2 Unix SMB/CIFS implementation.
3 Infrastructure for async ldap client requests
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 bool tevent_req_is_ldap_error(struct tevent_req *req, int *perr)
24 enum tevent_req_state state;
27 if (!tevent_req_is_error(req, &state, &err)) {
31 case TEVENT_REQ_TIMED_OUT:
32 *perr = TLDAP_TIMEOUT;
34 case TEVENT_REQ_NO_MEMORY:
35 *perr = TLDAP_NO_MEMORY;
37 case TEVENT_REQ_USER_ERROR:
41 *perr = TLDAP_OPERATIONS_ERROR;
47 struct tldap_ctx_attribute {
52 struct tldap_context {
59 struct tevent_queue *outgoing;
60 struct tevent_req **pending;
62 /* For the sync wrappers we need something like get_last_error... */
63 struct tldap_message *last_msg;
66 void (*log_fn)(void *context, enum tldap_debug_level level,
67 const char *fmt, va_list ap);
70 struct tldap_ctx_attribute *ctx_attrs;
73 struct tldap_message {
74 struct asn1_data *data;
81 struct tldap_attribute *attribs;
83 /* Error data sent by the server */
86 char *res_diagnosticmessage;
88 struct tldap_control *res_sctrls;
90 /* Controls sent by the server */
91 struct tldap_control *ctrls;
94 void tldap_set_debug(struct tldap_context *ld,
95 void (*log_fn)(void *log_private,
96 enum tldap_debug_level level,
98 va_list ap) PRINTF_ATTRIBUTE(3,0),
102 ld->log_private = log_private;
105 static void tldap_debug(struct tldap_context *ld,
106 enum tldap_debug_level level,
107 const char *fmt, ...)
113 if (ld->log_fn == NULL) {
117 ld->log_fn(ld->log_private, level, fmt, ap);
121 static int tldap_next_msgid(struct tldap_context *ld)
125 result = ld->msgid++;
126 if (ld->msgid == 2147483647) {
132 struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd)
134 struct tldap_context *ctx;
136 ctx = talloc_zero(mem_ctx, struct tldap_context);
143 ctx->outgoing = tevent_queue_create(ctx, "tldap_outgoing");
144 if (ctx->outgoing == NULL) {
151 static struct tldap_ctx_attribute *tldap_context_findattr(
152 struct tldap_context *ld, const char *name)
156 num_attrs = talloc_array_length(ld->ctx_attrs);
158 for (i=0; i<num_attrs; i++) {
159 if (strcmp(ld->ctx_attrs[i].name, name) == 0) {
160 return &ld->ctx_attrs[i];
166 bool tldap_context_setattr(struct tldap_context *ld,
167 const char *name, const void *_pptr)
169 struct tldap_ctx_attribute *tmp, *attr;
172 void **pptr = (void **)_pptr;
174 attr = tldap_context_findattr(ld, name);
177 * We don't actually delete attrs, we don't expect tons of
178 * attributes being shuffled around.
180 TALLOC_FREE(attr->ptr);
182 attr->ptr = talloc_move(ld->ctx_attrs, pptr);
188 tmpname = talloc_strdup(ld, name);
189 if (tmpname == NULL) {
193 num_attrs = talloc_array_length(ld->ctx_attrs);
195 tmp = talloc_realloc(ld, ld->ctx_attrs, struct tldap_ctx_attribute,
198 TALLOC_FREE(tmpname);
201 tmp[num_attrs].name = talloc_move(tmp, &tmpname);
203 tmp[num_attrs].ptr = talloc_move(tmp, pptr);
205 tmp[num_attrs].ptr = NULL;
212 void *tldap_context_getattr(struct tldap_context *ld, const char *name)
214 struct tldap_ctx_attribute *attr = tldap_context_findattr(ld, name);
222 struct read_ldap_state {
227 static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data)
229 struct read_ldap_state *state = talloc_get_type_abort(
230 private_data, struct read_ldap_state);
235 /* We've been here, we're done */
240 * From ldap.h: LDAP_TAG_MESSAGE is 0x30
242 if (buf[0] != 0x30) {
247 if ((len & 0x80) == 0) {
252 lensize = (len & 0x7f);
256 /* Please get us the full length */
259 if (buflen > 2 + lensize) {
263 if (buflen != 2 + lensize) {
267 for (i=0; i<lensize; i++) {
268 len = (len << 8) | buf[2+i];
273 static void read_ldap_done(struct tevent_req *subreq);
275 static struct tevent_req *read_ldap_send(TALLOC_CTX *mem_ctx,
276 struct tevent_context *ev,
279 struct tevent_req *req, *subreq;
280 struct read_ldap_state *state;
282 req = tevent_req_create(mem_ctx, &state, struct read_ldap_state);
288 subreq = read_packet_send(state, ev, fd, 2, read_ldap_more, state);
289 if (tevent_req_nomem(subreq, req)) {
290 return tevent_req_post(req, ev);
292 tevent_req_set_callback(subreq, read_ldap_done, req);
296 static void read_ldap_done(struct tevent_req *subreq)
298 struct tevent_req *req = tevent_req_callback_data(
299 subreq, struct tevent_req);
300 struct read_ldap_state *state = tevent_req_data(
301 req, struct read_ldap_state);
305 nread = read_packet_recv(subreq, state, &state->buf, &err);
308 tevent_req_error(req, err);
311 tevent_req_done(req);
314 static ssize_t read_ldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
315 uint8_t **pbuf, int *perrno)
317 struct read_ldap_state *state = tevent_req_data(
318 req, struct read_ldap_state);
320 if (tevent_req_is_unix_error(req, perrno)) {
323 *pbuf = talloc_move(mem_ctx, &state->buf);
324 return talloc_get_size(*pbuf);
327 struct tldap_msg_state {
328 struct tldap_context *ld;
329 struct tevent_context *ev;
333 struct asn1_data *data;
337 static void tldap_push_controls(struct asn1_data *data,
338 struct tldap_control *sctrls,
343 if ((sctrls == NULL) || (num_sctrls == 0)) {
347 asn1_push_tag(data, ASN1_CONTEXT(0));
349 for (i=0; i<num_sctrls; i++) {
350 struct tldap_control *c = &sctrls[i];
351 asn1_push_tag(data, ASN1_SEQUENCE(0));
352 asn1_write_OctetString(data, c->oid, strlen(c->oid));
354 asn1_write_BOOLEAN(data, true);
356 if (c->value.data != NULL) {
357 asn1_write_OctetString(data, c->value.data,
360 asn1_pop_tag(data); /* ASN1_SEQUENCE(0) */
363 asn1_pop_tag(data); /* ASN1_CONTEXT(0) */
366 static void tldap_msg_sent(struct tevent_req *subreq);
367 static void tldap_msg_received(struct tevent_req *subreq);
369 static struct tevent_req *tldap_msg_send(TALLOC_CTX *mem_ctx,
370 struct tevent_context *ev,
371 struct tldap_context *ld,
372 int id, struct asn1_data *data,
373 struct tldap_control *sctrls,
376 struct tevent_req *req, *subreq;
377 struct tldap_msg_state *state;
380 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_send: sending msg %d\n",
383 req = tevent_req_create(mem_ctx, &state, struct tldap_msg_state);
391 tldap_push_controls(data, sctrls, num_sctrls);
395 if (!asn1_blob(data, &blob)) {
396 tevent_req_error(req, TLDAP_ENCODING_ERROR);
397 return tevent_req_post(req, ev);
400 state->iov.iov_base = blob.data;
401 state->iov.iov_len = blob.length;
403 subreq = writev_send(state, ev, ld->outgoing, ld->fd, false,
405 if (tevent_req_nomem(subreq, req)) {
406 return tevent_req_post(req, ev);
408 tevent_req_set_callback(subreq, tldap_msg_sent, req);
412 static void tldap_msg_unset_pending(struct tevent_req *req)
414 struct tldap_msg_state *state = tevent_req_data(
415 req, struct tldap_msg_state);
416 struct tldap_context *ld = state->ld;
417 int num_pending = talloc_array_length(ld->pending);
420 if (num_pending == 1) {
421 TALLOC_FREE(ld->pending);
425 for (i=0; i<num_pending; i++) {
426 if (req == ld->pending[i]) {
430 if (i == num_pending) {
432 * Something's seriously broken. Just returning here is the
433 * right thing nevertheless, the point of this routine is to
434 * remove ourselves from cli->pending.
440 * Remove ourselves from the cli->pending array
442 if (num_pending > 1) {
443 ld->pending[i] = ld->pending[num_pending-1];
447 * No NULL check here, we're shrinking by sizeof(void *), and
448 * talloc_realloc just adjusts the size for this.
450 ld->pending = talloc_realloc(NULL, ld->pending, struct tevent_req *,
455 static int tldap_msg_destructor(struct tevent_req *req)
457 tldap_msg_unset_pending(req);
461 static bool tldap_msg_set_pending(struct tevent_req *req)
463 struct tldap_msg_state *state = tevent_req_data(
464 req, struct tldap_msg_state);
465 struct tldap_context *ld;
466 struct tevent_req **pending;
468 struct tevent_req *subreq;
471 num_pending = talloc_array_length(ld->pending);
473 pending = talloc_realloc(ld, ld->pending, struct tevent_req *,
475 if (pending == NULL) {
478 pending[num_pending] = req;
479 ld->pending = pending;
480 talloc_set_destructor(req, tldap_msg_destructor);
482 if (num_pending > 0) {
487 * We're the first ones, add the read_ldap request that waits for the
488 * answer from the server
490 subreq = read_ldap_send(ld->pending, state->ev, ld->fd);
491 if (subreq == NULL) {
492 tldap_msg_unset_pending(req);
495 tevent_req_set_callback(subreq, tldap_msg_received, ld);
499 static void tldap_msg_sent(struct tevent_req *subreq)
501 struct tevent_req *req = tevent_req_callback_data(
502 subreq, struct tevent_req);
506 nwritten = writev_recv(subreq, &err);
508 if (nwritten == -1) {
509 tevent_req_error(req, TLDAP_SERVER_DOWN);
513 if (!tldap_msg_set_pending(req)) {
514 tevent_req_nomem(NULL, req);
519 static int tldap_msg_msgid(struct tevent_req *req)
521 struct tldap_msg_state *state = tevent_req_data(
522 req, struct tldap_msg_state);
527 static void tldap_msg_received(struct tevent_req *subreq)
529 struct tldap_context *ld = tevent_req_callback_data(
530 subreq, struct tldap_context);
531 struct tevent_req *req;
532 struct tldap_msg_state *state;
533 struct tevent_context *ev;
534 struct asn1_data *data;
543 received = read_ldap_recv(subreq, talloc_tos(), &inbuf, &err);
545 if (received == -1) {
546 status = TLDAP_SERVER_DOWN;
550 data = asn1_init(talloc_tos());
552 status = TLDAP_NO_MEMORY;
555 asn1_load_nocopy(data, inbuf, received);
558 ok &= asn1_start_tag(data, ASN1_SEQUENCE(0));
559 ok &= asn1_read_Integer(data, &id);
560 ok &= asn1_peek_uint8(data, &type);
563 status = TLDAP_PROTOCOL_ERROR;
567 tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_received: got msg %d "
568 "type %d\n", id, (int)type);
570 num_pending = talloc_array_length(ld->pending);
572 for (i=0; i<num_pending; i++) {
573 if (id == tldap_msg_msgid(ld->pending[i])) {
577 if (i == num_pending) {
578 /* Dump unexpected reply */
579 tldap_debug(ld, TLDAP_DEBUG_WARNING, "tldap_msg_received: "
580 "No request pending for msg %d\n", id);
585 req = ld->pending[i];
586 state = tevent_req_data(req, struct tldap_msg_state);
588 state->inbuf = talloc_move(state, &inbuf);
589 state->data = talloc_move(state, &data);
593 talloc_set_destructor(req, NULL);
594 tldap_msg_unset_pending(req);
595 num_pending = talloc_array_length(ld->pending);
597 tevent_req_done(req);
600 if (num_pending == 0) {
603 if (talloc_array_length(ld->pending) > num_pending) {
605 * The callback functions called from tevent_req_done() above
606 * have put something on the pending queue. We don't have to
607 * trigger the read_ldap_send(), tldap_msg_set_pending() has
608 * done it for us already.
613 state = tevent_req_data(ld->pending[0], struct tldap_msg_state);
614 subreq = read_ldap_send(ld->pending, state->ev, ld->fd);
615 if (subreq == NULL) {
616 status = TLDAP_NO_MEMORY;
619 tevent_req_set_callback(subreq, tldap_msg_received, ld);
623 while (talloc_array_length(ld->pending) > 0) {
624 req = ld->pending[0];
625 talloc_set_destructor(req, NULL);
626 tldap_msg_destructor(req);
627 tevent_req_error(req, status);
631 static int tldap_msg_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
632 struct tldap_message **pmsg)
634 struct tldap_msg_state *state = tevent_req_data(
635 req, struct tldap_msg_state);
636 struct tldap_message *msg;
640 if (tevent_req_is_ldap_error(req, &err)) {
644 if (!asn1_peek_uint8(state->data, &msgtype)) {
645 return TLDAP_PROTOCOL_ERROR;
649 return TLDAP_SUCCESS;
652 msg = talloc_zero(mem_ctx, struct tldap_message);
654 return TLDAP_NO_MEMORY;
658 msg->inbuf = talloc_move(msg, &state->inbuf);
659 msg->data = talloc_move(msg, &state->data);
663 return TLDAP_SUCCESS;
666 struct tldap_req_state {
668 struct asn1_data *out;
669 struct tldap_message *result;
672 static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
673 struct tldap_context *ld,
674 struct tldap_req_state **pstate)
676 struct tevent_req *req;
677 struct tldap_req_state *state;
679 req = tevent_req_create(mem_ctx, &state, struct tldap_req_state);
684 state->out = asn1_init(state);
685 if (state->out == NULL) {
689 state->result = NULL;
690 state->id = tldap_next_msgid(ld);
692 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
693 asn1_write_Integer(state->out, state->id);
699 static void tldap_save_msg(struct tldap_context *ld, struct tevent_req *req)
701 struct tldap_req_state *state = tevent_req_data(
702 req, struct tldap_req_state);
704 TALLOC_FREE(ld->last_msg);
705 ld->last_msg = talloc_move(ld, &state->result);
708 static char *blob2string_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob)
710 char *result = talloc_array(mem_ctx, char, blob.length+1);
711 memcpy(result, blob.data, blob.length);
712 result[blob.length] = '\0';
716 static bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
717 struct asn1_data *data,
721 if (!asn1_read_OctetString(data, mem_ctx, &string))
723 *result = blob2string_talloc(mem_ctx, string);
724 data_blob_free(&string);
728 static bool tldap_decode_controls(struct tldap_req_state *state);
730 static bool tldap_decode_response(struct tldap_req_state *state)
732 struct asn1_data *data = state->result->data;
733 struct tldap_message *msg = state->result;
736 ok &= asn1_read_enumerated(data, &msg->lderr);
737 ok &= asn1_read_OctetString_talloc(msg, data, &msg->res_matcheddn);
738 ok &= asn1_read_OctetString_talloc(msg, data,
739 &msg->res_diagnosticmessage);
740 if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
741 ok &= asn1_start_tag(data, ASN1_CONTEXT(3));
742 ok &= asn1_read_OctetString_talloc(msg, data,
744 ok &= asn1_end_tag(data);
746 msg->res_referral = NULL;
752 static void tldap_sasl_bind_done(struct tevent_req *subreq);
754 struct tevent_req *tldap_sasl_bind_send(TALLOC_CTX *mem_ctx,
755 struct tevent_context *ev,
756 struct tldap_context *ld,
758 const char *mechanism,
760 struct tldap_control *sctrls,
762 struct tldap_control *cctrls,
765 struct tevent_req *req, *subreq;
766 struct tldap_req_state *state;
768 req = tldap_req_create(mem_ctx, ld, &state);
777 asn1_push_tag(state->out, TLDAP_REQ_BIND);
778 asn1_write_Integer(state->out, ld->ld_version);
779 asn1_write_OctetString(state->out, dn, (dn != NULL) ? strlen(dn) : 0);
781 if (mechanism == NULL) {
782 asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0));
783 asn1_write(state->out, creds->data, creds->length);
784 asn1_pop_tag(state->out);
786 asn1_push_tag(state->out, ASN1_CONTEXT(3));
787 asn1_write_OctetString(state->out, mechanism,
789 if ((creds != NULL) && (creds->data != NULL)) {
790 asn1_write_OctetString(state->out, creds->data,
793 asn1_pop_tag(state->out);
796 if (!asn1_pop_tag(state->out)) {
797 tevent_req_error(req, TLDAP_ENCODING_ERROR);
798 return tevent_req_post(req, ev);
801 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
803 if (tevent_req_nomem(subreq, req)) {
804 return tevent_req_post(req, ev);
806 tevent_req_set_callback(subreq, tldap_sasl_bind_done, req);
810 static void tldap_sasl_bind_done(struct tevent_req *subreq)
812 struct tevent_req *req = tevent_req_callback_data(
813 subreq, struct tevent_req);
814 struct tldap_req_state *state = tevent_req_data(
815 req, struct tldap_req_state);
818 err = tldap_msg_recv(subreq, state, &state->result);
820 if (err != TLDAP_SUCCESS) {
821 tevent_req_error(req, err);
824 if (state->result->type != TLDAP_RES_BIND) {
825 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
828 if (!asn1_start_tag(state->result->data, state->result->type) ||
829 !tldap_decode_response(state) ||
830 !asn1_end_tag(state->result->data)) {
831 tevent_req_error(req, TLDAP_DECODING_ERROR);
835 * TODO: pull the reply blob
837 if (state->result->lderr != TLDAP_SUCCESS) {
838 tevent_req_error(req, state->result->lderr);
841 tevent_req_done(req);
844 int tldap_sasl_bind_recv(struct tevent_req *req)
848 if (tevent_req_is_ldap_error(req, &err)) {
851 return TLDAP_SUCCESS;
854 int tldap_sasl_bind(struct tldap_context *ld,
856 const char *mechanism,
858 struct tldap_control *sctrls,
860 struct tldap_control *cctrls,
863 TALLOC_CTX *frame = talloc_stackframe();
864 struct tevent_context *ev;
865 struct tevent_req *req;
868 ev = event_context_init(frame);
870 result = TLDAP_NO_MEMORY;
874 req = tldap_sasl_bind_send(frame, ev, ld, dn, mechanism, creds,
875 sctrls, num_sctrls, cctrls, num_cctrls);
877 result = TLDAP_NO_MEMORY;
881 if (!tevent_req_poll(req, ev)) {
882 result = TLDAP_OPERATIONS_ERROR;
886 result = tldap_sasl_bind_recv(req);
887 tldap_save_msg(ld, req);
893 struct tevent_req *tldap_simple_bind_send(TALLOC_CTX *mem_ctx,
894 struct tevent_context *ev,
895 struct tldap_context *ld,
901 if (passwd != NULL) {
902 cred.data = (uint8_t *)passwd;
903 cred.length = strlen(passwd);
905 cred.data = (uint8_t *)"";
908 return tldap_sasl_bind_send(mem_ctx, ev, ld, dn, NULL, &cred, NULL, 0,
912 int tldap_simple_bind_recv(struct tevent_req *req)
914 return tldap_sasl_bind_recv(req);
917 int tldap_simple_bind(struct tldap_context *ld, const char *dn,
922 if (passwd != NULL) {
923 cred.data = (uint8_t *)passwd;
924 cred.length = strlen(passwd);
926 cred.data = (uint8_t *)"";
929 return tldap_sasl_bind(ld, dn, NULL, &cred, NULL, 0, NULL, 0);
932 /*****************************************************************************/
935 * This piece has a dependency on ldb, the ldb_parse_tree() function is used.
936 * In case we want to separate out tldap, we need to copy or rewrite it.
939 #include "lib/ldb/include/ldb.h"
940 #include "lib/ldb/include/ldb_errors.h"
942 static bool ldap_push_filter(struct asn1_data *data,
943 struct ldb_parse_tree *tree)
947 switch (tree->operation) {
951 ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1));
952 for (i=0; i<tree->u.list.num_elements; i++) {
953 if (!ldap_push_filter(data,
954 tree->u.list.elements[i])) {
962 asn1_push_tag(data, ASN1_CONTEXT(2));
963 if (!ldap_push_filter(data, tree->u.isnot.child)) {
969 case LDB_OP_EQUALITY:
971 asn1_push_tag(data, ASN1_CONTEXT(3));
972 asn1_write_OctetString(data, tree->u.equality.attr,
973 strlen(tree->u.equality.attr));
974 asn1_write_OctetString(data, tree->u.equality.value.data,
975 tree->u.equality.value.length);
979 case LDB_OP_SUBSTRING:
981 SubstringFilter ::= SEQUENCE {
982 type AttributeDescription,
983 -- at least one must be present
984 substrings SEQUENCE OF CHOICE {
985 initial [0] LDAPString,
987 final [2] LDAPString } }
989 asn1_push_tag(data, ASN1_CONTEXT(4));
990 asn1_write_OctetString(data, tree->u.substring.attr,
991 strlen(tree->u.substring.attr));
992 asn1_push_tag(data, ASN1_SEQUENCE(0));
994 if (!tree->u.substring.start_with_wildcard) {
995 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
996 asn1_write_DATA_BLOB_LDAPString(
997 data, tree->u.substring.chunks[i]);
1001 while (tree->u.substring.chunks[i]) {
1004 if ((!tree->u.substring.chunks[i + 1]) &&
1005 (tree->u.substring.end_with_wildcard == 0)) {
1010 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
1011 asn1_write_DATA_BLOB_LDAPString(
1012 data, tree->u.substring.chunks[i]);
1020 case LDB_OP_GREATER:
1021 /* greaterOrEqual test */
1022 asn1_push_tag(data, ASN1_CONTEXT(5));
1023 asn1_write_OctetString(data, tree->u.comparison.attr,
1024 strlen(tree->u.comparison.attr));
1025 asn1_write_OctetString(data, tree->u.comparison.value.data,
1026 tree->u.comparison.value.length);
1031 /* lessOrEqual test */
1032 asn1_push_tag(data, ASN1_CONTEXT(6));
1033 asn1_write_OctetString(data, tree->u.comparison.attr,
1034 strlen(tree->u.comparison.attr));
1035 asn1_write_OctetString(data, tree->u.comparison.value.data,
1036 tree->u.comparison.value.length);
1040 case LDB_OP_PRESENT:
1042 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7));
1043 asn1_write_LDAPString(data, tree->u.present.attr);
1045 return !data->has_error;
1049 asn1_push_tag(data, ASN1_CONTEXT(8));
1050 asn1_write_OctetString(data, tree->u.comparison.attr,
1051 strlen(tree->u.comparison.attr));
1052 asn1_write_OctetString(data, tree->u.comparison.value.data,
1053 tree->u.comparison.value.length);
1057 case LDB_OP_EXTENDED:
1059 MatchingRuleAssertion ::= SEQUENCE {
1060 matchingRule [1] MatchingRuleID OPTIONAL,
1061 type [2] AttributeDescription OPTIONAL,
1062 matchValue [3] AssertionValue,
1063 dnAttributes [4] BOOLEAN DEFAULT FALSE
1066 asn1_push_tag(data, ASN1_CONTEXT(9));
1067 if (tree->u.extended.rule_id) {
1068 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1));
1069 asn1_write_LDAPString(data, tree->u.extended.rule_id);
1072 if (tree->u.extended.attr) {
1073 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2));
1074 asn1_write_LDAPString(data, tree->u.extended.attr);
1077 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3));
1078 asn1_write_DATA_BLOB_LDAPString(data, &tree->u.extended.value);
1080 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4));
1081 asn1_write_uint8(data, tree->u.extended.dnAttributes);
1089 return !data->has_error;
1092 static bool tldap_push_filter(struct asn1_data *data, const char *filter)
1094 struct ldb_parse_tree *tree;
1097 tree = ldb_parse_tree(talloc_tos(), filter);
1101 ret = ldap_push_filter(data, tree);
1106 /*****************************************************************************/
1108 static void tldap_search_done(struct tevent_req *subreq);
1110 struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx,
1111 struct tevent_context *ev,
1112 struct tldap_context *ld,
1113 const char *base, int scope,
1118 struct tldap_control *sctrls,
1120 struct tldap_control *cctrls,
1126 struct tevent_req *req, *subreq;
1127 struct tldap_req_state *state;
1130 req = tldap_req_create(mem_ctx, ld, &state);
1135 asn1_push_tag(state->out, TLDAP_REQ_SEARCH);
1136 asn1_write_OctetString(state->out, base, strlen(base));
1137 asn1_write_enumerated(state->out, scope);
1138 asn1_write_enumerated(state->out, deref);
1139 asn1_write_Integer(state->out, sizelimit);
1140 asn1_write_Integer(state->out, timelimit);
1141 asn1_write_BOOLEAN(state->out, attrsonly);
1143 if (!tldap_push_filter(state->out, filter)) {
1144 goto encoding_error;
1147 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1148 for (i=0; i<num_attrs; i++) {
1149 asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]));
1151 asn1_pop_tag(state->out);
1152 asn1_pop_tag(state->out);
1154 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1155 sctrls, num_sctrls);
1156 if (tevent_req_nomem(subreq, req)) {
1157 return tevent_req_post(req, ev);
1159 tevent_req_set_callback(subreq, tldap_search_done, req);
1163 tevent_req_error(req, TLDAP_ENCODING_ERROR);
1164 return tevent_req_post(req, ev);
1167 static void tldap_search_done(struct tevent_req *subreq)
1169 struct tevent_req *req = tevent_req_callback_data(
1170 subreq, struct tevent_req);
1171 struct tldap_req_state *state = tevent_req_data(
1172 req, struct tldap_req_state);
1175 err = tldap_msg_recv(subreq, state, &state->result);
1176 if (err != TLDAP_SUCCESS) {
1177 tevent_req_error(req, err);
1180 switch (state->result->type) {
1181 case TLDAP_RES_SEARCH_ENTRY:
1182 case TLDAP_RES_SEARCH_REFERENCE:
1183 tevent_req_notify_callback(req);
1184 if (!tldap_msg_set_pending(subreq)) {
1185 tevent_req_nomem(NULL, req);
1189 case TLDAP_RES_SEARCH_RESULT:
1190 TALLOC_FREE(subreq);
1191 if (!asn1_start_tag(state->result->data,
1192 state->result->type) ||
1193 !tldap_decode_response(state) ||
1194 !asn1_end_tag(state->result->data) ||
1195 !tldap_decode_controls(state)) {
1196 tevent_req_error(req, TLDAP_DECODING_ERROR);
1199 tevent_req_done(req);
1202 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
1207 int tldap_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1208 struct tldap_message **pmsg)
1210 struct tldap_req_state *state = tevent_req_data(
1211 req, struct tldap_req_state);
1214 if (!tevent_req_is_in_progress(req)
1215 && tevent_req_is_ldap_error(req, &err)) {
1219 if (tevent_req_is_in_progress(req)) {
1220 switch (state->result->type) {
1221 case TLDAP_RES_SEARCH_ENTRY:
1222 case TLDAP_RES_SEARCH_REFERENCE:
1225 return TLDAP_OPERATIONS_ERROR;
1229 *pmsg = talloc_move(mem_ctx, &state->result);
1230 return TLDAP_SUCCESS;
1233 struct tldap_sync_search_state {
1234 TALLOC_CTX *mem_ctx;
1235 struct tldap_message **entries;
1236 struct tldap_message **refs;
1240 static void tldap_search_cb(struct tevent_req *req)
1242 struct tldap_sync_search_state *state =
1243 (struct tldap_sync_search_state *)
1244 tevent_req_callback_data_void(req);
1245 struct tldap_message *msg, **tmp;
1246 int rc, num_entries, num_refs;
1248 rc = tldap_search_recv(req, talloc_tos(), &msg);
1249 if (rc != TLDAP_SUCCESS) {
1254 switch (tldap_msg_type(msg)) {
1255 case TLDAP_RES_SEARCH_ENTRY:
1256 num_entries = talloc_array_length(state->entries);
1257 tmp = talloc_realloc(state->mem_ctx, state->entries,
1258 struct tldap_message *, num_entries + 1);
1260 state->rc = TLDAP_NO_MEMORY;
1263 state->entries = tmp;
1264 state->entries[num_entries] = talloc_move(state->entries,
1267 case TLDAP_RES_SEARCH_REFERENCE:
1268 num_refs = talloc_array_length(state->refs);
1269 tmp = talloc_realloc(state->mem_ctx, state->refs,
1270 struct tldap_message *, num_refs + 1);
1272 state->rc = TLDAP_NO_MEMORY;
1276 state->refs[num_refs] = talloc_move(state->refs, &msg);
1278 case TLDAP_RES_SEARCH_RESULT:
1279 state->rc = TLDAP_SUCCESS;
1282 state->rc = TLDAP_PROTOCOL_ERROR;
1287 int tldap_search(struct tldap_context *ld,
1288 const char *base, int scope, const char *filter,
1289 const char **attrs, int num_attrs, int attrsonly,
1290 struct tldap_control *sctrls, int num_sctrls,
1291 struct tldap_control *cctrls, int num_cctrls,
1292 int timelimit, int sizelimit, int deref,
1293 TALLOC_CTX *mem_ctx, struct tldap_message ***entries,
1294 struct tldap_message ***refs)
1296 TALLOC_CTX *frame = talloc_stackframe();
1297 struct tevent_context *ev;
1298 struct tevent_req *req;
1299 struct tldap_sync_search_state state;
1302 state.mem_ctx = mem_ctx;
1303 state.rc = TLDAP_SUCCESS;
1305 ev = event_context_init(frame);
1307 state.rc = TLDAP_NO_MEMORY;
1311 req = tldap_search_send(frame, ev, ld, base, scope, filter,
1312 attrs, num_attrs, attrsonly,
1313 sctrls, num_sctrls, cctrls, num_cctrls,
1314 timelimit, sizelimit, deref);
1316 state.rc = TLDAP_NO_MEMORY;
1320 tevent_req_set_callback(req, tldap_search_cb, &state);
1322 while (tevent_req_is_in_progress(req)
1323 && (state.rc == TLDAP_SUCCESS)) {
1324 if (tevent_loop_once(ev) == -1) {
1325 return TLDAP_OPERATIONS_ERROR;
1329 if (state.rc != TLDAP_SUCCESS) {
1333 if (entries != NULL) {
1334 *entries = state.entries;
1336 TALLOC_FREE(state.entries);
1341 TALLOC_FREE(state.refs);
1343 tldap_save_msg(ld, req);
1349 static bool tldap_parse_search_entry(struct tldap_message *msg)
1351 int num_attribs = 0;
1353 asn1_start_tag(msg->data, msg->type);
1357 asn1_read_OctetString_talloc(msg, msg->data, &msg->dn);
1358 if (msg->dn == NULL) {
1363 * Attributes: We overallocate msg->attribs by one, so that while
1364 * looping over the attributes we can directly parse into the last
1365 * array element. Same for the values in the inner loop.
1368 msg->attribs = talloc_array(msg, struct tldap_attribute, 1);
1369 if (msg->attribs == NULL) {
1373 asn1_start_tag(msg->data, ASN1_SEQUENCE(0));
1374 while (asn1_peek_tag(msg->data, ASN1_SEQUENCE(0))) {
1375 struct tldap_attribute *attrib;
1378 attrib = &msg->attribs[num_attribs];
1379 attrib->values = talloc_array(msg->attribs, DATA_BLOB, 1);
1380 if (attrib->values == NULL) {
1383 asn1_start_tag(msg->data, ASN1_SEQUENCE(0));
1384 asn1_read_OctetString_talloc(msg->attribs, msg->data,
1386 asn1_start_tag(msg->data, ASN1_SET);
1388 while (asn1_peek_tag(msg->data, ASN1_OCTET_STRING)) {
1389 asn1_read_OctetString(msg->data, msg,
1390 &attrib->values[num_values]);
1392 attrib->values = talloc_realloc(
1393 msg->attribs, attrib->values, DATA_BLOB,
1395 if (attrib->values == NULL) {
1400 attrib->values = talloc_realloc(msg->attribs, attrib->values,
1401 DATA_BLOB, num_values);
1402 attrib->num_values = num_values;
1404 asn1_end_tag(msg->data); /* ASN1_SET */
1405 asn1_end_tag(msg->data); /* ASN1_SEQUENCE(0) */
1406 msg->attribs = talloc_realloc(
1407 msg, msg->attribs, struct tldap_attribute,
1409 if (msg->attribs == NULL) {
1414 msg->attribs = talloc_realloc(
1415 msg, msg->attribs, struct tldap_attribute, num_attribs);
1416 asn1_end_tag(msg->data);
1417 if (msg->data->has_error) {
1423 bool tldap_entry_dn(struct tldap_message *msg, char **dn)
1425 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1432 bool tldap_entry_attributes(struct tldap_message *msg, int *num_attributes,
1433 struct tldap_attribute **attributes)
1435 if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
1438 *attributes = msg->attribs;
1439 *num_attributes = talloc_array_length(msg->attribs);
1443 static bool tldap_decode_controls(struct tldap_req_state *state)
1445 struct tldap_message *msg = state->result;
1446 struct asn1_data *data = msg->data;
1447 struct tldap_control *sctrls = NULL;
1448 int num_controls = 0;
1450 msg->res_sctrls = NULL;
1452 if (!asn1_peek_tag(data, ASN1_CONTEXT(0))) {
1456 asn1_start_tag(data, ASN1_CONTEXT(0));
1458 while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
1459 struct tldap_control *c;
1462 sctrls = talloc_realloc(msg, sctrls, struct tldap_control,
1464 if (sctrls == NULL) {
1467 c = &sctrls[num_controls];
1469 asn1_start_tag(data, ASN1_SEQUENCE(0));
1470 asn1_read_OctetString_talloc(msg, data, &oid);
1471 if ((data->has_error) || (oid == NULL)) {
1475 if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
1476 asn1_read_BOOLEAN(data, &c->critical);
1478 c->critical = false;
1480 c->value = data_blob_null;
1481 if (asn1_peek_tag(data, ASN1_OCTET_STRING) &&
1482 !asn1_read_OctetString(data, msg, &c->value)) {
1485 asn1_end_tag(data); /* ASN1_SEQUENCE(0) */
1490 asn1_end_tag(data); /* ASN1_CONTEXT(0) */
1492 if (data->has_error) {
1493 TALLOC_FREE(sctrls);
1496 msg->res_sctrls = sctrls;
1500 static void tldap_simple_done(struct tevent_req *subreq, int type)
1502 struct tevent_req *req = tevent_req_callback_data(
1503 subreq, struct tevent_req);
1504 struct tldap_req_state *state = tevent_req_data(
1505 req, struct tldap_req_state);
1508 err = tldap_msg_recv(subreq, state, &state->result);
1509 TALLOC_FREE(subreq);
1510 if (err != TLDAP_SUCCESS) {
1511 tevent_req_error(req, err);
1514 if (state->result->type != type) {
1515 tevent_req_error(req, TLDAP_PROTOCOL_ERROR);
1518 if (!asn1_start_tag(state->result->data, state->result->type) ||
1519 !tldap_decode_response(state) ||
1520 !asn1_end_tag(state->result->data) ||
1521 !tldap_decode_controls(state)) {
1522 tevent_req_error(req, TLDAP_DECODING_ERROR);
1525 if (state->result->lderr != TLDAP_SUCCESS) {
1526 tevent_req_error(req, state->result->lderr);
1529 tevent_req_done(req);
1532 static int tldap_simple_recv(struct tevent_req *req)
1535 if (tevent_req_is_ldap_error(req, &err)) {
1538 return TLDAP_SUCCESS;
1541 static void tldap_add_done(struct tevent_req *subreq);
1543 struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx,
1544 struct tevent_context *ev,
1545 struct tldap_context *ld,
1547 struct tldap_mod *attributes,
1549 struct tldap_control *sctrls,
1551 struct tldap_control *cctrls,
1554 struct tevent_req *req, *subreq;
1555 struct tldap_req_state *state;
1558 req = tldap_req_create(mem_ctx, ld, &state);
1563 asn1_push_tag(state->out, TLDAP_REQ_ADD);
1564 asn1_write_OctetString(state->out, dn, strlen(dn));
1565 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1567 for (i=0; i<num_attributes; i++) {
1568 struct tldap_mod *attrib = &attributes[i];
1569 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1570 asn1_write_OctetString(state->out, attrib->attribute,
1571 strlen(attrib->attribute));
1572 asn1_push_tag(state->out, ASN1_SET);
1573 for (j=0; j<attrib->num_values; j++) {
1574 asn1_write_OctetString(state->out,
1575 attrib->values[j].data,
1576 attrib->values[j].length);
1578 asn1_pop_tag(state->out);
1579 asn1_pop_tag(state->out);
1582 asn1_pop_tag(state->out);
1583 asn1_pop_tag(state->out);
1585 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1586 sctrls, num_sctrls);
1587 if (tevent_req_nomem(subreq, req)) {
1588 return tevent_req_post(req, ev);
1590 tevent_req_set_callback(subreq, tldap_add_done, req);
1594 static void tldap_add_done(struct tevent_req *subreq)
1596 return tldap_simple_done(subreq, TLDAP_RES_ADD);
1599 int tldap_add_recv(struct tevent_req *req)
1601 return tldap_simple_recv(req);
1604 int tldap_add(struct tldap_context *ld, const char *dn,
1605 int num_attributes, struct tldap_mod *attributes,
1606 struct tldap_control *sctrls, int num_sctrls,
1607 struct tldap_control *cctrls, int num_cctrls)
1609 TALLOC_CTX *frame = talloc_stackframe();
1610 struct tevent_context *ev;
1611 struct tevent_req *req;
1614 ev = event_context_init(frame);
1616 result = TLDAP_NO_MEMORY;
1620 req = tldap_add_send(frame, ev, ld, dn, attributes, num_attributes,
1621 sctrls, num_sctrls, cctrls, num_cctrls);
1623 result = TLDAP_NO_MEMORY;
1627 if (!tevent_req_poll(req, ev)) {
1628 result = TLDAP_OPERATIONS_ERROR;
1632 result = tldap_add_recv(req);
1633 tldap_save_msg(ld, req);
1639 static void tldap_modify_done(struct tevent_req *subreq);
1641 struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx,
1642 struct tevent_context *ev,
1643 struct tldap_context *ld,
1645 int num_mods, struct tldap_mod *mods,
1646 struct tldap_control *sctrls,
1648 struct tldap_control *cctrls,
1651 struct tevent_req *req, *subreq;
1652 struct tldap_req_state *state;
1655 req = tldap_req_create(mem_ctx, ld, &state);
1660 asn1_push_tag(state->out, TLDAP_REQ_MODIFY);
1661 asn1_write_OctetString(state->out, dn, strlen(dn));
1662 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1664 for (i=0; i<num_mods; i++) {
1665 struct tldap_mod *mod = &mods[i];
1666 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1667 asn1_write_enumerated(state->out, mod->mod_op),
1668 asn1_push_tag(state->out, ASN1_SEQUENCE(0));
1669 asn1_write_OctetString(state->out, mod->attribute,
1670 strlen(mod->attribute));
1671 asn1_push_tag(state->out, ASN1_SET);
1672 for (j=0; j<mod->num_values; j++) {
1673 asn1_write_OctetString(state->out,
1674 mod->values[j].data,
1675 mod->values[j].length);
1677 asn1_pop_tag(state->out);
1678 asn1_pop_tag(state->out);
1679 asn1_pop_tag(state->out);
1682 asn1_pop_tag(state->out);
1683 asn1_pop_tag(state->out);
1685 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1686 sctrls, num_sctrls);
1687 if (tevent_req_nomem(subreq, req)) {
1688 return tevent_req_post(req, ev);
1690 tevent_req_set_callback(subreq, tldap_modify_done, req);
1694 static void tldap_modify_done(struct tevent_req *subreq)
1696 return tldap_simple_done(subreq, TLDAP_RES_MODIFY);
1699 int tldap_modify_recv(struct tevent_req *req)
1701 return tldap_simple_recv(req);
1704 int tldap_modify(struct tldap_context *ld, const char *dn,
1705 int num_mods, struct tldap_mod *mods,
1706 struct tldap_control *sctrls, int num_sctrls,
1707 struct tldap_control *cctrls, int num_cctrls)
1709 TALLOC_CTX *frame = talloc_stackframe();
1710 struct tevent_context *ev;
1711 struct tevent_req *req;
1714 ev = event_context_init(frame);
1716 result = TLDAP_NO_MEMORY;
1720 req = tldap_modify_send(frame, ev, ld, dn, num_mods, mods,
1721 sctrls, num_sctrls, cctrls, num_cctrls);
1723 result = TLDAP_NO_MEMORY;
1727 if (!tevent_req_poll(req, ev)) {
1728 result = TLDAP_OPERATIONS_ERROR;
1732 result = tldap_modify_recv(req);
1733 tldap_save_msg(ld, req);
1739 static void tldap_delete_done(struct tevent_req *subreq);
1741 struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx,
1742 struct tevent_context *ev,
1743 struct tldap_context *ld,
1745 struct tldap_control *sctrls,
1747 struct tldap_control *cctrls,
1750 struct tevent_req *req, *subreq;
1751 struct tldap_req_state *state;
1753 req = tldap_req_create(mem_ctx, ld, &state);
1758 asn1_push_tag(state->out, TLDAP_REQ_DELETE);
1759 asn1_write(state->out, dn, strlen(dn));
1760 asn1_pop_tag(state->out);
1762 subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
1763 sctrls, num_sctrls);
1764 if (tevent_req_nomem(subreq, req)) {
1765 return tevent_req_post(req, ev);
1767 tevent_req_set_callback(subreq, tldap_delete_done, req);
1771 static void tldap_delete_done(struct tevent_req *subreq)
1773 return tldap_simple_done(subreq, TLDAP_RES_DELETE);
1776 int tldap_delete_recv(struct tevent_req *req)
1778 return tldap_simple_recv(req);
1781 int tldap_delete(struct tldap_context *ld, const char *dn,
1782 struct tldap_control *sctrls, int num_sctrls,
1783 struct tldap_control *cctrls, int num_cctrls)
1785 TALLOC_CTX *frame = talloc_stackframe();
1786 struct tevent_context *ev;
1787 struct tevent_req *req;
1790 ev = event_context_init(frame);
1792 result = TLDAP_NO_MEMORY;
1796 req = tldap_delete_send(frame, ev, ld, dn, sctrls, num_sctrls,
1797 cctrls, num_cctrls);
1799 result = TLDAP_NO_MEMORY;
1803 if (!tevent_req_poll(req, ev)) {
1804 result = TLDAP_OPERATIONS_ERROR;
1808 result = tldap_delete_recv(req);
1809 tldap_save_msg(ld, req);
1815 int tldap_msg_id(const struct tldap_message *msg)
1820 int tldap_msg_type(const struct tldap_message *msg)
1825 const char *tldap_msg_matcheddn(struct tldap_message *msg)
1830 return msg->res_matcheddn;
1833 const char *tldap_msg_diagnosticmessage(struct tldap_message *msg)
1838 return msg->res_diagnosticmessage;
1841 const char *tldap_msg_referral(struct tldap_message *msg)
1846 return msg->res_referral;
1849 void tldap_msg_sctrls(struct tldap_message *msg, int *num_sctrls,
1850 struct tldap_control **sctrls)
1856 *sctrls = msg->res_sctrls;
1857 *num_sctrls = talloc_array_length(msg->res_sctrls);
1860 struct tldap_message *tldap_ctx_lastmsg(struct tldap_context *ld)
1862 return ld->last_msg;
1865 const char *tldap_err2string(int rc)
1867 const char *res = NULL;
1870 * This would normally be a table, but the error codes are not fully
1871 * sequential. Let the compiler figure out the optimum implementation
1877 res = "TLDAP_SUCCESS";
1879 case TLDAP_OPERATIONS_ERROR:
1880 res = "TLDAP_OPERATIONS_ERROR";
1882 case TLDAP_PROTOCOL_ERROR:
1883 res = "TLDAP_PROTOCOL_ERROR";
1885 case TLDAP_TIMELIMIT_EXCEEDED:
1886 res = "TLDAP_TIMELIMIT_EXCEEDED";
1888 case TLDAP_SIZELIMIT_EXCEEDED:
1889 res = "TLDAP_SIZELIMIT_EXCEEDED";
1891 case TLDAP_COMPARE_FALSE:
1892 res = "TLDAP_COMPARE_FALSE";
1894 case TLDAP_COMPARE_TRUE:
1895 res = "TLDAP_COMPARE_TRUE";
1897 case TLDAP_STRONG_AUTH_NOT_SUPPORTED:
1898 res = "TLDAP_STRONG_AUTH_NOT_SUPPORTED";
1900 case TLDAP_STRONG_AUTH_REQUIRED:
1901 res = "TLDAP_STRONG_AUTH_REQUIRED";
1903 case TLDAP_REFERRAL:
1904 res = "TLDAP_REFERRAL";
1906 case TLDAP_ADMINLIMIT_EXCEEDED:
1907 res = "TLDAP_ADMINLIMIT_EXCEEDED";
1909 case TLDAP_UNAVAILABLE_CRITICAL_EXTENSION:
1910 res = "TLDAP_UNAVAILABLE_CRITICAL_EXTENSION";
1912 case TLDAP_CONFIDENTIALITY_REQUIRED:
1913 res = "TLDAP_CONFIDENTIALITY_REQUIRED";
1915 case TLDAP_SASL_BIND_IN_PROGRESS:
1916 res = "TLDAP_SASL_BIND_IN_PROGRESS";
1918 case TLDAP_NO_SUCH_ATTRIBUTE:
1919 res = "TLDAP_NO_SUCH_ATTRIBUTE";
1921 case TLDAP_UNDEFINED_TYPE:
1922 res = "TLDAP_UNDEFINED_TYPE";
1924 case TLDAP_INAPPROPRIATE_MATCHING:
1925 res = "TLDAP_INAPPROPRIATE_MATCHING";
1927 case TLDAP_CONSTRAINT_VIOLATION:
1928 res = "TLDAP_CONSTRAINT_VIOLATION";
1930 case TLDAP_TYPE_OR_VALUE_EXISTS:
1931 res = "TLDAP_TYPE_OR_VALUE_EXISTS";
1933 case TLDAP_INVALID_SYNTAX:
1934 res = "TLDAP_INVALID_SYNTAX";
1936 case TLDAP_NO_SUCH_OBJECT:
1937 res = "TLDAP_NO_SUCH_OBJECT";
1939 case TLDAP_ALIAS_PROBLEM:
1940 res = "TLDAP_ALIAS_PROBLEM";
1942 case TLDAP_INVALID_DN_SYNTAX:
1943 res = "TLDAP_INVALID_DN_SYNTAX";
1946 res = "TLDAP_IS_LEAF";
1948 case TLDAP_ALIAS_DEREF_PROBLEM:
1949 res = "TLDAP_ALIAS_DEREF_PROBLEM";
1951 case TLDAP_INAPPROPRIATE_AUTH:
1952 res = "TLDAP_INAPPROPRIATE_AUTH";
1954 case TLDAP_INVALID_CREDENTIALS:
1955 res = "TLDAP_INVALID_CREDENTIALS";
1957 case TLDAP_INSUFFICIENT_ACCESS:
1958 res = "TLDAP_INSUFFICIENT_ACCESS";
1963 case TLDAP_UNAVAILABLE:
1964 res = "TLDAP_UNAVAILABLE";
1966 case TLDAP_UNWILLING_TO_PERFORM:
1967 res = "TLDAP_UNWILLING_TO_PERFORM";
1969 case TLDAP_LOOP_DETECT:
1970 res = "TLDAP_LOOP_DETECT";
1972 case TLDAP_NAMING_VIOLATION:
1973 res = "TLDAP_NAMING_VIOLATION";
1975 case TLDAP_OBJECT_CLASS_VIOLATION:
1976 res = "TLDAP_OBJECT_CLASS_VIOLATION";
1978 case TLDAP_NOT_ALLOWED_ON_NONLEAF:
1979 res = "TLDAP_NOT_ALLOWED_ON_NONLEAF";
1981 case TLDAP_NOT_ALLOWED_ON_RDN:
1982 res = "TLDAP_NOT_ALLOWED_ON_RDN";
1984 case TLDAP_ALREADY_EXISTS:
1985 res = "TLDAP_ALREADY_EXISTS";
1987 case TLDAP_NO_OBJECT_CLASS_MODS:
1988 res = "TLDAP_NO_OBJECT_CLASS_MODS";
1990 case TLDAP_RESULTS_TOO_LARGE:
1991 res = "TLDAP_RESULTS_TOO_LARGE";
1993 case TLDAP_AFFECTS_MULTIPLE_DSAS:
1994 res = "TLDAP_AFFECTS_MULTIPLE_DSAS";
1997 res = "TLDAP_OTHER";
1999 case TLDAP_SERVER_DOWN:
2000 res = "TLDAP_SERVER_DOWN";
2002 case TLDAP_LOCAL_ERROR:
2003 res = "TLDAP_LOCAL_ERROR";
2005 case TLDAP_ENCODING_ERROR:
2006 res = "TLDAP_ENCODING_ERROR";
2008 case TLDAP_DECODING_ERROR:
2009 res = "TLDAP_DECODING_ERROR";
2012 res = "TLDAP_TIMEOUT";
2014 case TLDAP_AUTH_UNKNOWN:
2015 res = "TLDAP_AUTH_UNKNOWN";
2017 case TLDAP_FILTER_ERROR:
2018 res = "TLDAP_FILTER_ERROR";
2020 case TLDAP_USER_CANCELLED:
2021 res = "TLDAP_USER_CANCELLED";
2023 case TLDAP_PARAM_ERROR:
2024 res = "TLDAP_PARAM_ERROR";
2026 case TLDAP_NO_MEMORY:
2027 res = "TLDAP_NO_MEMORY";
2029 case TLDAP_CONNECT_ERROR:
2030 res = "TLDAP_CONNECT_ERROR";
2032 case TLDAP_NOT_SUPPORTED:
2033 res = "TLDAP_NOT_SUPPORTED";
2035 case TLDAP_CONTROL_NOT_FOUND:
2036 res = "TLDAP_CONTROL_NOT_FOUND";
2038 case TLDAP_NO_RESULTS_RETURNED:
2039 res = "TLDAP_NO_RESULTS_RETURNED";
2041 case TLDAP_MORE_RESULTS_TO_RETURN:
2042 res = "TLDAP_MORE_RESULTS_TO_RETURN";
2044 case TLDAP_CLIENT_LOOP:
2045 res = "TLDAP_CLIENT_LOOP";
2047 case TLDAP_REFERRAL_LIMIT_EXCEEDED:
2048 res = "TLDAP_REFERRAL_LIMIT_EXCEEDED";
2051 res = talloc_asprintf(talloc_tos(), "Unknown LDAP Error (%d)",
2056 res = "Unknown LDAP Error";