diff options
-rw-r--r-- | source4/lib/ldb/include/ldb.h | 15 | ||||
-rw-r--r-- | source4/lib/ldb/tools/ldbsearch.c | 74 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_controls.c | 86 |
3 files changed, 173 insertions, 2 deletions
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 569bf9d6a5..09f4723f7b 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -414,6 +414,14 @@ typedef int (*ldb_qsort_cmp_fn_t) (const void *, const void *, const void *); */ #define LDB_CONTROL_ASQ_OID "1.2.840.113556.1.4.1504" +/** + OID for LDAPrectory Sync extension. + + This control is include in SearchRequest or SearchResponse + messages as part of the controls field of the LDAPMessage. +*/ +#define LDB_CONTROL_DIRSYNC_OID "1.2.840.113556.1.4.841" + struct ldb_paged_control { int size; @@ -443,6 +451,13 @@ struct ldb_asq_control { int result; }; +struct ldb_dirsync_control { + int flags; + int max_attributes; + int cookie_len; + char *cookie; +}; + struct ldb_control { const char *oid; int critical; diff --git a/source4/lib/ldb/tools/ldbsearch.c b/source4/lib/ldb/tools/ldbsearch.c index 582861eae2..6c1071318e 100644 --- a/source4/lib/ldb/tools/ldbsearch.c +++ b/source4/lib/ldb/tools/ldbsearch.c @@ -71,6 +71,40 @@ static struct ldb_control **parse_controls(void *mem_ctx, char **control_strings ctrl = talloc_array(mem_ctx, struct ldb_control *, i + 1); for (i = 0; control_strings[i]; i++) { + if (strncmp(control_strings[i], "dirsync:", 8) == 0) { + struct ldb_dirsync_control *control; + const char *p; + char cookie[1024]; + int crit, flags, max_attrs, ret; + + cookie[0] = '\0'; + p = &(control_strings[i][8]); + ret = sscanf(p, "%d:%d:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); + + if ((ret < 3) || (crit < 0) || (crit > 1) || (flags < 0) || (max_attrs < 0)) { + fprintf(stderr, "invalid paged_results control syntax\n"); + return NULL; + } + + ctrl[i] = talloc(ctrl, struct ldb_control); + ctrl[i]->oid = LDB_CONTROL_DIRSYNC_OID; + ctrl[i]->critical = crit; + control = talloc(ctrl[i], struct ldb_dirsync_control); + control->flags = flags; + control->max_attributes = max_attrs; + if (*cookie) { + ldb_base64_decode(cookie); + control->cookie = talloc_strdup(control, cookie); + control->cookie_len = strlen(cookie); + } else { + control->cookie = NULL; + control->cookie_len = 0; + } + ctrl[i]->data = control; + + continue; + } + if (strncmp(control_strings[i], "asq:", 4) == 0) { struct ldb_asq_control *control; const char *p; @@ -269,6 +303,42 @@ static int handle_controls_reply(struct ldb_control **reply, struct ldb_control continue; } + if (strcmp(LDB_CONTROL_DIRSYNC_OID, reply[i]->oid) == 0) { + struct ldb_dirsync_control *rep_control, *req_control; + char *cookie; + + rep_control = talloc_get_type(reply[i]->data, struct ldb_dirsync_control); + if (rep_control->cookie_len == 0) /* we are done */ + break; + + /* more processing required */ + /* let's fill in the request control with the new cookie */ + + for (j = 0; request[j]; j++) { + if (strcmp(LDB_CONTROL_DIRSYNC_OID, request[j]->oid) == 0) + break; + } + /* if there's a reply control we must find a request + * control matching it */ + if (! request[j]) return -1; + + req_control = talloc_get_type(request[j]->data, struct ldb_dirsync_control); + + if (req_control->cookie) + talloc_free(req_control->cookie); + req_control->cookie = talloc_memdup(req_control, + rep_control->cookie, + rep_control->cookie_len); + req_control->cookie_len = rep_control->cookie_len; + + cookie = ldb_base64_encode(req_control, rep_control->cookie, rep_control->cookie_len); + fprintf(stderr, "Debug: The cookie returned was: %s\n", cookie); + + ret = 1; + + continue; + } + /* no controls matched, throw a warning */ fprintf(stderr, "Unknown reply control oid: %s\n", reply[i]->oid); } @@ -306,8 +376,8 @@ static int do_search(struct ldb_context *ldb, if (ret != LDB_SUCCESS) { printf("search failed - %s\n", ldb_errstring(ldb)); if (req.op.search.res && req.op.search.res->controls) { - /* TODO: handle_control */ - ; + + /* TODO: handle_control */ } return -1; } diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c index 2a48d401c9..744f21fed1 100644 --- a/source4/libcli/ldap/ldap_controls.c +++ b/source4/libcli/ldap/ldap_controls.c @@ -225,6 +225,56 @@ static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out return True; } +static BOOL decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out) +{ + DATA_BLOB cookie; + struct asn1_data data; + struct ldb_dirsync_control *ldc; + + if (!asn1_load(&data, in)) { + return False; + } + + ldc = talloc(mem_ctx, struct ldb_dirsync_control); + if (!ldc) { + return False; + } + + if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) { + return False; + } + + if (!asn1_read_Integer(&data, &(ldc->flags))) { + return False; + } + + if (!asn1_read_Integer(&data, &(ldc->max_attributes))) { + return False; + } + + if (!asn1_read_OctetString(&data, &cookie)) { + return False; + } + ldc->cookie_len = cookie.length; + if (ldc->cookie_len) { + ldc->cookie = talloc_memdup(ldc, cookie.data, cookie.length); + + if (!(ldc->cookie)) { + return False; + } + } else { + ldc->cookie = NULL; + } + + if (!asn1_end_tag(&data)) { + return False; + } + + *out = ldc; + + return True; +} + /* seem that this controls has 2 forms one in case it is used with * a Search Request and another when used ina Search Response */ @@ -464,12 +514,48 @@ static BOOL encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out) return True; } +static BOOL encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out) +{ + struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control); + struct asn1_data data; + + ZERO_STRUCT(data); + + if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) { + return False; + } + + if (!asn1_write_Integer(&data, ldc->flags)) { + return False; + } + + if (!asn1_write_Integer(&data, ldc->max_attributes)) { + return False; + } + + if (!asn1_write_OctetString(&data, ldc->cookie, ldc->cookie_len)) { + return False; + } + + if (!asn1_pop_tag(&data)) { + return False; + } + + *out = data_blob_talloc(mem_ctx, data.data, data.length); + if (out->data == NULL) { + return False; + } + + return True; +} + struct control_handler ldap_known_controls[] = { { "1.2.840.113556.1.4.319", decode_paged_results_request, encode_paged_results_request }, { "1.2.840.113556.1.4.529", decode_extended_dn_request, encode_extended_dn_request }, { "1.2.840.113556.1.4.473", decode_server_sort_request, encode_server_sort_request }, { "1.2.840.113556.1.4.474", decode_server_sort_response, encode_server_sort_response }, { "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control }, + { "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request }, { NULL, NULL, NULL } }; |