2 Unix SMB/CIFS implementation.
3 LDAP server SIMPLE LDB implementation
4 Copyright (C) Stefan Metzmacher 2004
5 Copyright (C) Simo Sorce 2004
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "ldap_server/ldap_server.h"
24 #include "lib/ldb/include/ldb_errors.h"
25 #include "dsdb/samdb/samdb.h"
27 #define VALID_DN_SYNTAX(dn,i) do {\
29 return NT_STATUS_NO_MEMORY;\
30 } else if ((dn)->comp_num < (i)) {\
31 result = LDAP_INVALID_DN_SYNTAX;\
32 errstr = "Invalid DN (" #i " components needed for '" #dn "')";\
39 map an error code from ldb to ldap
41 static int sldb_map_error(struct ldapsrv_partition *partition, int ldb_ret,
44 struct ldb_context *samdb = talloc_get_type(partition->private,
46 *errstr = ldb_errstring(samdb);
53 connect to the sam database
55 NTSTATUS sldb_Init(struct ldapsrv_partition *partition, struct ldapsrv_connection *conn)
57 TALLOC_CTX *mem_ctx = talloc_new(partition);
58 struct ldb_context *ldb;
59 ldb = samdb_connect(mem_ctx, conn->session_info);
62 return NT_STATUS_INTERNAL_DB_CORRUPTION;
64 talloc_steal(partition, ldb);
65 partition->private = ldb;
71 Re-connect to the ldb after a bind (this does not handle the bind
72 itself, but just notes the change in credentials)
74 NTSTATUS sldb_Bind(struct ldapsrv_partition *partition, struct ldapsrv_connection *conn)
76 struct ldb_context *samdb = partition->private;
78 status = sldb_Init(partition, conn);
79 if (NT_STATUS_IS_OK(status)) {
80 /* don't leak the old LDB */
86 static NTSTATUS sldb_Search(struct ldapsrv_partition *partition, struct ldapsrv_call *call,
87 struct ldap_SearchRequest *r)
90 struct ldb_dn *basedn;
91 struct ldap_Result *done;
92 struct ldap_SearchResEntry *ent;
93 struct ldapsrv_reply *ent_r, *done_r;
94 int result = LDAP_SUCCESS;
95 struct ldb_context *samdb;
96 struct ldb_result *res = NULL;
98 int success_limit = 1;
99 enum ldb_scope scope = LDB_SCOPE_DEFAULT;
100 const char **attrs = NULL;
101 const char *errstr = NULL;
102 struct ldb_request lreq;
104 local_ctx = talloc_named(call, 0, "sldb_Search local memory context");
105 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
107 samdb = talloc_get_type(partition->private, struct ldb_context);
109 basedn = ldb_dn_explode(local_ctx, r->basedn);
110 VALID_DN_SYNTAX(basedn, 0);
112 DEBUG(10, ("sldb_Search: basedn: [%s]\n", r->basedn));
113 DEBUG(10, ("sldb_Search: filter: [%s]\n", ldb_filter_from_tree(call, r->tree)));
116 case LDAP_SEARCH_SCOPE_BASE:
117 DEBUG(10,("sldb_Search: scope: [BASE]\n"));
118 scope = LDB_SCOPE_BASE;
121 case LDAP_SEARCH_SCOPE_SINGLE:
122 DEBUG(10,("sldb_Search: scope: [ONE]\n"));
123 scope = LDB_SCOPE_ONELEVEL;
126 case LDAP_SEARCH_SCOPE_SUB:
127 DEBUG(10,("sldb_Search: scope: [SUB]\n"));
128 scope = LDB_SCOPE_SUBTREE;
133 if (r->num_attributes >= 1) {
134 attrs = talloc_array(samdb, const char *, r->num_attributes+1);
135 NT_STATUS_HAVE_NO_MEMORY(attrs);
137 for (i=0; i < r->num_attributes; i++) {
138 DEBUG(10,("sldb_Search: attrs: [%s]\n",r->attributes[i]));
139 attrs[i] = r->attributes[i];
144 DEBUG(5,("ldb_request dn=%s filter=%s\n",
145 r->basedn, ldb_filter_from_tree(call, r->tree)));
148 lreq.operation = LDB_REQ_SEARCH;
149 lreq.op.search.base = basedn;
150 lreq.op.search.scope = scope;
151 lreq.op.search.tree = r->tree;
152 lreq.op.search.attrs = attrs;
154 ret = ldb_request(samdb, &lreq);
156 res = talloc_steal(samdb, lreq.op.search.res);
158 if (ret == LDB_SUCCESS) {
159 for (i = 0; i < res->count; i++) {
160 ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
161 NT_STATUS_HAVE_NO_MEMORY(ent_r);
163 ent = &ent_r->msg->r.SearchResultEntry;
164 ent->dn = ldb_dn_linearize(ent_r, res->msgs[i]->dn);
165 ent->num_attributes = 0;
166 ent->attributes = NULL;
167 if (res->msgs[i]->num_elements == 0) {
170 ent->num_attributes = res->msgs[i]->num_elements;
171 ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
172 NT_STATUS_HAVE_NO_MEMORY(ent->attributes);
173 for (j=0; j < ent->num_attributes; j++) {
174 ent->attributes[j].name = talloc_steal(ent->attributes, res->msgs[i]->elements[j].name);
175 ent->attributes[j].num_values = 0;
176 ent->attributes[j].values = NULL;
177 if (r->attributesonly && (res->msgs[i]->elements[j].num_values == 0)) {
180 ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
181 ent->attributes[j].values = talloc_array(ent->attributes,
182 DATA_BLOB, ent->attributes[j].num_values);
183 NT_STATUS_HAVE_NO_MEMORY(ent->attributes[j].values);
184 for (y=0; y < ent->attributes[j].num_values; y++) {
185 ent->attributes[j].values[y].length = res->msgs[i]->elements[j].values[y].length;
186 ent->attributes[j].values[y].data = talloc_steal(ent->attributes[j].values,
187 res->msgs[i]->elements[j].values[y].data);
191 ldapsrv_queue_reply(call, ent_r);
196 done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
197 NT_STATUS_HAVE_NO_MEMORY(done_r);
199 if (ret == LDB_SUCCESS) {
200 if (res->count >= success_limit) {
201 DEBUG(10,("sldb_Search: results: [%d]\n", res->count));
202 result = LDAP_SUCCESS;
204 } else if (res->count == 0) {
205 DEBUG(10,("sldb_Search: no results\n"));
206 result = LDAP_NO_SUCH_OBJECT;
207 errstr = ldb_errstring(samdb);
210 DEBUG(10,("sldb_Search: error\n"));
212 errstr = ldb_errstring(samdb);
215 done = &done_r->msg->r.SearchResultDone;
217 done->resultcode = result;
218 done->errormessage = (errstr?talloc_strdup(done_r, errstr):NULL);
219 done->referral = NULL;
221 talloc_free(local_ctx);
223 ldapsrv_queue_reply(call, done_r);
227 static NTSTATUS sldb_Add(struct ldapsrv_partition *partition, struct ldapsrv_call *call,
228 struct ldap_AddRequest *r)
232 struct ldap_Result *add_result;
233 struct ldapsrv_reply *add_reply;
235 struct ldb_context *samdb;
236 struct ldb_message *msg = NULL;
237 int result = LDAP_SUCCESS;
238 const char *errstr = NULL;
241 local_ctx = talloc_named(call, 0, "sldb_Add local memory context");
242 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
244 samdb = talloc_get_type(partition->private, struct ldb_context);
246 dn = ldb_dn_explode(local_ctx, r->dn);
247 VALID_DN_SYNTAX(dn,1);
249 DEBUG(10, ("sldb_add: dn: [%s]\n", r->dn));
251 msg = talloc(local_ctx, struct ldb_message);
252 NT_STATUS_HAVE_NO_MEMORY(msg);
255 msg->private_data = NULL;
256 msg->num_elements = 0;
257 msg->elements = NULL;
259 if (r->num_attributes > 0) {
260 msg->num_elements = r->num_attributes;
261 msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements);
262 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
264 for (i=0; i < msg->num_elements; i++) {
265 msg->elements[i].name = discard_const_p(char, r->attributes[i].name);
266 msg->elements[i].flags = 0;
267 msg->elements[i].num_values = 0;
268 msg->elements[i].values = NULL;
270 if (r->attributes[i].num_values > 0) {
271 msg->elements[i].num_values = r->attributes[i].num_values;
272 msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
273 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
275 for (j=0; j < msg->elements[i].num_values; j++) {
276 if (!(r->attributes[i].values[j].length > 0)) {
278 errstr = "Empty attribute values are not allowed";
281 msg->elements[i].values[j].length = r->attributes[i].values[j].length;
282 msg->elements[i].values[j].data = r->attributes[i].values[j].data;
286 errstr = "No attribute values are not allowed";
292 errstr = "No attributes are not allowed";
297 add_reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse);
298 NT_STATUS_HAVE_NO_MEMORY(add_reply);
300 if (result == LDAP_SUCCESS) {
301 ldb_ret = ldb_add(samdb, msg);
302 result = sldb_map_error(partition, ldb_ret, &errstr);
305 add_result = &add_reply->msg->r.AddResponse;
306 add_result->dn = NULL;
307 add_result->resultcode = result;
308 add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
309 add_result->referral = NULL;
311 talloc_free(local_ctx);
313 ldapsrv_queue_reply(call, add_reply);
317 static NTSTATUS sldb_Del(struct ldapsrv_partition *partition, struct ldapsrv_call *call,
318 struct ldap_DelRequest *r)
322 struct ldap_Result *del_result;
323 struct ldapsrv_reply *del_reply;
325 struct ldb_context *samdb;
326 const char *errstr = NULL;
327 int result = LDAP_SUCCESS;
329 local_ctx = talloc_named(call, 0, "sldb_Del local memory context");
330 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
332 samdb = talloc_get_type(partition->private, struct ldb_context);
334 dn = ldb_dn_explode(local_ctx, r->dn);
335 VALID_DN_SYNTAX(dn,1);
337 DEBUG(10, ("sldb_Del: dn: [%s]\n", r->dn));
340 del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
341 NT_STATUS_HAVE_NO_MEMORY(del_reply);
343 if (result == LDAP_SUCCESS) {
344 ldb_ret = ldb_delete(samdb, dn);
345 result = sldb_map_error(partition, ldb_ret, &errstr);
348 del_result = &del_reply->msg->r.DelResponse;
349 del_result->dn = NULL;
350 del_result->resultcode = result;
351 del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
352 del_result->referral = NULL;
354 talloc_free(local_ctx);
356 ldapsrv_queue_reply(call, del_reply);
360 static NTSTATUS sldb_Modify(struct ldapsrv_partition *partition, struct ldapsrv_call *call,
361 struct ldap_ModifyRequest *r)
365 struct ldap_Result *modify_result;
366 struct ldapsrv_reply *modify_reply;
368 struct ldb_context *samdb;
369 struct ldb_message *msg = NULL;
370 int result = LDAP_SUCCESS;
371 const char *errstr = NULL;
374 local_ctx = talloc_named(call, 0, "sldb_Modify local memory context");
375 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
377 samdb = talloc_get_type(partition->private, struct ldb_context);
379 dn = ldb_dn_explode(local_ctx, r->dn);
380 VALID_DN_SYNTAX(dn, 1);
382 DEBUG(10, ("sldb_modify: dn: [%s]\n", r->dn));
384 msg = talloc(local_ctx, struct ldb_message);
385 NT_STATUS_HAVE_NO_MEMORY(msg);
388 msg->private_data = NULL;
389 msg->num_elements = 0;
390 msg->elements = NULL;
392 if (r->num_mods > 0) {
393 msg->num_elements = r->num_mods;
394 msg->elements = talloc_array(msg, struct ldb_message_element, r->num_mods);
395 NT_STATUS_HAVE_NO_MEMORY(msg->elements);
397 for (i=0; i < msg->num_elements; i++) {
398 msg->elements[i].name = discard_const_p(char, r->mods[i].attrib.name);
399 msg->elements[i].num_values = 0;
400 msg->elements[i].values = NULL;
402 switch (r->mods[i].type) {
404 result = LDAP_PROTOCOL_ERROR;
405 errstr = "Invalid LDAP_MODIFY_* type";
407 case LDAP_MODIFY_ADD:
408 msg->elements[i].flags = LDB_FLAG_MOD_ADD;
410 case LDAP_MODIFY_DELETE:
411 msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
413 case LDAP_MODIFY_REPLACE:
414 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
418 msg->elements[i].num_values = r->mods[i].attrib.num_values;
419 if (msg->elements[i].num_values > 0) {
420 msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
421 NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
423 for (j=0; j < msg->elements[i].num_values; j++) {
424 if (!(r->mods[i].attrib.values[j].length > 0)) {
426 errstr = "Empty attribute values are not allowed";
429 msg->elements[i].values[j].length = r->mods[i].attrib.values[j].length;
430 msg->elements[i].values[j].data = r->mods[i].attrib.values[j].data;
436 errstr = "No mods are not allowed";
441 modify_reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse);
442 NT_STATUS_HAVE_NO_MEMORY(modify_reply);
444 if (result == LDAP_SUCCESS) {
445 ldb_ret = ldb_modify(samdb, msg);
446 result = sldb_map_error(partition, ldb_ret, &errstr);
449 modify_result = &modify_reply->msg->r.AddResponse;
450 modify_result->dn = NULL;
451 modify_result->resultcode = result;
452 modify_result->errormessage = (errstr?talloc_strdup(modify_reply,errstr):NULL);
453 modify_result->referral = NULL;
455 talloc_free(local_ctx);
457 ldapsrv_queue_reply(call, modify_reply);
461 static NTSTATUS sldb_Compare(struct ldapsrv_partition *partition, struct ldapsrv_call *call,
462 struct ldap_CompareRequest *r)
466 struct ldap_Result *compare;
467 struct ldapsrv_reply *compare_r;
468 int result = LDAP_SUCCESS;
469 struct ldb_context *samdb;
470 struct ldb_result *res = NULL;
471 const char *attrs[1];
472 const char *errstr = NULL;
473 const char *filter = NULL;
476 local_ctx = talloc_named(call, 0, "sldb_Compare local_memory_context");
477 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
479 samdb = talloc_get_type(partition->private, struct ldb_context);
481 dn = ldb_dn_explode(local_ctx, r->dn);
482 VALID_DN_SYNTAX(dn, 1);
484 DEBUG(10, ("sldb_Compare: dn: [%s]\n", r->dn));
485 filter = talloc_asprintf(local_ctx, "(%s=%*s)", r->attribute,
486 (int)r->value.length, r->value.data);
487 NT_STATUS_HAVE_NO_MEMORY(filter);
489 DEBUGADD(10, ("sldb_Compare: attribute: [%s]\n", filter));
494 compare_r = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse);
495 NT_STATUS_HAVE_NO_MEMORY(compare_r);
497 if (result == LDAP_SUCCESS) {
498 ret = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res);
499 talloc_steal(samdb, res);
500 if (ret != LDB_SUCCESS) {
502 errstr = ldb_errstring(samdb);
503 DEBUG(10,("sldb_Compare: error: %s\n", errstr));
504 } else if (res->count == 0) {
505 DEBUG(10,("sldb_Compare: doesn't matched\n"));
506 result = LDAP_COMPARE_FALSE;
508 } else if (res->count == 1) {
509 DEBUG(10,("sldb_Compare: matched\n"));
510 result = LDAP_COMPARE_TRUE;
512 } else if (res->count > 1) {
514 errstr = "too many objects match";
515 DEBUG(10,("sldb_Compare: %d results: %s\n", res->count, errstr));
519 compare = &compare_r->msg->r.CompareResponse;
521 compare->resultcode = result;
522 compare->errormessage = (errstr?talloc_strdup(compare_r,errstr):NULL);
523 compare->referral = NULL;
525 talloc_free(local_ctx);
527 ldapsrv_queue_reply(call, compare_r);
531 static NTSTATUS sldb_ModifyDN(struct ldapsrv_partition *partition, struct ldapsrv_call *call, struct ldap_ModifyDNRequest *r)
534 struct ldb_dn *olddn, *newdn, *newrdn;
535 struct ldb_dn *parentdn = NULL;
536 struct ldap_Result *modifydn;
537 struct ldapsrv_reply *modifydn_r;
539 struct ldb_context *samdb;
540 const char *errstr = NULL;
541 int result = LDAP_SUCCESS;
543 local_ctx = talloc_named(call, 0, "sldb_ModifyDN local memory context");
544 NT_STATUS_HAVE_NO_MEMORY(local_ctx);
546 samdb = talloc_get_type(partition->private, struct ldb_context);
548 olddn = ldb_dn_explode(local_ctx, r->dn);
549 VALID_DN_SYNTAX(olddn, 2);
551 newrdn = ldb_dn_explode(local_ctx, r->newrdn);
552 VALID_DN_SYNTAX(newrdn, 1);
554 DEBUG(10, ("sldb_ModifyDN: olddn: [%s]\n", r->dn));
555 DEBUG(10, ("sldb_ModifyDN: newrdn: [%s]\n", r->newrdn));
557 /* we can't handle the rename if we should not remove the old dn */
558 if (!r->deleteolddn) {
559 result = LDAP_UNWILLING_TO_PERFORM;
560 errstr = "Old RDN must be deleted";
564 if (newrdn->comp_num > 1) {
565 result = LDAP_NAMING_VIOLATION;
566 errstr = "Error new RDN invalid";
570 if (r->newsuperior) {
571 parentdn = ldb_dn_explode(local_ctx, r->newsuperior);
572 VALID_DN_SYNTAX(parentdn, 0);
573 DEBUG(10, ("sldb_ModifyDN: newsuperior: [%s]\n", r->newsuperior));
575 if (parentdn->comp_num < 1) {
576 result = LDAP_AFFECTS_MULTIPLE_DSAS;
577 errstr = "Error new Superior DN invalid";
583 parentdn = ldb_dn_get_parent(local_ctx, olddn);
584 NT_STATUS_HAVE_NO_MEMORY(parentdn);
587 newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn);
588 NT_STATUS_HAVE_NO_MEMORY(newdn);
591 modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
592 NT_STATUS_HAVE_NO_MEMORY(modifydn_r);
594 if (result == LDAP_SUCCESS) {
595 ldb_ret = ldb_rename(samdb, olddn, newdn);
596 result = sldb_map_error(partition, ldb_ret, &errstr);
599 modifydn = &modifydn_r->msg->r.ModifyDNResponse;
601 modifydn->resultcode = result;
602 modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
603 modifydn->referral = NULL;
605 talloc_free(local_ctx);
607 ldapsrv_queue_reply(call, modifydn_r);
611 static const struct ldapsrv_partition_ops sldb_ops = {
614 .Search = sldb_Search,
617 .Modify = sldb_Modify,
618 .Compare = sldb_Compare,
619 .ModifyDN = sldb_ModifyDN
622 const struct ldapsrv_partition_ops *ldapsrv_get_sldb_partition_ops(void)