2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Volker Lendecke 2004
8 Copyright (C) Stefan Metzmacher 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "system/network.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "auth/credentials/credentials.h"
29 #include "librpc/gen_ndr/ndr_samr.h"
30 #include "../lib/util/dlinklist.h"
31 #include "../lib/util/asn1.h"
32 #include "ldap_server/ldap_server.h"
33 #include "smbd/service_task.h"
34 #include "smbd/service_stream.h"
35 #include "smbd/service.h"
36 #include "smbd/process_model.h"
37 #include "lib/tls/tls.h"
38 #include "lib/messaging/irpc.h"
40 #include <ldb_errors.h>
41 #include "libcli/ldap/ldap_proto.h"
42 #include "system/network.h"
43 #include "lib/socket/netif.h"
44 #include "dsdb/samdb/samdb.h"
45 #include "param/param.h"
46 #include "../lib/tsocket/tsocket.h"
47 #include "../lib/util/tevent_ntstatus.h"
48 #include "../libcli/util/tstream.h"
49 #include "libds/common/roles.h"
51 static void ldapsrv_terminate_connection_done(struct tevent_req *subreq);
54 close the socket and shutdown a server_context
56 static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn,
59 struct tevent_req *subreq;
61 if (conn->limits.reason) {
65 conn->limits.endtime = timeval_current_ofs(0, 500);
67 tevent_queue_stop(conn->sockets.send_queue);
68 if (conn->active_call) {
69 tevent_req_cancel(conn->active_call);
70 conn->active_call = NULL;
73 conn->limits.reason = talloc_strdup(conn, reason);
74 if (conn->limits.reason == NULL) {
75 TALLOC_FREE(conn->sockets.tls);
76 TALLOC_FREE(conn->sockets.sasl);
77 TALLOC_FREE(conn->sockets.raw);
78 stream_terminate_connection(conn->connection, reason);
82 subreq = tstream_disconnect_send(conn,
83 conn->connection->event.ctx,
84 conn->sockets.active);
86 TALLOC_FREE(conn->sockets.tls);
87 TALLOC_FREE(conn->sockets.sasl);
88 TALLOC_FREE(conn->sockets.raw);
89 stream_terminate_connection(conn->connection, reason);
92 tevent_req_set_endtime(subreq,
93 conn->connection->event.ctx,
94 conn->limits.endtime);
95 tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
98 static void ldapsrv_terminate_connection_done(struct tevent_req *subreq)
100 struct ldapsrv_connection *conn =
101 tevent_req_callback_data(subreq,
102 struct ldapsrv_connection);
105 tstream_disconnect_recv(subreq, &sys_errno);
108 if (conn->sockets.active == conn->sockets.raw) {
109 TALLOC_FREE(conn->sockets.tls);
110 TALLOC_FREE(conn->sockets.sasl);
111 TALLOC_FREE(conn->sockets.raw);
112 stream_terminate_connection(conn->connection,
113 conn->limits.reason);
117 TALLOC_FREE(conn->sockets.tls);
118 TALLOC_FREE(conn->sockets.sasl);
119 conn->sockets.active = conn->sockets.raw;
121 subreq = tstream_disconnect_send(conn,
122 conn->connection->event.ctx,
123 conn->sockets.active);
124 if (subreq == NULL) {
125 TALLOC_FREE(conn->sockets.raw);
126 stream_terminate_connection(conn->connection,
127 conn->limits.reason);
130 tevent_req_set_endtime(subreq,
131 conn->connection->event.ctx,
132 conn->limits.endtime);
133 tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
137 called when a LDAP socket becomes readable
139 void ldapsrv_recv(struct stream_connection *c, uint16_t flags)
141 smb_panic(__location__);
145 called when a LDAP socket becomes writable
147 static void ldapsrv_send(struct stream_connection *c, uint16_t flags)
149 smb_panic(__location__);
152 static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
155 const char *attrs[] = { "configurationNamingContext", NULL };
156 const char *attrs2[] = { "lDAPAdminLimits", NULL };
157 struct ldb_message_element *el;
158 struct ldb_result *res = NULL;
159 struct ldb_dn *basedn;
160 struct ldb_dn *conf_dn;
161 struct ldb_dn *policy_dn;
165 /* set defaults limits in case of failure */
166 conn->limits.initial_timeout = 120;
167 conn->limits.conn_idle_time = 900;
168 conn->limits.max_page_size = 1000;
169 conn->limits.search_timeout = 120;
172 tmp_ctx = talloc_new(conn);
173 if (tmp_ctx == NULL) {
177 basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL);
178 if (basedn == NULL) {
182 ret = ldb_search(conn->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs, NULL);
183 if (ret != LDB_SUCCESS) {
187 if (res->count != 1) {
191 conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext");
192 if (conf_dn == NULL) {
196 policy_dn = ldb_dn_copy(tmp_ctx, conf_dn);
197 ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
198 if (policy_dn == NULL) {
202 ret = ldb_search(conn->ldb, tmp_ctx, &res, policy_dn, LDB_SCOPE_BASE, attrs2, NULL);
203 if (ret != LDB_SUCCESS) {
207 if (res->count != 1) {
211 el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
216 for (i = 0; i < el->num_values; i++) {
217 char policy_name[256];
220 s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
221 if (s != 2 || policy_value == 0)
223 if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
224 conn->limits.initial_timeout = policy_value;
227 if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
228 conn->limits.conn_idle_time = policy_value;
231 if (strcasecmp("MaxPageSize", policy_name) == 0) {
232 conn->limits.max_page_size = policy_value;
235 if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
236 conn->limits.search_timeout = policy_value;
244 DEBUG(0, ("Failed to load ldap server query policies\n"));
245 talloc_free(tmp_ctx);
249 static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
250 struct tevent_context *ev,
251 struct tevent_queue *call_queue,
252 struct ldapsrv_call *call);
253 static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req);
255 static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn);
256 static void ldapsrv_accept_tls_done(struct tevent_req *subreq);
259 initialise a server_context from a open socket and register a event handler
260 for reading from that socket
262 static void ldapsrv_accept(struct stream_connection *c,
263 struct auth_session_info *session_info,
266 struct ldapsrv_service *ldapsrv_service =
267 talloc_get_type(c->private_data, struct ldapsrv_service);
268 struct ldapsrv_connection *conn;
269 struct cli_credentials *server_credentials;
270 struct socket_address *socket_address;
274 struct tevent_req *subreq;
275 struct timeval endtime;
277 conn = talloc_zero(c, struct ldapsrv_connection);
279 stream_terminate_connection(c, "ldapsrv_accept: out of memory");
282 conn->is_privileged = is_privileged;
284 conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
285 if (conn->sockets.send_queue == NULL) {
286 stream_terminate_connection(c,
287 "ldapsrv_accept: tevent_queue_create failed");
291 TALLOC_FREE(c->event.fde);
293 ret = tstream_bsd_existing_socket(conn,
294 socket_get_fd(c->socket),
297 stream_terminate_connection(c,
298 "ldapsrv_accept: out of memory");
301 socket_set_flags(c->socket, SOCKET_FLAG_NOCLOSE);
303 conn->connection = c;
304 conn->service = ldapsrv_service;
305 conn->lp_ctx = ldapsrv_service->task->lp_ctx;
307 c->private_data = conn;
309 socket_address = socket_get_my_addr(c->socket, conn);
310 if (!socket_address) {
311 ldapsrv_terminate_connection(conn, "ldapsrv_accept: failed to obtain local socket address!");
314 port = socket_address->port;
315 talloc_free(socket_address);
316 if (port == 3268 || port == 3269) /* Global catalog */ {
317 conn->global_catalog = true;
320 server_credentials = cli_credentials_init(conn);
321 if (!server_credentials) {
322 stream_terminate_connection(c, "Failed to init server credentials\n");
326 cli_credentials_set_conf(server_credentials, conn->lp_ctx);
327 status = cli_credentials_set_machine_account(server_credentials, conn->lp_ctx);
328 if (!NT_STATUS_IS_OK(status)) {
329 stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status)));
332 conn->server_credentials = server_credentials;
334 conn->session_info = session_info;
336 conn->sockets.active = conn->sockets.raw;
338 if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
339 ldapsrv_terminate_connection(conn, "backend Init failed");
343 /* load limits from the conf partition */
344 ldapsrv_load_limits(conn); /* should we fail on error ? */
346 /* register the server */
347 irpc_add_name(c->msg_ctx, "ldap_server");
349 if (port != 636 && port != 3269) {
350 ldapsrv_call_read_next(conn);
354 endtime = timeval_current_ofs(conn->limits.conn_idle_time, 0);
356 subreq = tstream_tls_accept_send(conn,
357 conn->connection->event.ctx,
359 conn->service->tls_params);
360 if (subreq == NULL) {
361 ldapsrv_terminate_connection(conn, "ldapsrv_accept: "
362 "no memory for tstream_tls_accept_send");
365 tevent_req_set_endtime(subreq,
366 conn->connection->event.ctx,
368 tevent_req_set_callback(subreq, ldapsrv_accept_tls_done, conn);
371 static void ldapsrv_accept_tls_done(struct tevent_req *subreq)
373 struct ldapsrv_connection *conn =
374 tevent_req_callback_data(subreq,
375 struct ldapsrv_connection);
379 ret = tstream_tls_accept_recv(subreq, &sys_errno,
380 conn, &conn->sockets.tls);
385 reason = talloc_asprintf(conn, "ldapsrv_accept_tls_loop: "
386 "tstream_tls_accept_recv() - %d:%s",
387 sys_errno, strerror(sys_errno));
389 reason = "ldapsrv_accept_tls_loop: "
390 "tstream_tls_accept_recv() - failed";
393 ldapsrv_terminate_connection(conn, reason);
397 conn->sockets.active = conn->sockets.tls;
398 ldapsrv_call_read_next(conn);
401 static void ldapsrv_call_read_done(struct tevent_req *subreq);
403 static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn)
405 struct tevent_req *subreq;
407 if (timeval_is_zero(&conn->limits.endtime)) {
408 conn->limits.endtime =
409 timeval_current_ofs(conn->limits.initial_timeout, 0);
411 conn->limits.endtime =
412 timeval_current_ofs(conn->limits.conn_idle_time, 0);
416 * The minimun size of a LDAP pdu is 7 bytes
418 * dumpasn1 -hh ldap-unbind-min.dat
420 * <30 05 02 01 09 42 00>
425 * 5 0: [APPLICATION 2]
426 * : Error: Object has zero length.
429 * dumpasn1 -hh ldap-unbind-windows.dat
431 * <30 84 00 00 00 05 02 01 09 42 00>
436 * 9 0: [APPLICATION 2]
437 * : Error: Object has zero length.
440 * This means using an initial read size
443 subreq = tstream_read_pdu_blob_send(conn,
444 conn->connection->event.ctx,
445 conn->sockets.active,
446 7, /* initial_read_size */
449 if (subreq == NULL) {
450 ldapsrv_terminate_connection(conn, "ldapsrv_call_read_next: "
451 "no memory for tstream_read_pdu_blob_send");
454 tevent_req_set_endtime(subreq,
455 conn->connection->event.ctx,
456 conn->limits.endtime);
457 tevent_req_set_callback(subreq, ldapsrv_call_read_done, conn);
461 static void ldapsrv_call_process_done(struct tevent_req *subreq);
463 static void ldapsrv_call_read_done(struct tevent_req *subreq)
465 struct ldapsrv_connection *conn =
466 tevent_req_callback_data(subreq,
467 struct ldapsrv_connection);
469 struct ldapsrv_call *call;
470 struct asn1_data *asn1;
473 call = talloc_zero(conn, struct ldapsrv_call);
475 ldapsrv_terminate_connection(conn, "no memory");
481 status = tstream_read_pdu_blob_recv(subreq,
485 if (!NT_STATUS_IS_OK(status)) {
488 reason = talloc_asprintf(call, "ldapsrv_call_loop: "
489 "tstream_read_pdu_blob_recv() - %s",
492 reason = nt_errstr(status);
495 ldapsrv_terminate_connection(conn, reason);
499 asn1 = asn1_init(call);
501 ldapsrv_terminate_connection(conn, "no memory");
505 call->request = talloc(call, struct ldap_message);
506 if (call->request == NULL) {
507 ldapsrv_terminate_connection(conn, "no memory");
511 if (!asn1_load(asn1, blob)) {
512 ldapsrv_terminate_connection(conn, "asn1_load failed");
516 status = ldap_decode(asn1, samba_ldap_control_handlers(),
518 if (!NT_STATUS_IS_OK(status)) {
519 ldapsrv_terminate_connection(conn, nt_errstr(status));
523 data_blob_free(&blob);
526 /* queue the call in the global queue */
527 subreq = ldapsrv_process_call_send(call,
528 conn->connection->event.ctx,
529 conn->service->call_queue,
531 if (subreq == NULL) {
532 ldapsrv_terminate_connection(conn, "ldapsrv_process_call_send failed");
535 tevent_req_set_callback(subreq, ldapsrv_call_process_done, call);
536 conn->active_call = subreq;
539 static void ldapsrv_call_writev_done(struct tevent_req *subreq);
541 static void ldapsrv_call_process_done(struct tevent_req *subreq)
543 struct ldapsrv_call *call =
544 tevent_req_callback_data(subreq,
545 struct ldapsrv_call);
546 struct ldapsrv_connection *conn = call->conn;
548 DATA_BLOB blob = data_blob_null;
550 conn->active_call = NULL;
552 status = ldapsrv_process_call_recv(subreq);
554 if (!NT_STATUS_IS_OK(status)) {
555 ldapsrv_terminate_connection(conn, nt_errstr(status));
559 /* build all the replies into a single blob */
560 while (call->replies) {
564 if (!ldap_encode(call->replies->msg, samba_ldap_control_handlers(), &b, call)) {
565 DEBUG(0,("Failed to encode ldap reply of type %d\n",
566 call->replies->msg->type));
567 ldapsrv_terminate_connection(conn, "ldap_encode failed");
571 ret = data_blob_append(call, &blob, b.data, b.length);
574 talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet");
577 ldapsrv_terminate_connection(conn, "data_blob_append failed");
581 DLIST_REMOVE(call->replies, call->replies);
584 if (blob.length == 0) {
587 ldapsrv_call_read_next(conn);
591 call->out_iov.iov_base = blob.data;
592 call->out_iov.iov_len = blob.length;
594 subreq = tstream_writev_queue_send(call,
595 conn->connection->event.ctx,
596 conn->sockets.active,
597 conn->sockets.send_queue,
599 if (subreq == NULL) {
600 ldapsrv_terminate_connection(conn, "stream_writev_queue_send failed");
603 tevent_req_set_callback(subreq, ldapsrv_call_writev_done, call);
606 static void ldapsrv_call_postprocess_done(struct tevent_req *subreq);
608 static void ldapsrv_call_writev_done(struct tevent_req *subreq)
610 struct ldapsrv_call *call =
611 tevent_req_callback_data(subreq,
612 struct ldapsrv_call);
613 struct ldapsrv_connection *conn = call->conn;
617 rc = tstream_writev_queue_recv(subreq, &sys_errno);
622 reason = talloc_asprintf(call, "ldapsrv_call_writev_done: "
623 "tstream_writev_queue_recv() - %d:%s",
624 sys_errno, strerror(sys_errno));
625 if (reason == NULL) {
626 reason = "ldapsrv_call_writev_done: "
627 "tstream_writev_queue_recv() failed";
630 ldapsrv_terminate_connection(conn, reason);
634 if (call->postprocess_send) {
635 subreq = call->postprocess_send(call,
636 conn->connection->event.ctx,
637 call->postprocess_private);
638 if (subreq == NULL) {
639 ldapsrv_terminate_connection(conn, "ldapsrv_call_writev_done: "
640 "call->postprocess_send - no memory");
643 tevent_req_set_callback(subreq,
644 ldapsrv_call_postprocess_done,
651 ldapsrv_call_read_next(conn);
654 static void ldapsrv_call_postprocess_done(struct tevent_req *subreq)
656 struct ldapsrv_call *call =
657 tevent_req_callback_data(subreq,
658 struct ldapsrv_call);
659 struct ldapsrv_connection *conn = call->conn;
662 status = call->postprocess_recv(subreq);
664 if (!NT_STATUS_IS_OK(status)) {
667 reason = talloc_asprintf(call, "ldapsrv_call_postprocess_done: "
668 "call->postprocess_recv() - %s",
670 if (reason == NULL) {
671 reason = nt_errstr(status);
674 ldapsrv_terminate_connection(conn, reason);
680 ldapsrv_call_read_next(conn);
683 struct ldapsrv_process_call_state {
684 struct ldapsrv_call *call;
687 static void ldapsrv_process_call_trigger(struct tevent_req *req,
690 static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
691 struct tevent_context *ev,
692 struct tevent_queue *call_queue,
693 struct ldapsrv_call *call)
695 struct tevent_req *req;
696 struct ldapsrv_process_call_state *state;
699 req = tevent_req_create(mem_ctx, &state,
700 struct ldapsrv_process_call_state);
707 ok = tevent_queue_add(call_queue, ev, req,
708 ldapsrv_process_call_trigger, NULL);
711 return tevent_req_post(req, ev);
717 static void ldapsrv_process_call_trigger(struct tevent_req *req,
720 struct ldapsrv_process_call_state *state =
722 struct ldapsrv_process_call_state);
726 status = ldapsrv_do_call(state->call);
727 if (!NT_STATUS_IS_OK(status)) {
728 tevent_req_nterror(req, status);
732 tevent_req_done(req);
735 static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req)
739 if (tevent_req_is_nterror(req, &status)) {
740 tevent_req_received(req);
744 tevent_req_received(req);
748 static void ldapsrv_accept_nonpriv(struct stream_connection *c)
750 struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
751 c->private_data, struct ldapsrv_service);
752 struct auth_session_info *session_info;
755 status = auth_anonymous_session_info(
756 c, ldapsrv_service->task->lp_ctx, &session_info);
757 if (!NT_STATUS_IS_OK(status)) {
758 stream_terminate_connection(c, "failed to setup anonymous "
762 ldapsrv_accept(c, session_info, false);
765 static const struct stream_server_ops ldap_stream_nonpriv_ops = {
767 .accept_connection = ldapsrv_accept_nonpriv,
768 .recv_handler = ldapsrv_recv,
769 .send_handler = ldapsrv_send,
772 /* The feature removed behind an #ifdef until we can do it properly
773 * with an EXTERNAL bind. */
775 #define WITH_LDAPI_PRIV_SOCKET
777 #ifdef WITH_LDAPI_PRIV_SOCKET
778 static void ldapsrv_accept_priv(struct stream_connection *c)
780 struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
781 c->private_data, struct ldapsrv_service);
782 struct auth_session_info *session_info;
784 session_info = system_session(ldapsrv_service->task->lp_ctx);
786 stream_terminate_connection(c, "failed to setup system "
790 ldapsrv_accept(c, session_info, true);
793 static const struct stream_server_ops ldap_stream_priv_ops = {
795 .accept_connection = ldapsrv_accept_priv,
796 .recv_handler = ldapsrv_recv,
797 .send_handler = ldapsrv_send,
804 add a socket address to the list of events, one event per port
806 static NTSTATUS add_socket(struct task_server *task,
807 struct loadparm_context *lp_ctx,
808 const struct model_ops *model_ops,
809 const char *address, struct ldapsrv_service *ldap_service)
813 struct ldb_context *ldb;
815 status = stream_setup_socket(task, task->event_ctx, lp_ctx,
816 model_ops, &ldap_stream_nonpriv_ops,
817 "ip", address, &port,
818 lpcfg_socket_options(lp_ctx),
820 if (!NT_STATUS_IS_OK(status)) {
821 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
822 address, port, nt_errstr(status)));
826 if (tstream_tls_params_enabled(ldap_service->tls_params)) {
827 /* add ldaps server */
829 status = stream_setup_socket(task, task->event_ctx, lp_ctx,
831 &ldap_stream_nonpriv_ops,
832 "ip", address, &port,
833 lpcfg_socket_options(lp_ctx),
835 if (!NT_STATUS_IS_OK(status)) {
836 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
837 address, port, nt_errstr(status)));
842 /* Load LDAP database, but only to read our settings */
843 ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx,
844 lp_ctx, system_session(lp_ctx), 0);
846 return NT_STATUS_INTERNAL_DB_CORRUPTION;
849 if (samdb_is_gc(ldb)) {
851 status = stream_setup_socket(task, task->event_ctx, lp_ctx,
853 &ldap_stream_nonpriv_ops,
854 "ip", address, &port,
855 lpcfg_socket_options(lp_ctx),
857 if (!NT_STATUS_IS_OK(status)) {
858 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
859 address, port, nt_errstr(status)));
862 if (tstream_tls_params_enabled(ldap_service->tls_params)) {
863 /* add ldaps server for the global catalog */
865 status = stream_setup_socket(task, task->event_ctx, lp_ctx,
867 &ldap_stream_nonpriv_ops,
868 "ip", address, &port,
869 lpcfg_socket_options(lp_ctx),
871 if (!NT_STATUS_IS_OK(status)) {
872 DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
873 address, port, nt_errstr(status)));
879 /* And once we are bound, free the temporary ldb, it will
880 * connect again on each incoming LDAP connection */
881 talloc_unlink(ldap_service, ldb);
887 open the ldap server sockets
889 static void ldapsrv_task_init(struct task_server *task)
892 #ifdef WITH_LDAPI_PRIV_SOCKET
895 const char *dns_host_name;
896 struct ldapsrv_service *ldap_service;
898 const struct model_ops *model_ops;
900 switch (lpcfg_server_role(task->lp_ctx)) {
901 case ROLE_STANDALONE:
902 task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration",
905 case ROLE_DOMAIN_MEMBER:
906 task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration",
909 case ROLE_ACTIVE_DIRECTORY_DC:
910 /* Yes, we want an LDAP server */
914 task_server_set_title(task, "task[ldapsrv]");
916 /* run the ldap server as a single process */
917 model_ops = process_model_startup("single");
918 if (!model_ops) goto failed;
920 ldap_service = talloc_zero(task, struct ldapsrv_service);
921 if (ldap_service == NULL) goto failed;
923 ldap_service->task = task;
925 dns_host_name = talloc_asprintf(ldap_service, "%s.%s",
926 lpcfg_netbios_name(task->lp_ctx),
927 lpcfg_dnsdomain(task->lp_ctx));
928 if (dns_host_name == NULL) goto failed;
930 status = tstream_tls_params_server(ldap_service,
932 lpcfg_tls_enabled(task->lp_ctx),
933 lpcfg_tls_keyfile(ldap_service, task->lp_ctx),
934 lpcfg_tls_certfile(ldap_service, task->lp_ctx),
935 lpcfg_tls_cafile(ldap_service, task->lp_ctx),
936 lpcfg_tls_crlfile(ldap_service, task->lp_ctx),
937 lpcfg_tls_dhpfile(ldap_service, task->lp_ctx),
938 lpcfg_tls_priority(task->lp_ctx),
939 &ldap_service->tls_params);
940 if (!NT_STATUS_IS_OK(status)) {
941 DEBUG(0,("ldapsrv failed tstream_tls_params_server - %s\n",
946 ldap_service->call_queue = tevent_queue_create(ldap_service, "ldapsrv_call_queue");
947 if (ldap_service->call_queue == NULL) goto failed;
949 if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
950 struct interface *ifaces;
954 load_interface_list(task, task->lp_ctx, &ifaces);
955 num_interfaces = iface_list_count(ifaces);
957 /* We have been given an interfaces line, and been
958 told to only bind to those interfaces. Create a
959 socket per interface and bind to only these.
961 for(i = 0; i < num_interfaces; i++) {
962 const char *address = iface_list_n_ip(ifaces, i);
963 status = add_socket(task, task->lp_ctx, model_ops, address, ldap_service);
964 if (!NT_STATUS_IS_OK(status)) goto failed;
970 wcard = iface_list_wildcard(task);
972 DEBUG(0,("No wildcard addresses available\n"));
975 for (i=0; wcard[i]; i++) {
976 status = add_socket(task, task->lp_ctx, model_ops, wcard[i], ldap_service);
977 if (NT_STATUS_IS_OK(status)) {
982 if (num_binds == 0) {
987 ldapi_path = lpcfg_private_path(ldap_service, task->lp_ctx, "ldapi");
992 status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
993 model_ops, &ldap_stream_nonpriv_ops,
994 "unix", ldapi_path, NULL,
995 lpcfg_socket_options(task->lp_ctx),
997 talloc_free(ldapi_path);
998 if (!NT_STATUS_IS_OK(status)) {
999 DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
1000 ldapi_path, nt_errstr(status)));
1003 #ifdef WITH_LDAPI_PRIV_SOCKET
1004 priv_dir = lpcfg_private_path(ldap_service, task->lp_ctx, "ldap_priv");
1005 if (priv_dir == NULL) {
1009 * Make sure the directory for the privileged ldapi socket exists, and
1010 * is of the correct permissions
1012 if (!directory_create_or_exist(priv_dir, 0750)) {
1013 task_server_terminate(task, "Cannot create ldap "
1014 "privileged ldapi directory", true);
1017 ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir);
1018 talloc_free(priv_dir);
1019 if (ldapi_path == NULL) {
1023 status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
1024 model_ops, &ldap_stream_priv_ops,
1025 "unix", ldapi_path, NULL,
1026 lpcfg_socket_options(task->lp_ctx),
1028 talloc_free(ldapi_path);
1029 if (!NT_STATUS_IS_OK(status)) {
1030 DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
1031 ldapi_path, nt_errstr(status)));
1036 /* register the server */
1037 irpc_add_name(task->msg_ctx, "ldap_server");
1041 task_server_terminate(task, "Failed to startup ldap server task", true);
1045 NTSTATUS server_service_ldap_init(void)
1047 return register_server_service("ldap", ldapsrv_task_init);
git.samba.org / gd / samba-autobuild / .git / blob