_ERR_OPERATIONS_ERROR;
465 if (req->op.search.scope == LDB_SCOPE_DEFAULT) {
466 msg->r.SearchRequest.scope = LDB_SCOPE_SUBTREE;
468 msg->r.SearchRequest.scope = req->op.search.scope;
471 msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
472 msg->r.SearchRequest.timelimit = 0;
473 msg->r.SearchRequest.sizelimit = 0;
474 msg->r.SearchRequest.attributesonly = 0;
475 msg->r.SearchRequest.tree = discard_const(req->op.search.tree);
477 for (n = 0; req->op.search.attrs && req->op.search.attrs[n]; n++) /* noop */ ;
478 msg->r.SearchRequest.num_attributes = n;
479 msg->r.SearchRequest.attributes = discard_const(req->op.search.attrs);
480 msg->controls = req->controls;
482 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
488 static int ildb_add(struct ldb_module *module, struct ldb_request *req)
490 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
491 struct ldap_message *msg;
492 struct ldap_mod **mods;
497 /* ignore ltdb specials */
498 if (ldb_dn_is_special(req->op.add.message->dn)) {
499 return ildb_request_noop(module, req);
502 msg = new_ldap_message(ildb->ldap);
504 return LDB_ERR_OPERATIONS_ERROR;
507 msg->type = LDAP_TAG_AddRequest;
509 msg->r.AddRequest.dn = ldb_dn_linearize(msg, req->op.add.message->dn);
510 if (msg->r.AddRequest.dn == NULL) {
512 return LDB_ERR_INVALID_DN_SYNTAX;
515 mods = ildb_msg_to_mods(msg, &n, req->op.add.message, 0);
518 return LDB_ERR_OPERATIONS_ERROR;
521 msg->r.AddRequest.num_attributes = n;
522 msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
523 if (msg->r.AddRequest.attributes == NULL) {
525 return LDB_ERR_OPERATIONS_ERROR;
528 for (i = 0; i < n; i++) {
529 msg->r.AddRequest.attributes[i] = mods[i]->attrib;
532 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
538 static int ildb_modify(struct ldb_module *module, struct ldb_request *req)
540 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
541 struct ldap_message *msg;
542 struct ldap_mod **mods;
547 /* ignore ltdb specials */
548 if (ldb_dn_is_special(req->op.mod.message->dn)) {
549 return ildb_request_noop(module, req);
552 msg = new_ldap_message(ildb->ldap);
554 return LDB_ERR_OPERATIONS_ERROR;
557 msg->type = LDAP_TAG_ModifyRequest;
559 msg->r.ModifyRequest.dn = ldb_dn_linearize(msg, req->op.mod.message->dn);
560 if (msg->r.ModifyRequest.dn == NULL) {
562 return LDB_ERR_INVALID_DN_SYNTAX;
565 mods = ildb_msg_to_mods(msg, &n, req->op.mod.message, 1);
568 return LDB_ERR_OPERATIONS_ERROR;
571 msg->r.ModifyRequest.num_mods = n;
572 msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
573 if (msg->r.ModifyRequest.mods == NULL) {
575 return LDB_ERR_OPERATIONS_ERROR;
578 for (i = 0; i < n; i++) {
579 msg->r.ModifyRequest.mods[i] = *mods[i];
582 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
588 static int ildb_delete(struct ldb_module *module, struct ldb_request *req)
590 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
591 struct ldap_message *msg;
595 /* ignore ltdb specials */
596 if (ldb_dn_is_special(req->op.del.dn)) {
597 return ildb_request_noop(module, req);
600 msg = new_ldap_message(ildb->ldap);
602 return LDB_ERR_OPERATIONS_ERROR;
605 msg->type = LDAP_TAG_DelRequest;
607 msg->r.DelRequest.dn = ldb_dn_linearize(msg, req->op.del.dn);
608 if (msg->r.DelRequest.dn == NULL) {
610 return LDB_ERR_INVALID_DN_SYNTAX;
613 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
619 static int ildb_rename(struct ldb_module *module, struct ldb_request *req)
621 struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private);
622 struct ldap_message *msg;
626 /* ignore ltdb specials */
627 if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) {
628 return ildb_request_noop(module, req);
631 msg = new_ldap_message(ildb->ldap);
633 return LDB_ERR_OPERATIONS_ERROR;
636 msg->type = LDAP_TAG_ModifyDNRequest;
637 msg->r.ModifyDNRequest.dn = ldb_dn_linearize(msg, req->op.rename.olddn);
638 if (msg->r.ModifyDNRequest.dn == NULL) {
640 return LDB_ERR_INVALID_DN_SYNTAX;
643 msg->r.ModifyDNRequest.newrdn =
644 talloc_asprintf(msg, "%s=%s",
645 req->op.rename.newdn->components[0].name,
646 ldb_dn_escape_value(msg, req->op.rename.newdn->components[0].value));
647 if (msg->r.ModifyDNRequest.newrdn == NULL) {
649 return LDB_ERR_OPERATIONS_ERROR;
652 msg->r.ModifyDNRequest.newsuperior =
653 ldb_dn_linearize(msg,
654 ldb_dn_get_parent(msg, req->op.rename.newdn));
655 if (msg->r.ModifyDNRequest.newsuperior == NULL) {
657 return LDB_ERR_INVALID_DN_SYNTAX;
660 msg->r.ModifyDNRequest.deleteolddn = True;
662 return ildb_request_send(module, msg, req->context, req->callback, req->timeout, &(req->handle));
665 static int ildb_start_trans(struct ldb_module *module)
667 /* TODO implement a local locking mechanism here */
672 static int ildb_end_trans(struct ldb_module *module)
674 /* TODO implement a local transaction mechanism here */
679 static int ildb_del_trans(struct ldb_module *module)
681 /* TODO implement a local locking mechanism here */
686 static int ildb_request(struct ldb_module *module, struct ldb_request *req)
688 return LDB_ERR_OPERATIONS_ERROR;
691 static int ildb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
693 struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context);
695 if (handle->state == LDB_ASYNC_DONE) {
696 return handle->status;
700 return LDB_ERR_OPERATIONS_ERROR;
703 handle->state = LDB_ASYNC_INIT;
707 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
708 return LDB_ERR_OTHER;
712 while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) {
713 if (event_loop_once(ac->req->conn->event.event_ctx) != 0) {
714 return LDB_ERR_OTHER;
719 return LDB_ERR_OPERATIONS_ERROR;
722 return handle->status;
725 static const struct ldb_module_ops ildb_ops = {
727 .search = ildb_search,
729 .modify = ildb_modify,
731 .rename = ildb_rename,
732 .request = ildb_request,
733 .start_transaction = ildb_start_trans,
734 .end_transaction = ildb_end_trans,
735 .del_transaction = ildb_del_trans,
740 connect to the database
742 static int ildb_connect(struct ldb_context *ldb, const char *url,
743 unsigned int flags, const char *options[],
744 struct ldb_module **module)
746 struct ildb_private *ildb = NULL;
748 struct cli_credentials *creds;
750 ildb = talloc(ldb, struct ildb_private);
758 ildb->ldap = ldap_new_connection(ildb, ldb_get_opaque(ldb, "EventContext"));
764 if (flags & LDB_FLG_RECONNECT) {
765 ldap_set_reconn_params(ildb->ldap, 10);
768 status = ldap_connect(ildb->ldap, url);
769 if (!NT_STATUS_IS_OK(status)) {
770 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
771 url, ldap_errstr(ildb->ldap, status));
776 *module = talloc(ldb, struct ldb_module);
782 (*module)->ldb = ldb;
783 (*module)->prev = (*module)->next = NULL;
784 (*module)->private_data = ildb;
785 (*module)->ops = &ildb_ops;
787 /* caller can optionally setup credentials using the opaque token 'credentials' */
788 creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
790 struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
792 creds = session_info->credentials;
796 if (creds != NULL && cli_credentials_authentication_requested(creds)) {
797 const char *bind_dn = cli_credentials_get_bind_dn(creds);
799 const char *password = cli_credentials_get_password(creds);
800 status = ldap_bind_simple(ildb->ldap, bind_dn, password);
801 if (!NT_STATUS_IS_OK(status)) {
802 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
803 ldap_errstr(ildb->ldap, status));
807 status = ldap_bind_sasl(ildb->ldap, creds);
808 if (!NT_STATUS_IS_OK(status)) {
809 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
810 ldap_errstr(ildb->ldap, status));
823 int ldb_ildap_init(void)
825 return ldb_register_backend("ldap", ildb_connect) +
826 ldb_register_backend("ldapi", ildb_connect) +
827 ldb_register_backend("ldaps", ildb_connect);
git.samba.org / ambi / samba-autobuild / .git / blob