r7626: a new ldap client library. Main features are:

 - hooked into events system, so requests can be truly async and won't
   interfere with other processing happening at the same time

 - uses NTSTATUS codes for errors (previously errors were mostly
   ignored). In a similar fashion to the DOS error handling, I have
   reserved a range of the NTSTATUS code 32 bit space for LDAP error
   codes, so a function can return a LDAP error code in a NTSTATUS

 - much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)

2 files changed, 81 insertions, 93 deletions

diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 97837d9ba8..69b9017d8a 100644
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -24,6 +24,7 @@
 #include "includes.h"
 #include "lib/ldb/include/ldb.h"
 #include "libcli/ldap/ldap.h"
+#include "libcli/ldap/ldap_client.h"
 #include "lib/cmdline/popt_common.h"
 
 static BOOL test_bind_simple(struct ldap_connection *conn, const char *userdn, const char *password)
@@ -78,12 +79,14 @@ static BOOL test_search_rootDSE(struct ldap_connection *conn, char **basedn)
 {
 	BOOL ret = True;
 	struct ldap_message *msg, *result;
+	struct ldap_request *req;
+	int i;
+	struct ldap_SearchResEntry *r;
+	NTSTATUS status;
 
 	printf("Testing RootDSE Search\n");
 
 	*basedn = NULL;
-	conn->searchid = 0;
-	conn->next_msgid = 30;
 
 	msg = new_ldap_message(conn);
 	if (!msg) {
@@ -101,45 +104,50 @@ static BOOL test_search_rootDSE(struct ldap_connection *conn, char **basedn)
 	msg->r.SearchRequest.num_attributes = 0;
 	msg->r.SearchRequest.attributes = NULL;
 
-	if (!ldap_setsearchent(conn, msg, NULL)) {
-		printf("Could not setsearchent\n");
+	req = ldap_request_send(conn, msg);
+	if (req == NULL) {
+		printf("Could not setup ldap search\n");
+		return False;
+	}
+
+	status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("search failed - %s\n", nt_errstr(status));
 		return False;
 	}
 
-	result = ldap_getsearchent(conn, NULL);
-	if (result) {
-		int i;
-		struct ldap_SearchResEntry *r = &result->r.SearchResultEntry;
+	printf("received %d replies\n", req->num_replies);
+
+	r = &result->r.SearchResultEntry;
 		
-		DEBUG(1,("\tdn: %s\n", r->dn));
-		for (i=0; i<r->num_attributes; i++) {
-			int j;
-			for (j=0; j<r->attributes[i].num_values; j++) {
-				DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name,
-					 r->attributes[i].values[j].length,
-					 r->attributes[i].values[j].length,
-					 (char *)r->attributes[i].values[j].data));
-				if (!(*basedn) && 
-				    strcasecmp("defaultNamingContext",r->attributes[i].name)==0) {
-					 *basedn = talloc_asprintf(conn, "%.*s",
-					 r->attributes[i].values[j].length,
-					 (char *)r->attributes[i].values[j].data);
-				}
+	DEBUG(1,("\tdn: %s\n", r->dn));
+	for (i=0; i<r->num_attributes; i++) {
+		int j;
+		for (j=0; j<r->attributes[i].num_values; j++) {
+			DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name,
+				 r->attributes[i].values[j].length,
+				 r->attributes[i].values[j].length,
+				 (char *)r->attributes[i].values[j].data));
+			if (!(*basedn) && 
+			    strcasecmp("defaultNamingContext",r->attributes[i].name)==0) {
+				*basedn = talloc_asprintf(conn, "%.*s",
+							  r->attributes[i].values[j].length,
+							  (char *)r->attributes[i].values[j].data);
 			}
 		}
-	} else {
-		ret = False;
 	}
 
-	ldap_endsearchent(conn, NULL);
+	talloc_free(req);
 
 	return ret;
 }
 
 static BOOL test_compare_sasl(struct ldap_connection *conn, const char *basedn)
 {
-	struct ldap_message *req, *rep;
+	struct ldap_message *msg, *rep;
+	struct ldap_request *req;
 	const char *val;
+	NTSTATUS status;
 
 	printf("Testing SASL Compare: %s\n", basedn);
 
@@ -147,21 +155,25 @@ static BOOL test_compare_sasl(struct ldap_connection *conn, const char *basedn)
 		return False;
 	}
 
-	conn->next_msgid = 55;
-
-	req = new_ldap_message(conn);
-	if (!req) {
+	msg = new_ldap_message(conn);
+	if (!msg) {
 		return False;
 	}
 
-	req->type = LDAP_TAG_CompareRequest;
-	req->r.CompareRequest.dn = basedn;
-	req->r.CompareRequest.attribute = talloc_strdup(req, "objectClass");
+	msg->type = LDAP_TAG_CompareRequest;
+	msg->r.CompareRequest.dn = basedn;
+	msg->r.CompareRequest.attribute = talloc_strdup(msg, "objectClass");
 	val = "domain";
-	req->r.CompareRequest.value = data_blob_talloc(req, val, strlen(val));
+	msg->r.CompareRequest.value = data_blob_talloc(msg, val, strlen(val));
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return False;
+	}
 
-	rep = ldap_transaction(conn, req);
-	if (!rep) {
+	status = ldap_result_one(req, &rep, LDAP_TAG_CompareResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap compare request - %s\n", nt_errstr(status));
 		return False;
 	}
 
@@ -171,13 +183,10 @@ static BOOL test_compare_sasl(struct ldap_connection *conn, const char *basedn)
 		rep->r.CompareResponse.errormessage,
 		rep->r.CompareResponse.referral));
 
-	if (rep->type != LDAP_TAG_CompareResponse) {
-		return False;
-	}
-
 	return True;
 }
 
+
 BOOL torture_ldap_basic(void)
 {
         NTSTATUS status;
@@ -186,7 +195,6 @@ BOOL torture_ldap_basic(void)
 	BOOL ret = True;
 	const char *host = lp_parm_string(-1, "torture", "host");
 	const char *userdn = lp_parm_string(-1, "torture", "ldap_userdn");
-	/*const char *basedn = lp_parm_string(-1, "torture", "ldap_basedn");*/
 	const char *secret = lp_parm_string(-1, "torture", "ldap_secret");
 	char *url;
 	char *basedn;
@@ -195,18 +203,18 @@ BOOL torture_ldap_basic(void)
 
 	url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
 
-	status = torture_ldap_connection2(mem_ctx, &conn, url, userdn, secret);
+	status = torture_ldap_connection(mem_ctx, &conn, url);
 	if (!NT_STATUS_IS_OK(status)) {
 		return False;
 	}
 
-	/* other basic tests here */
-
-	if (!test_multibind(conn, userdn, secret)) {
+	if (!test_search_rootDSE(conn, &basedn)) {
 		ret = False;
 	}
 
-	if (!test_search_rootDSE(conn, &basedn)) {
+	/* other basic tests here */
+
+	if (!test_multibind(conn, userdn, secret)) {
 		ret = False;
 	}
 
@@ -219,10 +227,9 @@ BOOL torture_ldap_basic(void)
 	}
 
 	/* no more test we are closing */
-
+        torture_ldap_close(conn);
 	talloc_free(mem_ctx);
 
-        torture_ldap_close(conn);
 
 	return ret;
 }
diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
index a65d24804c..f5b2a1254d 100644
--- a/source4/torture/ldap/common.c
+++ b/source4/torture/ldap/common.c
@@ -28,92 +28,73 @@
 
 NTSTATUS torture_ldap_bind(struct ldap_connection *conn, const char *userdn, const char *password)
 {
-        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	int result;
+	NTSTATUS status;
 
-	if (!conn) {
-		printf("We need a valid ldap_connection structure and be connected\n");
-		return status;
+	status = ldap_bind_simple(conn, userdn, password);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to bind with provided credentials - %s\n", 
+		       nt_errstr(status));
 	}
 
-	result = ldap_bind_simple(conn, userdn, password);
-	if (result != LDAP_SUCCESS) {
-		printf("Failed to bind with provided credentials\n");
-		/* FIXME: what abut actually implementing an ldap_connection_free() function ?
-		          :-) sss */
-		return status;
-	}
- 
-	return NT_STATUS_OK;
+	return status;
 }
 
 NTSTATUS torture_ldap_bind_sasl(struct ldap_connection *conn, 
 				struct cli_credentials *creds)
 {
-        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	int result;
-
-	if (!conn) {
-		printf("We need a valid ldap_connection structure and be connected\n");
-		return status;
-	}
+        NTSTATUS status;
 
-	result = ldap_bind_sasl(conn, creds);
-	if (result != LDAP_SUCCESS) {
-		printf("Failed to bind with provided credentials and SASL mechanism\n");
-		/* FIXME: what abut actually implementing an ldap_connection_free() function ?
-		          :-) sss */
-		return status;
+	status = ldap_bind_sasl(conn, creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed sasl bind with provided credentials - %s\n", 
+		       nt_errstr(status));
 	}
  
-	return NT_STATUS_OK;
+	return status;
 }
 
 /* open a ldap connection to a server */
 NTSTATUS torture_ldap_connection(TALLOC_CTX *mem_ctx, struct ldap_connection **conn, 
 				const char *url)
 {
-        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	NTSTATUS status;
 
 	if (!url) {
 		printf("You must specify a url string\n");
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	*conn = ldap_connect(mem_ctx, url);
-	if (!*conn) {
-		printf("Failed to initialize ldap_connection structure\n");
-		return status;
+	*conn = ldap_new_connection(mem_ctx, NULL);
+
+	status = ldap_connect(*conn, url);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect to ldap server '%s' - %s\n",
+		       url, nt_errstr(status));
 	}
 
-	return NT_STATUS_OK;
+	return status;
 }
 
 /* open a ldap connection to a server */
 NTSTATUS torture_ldap_connection2(TALLOC_CTX *mem_ctx, struct ldap_connection **conn, 
 				const char *url, const char *userdn, const char *password)
 {
-        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	int ret;
+        NTSTATUS status;
 
 	status = torture_ldap_connection(mem_ctx, conn, url);
 	NT_STATUS_NOT_OK_RETURN(status);
 
-	ret = ldap_bind_simple(*conn, userdn, password);
-	if (ret != LDAP_SUCCESS) {
-		printf("Failed to connect with url [%s]\n", url);
-		/* FIXME: what abut actually implementing an ldap_connection_free() function ?
-		          :-) sss */
-		return status;
+	status = ldap_bind_simple(*conn, userdn, password);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed a simple ldap bind - %s\n", ldap_errstr(*conn, status));
 	}
  
-	return NT_STATUS_OK;
+	return status;
 }
 
 /* close an ldap connection to a server */
 NTSTATUS torture_ldap_close(struct ldap_connection *conn)
 {
-	/* FIXME: what about actually implementing ldap_close() ?
-		  :-) sss */
+	talloc_free(conn);
 	return NT_STATUS_OK;
 }