2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 see RFC1798 for details of CLDAP
27 - carried over UDP on port 389
28 - request and response matched by message ID
29 - request consists of only a single searchRequest element
30 - response can be in one of two forms
31 - a single searchResponse, followed by a searchResult
32 - a single searchResult
36 #include "lib/events/events.h"
37 #include "dlinklist.h"
38 #include "libcli/ldap/ldap.h"
39 #include "libcli/cldap/cldap.h"
40 #include "lib/socket/socket.h"
41 #include "include/asn_1.h"
43 #define CLDAP_MAX_PACKET_SIZE 2048
44 const unsigned CLDAP_PORT = 389;
47 destroy a pending request
49 static int cldap_request_destructor(void *ptr)
51 struct cldap_request *req = talloc_get_type(ptr, struct cldap_request);
52 if (req->state == CLDAP_REQUEST_SEND) {
53 DLIST_REMOVE(req->cldap->send_queue, req);
55 if (req->message_id != 0) {
56 idr_remove(req->cldap->idr, req->message_id);
63 handle recv events on a cldap socket
65 static void cldap_socket_recv(struct cldap_socket *cldap)
67 TALLOC_CTX *tmp_ctx = talloc_new(cldap);
73 struct asn1_data asn1;
74 struct ldap_message ldap_msg;
75 struct cldap_request *req;
77 blob = data_blob_talloc(tmp_ctx, NULL, CLDAP_MAX_PACKET_SIZE);
78 if (blob.data == NULL) {
83 status = socket_recvfrom(cldap->sock, blob.data, blob.length, &nread, 0,
84 &src_addr, &src_port);
85 if (!NT_STATUS_IS_OK(status)) {
89 talloc_steal(tmp_ctx, src_addr);
92 DEBUG(2,("Received cldap packet of length %d from %s:%d\n",
93 blob.length, src_addr, src_port));
95 if (!asn1_load(&asn1, blob)) {
96 DEBUG(2,("Failed to setup for asn.1 decode\n"));
100 talloc_steal(tmp_ctx, asn1.data);
102 ZERO_STRUCT(ldap_msg);
103 ldap_msg.mem_ctx = tmp_ctx;
105 /* this initial decode is used to find the message id */
106 if (!ldap_decode(&asn1, &ldap_msg)) {
107 DEBUG(2,("Failed to decode ldap message\n"));
108 talloc_free(tmp_ctx);
112 /* find the pending request */
113 req = idr_find(cldap->idr, ldap_msg.messageid);
115 DEBUG(2,("Mismatched cldap reply %u from %s:%d\n",
116 ldap_msg.messageid, src_addr, src_port));
117 talloc_free(tmp_ctx);
122 talloc_steal(req, asn1.data);
125 req->state = CLDAP_REQUEST_DONE;
126 talloc_free(req->te);
128 talloc_free(tmp_ctx);
136 handle request timeouts
138 static void cldap_request_timeout(struct event_context *event_ctx,
139 struct timed_event *te, struct timeval t,
142 struct cldap_request *req = talloc_get_type(private, struct cldap_request);
144 /* possibly try again */
145 if (req->num_retries != 0) {
146 size_t len = req->encoded.length;
150 socket_sendto(req->cldap->sock, &req->encoded, &len, 0,
151 req->dest_addr, req->dest_port);
153 req->te = event_add_timed(req->cldap->event_ctx, req,
154 timeval_current_ofs(req->timeout, 0),
155 cldap_request_timeout, req);
159 req->state = CLDAP_REQUEST_TIMEOUT;
166 handle send events on a cldap socket
168 static void cldap_socket_send(struct cldap_socket *cldap)
170 struct cldap_request *req;
173 while ((req = cldap->send_queue)) {
176 len = req->encoded.length;
177 status = socket_sendto(cldap->sock, &req->encoded, &len, 0,
178 req->dest_addr, req->dest_port);
179 if (NT_STATUS_IS_ERR(status)) {
180 DEBUG(3,("Failed to send cldap request of length %u to %s:%d\n",
181 req->encoded.length, req->dest_addr, req->dest_port));
182 DLIST_REMOVE(cldap->send_queue, req);
187 if (!NT_STATUS_IS_OK(status)) return;
189 DLIST_REMOVE(cldap->send_queue, req);
191 req->state = CLDAP_REQUEST_WAIT;
193 req->te = event_add_timed(cldap->event_ctx, req,
194 timeval_current_ofs(req->timeout, 0),
195 cldap_request_timeout, req);
197 EVENT_FD_READABLE(cldap->fde);
200 EVENT_FD_NOT_WRITEABLE(cldap->fde);
206 handle fd events on a cldap_socket
208 static void cldap_socket_handler(struct event_context *ev, struct fd_event *fde,
209 uint16_t flags, void *private)
211 struct cldap_socket *cldap = talloc_get_type(private, struct cldap_socket);
212 if (flags & EVENT_FD_WRITE) {
213 cldap_socket_send(cldap);
214 } else if (flags & EVENT_FD_READ) {
215 cldap_socket_recv(cldap);
220 initialise a cldap_socket. The event_ctx is optional, if provided
221 then operations will use that event context
223 struct cldap_socket *cldap_socket_init(TALLOC_CTX *mem_ctx,
224 struct event_context *event_ctx)
226 struct cldap_socket *cldap;
229 cldap = talloc(mem_ctx, struct cldap_socket);
230 if (cldap == NULL) goto failed;
232 if (event_ctx == NULL) {
233 cldap->event_ctx = event_context_init(cldap);
235 cldap->event_ctx = talloc_reference(cldap, event_ctx);
237 if (cldap->event_ctx == NULL) goto failed;
239 cldap->idr = idr_init(cldap);
240 if (cldap->idr == NULL) goto failed;
242 status = socket_create("ip", SOCKET_TYPE_DGRAM, &cldap->sock, 0);
243 if (!NT_STATUS_IS_OK(status)) goto failed;
245 talloc_steal(cldap, cldap->sock);
247 cldap->fde = event_add_fd(cldap->event_ctx, cldap,
248 socket_get_fd(cldap->sock), 0,
249 cldap_socket_handler, cldap);
251 cldap->send_queue = NULL;
262 queue a cldap request for send
264 struct cldap_request *cldap_search_send(struct cldap_socket *cldap,
265 struct cldap_search *io)
267 struct ldap_message msg;
268 struct cldap_request *req;
269 struct ldap_SearchRequest *search;
271 req = talloc_zero(cldap, struct cldap_request);
272 if (req == NULL) goto failed;
275 req->state = CLDAP_REQUEST_SEND;
276 req->timeout = io->in.timeout;
277 req->num_retries = io->in.retries;
279 req->dest_addr = talloc_strdup(req, io->in.dest_address);
280 if (req->dest_addr == NULL) goto failed;
281 req->dest_port = CLDAP_PORT;
283 req->message_id = idr_get_new_random(cldap->idr, req, UINT16_MAX);
284 if (req->message_id == -1) goto failed;
286 talloc_set_destructor(req, cldap_request_destructor);
289 msg.messageid = req->message_id;
290 msg.type = LDAP_TAG_SearchRequest;
291 msg.num_controls = 0;
293 search = &msg.r.SearchRequest;
296 search->scope = LDAP_SEARCH_SCOPE_BASE;
297 search->deref = LDAP_DEREFERENCE_NEVER;
298 search->timelimit = 0;
299 search->sizelimit = 0;
300 search->attributesonly = False;
301 search->num_attributes = str_list_length(io->in.attributes);
302 search->attributes = io->in.attributes;
303 search->filter = io->in.filter;
305 if (!ldap_encode(&msg, &req->encoded)) {
306 DEBUG(0,("Failed to encode cldap message to %s:%d\n",
307 req->dest_addr, req->dest_port));
310 talloc_steal(req, req->encoded.data);
312 DLIST_ADD_END(cldap->send_queue, req, struct cldap_request *);
314 EVENT_FD_WRITEABLE(cldap->fde);
324 receive a cldap reply
326 NTSTATUS cldap_search_recv(struct cldap_request *req,
328 struct cldap_search *io)
330 struct ldap_message ldap_msg;
333 return NT_STATUS_NO_MEMORY;
336 while (req->state < CLDAP_REQUEST_DONE) {
337 if (event_loop_once(req->cldap->event_ctx) != 0) {
339 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
343 if (req->state == CLDAP_REQUEST_TIMEOUT) {
345 return NT_STATUS_IO_TIMEOUT;
348 ZERO_STRUCT(ldap_msg);
349 ldap_msg.mem_ctx = mem_ctx;
351 if (!ldap_decode(&req->asn1, &ldap_msg)) {
353 return NT_STATUS_INVALID_PARAMETER;
356 ZERO_STRUCT(io->out);
358 /* the first possible form has a search result in first place */
359 if (ldap_msg.type == LDAP_TAG_SearchResultEntry) {
360 io->out.response = talloc(mem_ctx, struct ldap_SearchResEntry);
361 NT_STATUS_HAVE_NO_MEMORY(io->out.response);
362 *io->out.response = ldap_msg.r.SearchResultEntry;
364 /* decode the 2nd part */
365 if (!ldap_decode(&req->asn1, &ldap_msg)) {
367 return NT_STATUS_INVALID_PARAMETER;
371 if (ldap_msg.type != LDAP_TAG_SearchResultDone) {
373 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
376 io->out.result = talloc(mem_ctx, struct ldap_Result);
377 NT_STATUS_HAVE_NO_MEMORY(io->out.result);
378 *io->out.result = ldap_msg.r.SearchResultDone;
386 synchronous cldap search
388 NTSTATUS cldap_search(struct cldap_socket *cldap,
390 struct cldap_search *io)
392 struct cldap_request *req = cldap_search_send(cldap, io);
393 return cldap_search_recv(req, mem_ctx, io);
398 queue a cldap netlogon for send
400 struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap,
401 struct cldap_netlogon *io)
403 struct cldap_search search;
405 struct cldap_request *req;
406 const char *attr[] = { "NetLogon", NULL };
408 filter = talloc_asprintf(cldap,
409 "(&(DnsDomain=%s)(Host=%s)(NtVer=\\%02X\\00\\00\\00))",
410 io->in.realm, io->in.host, io->in.version);
411 if (filter == NULL) return NULL;
413 search.in.dest_address = io->in.dest_address;
414 search.in.filter = filter;
415 search.in.attributes = attr;
416 search.in.timeout = 2;
417 search.in.retries = 2;
419 req = cldap_search_send(cldap, &search);
428 receive a cldap netlogon reply
430 NTSTATUS cldap_netlogon_recv(struct cldap_request *req,
432 struct cldap_netlogon *io)
435 struct cldap_search search;
438 status = cldap_search_recv(req, mem_ctx, &search);
439 if (!NT_STATUS_IS_OK(status)) {
442 if (search.out.response == NULL) {
443 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
446 if (search.out.response->num_attributes != 1 ||
447 strcasecmp(search.out.response->attributes[0].name, "netlogon") != 0 ||
448 search.out.response->attributes[0].num_values != 1 ||
449 search.out.response->attributes[0].values->length < 2) {
450 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
452 data = search.out.response->attributes[0].values;
454 status = ndr_pull_struct_blob_all(data, mem_ctx, &io->out.netlogon,
455 (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon);
456 if (!NT_STATUS_IS_OK(status)) {
457 DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n",
458 SVAL(data->data, 0)));
459 dump_data(10, data->data, data->length);
466 sync cldap netlogon search
468 NTSTATUS cldap_netlogon(struct cldap_socket *cldap,
469 TALLOC_CTX *mem_ctx, struct cldap_netlogon *io)
471 struct cldap_request *req = cldap_netlogon_send(cldap, io);
472 return cldap_netlogon_recv(req, mem_ctx, io);