2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
5 Copyright (C) Simo Sorce 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "system/iconv.h"
25 #include "libcli/util/asn_1.h"
26 #include "libcli/ldap/ldap.h"
27 #include "lib/ldb/include/ldb.h"
29 struct control_handler {
31 BOOL (*decode)(void *mem_ctx, DATA_BLOB in, void **out);
32 BOOL (*encode)(void *mem_ctx, void *in, DATA_BLOB *out);
35 static BOOL decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void **out)
38 struct asn1_data data;
39 struct ldb_sort_resp_control *lsrc;
41 if (!asn1_load(&data, in)) {
45 lsrc = talloc(mem_ctx, struct ldb_sort_resp_control);
50 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
54 if (!asn1_read_enumerated(&data, &(lsrc->result))) {
58 lsrc->attr_desc = NULL;
59 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
60 if (!asn1_read_OctetString(&data, &attr)) {
63 lsrc->attr_desc = talloc_strndup(lsrc, (const char *)attr.data, attr.length);
64 if (!lsrc->attr_desc) {
69 if (!asn1_end_tag(&data)) {
78 static BOOL decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void **out)
82 struct asn1_data data;
83 struct ldb_server_sort_control **lssc;
86 if (!asn1_load(&data, in)) {
90 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
96 for (num = 0; asn1_peek_tag(&data, ASN1_SEQUENCE(0)); num++) {
97 lssc = talloc_realloc(mem_ctx, lssc, struct ldb_server_sort_control *, num + 2);
101 lssc[num] = talloc_zero(lssc, struct ldb_server_sort_control);
106 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
110 if (!asn1_read_OctetString(&data, &attr)) {
114 lssc[num]->attributeName = talloc_strndup(lssc[num], (const char *)attr.data, attr.length);
115 if (!lssc [num]->attributeName) {
119 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
120 if (!asn1_read_OctetString(&data, &rule)) {
123 lssc[num]->orderingRule = talloc_strndup(lssc[num], (const char *)rule.data, rule.length);
124 if (!lssc[num]->orderingRule) {
129 if (asn1_peek_tag(&data, ASN1_BOOLEAN)) {
131 if (!asn1_read_BOOLEAN(&data, &reverse)) {
134 lssc[num]->reverse = reverse;
137 if (!asn1_end_tag(&data)) {
146 if (!asn1_end_tag(&data)) {
155 static BOOL decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
157 struct asn1_data data;
158 struct ldb_extended_dn_control *ledc;
160 if (!asn1_load(&data, in)) {
164 ledc = talloc(mem_ctx, struct ldb_extended_dn_control);
169 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
173 if (!asn1_read_Integer(&data, &(ledc->type))) {
177 if (!asn1_end_tag(&data)) {
186 static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
189 struct asn1_data data;
190 struct ldb_paged_control *lprc;
192 if (!asn1_load(&data, in)) {
196 lprc = talloc(mem_ctx, struct ldb_paged_control);
201 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
205 if (!asn1_read_Integer(&data, &(lprc->size))) {
209 if (!asn1_read_OctetString(&data, &cookie)) {
212 lprc->cookie_len = cookie.length;
213 if (lprc->cookie_len) {
214 lprc->cookie = talloc_memdup(lprc, cookie.data, cookie.length);
216 if (!(lprc->cookie)) {
223 if (!asn1_end_tag(&data)) {
232 static BOOL decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out)
235 struct asn1_data data;
236 struct ldb_dirsync_control *ldc;
238 if (!asn1_load(&data, in)) {
242 ldc = talloc(mem_ctx, struct ldb_dirsync_control);
247 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
251 if (!asn1_read_Integer(&data, &(ldc->flags))) {
255 if (!asn1_read_Integer(&data, &(ldc->max_attributes))) {
259 if (!asn1_read_OctetString(&data, &cookie)) {
262 ldc->cookie_len = cookie.length;
263 if (ldc->cookie_len) {
264 ldc->cookie = talloc_memdup(ldc, cookie.data, cookie.length);
266 if (!(ldc->cookie)) {
273 if (!asn1_end_tag(&data)) {
282 /* seem that this controls has 2 forms one in case it is used with
283 * a Search Request and another when used ina Search Response
285 static BOOL decode_asq_control(void *mem_ctx, DATA_BLOB in, void **out)
287 DATA_BLOB source_attribute;
288 struct asn1_data data;
289 struct ldb_asq_control *lac;
291 if (!asn1_load(&data, in)) {
295 lac = talloc(mem_ctx, struct ldb_asq_control);
300 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
304 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
306 if (!asn1_read_OctetString(&data, &source_attribute)) {
309 lac->src_attr_len = source_attribute.length;
310 if (lac->src_attr_len) {
311 lac->source_attribute = talloc_strndup(lac, (const char *)source_attribute.data, source_attribute.length);
313 if (!(lac->source_attribute)) {
317 lac->source_attribute = NULL;
322 } else if (asn1_peek_tag(&data, ASN1_ENUMERATED)) {
324 if (!asn1_read_enumerated(&data, &(lac->result))) {
334 if (!asn1_end_tag(&data)) {
343 static BOOL decode_notification_request(void *mem_ctx, DATA_BLOB in, void **out)
345 if (in.length != 0) {
352 static BOOL decode_manageDSAIT_request(void *mem_ctx, DATA_BLOB in, void **out)
354 if (in.length != 0) {
361 static BOOL decode_vlv_request(void *mem_ctx, DATA_BLOB in, void **out)
363 DATA_BLOB assertion_value, context_id;
364 struct asn1_data data;
365 struct ldb_vlv_req_control *lvrc;
367 if (!asn1_load(&data, in)) {
371 lvrc = talloc(mem_ctx, struct ldb_vlv_req_control);
376 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
380 if (!asn1_read_Integer(&data, &(lvrc->beforeCount))) {
384 if (!asn1_read_Integer(&data, &(lvrc->afterCount))) {
388 if (asn1_peek_tag(&data, ASN1_CONTEXT(0))) {
392 if (!asn1_start_tag(&data, ASN1_CONTEXT(0))) {
396 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
400 if (!asn1_read_Integer(&data, &(lvrc->match.byOffset.offset))) {
404 if (!asn1_read_Integer(&data, &(lvrc->match.byOffset.contentCount))) {
408 if (!asn1_end_tag(&data)) { /*SEQUENCE*/
412 if (!asn1_end_tag(&data)) { /*CONTEXT*/
420 if (!asn1_start_tag(&data, ASN1_CONTEXT(1))) {
424 if (!asn1_read_OctetString(&data, &assertion_value)) {
427 lvrc->match.gtOrEq.value_len = assertion_value.length;
428 if (lvrc->match.gtOrEq.value_len) {
429 lvrc->match.gtOrEq.value = talloc_memdup(lvrc, assertion_value.data, assertion_value.length);
431 if (!(lvrc->match.gtOrEq.value)) {
435 lvrc->match.gtOrEq.value = NULL;
438 if (!asn1_end_tag(&data)) { /*CONTEXT*/
443 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
444 if (!asn1_read_OctetString(&data, &context_id)) {
447 lvrc->ctxid_len = context_id.length;
448 if (lvrc->ctxid_len) {
449 lvrc->contextId = talloc_memdup(lvrc, context_id.data, context_id.length);
451 if (!(lvrc->contextId)) {
455 lvrc->contextId = NULL;
458 lvrc->contextId = NULL;
462 if (!asn1_end_tag(&data)) {
471 static BOOL decode_vlv_response(void *mem_ctx, DATA_BLOB in, void **out)
473 DATA_BLOB context_id;
474 struct asn1_data data;
475 struct ldb_vlv_resp_control *lvrc;
477 if (!asn1_load(&data, in)) {
481 lvrc = talloc(mem_ctx, struct ldb_vlv_resp_control);
486 if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
490 if (!asn1_read_Integer(&data, &(lvrc->targetPosition))) {
494 if (!asn1_read_Integer(&data, &(lvrc->contentCount))) {
498 if (!asn1_read_enumerated(&data, &(lvrc->vlv_result))) {
502 if (asn1_peek_tag(&data, ASN1_OCTET_STRING)) {
503 if (!asn1_read_OctetString(&data, &context_id)) {
506 lvrc->contextId = talloc_strndup(lvrc, (const char *)context_id.data, context_id.length);
507 if (!lvrc->contextId) {
510 lvrc->ctxid_len = context_id.length;
512 lvrc->contextId = NULL;
516 if (!asn1_end_tag(&data)) {
525 static BOOL encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out)
527 struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control);
528 struct asn1_data data;
532 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
536 if (!asn1_write_enumerated(&data, lsrc->result)) {
540 if (lsrc->attr_desc) {
541 if (!asn1_write_OctetString(&data, lsrc->attr_desc, strlen(lsrc->attr_desc))) {
546 if (!asn1_pop_tag(&data)) {
550 *out = data_blob_talloc(mem_ctx, data.data, data.length);
551 if (out->data == NULL) {
558 static BOOL encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out)
560 struct ldb_server_sort_control **lssc = talloc_get_type(in, struct ldb_server_sort_control *);
561 struct asn1_data data;
566 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
570 for (num = 0; lssc[num]; num++) {
571 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
575 if (!asn1_write_OctetString(&data, lssc[num]->attributeName, strlen(lssc[num]->attributeName))) {
579 if (lssc[num]->orderingRule) {
580 if (!asn1_write_OctetString(&data, lssc[num]->orderingRule, strlen(lssc[num]->orderingRule))) {
585 if (lssc[num]->reverse) {
586 if (!asn1_write_BOOLEAN(&data, lssc[num]->reverse)) {
591 if (!asn1_pop_tag(&data)) {
596 if (!asn1_pop_tag(&data)) {
600 *out = data_blob_talloc(mem_ctx, data.data, data.length);
601 if (out->data == NULL) {
608 static BOOL encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
610 struct ldb_extended_dn_control *ledc = talloc_get_type(in, struct ldb_extended_dn_control);
611 struct asn1_data data;
615 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
619 if (!asn1_write_Integer(&data, ledc->type)) {
623 if (!asn1_pop_tag(&data)) {
627 *out = data_blob_talloc(mem_ctx, data.data, data.length);
628 if (out->data == NULL) {
635 static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
637 struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
638 struct asn1_data data;
642 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
646 if (!asn1_write_Integer(&data, lprc->size)) {
650 if (!asn1_write_OctetString(&data, lprc->cookie, lprc->cookie_len)) {
654 if (!asn1_pop_tag(&data)) {
658 *out = data_blob_talloc(mem_ctx, data.data, data.length);
659 if (out->data == NULL) {
666 /* seem that this controls has 2 forms one in case it is used with
667 * a Search Request and another when used ina Search Response
669 static BOOL encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out)
671 struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control);
672 struct asn1_data data;
676 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
682 if (!asn1_write_OctetString(&data, lac->source_attribute, lac->src_attr_len)) {
686 if (!asn1_write_enumerated(&data, lac->result)) {
691 if (!asn1_pop_tag(&data)) {
695 *out = data_blob_talloc(mem_ctx, data.data, data.length);
696 if (out->data == NULL) {
703 static BOOL encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out)
705 struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control);
706 struct asn1_data data;
710 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
714 if (!asn1_write_Integer(&data, ldc->flags)) {
718 if (!asn1_write_Integer(&data, ldc->max_attributes)) {
722 if (!asn1_write_OctetString(&data, ldc->cookie, ldc->cookie_len)) {
726 if (!asn1_pop_tag(&data)) {
730 *out = data_blob_talloc(mem_ctx, data.data, data.length);
731 if (out->data == NULL) {
738 static BOOL encode_notification_request(void *mem_ctx, void *in, DATA_BLOB *out)
744 *out = data_blob(NULL, 0);
748 static BOOL encode_manageDSAIT_request(void *mem_ctx, void *in, DATA_BLOB *out)
754 *out = data_blob(NULL, 0);
758 static BOOL encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
760 struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control);
761 struct asn1_data data;
765 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
769 if (!asn1_write_Integer(&data, lvrc->beforeCount)) {
773 if (!asn1_write_Integer(&data, lvrc->afterCount)) {
777 if (lvrc->type == 0) {
778 if (!asn1_push_tag(&data, ASN1_CONTEXT(0))) {
782 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
786 if (!asn1_write_Integer(&data, lvrc->match.byOffset.offset)) {
790 if (!asn1_write_Integer(&data, lvrc->match.byOffset.contentCount)) {
794 if (!asn1_pop_tag(&data)) { /*SEQUENCE*/
798 if (!asn1_pop_tag(&data)) { /*CONTEXT*/
802 if (!asn1_push_tag(&data, ASN1_CONTEXT(1))) {
806 if (!asn1_write_OctetString(&data, lvrc->match.gtOrEq.value, lvrc->match.gtOrEq.value_len)) {
810 if (!asn1_pop_tag(&data)) { /*CONTEXT*/
815 if (lvrc->ctxid_len) {
816 if (!asn1_write_OctetString(&data, lvrc->contextId, lvrc->ctxid_len)) {
821 if (!asn1_pop_tag(&data)) {
825 *out = data_blob_talloc(mem_ctx, data.data, data.length);
826 if (out->data == NULL) {
833 static BOOL encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out)
835 struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control);
836 struct asn1_data data;
840 if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
844 if (!asn1_write_Integer(&data, lvrc->targetPosition)) {
848 if (!asn1_write_Integer(&data, lvrc->contentCount)) {
852 if (!asn1_write_enumerated(&data, lvrc->vlv_result)) {
856 if (lvrc->ctxid_len) {
857 if (!asn1_write_OctetString(&data, lvrc->contextId, lvrc->ctxid_len)) {
862 if (!asn1_pop_tag(&data)) {
866 *out = data_blob_talloc(mem_ctx, data.data, data.length);
867 if (out->data == NULL) {
874 struct control_handler ldap_known_controls[] = {
875 { "1.2.840.113556.1.4.319", decode_paged_results_request, encode_paged_results_request },
876 { "1.2.840.113556.1.4.529", decode_extended_dn_request, encode_extended_dn_request },
877 { "1.2.840.113556.1.4.473", decode_server_sort_request, encode_server_sort_request },
878 { "1.2.840.113556.1.4.474", decode_server_sort_response, encode_server_sort_response },
879 { "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control },
880 { "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
881 { "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request },
882 { "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request },
883 { "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
884 { "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },
888 BOOL ldap_decode_control(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl)
894 if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
898 if (!asn1_read_OctetString(data, &oid)) {
901 ctrl->oid = talloc_strndup(mem_ctx, (char *)oid.data, oid.length);
906 if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
908 if (!asn1_read_BOOLEAN(data, &critical)) {
911 ctrl->critical = critical;
913 ctrl->critical = False;
918 if (!asn1_peek_tag(data, ASN1_OCTET_STRING)) {
922 if (!asn1_read_OctetString(data, &value)) {
926 for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
927 if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
928 if (!ldap_known_controls[i].decode(mem_ctx, value, &ctrl->data)) {
934 if (ldap_known_controls[i].oid == NULL) {
939 if (!asn1_end_tag(data)) {
946 BOOL ldap_encode_control(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl)
951 if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
955 if (!asn1_write_OctetString(data, ctrl->oid, strlen(ctrl->oid))) {
959 if (ctrl->critical) {
960 if (!asn1_write_BOOLEAN(data, ctrl->critical)) {
969 for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
970 if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
971 if (!ldap_known_controls[i].encode(mem_ctx, ctrl->data, &value)) {
977 if (ldap_known_controls[i].oid == NULL) {
981 if (!asn1_write_OctetString(data, value.data, value.length)) {
986 if (!asn1_pop_tag(data)) {