summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/cldap/cldap.c12
-rw-r--r--source4/libcli/ldap/config.mk16
-rw-r--r--source4/libcli/ldap/ldap.c1411
-rw-r--r--source4/libcli/ldap/ldap.h191
-rw-r--r--source4/libcli/ldap/ldap_client.c4
-rw-r--r--source4/libcli/ldap/ldap_controls.c168
-rw-r--r--source4/libcli/ldap/ldap_errors.h66
-rw-r--r--source4/libcli/ldap/ldap_msg.c87
-rw-r--r--source4/libcli/ldap/ldap_ndr.c96
-rw-r--r--source4/libcli/ldap/ldap_ndr.h12
-rw-r--r--source4/libcli/util/nterr.c2
11 files changed, 45 insertions, 2020 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c
index 8d2e2e374c..b18ba12b1f 100644
--- a/source4/libcli/cldap/cldap.c
+++ b/source4/libcli/cldap/cldap.c
@@ -108,7 +108,7 @@ static void cldap_socket_recv(struct cldap_socket *cldap)
}
/* this initial decode is used to find the message id */
- status = ldap_decode(asn1, ldap_msg);
+ status = ldap_decode(asn1, NULL, ldap_msg);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("Failed to decode ldap message: %s\n", nt_errstr(status)));
talloc_free(tmp_ctx);
@@ -343,7 +343,7 @@ struct cldap_request *cldap_search_send(struct cldap_socket *cldap,
goto failed;
}
- if (!ldap_encode(msg, &req->encoded, req)) {
+ if (!ldap_encode(msg, NULL, &req->encoded, req)) {
DEBUG(0,("Failed to encode cldap message to %s:%d\n",
req->dest->addr, req->dest->port));
goto failed;
@@ -396,7 +396,7 @@ NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io)
msg->type = LDAP_TAG_SearchResultEntry;
msg->r.SearchResultEntry = *io->response;
- if (!ldap_encode(msg, &blob1, req)) {
+ if (!ldap_encode(msg, NULL, &blob1, req)) {
DEBUG(0,("Failed to encode cldap message to %s:%d\n",
req->dest->addr, req->dest->port));
status = NT_STATUS_INVALID_PARAMETER;
@@ -409,7 +409,7 @@ NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io)
msg->type = LDAP_TAG_SearchResultDone;
msg->r.SearchResultDone = *io->result;
- if (!ldap_encode(msg, &blob2, req)) {
+ if (!ldap_encode(msg, NULL, &blob2, req)) {
DEBUG(0,("Failed to encode cldap message to %s:%d\n",
req->dest->addr, req->dest->port));
status = NT_STATUS_INVALID_PARAMETER;
@@ -463,7 +463,7 @@ NTSTATUS cldap_search_recv(struct cldap_request *req,
ldap_msg = talloc(mem_ctx, struct ldap_message);
NT_STATUS_HAVE_NO_MEMORY(ldap_msg);
- status = ldap_decode(req->asn1, ldap_msg);
+ status = ldap_decode(req->asn1, NULL, ldap_msg);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("Failed to decode cldap search reply: %s\n", nt_errstr(status)));
talloc_free(req);
@@ -479,7 +479,7 @@ NTSTATUS cldap_search_recv(struct cldap_request *req,
*io->out.response = ldap_msg->r.SearchResultEntry;
/* decode the 2nd part */
- status = ldap_decode(req->asn1, ldap_msg);
+ status = ldap_decode(req->asn1, NULL, ldap_msg);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("Failed to decode cldap search result entry: %s\n", nt_errstr(status)));
talloc_free(req);
diff --git a/source4/libcli/ldap/config.mk b/source4/libcli/ldap/config.mk
index 2708c66b68..f0c0f5295d 100644
--- a/source4/libcli/ldap/config.mk
+++ b/source4/libcli/ldap/config.mk
@@ -1,18 +1,12 @@
[SUBSYSTEM::LIBCLI_LDAP]
PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTEVENT LIBPACKET
-PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE samba_socket NDR_SAMR LIBTLS ASN1_UTIL \
- LDAP_ENCODE LIBNDR LP_RESOLVE gensec
+PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE samba_socket NDR_SAMR LIBTLS \
+ LIBCLI_LDAP_NDR LIBNDR LP_RESOLVE gensec LIBCLI_LDAP_MESSAGE
LIBCLI_LDAP_OBJ_FILES = $(addprefix $(libclisrcdir)/ldap/, \
- ldap.o ldap_client.o ldap_bind.o \
- ldap_msg.o ldap_ildap.o ldap_controls.o)
-
-
-PUBLIC_HEADERS += $(libclisrcdir)/ldap/ldap.h $(libclisrcdir)/ldap/ldap_ndr.h
+ ldap_client.o ldap_bind.o \
+ ldap_ildap.o ldap_controls.o)
+PUBLIC_HEADERS += $(libclisrcdir)/ldap/ldap.h
$(eval $(call proto_header_template,$(libclisrcdir)/ldap/ldap_proto.h,$(LIBCLI_LDAP_OBJ_FILES:.o=.c)))
-[SUBSYSTEM::LDAP_ENCODE]
-PRIVATE_DEPENDENCIES = LIBLDB
-
-LDAP_ENCODE_OBJ_FILES = $(libclisrcdir)/ldap/ldap_ndr.o
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
deleted file mode 100644
index 7a65cc5c27..0000000000
--- a/source4/libcli/ldap/ldap.c
+++ /dev/null
@@ -1,1411 +0,0 @@
-/*
- Unix SMB/CIFS mplementation.
- LDAP protocol helper functions for SAMBA
-
- Copyright (C) Andrew Tridgell 2004
- Copyright (C) Volker Lendecke 2004
- Copyright (C) Stefan Metzmacher 2004
- Copyright (C) Simo Sorce 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "../lib/util/asn1.h"
-#include "libcli/ldap/ldap.h"
-#include "libcli/ldap/ldap_proto.h"
-
-
-static bool ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree)
-{
- int i;
-
- switch (tree->operation) {
- case LDB_OP_AND:
- case LDB_OP_OR:
- asn1_push_tag(data, ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1));
- for (i=0; i<tree->u.list.num_elements; i++) {
- if (!ldap_push_filter(data, tree->u.list.elements[i])) {
- return false;
- }
- }
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_NOT:
- asn1_push_tag(data, ASN1_CONTEXT(2));
- if (!ldap_push_filter(data, tree->u.isnot.child)) {
- return false;
- }
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_EQUALITY:
- /* equality test */
- asn1_push_tag(data, ASN1_CONTEXT(3));
- asn1_write_OctetString(data, tree->u.equality.attr,
- strlen(tree->u.equality.attr));
- asn1_write_OctetString(data, tree->u.equality.value.data,
- tree->u.equality.value.length);
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_SUBSTRING:
- /*
- SubstringFilter ::= SEQUENCE {
- type AttributeDescription,
- -- at least one must be present
- substrings SEQUENCE OF CHOICE {
- initial [0] LDAPString,
- any [1] LDAPString,
- final [2] LDAPString } }
- */
- asn1_push_tag(data, ASN1_CONTEXT(4));
- asn1_write_OctetString(data, tree->u.substring.attr, strlen(tree->u.substring.attr));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- i = 0;
- if ( ! tree->u.substring.start_with_wildcard) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
- }
- while (tree->u.substring.chunks[i]) {
- int ctx;
-
- if (( ! tree->u.substring.chunks[i + 1]) &&
- (tree->u.substring.end_with_wildcard == 0)) {
- ctx = 2;
- } else {
- ctx = 1;
- }
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
- asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]);
- asn1_pop_tag(data);
- i++;
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_GREATER:
- /* greaterOrEqual test */
- asn1_push_tag(data, ASN1_CONTEXT(5));
- asn1_write_OctetString(data, tree->u.comparison.attr,
- strlen(tree->u.comparison.attr));
- asn1_write_OctetString(data, tree->u.comparison.value.data,
- tree->u.comparison.value.length);
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_LESS:
- /* lessOrEqual test */
- asn1_push_tag(data, ASN1_CONTEXT(6));
- asn1_write_OctetString(data, tree->u.comparison.attr,
- strlen(tree->u.comparison.attr));
- asn1_write_OctetString(data, tree->u.comparison.value.data,
- tree->u.comparison.value.length);
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_PRESENT:
- /* present test */
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7));
- asn1_write_LDAPString(data, tree->u.present.attr);
- asn1_pop_tag(data);
- return !data->has_error;
-
- case LDB_OP_APPROX:
- /* approx test */
- asn1_push_tag(data, ASN1_CONTEXT(8));
- asn1_write_OctetString(data, tree->u.comparison.attr,
- strlen(tree->u.comparison.attr));
- asn1_write_OctetString(data, tree->u.comparison.value.data,
- tree->u.comparison.value.length);
- asn1_pop_tag(data);
- break;
-
- case LDB_OP_EXTENDED:
- /*
- MatchingRuleAssertion ::= SEQUENCE {
- matchingRule [1] MatchingRuleID OPTIONAL,
- type [2] AttributeDescription OPTIONAL,
- matchValue [3] AssertionValue,
- dnAttributes [4] BOOLEAN DEFAULT FALSE
- }
- */
- asn1_push_tag(data, ASN1_CONTEXT(9));
- if (tree->u.extended.rule_id) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1));
- asn1_write_LDAPString(data, tree->u.extended.rule_id);
- asn1_pop_tag(data);
- }
- if (tree->u.extended.attr) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2));
- asn1_write_LDAPString(data, tree->u.extended.attr);
- asn1_pop_tag(data);
- }
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3));
- asn1_write_DATA_BLOB_LDAPString(data, &tree->u.extended.value);
- asn1_pop_tag(data);
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4));
- asn1_write_uint8(data, tree->u.extended.dnAttributes);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
-
- default:
- return false;
- }
- return !data->has_error;
-}
-
-static void ldap_encode_response(struct asn1_data *data, struct ldap_Result *result)
-{
- asn1_write_enumerated(data, result->resultcode);
- asn1_write_OctetString(data, result->dn,
- (result->dn) ? strlen(result->dn) : 0);
- asn1_write_OctetString(data, result->errormessage,
- (result->errormessage) ?
- strlen(result->errormessage) : 0);
- if (result->referral) {
- asn1_push_tag(data, ASN1_CONTEXT(3));
- asn1_write_OctetString(data, result->referral,
- strlen(result->referral));
- asn1_pop_tag(data);
- }
-}
-
-_PUBLIC_ bool ldap_encode(struct ldap_message *msg, DATA_BLOB *result, TALLOC_CTX *mem_ctx)
-{
- struct asn1_data *data = asn1_init(mem_ctx);
- int i, j;
-
- if (!data) return false;
-
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_Integer(data, msg->messageid);
-
- switch (msg->type) {
- case LDAP_TAG_BindRequest: {
- struct ldap_BindRequest *r = &msg->r.BindRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_Integer(data, r->version);
- asn1_write_OctetString(data, r->dn,
- (r->dn != NULL) ? strlen(r->dn) : 0);
-
- switch (r->mechanism) {
- case LDAP_AUTH_MECH_SIMPLE:
- /* context, primitive */
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write(data, r->creds.password,
- strlen(r->creds.password));
- asn1_pop_tag(data);
- break;
- case LDAP_AUTH_MECH_SASL:
- /* context, constructed */
- asn1_push_tag(data, ASN1_CONTEXT(3));
- asn1_write_OctetString(data, r->creds.SASL.mechanism,
- strlen(r->creds.SASL.mechanism));
- if (r->creds.SASL.secblob) {
- asn1_write_OctetString(data, r->creds.SASL.secblob->data,
- r->creds.SASL.secblob->length);
- }
- asn1_pop_tag(data);
- break;
- default:
- return false;
- }
-
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_BindResponse: {
- struct ldap_BindResponse *r = &msg->r.BindResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, &r->response);
- if (r->SASL.secblob) {
- asn1_write_ContextSimple(data, 7, r->SASL.secblob);
- }
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_UnbindRequest: {
-/* struct ldap_UnbindRequest *r = &msg->r.UnbindRequest; */
- break;
- }
- case LDAP_TAG_SearchRequest: {
- struct ldap_SearchRequest *r = &msg->r.SearchRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->basedn, strlen(r->basedn));
- asn1_write_enumerated(data, r->scope);
- asn1_write_enumerated(data, r->deref);
- asn1_write_Integer(data, r->sizelimit);
- asn1_write_Integer(data, r->timelimit);
- asn1_write_BOOLEAN(data, r->attributesonly);
-
- if (!ldap_push_filter(data, r->tree)) {
- return false;
- }
-
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- for (i=0; i<r->num_attributes; i++) {
- asn1_write_OctetString(data, r->attributes[i],
- strlen(r->attributes[i]));
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_SearchResultEntry: {
- struct ldap_SearchResEntry *r = &msg->r.SearchResultEntry;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->dn, strlen(r->dn));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- for (i=0; i<r->num_attributes; i++) {
- struct ldb_message_element *attr = &r->attributes[i];
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_OctetString(data, attr->name,
- strlen(attr->name));
- asn1_push_tag(data, ASN1_SEQUENCE(1));
- for (j=0; j<attr->num_values; j++) {
- asn1_write_OctetString(data,
- attr->values[j].data,
- attr->values[j].length);
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_SearchResultDone: {
- struct ldap_Result *r = &msg->r.SearchResultDone;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ModifyRequest: {
- struct ldap_ModifyRequest *r = &msg->r.ModifyRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->dn, strlen(r->dn));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
-
- for (i=0; i<r->num_mods; i++) {
- struct ldb_message_element *attrib = &r->mods[i].attrib;
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_enumerated(data, r->mods[i].type);
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_OctetString(data, attrib->name,
- strlen(attrib->name));
- asn1_push_tag(data, ASN1_SET);
- for (j=0; j<attrib->num_values; j++) {
- asn1_write_OctetString(data,
- attrib->values[j].data,
- attrib->values[j].length);
-
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- }
-
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ModifyResponse: {
- struct ldap_Result *r = &msg->r.ModifyResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_AddRequest: {
- struct ldap_AddRequest *r = &msg->r.AddRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->dn, strlen(r->dn));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
-
- for (i=0; i<r->num_attributes; i++) {
- struct ldb_message_element *attrib = &r->attributes[i];
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_OctetString(data, attrib->name,
- strlen(attrib->name));
- asn1_push_tag(data, ASN1_SET);
- for (j=0; j<r->attributes[i].num_values; j++) {
- asn1_write_OctetString(data,
- attrib->values[j].data,
- attrib->values[j].length);
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- }
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_AddResponse: {
- struct ldap_Result *r = &msg->r.AddResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_DelRequest: {
- struct ldap_DelRequest *r = &msg->r.DelRequest;
- asn1_push_tag(data, ASN1_APPLICATION_SIMPLE(msg->type));
- asn1_write(data, r->dn, strlen(r->dn));
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_DelResponse: {
- struct ldap_Result *r = &msg->r.DelResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ModifyDNRequest: {
- struct ldap_ModifyDNRequest *r = &msg->r.ModifyDNRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->dn, strlen(r->dn));
- asn1_write_OctetString(data, r->newrdn, strlen(r->newrdn));
- asn1_write_BOOLEAN(data, r->deleteolddn);
- if (r->newsuperior) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write(data, r->newsuperior,
- strlen(r->newsuperior));
- asn1_pop_tag(data);
- }
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ModifyDNResponse: {
- struct ldap_Result *r = &msg->r.ModifyDNResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_CompareRequest: {
- struct ldap_CompareRequest *r = &msg->r.CompareRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->dn, strlen(r->dn));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_OctetString(data, r->attribute,
- strlen(r->attribute));
- asn1_write_OctetString(data, r->value.data,
- r->value.length);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_CompareResponse: {
- struct ldap_Result *r = &msg->r.ModifyDNResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, r);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_AbandonRequest: {
- struct ldap_AbandonRequest *r = &msg->r.AbandonRequest;
- asn1_push_tag(data, ASN1_APPLICATION_SIMPLE(msg->type));
- asn1_write_implicit_Integer(data, r->messageid);
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_SearchResultReference: {
- struct ldap_SearchResRef *r = &msg->r.SearchResultReference;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_write_OctetString(data, r->referral, strlen(r->referral));
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ExtendedRequest: {
- struct ldap_ExtendedRequest *r = &msg->r.ExtendedRequest;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write(data, r->oid, strlen(r->oid));
- asn1_pop_tag(data);
- if (r->value) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1));
- asn1_write(data, r->value->data, r->value->length);
- asn1_pop_tag(data);
- }
- asn1_pop_tag(data);
- break;
- }
- case LDAP_TAG_ExtendedResponse: {
- struct ldap_ExtendedResponse *r = &msg->r.ExtendedResponse;
- asn1_push_tag(data, ASN1_APPLICATION(msg->type));
- ldap_encode_response(data, &r->response);
- if (r->oid) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(10));
- asn1_write(data, r->oid, strlen(r->oid));
- asn1_pop_tag(data);
- }
- if (r->value) {
- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(11));
- asn1_write(data, r->value->data, r->value->length);
- asn1_pop_tag(data);
- }
- asn1_pop_tag(data);
- break;
- }
- default:
- return false;
- }
-
- if (msg->controls != NULL) {
- asn1_push_tag(data, ASN1_CONTEXT(0));
-
- for (i = 0; msg->controls[i] != NULL; i++) {
- if (!ldap_encode_control(mem_ctx, data, msg->controls[i])) {
- return false;
- }
- }
-
- asn1_pop_tag(data);
- }
-
- asn1_pop_tag(data);
-
- if (data->has_error) {
- asn1_free(data);
- return false;
- }
-
- *result = data_blob_talloc(mem_ctx, data->data, data->length);
- asn1_free(data);
- return true;
-}
-
-static const char *blob2string_talloc(TALLOC_CTX *mem_ctx,
- DATA_BLOB blob)
-{
- char *result = talloc_array(mem_ctx, char, blob.length+1);
- memcpy(result, blob.data, blob.length);
- result[blob.length] = '\0';
- return result;
-}
-
-bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
- struct asn1_data *data,
- const char **result)
-{
- DATA_BLOB string;
- if (!asn1_read_OctetString(data, mem_ctx, &string))
- return false;
- *result = blob2string_talloc(mem_ctx, string);
- data_blob_free(&string);
- return true;
-}
-
-static void ldap_decode_response(TALLOC_CTX *mem_ctx,
- struct asn1_data *data,
- struct ldap_Result *result)
-{
- asn1_read_enumerated(data, &result->resultcode);
- asn1_read_OctetString_talloc(mem_ctx, data, &result->dn);
- asn1_read_OctetString_talloc(mem_ctx, data, &result->errormessage);
- if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
- asn1_start_tag(data, ASN1_CONTEXT(3));
- asn1_read_OctetString_talloc(mem_ctx, data, &result->referral);
- asn1_end_tag(data);
- } else {
- result->referral = NULL;
- }
-}
-
-static struct ldb_val **ldap_decode_substring(TALLOC_CTX *mem_ctx, struct ldb_val **chunks, int chunk_num, char *value)
-{
-
- chunks = talloc_realloc(mem_ctx, chunks, struct ldb_val *, chunk_num + 2);
- if (chunks == NULL) {
- return NULL;
- }
-
- chunks[chunk_num] = talloc(mem_ctx, struct ldb_val);
- if (chunks[chunk_num] == NULL) {
- return NULL;
- }
-
- chunks[chunk_num]->data = (uint8_t *)talloc_strdup(mem_ctx, value);
- if (chunks[chunk_num]->data == NULL) {
- return NULL;
- }
- chunks[chunk_num]->length = strlen(value);
-
- chunks[chunk_num + 1] = '\0';
-
- return chunks;
-}
-
-
-/*
- parse the ASN.1 formatted search string into a ldb_parse_tree
-*/
-static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
- struct asn1_data *data)
-{
- uint8_t filter_tag;
- struct ldb_parse_tree *ret;
-
- if (!asn1_peek_uint8(data, &filter_tag)) {
- return NULL;
- }
-
- filter_tag &= 0x1f; /* strip off the asn1 stuff */
-
- ret = talloc(mem_ctx, struct ldb_parse_tree);
- if (ret == NULL) return NULL;
-
- switch(filter_tag) {
- case 0:
- case 1:
- /* AND or OR of one or more filters */
- ret->operation = (filter_tag == 0)?LDB_OP_AND:LDB_OP_OR;
- ret->u.list.num_elements = 0;
- ret->u.list.elements = NULL;
-
- if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
- goto failed;
- }
-
- while (asn1_tag_remaining(data) > 0) {
- struct ldb_parse_tree *subtree;
- subtree = ldap_decode_filter_tree(ret, data);
- if (subtree == NULL) {
- goto failed;
- }
- ret->u.list.elements =
- talloc_realloc(ret, ret->u.list.elements,
- struct ldb_parse_tree *,
- ret->u.list.num_elements+1);
- if (ret->u.list.elements == NULL) {
- goto failed;
- }
- talloc_steal(ret->u.list.elements, subtree);
- ret->u.list.elements[ret->u.list.num_elements] = subtree;
- ret->u.list.num_elements++;
- }
- if (!asn1_end_tag(data)) {
- goto failed;
- }
- break;
-
- case 2:
- /* 'not' operation */
- if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
- goto failed;
- }
-
- ret->operation = LDB_OP_NOT;
- ret->u.isnot.child = ldap_decode_filter_tree(ret, data);
- if (ret->u.isnot.child == NULL) {
- goto failed;
- }
- if (!asn1_end_tag(data)) {
- goto failed;
- }
- break;
-
- case 3: {
- /* equalityMatch */
- const char *attrib;
- DATA_BLOB value;
-
- asn1_start_tag(data, ASN1_CONTEXT(filter_tag));
- asn1_read_OctetString_talloc(mem_ctx, data, &attrib);
- asn1_read_OctetString(data, mem_ctx, &value);
- asn1_end_tag(data);
- if ((data->has_error) || (attrib == NULL) || (value.data == NULL)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_EQUALITY;
- ret->u.equality.attr = talloc_steal(ret, attrib);
- ret->u.equality.value.data = talloc_steal(ret, value.data);
- ret->u.equality.value.length = value.length;
- break;
- }
- case 4: {
- /* substrings */
- DATA_BLOB attr;
- uint8_t subs_tag;
- char *value;
- int chunk_num = 0;
-
- if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
- goto failed;
- }
- if (!asn1_read_OctetString(data, mem_ctx, &attr)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_SUBSTRING;
- ret->u.substring.attr = talloc_strndup(ret, (char *)attr.data, attr.length);
- ret->u.substring.chunks = NULL;
- ret->u.substring.start_with_wildcard = 1;
- ret->u.substring.end_with_wildcard = 1;
-
- if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
- goto failed;
- }
-
- while (asn1_tag_remaining(data)) {
- asn1_peek_uint8(data, &subs_tag);
- subs_tag &= 0x1f; /* strip off the asn1 stuff */
- if (subs_tag > 2) goto failed;
-
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(subs_tag));
- asn1_read_LDAPString(data, mem_ctx, &value);
- asn1_end_tag(data);
-
- switch (subs_tag) {
- case 0:
- if (ret->u.substring.chunks != NULL) {
- /* initial value found in the middle */
- goto failed;
- }
-
- ret->u.substring.chunks = ldap_decode_substring(ret, NULL, 0, value);
- if (ret->u.substring.chunks == NULL) {
- goto failed;
- }
-
- ret->u.substring.start_with_wildcard = 0;
- chunk_num = 1;
- break;
-
- case 1:
- if (ret->u.substring.end_with_wildcard == 0) {
- /* "any" value found after a "final" value */
- goto failed;
- }
-
- ret->u.substring.chunks = ldap_decode_substring(ret,
- ret->u.substring.chunks,
- chunk_num,
- value);
- if (ret->u.substring.chunks == NULL) {
- goto failed;
- }
-
- chunk_num++;
- break;
-
- case 2:
- ret->u.substring.chunks = ldap_decode_substring(ret,
- ret->u.substring.chunks,
- chunk_num,
- value);
- if (ret->u.substring.chunks == NULL) {
- goto failed;
- }
-
- ret->u.substring.end_with_wildcard = 0;
- break;
-
- default:
- goto failed;
- }
-
- }
-
- if (!asn1_end_tag(data)) { /* SEQUENCE */
- goto failed;
- }
-
- if (!asn1_end_tag(data)) {
- goto failed;
- }
- break;
- }
- case 5: {
- /* greaterOrEqual */
- const char *attrib;
- DATA_BLOB value;
-
- asn1_start_tag(data, ASN1_CONTEXT(filter_tag));
- asn1_read_OctetString_talloc(mem_ctx, data, &attrib);
- asn1_read_OctetString(data, mem_ctx, &value);
- asn1_end_tag(data);
- if ((data->has_error) || (attrib == NULL) || (value.data == NULL)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_GREATER;
- ret->u.comparison.attr = talloc_steal(ret, attrib);
- ret->u.comparison.value.data = talloc_steal(ret, value.data);
- ret->u.comparison.value.length = value.length;
- break;
- }
- case 6: {
- /* lessOrEqual */
- const char *attrib;
- DATA_BLOB value;
-
- asn1_start_tag(data, ASN1_CONTEXT(filter_tag));
- asn1_read_OctetString_talloc(mem_ctx, data, &attrib);
- asn1_read_OctetString(data, mem_ctx, &value);
- asn1_end_tag(data);
- if ((data->has_error) || (attrib == NULL) || (value.data == NULL)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_LESS;
- ret->u.comparison.attr = talloc_steal(ret, attrib);
- ret->u.comparison.value.data = talloc_steal(ret, value.data);
- ret->u.comparison.value.length = value.length;
- break;
- }
- case 7: {
- /* Normal presence, "attribute=*" */
- char *attr;
-
- if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(filter_tag))) {
- goto failed;
- }
- if (!asn1_read_LDAPString(data, ret, &attr)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_PRESENT;
- ret->u.present.attr = talloc_steal(ret, attr);
-
- if (!asn1_end_tag(data)) {
- goto failed;
- }
- break;
- }
- case 8: {
- /* approx */
- const char *attrib;
- DATA_BLOB value;
-
- asn1_start_tag(data, ASN1_CONTEXT(filter_tag));
- asn1_read_OctetString_talloc(mem_ctx, data, &attrib);
- asn1_read_OctetString(data, mem_ctx, &value);
- asn1_end_tag(data);
- if ((data->has_error) || (attrib == NULL) || (value.data == NULL)) {
- goto failed;
- }
-
- ret->operation = LDB_OP_APPROX;
- ret->u.comparison.attr = talloc_steal(ret, attrib);
- ret->u.comparison.value.data = talloc_steal(ret, value.data);
- ret->u.comparison.value.length = value.length;
- break;
- }
- case 9: {
- char *oid = NULL, *attr = NULL, *value;
- uint8_t dnAttributes;
- /* an extended search */
- if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
- goto failed;
- }
-
- /* FIXME: read carefully rfc2251.txt there are a number of 'MUST's
- we need to check we properly implement --SSS */
- /* either oid or type must be defined */
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) { /* optional */
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1));
- asn1_read_LDAPString(data, ret, &oid);
- asn1_end_tag(data);
- }
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(2))) { /* optional */
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(2));
- asn1_read_LDAPString(data, ret, &attr);
- asn1_end_tag(data);
- }
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(3));
- asn1_read_LDAPString(data, ret, &value);
- asn1_end_tag(data);
- /* dnAttributes is marked as BOOLEAN DEFAULT FALSE
- it is not marked as OPTIONAL but openldap tools
- do not set this unless it is to be set as TRUE
- NOTE: openldap tools do not work with AD as it
- seems that AD always requires the dnAttributes
- boolean value to be set */
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(4))) {
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(4));
- asn1_read_uint8(data, &dnAttributes);
- asn1_end_tag(data);
- } else {
- dnAttributes = 0;
- }
- if ((oid == NULL && attr == NULL) || (value == NULL)) {
- goto failed;
- }
-
- if (oid) {
- ret->operation = LDB_OP_EXTENDED;
-
- /* From the RFC2251: If the type field is
- absent and matchingRule is present, the matchValue is compared
- against all attributes in an entry which support that matchingRule
- */
- if (attr) {
- ret->u.extended.attr = talloc_steal(ret, attr);
- } else {
- ret->u.extended.attr = talloc_strdup(ret, "*");
- }
- ret->u.extended.rule_id = talloc_steal(ret, oid);
- ret->u.extended.value.data = talloc_steal(ret, value);
- ret->u.extended.value.length = strlen(value);
- ret->u.extended.dnAttributes = dnAttributes;
- } else {
- ret->operation = LDB_OP_EQUALITY;
- ret->u.equality.attr = talloc_steal(ret, attr);
- ret->u.equality.value.data = talloc_steal(ret, value);
- ret->u.equality.value.length = strlen(value);
- }
- if (!asn1_end_tag(data)) {
- goto failed;
- }
- break;
- }
-
- default:
- DEBUG(0,("Unsupported LDAP filter operation 0x%x\n", filter_tag));
- goto failed;
- }
-
- return ret;
-
-failed:
- talloc_free(ret);
- return NULL;
-}
-
-/* Decode a single LDAP attribute, possibly containing multiple values */
-static void ldap_decode_attrib(TALLOC_CTX *mem_ctx, struct asn1_data *data,
- struct ldb_message_element *attrib)
-{
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_read_OctetString_talloc(mem_ctx, data, &attrib->name);
- asn1_start_tag(data, ASN1_SET);
- while (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
- DATA_BLOB blob;
- asn1_read_OctetString(data, mem_ctx, &blob);
- add_value_to_attrib(mem_ctx, &blob, attrib);
- }
- asn1_end_tag(data);
- asn1_end_tag(data);
-
-}
-
-/* Decode a set of LDAP attributes, as found in the dereference control */
-void ldap_decode_attribs_bare(TALLOC_CTX *mem_ctx, struct asn1_data *data,
- struct ldb_message_element **attributes,
- int *num_attributes)
-{
- while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
- struct ldb_message_element attrib;
- ZERO_STRUCT(attrib);
- ldap_decode_attrib(mem_ctx, data, &attrib);
- add_attrib_to_array_talloc(mem_ctx, &attrib,
- attributes, num_attributes);
- }
-}
-
-/* Decode a set of LDAP attributes, as found in a search entry */
-void ldap_decode_attribs(TALLOC_CTX *mem_ctx, struct asn1_data *data,
- struct ldb_message_element **attributes,
- int *num_attributes)
-{
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- ldap_decode_attribs_bare(mem_ctx, data,
- attributes, num_attributes);
- asn1_end_tag(data);
-}
-
-/* This routine returns LDAP status codes */
-
-_PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data, struct ldap_message *msg)
-{
- uint8_t tag;
-
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_read_Integer(data, &msg->messageid);
-
- if (!asn1_peek_uint8(data, &tag))
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
-
- switch(tag) {
-
- case ASN1_APPLICATION(LDAP_TAG_BindRequest): {
- struct ldap_BindRequest *r = &msg->r.BindRequest;
- msg->type = LDAP_TAG_BindRequest;
- asn1_start_tag(data, tag);
- asn1_read_Integer(data, &r->version);
- asn1_read_OctetString_talloc(msg, data, &r->dn);
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(0))) {
- int pwlen;
- r->creds.password = "";
- r->mechanism = LDAP_AUTH_MECH_SIMPLE;
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
- pwlen = asn1_tag_remaining(data);
- if (pwlen == -1) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- if (pwlen != 0) {
- char *pw = talloc_array(msg, char, pwlen+1);
- if (!pw) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- asn1_read(data, pw, pwlen);
- pw[pwlen] = '\0';
- r->creds.password = pw;
- }
- asn1_end_tag(data);
- } else if (asn1_peek_tag(data, ASN1_CONTEXT(3))){
- asn1_start_tag(data, ASN1_CONTEXT(3));
- r->mechanism = LDAP_AUTH_MECH_SASL;
- asn1_read_OctetString_talloc(msg, data, &r->creds.SASL.mechanism);
- if (asn1_peek_tag(data, ASN1_OCTET_STRING)) { /* optional */
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
- asn1_read_OctetString(data, msg, &tmp_blob);
- r->creds.SASL.secblob = talloc(msg, DATA_BLOB);
- if (!r->creds.SASL.secblob) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- *r->creds.SASL.secblob = data_blob_talloc(r->creds.SASL.secblob,
- tmp_blob.data, tmp_blob.length);
- data_blob_free(&tmp_blob);
- } else {
- r->creds.SASL.secblob = NULL;
- }
- asn1_end_tag(data);
- } else {
- /* Neither Simple nor SASL bind */
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_BindResponse): {
- struct ldap_BindResponse *r = &msg->r.BindResponse;
- msg->type = LDAP_TAG_BindResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, &r->response);
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(7))) {
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
- asn1_read_ContextSimple(data, 7, &tmp_blob);
- r->SASL.secblob = talloc(msg, DATA_BLOB);
- if (!r->SASL.secblob) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- *r->SASL.secblob = data_blob_talloc(r->SASL.secblob,
- tmp_blob.data, tmp_blob.length);
- data_blob_free(&tmp_blob);
- } else {
- r->SASL.secblob = NULL;
- }
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION_SIMPLE(LDAP_TAG_UnbindRequest): {
- msg->type = LDAP_TAG_UnbindRequest;
- asn1_start_tag(data, tag);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_SearchRequest): {
- struct ldap_SearchRequest *r = &msg->r.SearchRequest;
- msg->type = LDAP_TAG_SearchRequest;
- asn1_start_tag(data, tag);
- asn1_read_OctetString_talloc(msg, data, &r->basedn);
- asn1_read_enumerated(data, (int *)&(r->scope));
- asn1_read_enumerated(data, (int *)&(r->deref));
- asn1_read_Integer(data, &r->sizelimit);
- asn1_read_Integer(data, &r->timelimit);
- asn1_read_BOOLEAN(data, &r->attributesonly);
-
- r->tree = ldap_decode_filter_tree(msg, data);
- if (r->tree == NULL) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- asn1_start_tag(data, ASN1_SEQUENCE(0));
-
- r->num_attributes = 0;
- r->attributes = NULL;
-
- while (asn1_tag_remaining(data) > 0) {
-
- const char *attr;
- if (!asn1_read_OctetString_talloc(msg, data,
- &attr))
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- if (!add_string_to_array(msg, attr,
- &r->attributes,
- &r->num_attributes))
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- asn1_end_tag(data);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_SearchResultEntry): {
- struct ldap_SearchResEntry *r = &msg->r.SearchResultEntry;
- msg->type = LDAP_TAG_SearchResultEntry;
- r->attributes = NULL;
- r->num_attributes = 0;
- asn1_start_tag(data, tag);
- asn1_read_OctetString_talloc(msg, data, &r->dn);
- ldap_decode_attribs(msg, data, &r->attributes,
- &r->num_attributes);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_SearchResultDone): {
- struct ldap_Result *r = &msg->r.SearchResultDone;
- msg->type = LDAP_TAG_SearchResultDone;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_SearchResultReference): {
- struct ldap_SearchResRef *r = &msg->r.SearchResultReference;
- msg->type = LDAP_TAG_SearchResultReference;
- asn1_start_tag(data, tag);
- asn1_read_OctetString_talloc(msg, data, &r->referral);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ModifyRequest): {
- struct ldap_ModifyRequest *r = &msg->r.ModifyRequest;
- msg->type = LDAP_TAG_ModifyRequest;
- asn1_start_tag(data, ASN1_APPLICATION(LDAP_TAG_ModifyRequest));
- asn1_read_OctetString_talloc(msg, data, &r->dn);
- asn1_start_tag(data, ASN1_SEQUENCE(0));
-
- r->num_mods = 0;
- r->mods = NULL;
-
- while (asn1_tag_remaining(data) > 0) {
- struct ldap_mod mod;
- int v;
- ZERO_STRUCT(mod);
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_read_enumerated(data, &v);
- mod.type = v;
- ldap_decode_attrib(msg, data, &mod.attrib);
- asn1_end_tag(data);
- if (!add_mod_to_array_talloc(msg, &mod,
- &r->mods, &r->num_mods)) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- }
-
- asn1_end_tag(data);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ModifyResponse): {
- struct ldap_Result *r = &msg->r.ModifyResponse;
- msg->type = LDAP_TAG_ModifyResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_AddRequest): {
- struct ldap_AddRequest *r = &msg->r.AddRequest;
- msg->type = LDAP_TAG_AddRequest;
- asn1_start_tag(data, tag);
- asn1_read_OctetString_talloc(msg, data, &r->dn);
-
- r->attributes = NULL;
- r->num_attributes = 0;
- ldap_decode_attribs(msg, data, &r->attributes,
- &r->num_attributes);
-
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_AddResponse): {
- struct ldap_Result *r = &msg->r.AddResponse;
- msg->type = LDAP_TAG_AddResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest): {
- struct ldap_DelRequest *r = &msg->r.DelRequest;
- int len;
- char *dn;
- msg->type = LDAP_TAG_DelRequest;
- asn1_start_tag(data,
- ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest));
- len = asn1_tag_remaining(data);
- if (len == -1) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- dn = talloc_array(msg, char, len+1);
- if (dn == NULL)
- break;
- asn1_read(data, dn, len);
- dn[len] = '\0';
- r->dn = dn;
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_DelResponse): {
- struct ldap_Result *r = &msg->r.DelResponse;
- msg->type = LDAP_TAG_DelResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ModifyDNRequest): {
- struct ldap_ModifyDNRequest *r = &msg->r.ModifyDNRequest;
- msg->type = LDAP_TAG_ModifyDNRequest;
- asn1_start_tag(data,
- ASN1_APPLICATION(LDAP_TAG_ModifyDNRequest));
- asn1_read_OctetString_talloc(msg, data, &r->dn);
- asn1_read_OctetString_talloc(msg, data, &r->newrdn);
- asn1_read_BOOLEAN(data, &r->deleteolddn);
- r->newsuperior = NULL;
- if (asn1_tag_remaining(data) > 0) {
- int len;
- char *newsup;
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
- len = asn1_tag_remaining(data);
- if (len == -1) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- newsup = talloc_array(msg, char, len+1);
- if (newsup == NULL) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- asn1_read(data, newsup, len);
- newsup[len] = '\0';
- r->newsuperior = newsup;
- asn1_end_tag(data);
- }
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ModifyDNResponse): {
- struct ldap_Result *r = &msg->r.ModifyDNResponse;
- msg->type = LDAP_TAG_ModifyDNResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_CompareRequest): {
- struct ldap_CompareRequest *r = &msg->r.CompareRequest;
- msg->type = LDAP_TAG_CompareRequest;
- asn1_start_tag(data,
- ASN1_APPLICATION(LDAP_TAG_CompareRequest));
- asn1_read_OctetString_talloc(msg, data, &r->dn);
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_read_OctetString_talloc(msg, data, &r->attribute);
- asn1_read_OctetString(data, msg, &r->value);
- if (r->value.data) {
- talloc_steal(msg, r->value.data);
- }
- asn1_end_tag(data);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_CompareResponse): {
- struct ldap_Result *r = &msg->r.CompareResponse;
- msg->type = LDAP_TAG_CompareResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, r);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION_SIMPLE(LDAP_TAG_AbandonRequest): {
- struct ldap_AbandonRequest *r = &msg->r.AbandonRequest;
- msg->type = LDAP_TAG_AbandonRequest;
- asn1_start_tag(data, tag);
- asn1_read_implicit_Integer(data, &r->messageid);
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ExtendedRequest): {
- struct ldap_ExtendedRequest *r = &msg->r.ExtendedRequest;
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
-
- msg->type = LDAP_TAG_ExtendedRequest;
- asn1_start_tag(data,tag);
- if (!asn1_read_ContextSimple(data, 0, &tmp_blob)) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- r->oid = blob2string_talloc(msg, tmp_blob);
- data_blob_free(&tmp_blob);
- if (!r->oid) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
-
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
- asn1_read_ContextSimple(data, 1, &tmp_blob);
- r->value = talloc(msg, DATA_BLOB);
- if (!r->value) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- *r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
- data_blob_free(&tmp_blob);
- } else {
- r->value = NULL;
- }
-
- asn1_end_tag(data);
- break;
- }
-
- case ASN1_APPLICATION(LDAP_TAG_ExtendedResponse): {
- struct ldap_ExtendedResponse *r = &msg->r.ExtendedResponse;
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
-
- msg->type = LDAP_TAG_ExtendedResponse;
- asn1_start_tag(data, tag);
- ldap_decode_response(msg, data, &r->response);
-
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(10))) {
- asn1_read_ContextSimple(data, 1, &tmp_blob);
- r->oid = blob2string_talloc(msg, tmp_blob);
- data_blob_free(&tmp_blob);
- if (!r->oid) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- } else {
- r->oid = NULL;
- }
-
- if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(11))) {
- asn1_read_ContextSimple(data, 1, &tmp_blob);
- r->value = talloc(msg, DATA_BLOB);
- if (!r->value) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
- *r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
- data_blob_free(&tmp_blob);
- } else {
- r->value = NULL;
- }
-
- asn1_end_tag(data);
- break;
- }
- default:
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- msg->controls = NULL;
- msg->controls_decoded = NULL;
-
- if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
- int i = 0;
- struct ldb_control **ctrl = NULL;
- bool *decoded = NULL;
-
- asn1_start_tag(data, ASN1_CONTEXT(0));
-
- while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
- DATA_BLOB value;
- /* asn1_start_tag(data, ASN1_SEQUENCE(0)); */
-
- ctrl = talloc_realloc(msg, ctrl, struct ldb_control *, i+2);
- if (!ctrl) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
-
- decoded = talloc_realloc(msg, decoded, bool, i+1);
- if (!decoded) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
-
- ctrl[i] = talloc(ctrl, struct ldb_control);
- if (!ctrl[i]) {
- return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
- }
-
- if (!ldap_decode_control_wrapper(ctrl, data, ctrl[i], &value)) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- if (!ldap_decode_control_value(ctrl, value, ctrl[i])) {
- if (ctrl[i]->critical) {
- ctrl[i]->data = NULL;
- decoded[i] = false;
- i++;
- } else {
- talloc_free(ctrl[i]);
- ctrl[i] = NULL;
- }
- } else {
- decoded[i] = true;
- i++;
- }
- }
-
- if (ctrl != NULL) {
- ctrl[i] = NULL;
- }
-
- msg->controls = ctrl;
- msg->controls_decoded = decoded;
-
- asn1_end_tag(data);
- }
-
- asn1_end_tag(data);
- if ((data->has_error) || (data->nesting != NULL)) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
- return NT_STATUS_OK;
-}
-
-
-/*
- return NT_STATUS_OK if a blob has enough bytes in it to be a full
- ldap packet. Set packet_size if true.
-*/
-NTSTATUS ldap_full_packet(void *private_data, DATA_BLOB blob, size_t *packet_size)
-{
- return asn1_full_tag(blob, ASN1_SEQUENCE(0), packet_size);
-}
diff --git a/source4/libcli/ldap/ldap.h b/source4/libcli/ldap/ldap.h
index 3d99d6f47d..79cfef2128 100644
--- a/source4/libcli/ldap/ldap.h
+++ b/source4/libcli/ldap/ldap.h
@@ -21,200 +21,11 @@
#ifndef _SMB_LDAP_H_
#define _SMB_LDAP_H_
-#include "libcli/ldap/ldap_errors.h"
-#include "lib/ldb/include/ldb.h"
+#include "../libcli/ldap/ldap_message.h"
#include "librpc/gen_ndr/misc.h"
-enum ldap_request_tag {
- LDAP_TAG_BindRequest = 0,
- LDAP_TAG_BindResponse = 1,
- LDAP_TAG_UnbindRequest = 2,
- LDAP_TAG_SearchRequest = 3,
- LDAP_TAG_SearchResultEntry = 4,
- LDAP_TAG_SearchResultDone = 5,
- LDAP_TAG_ModifyRequest = 6,
- LDAP_TAG_ModifyResponse = 7,
- LDAP_TAG_AddRequest = 8,
- LDAP_TAG_AddResponse = 9,
- LDAP_TAG_DelRequest = 10,
- LDAP_TAG_DelResponse = 11,
- LDAP_TAG_ModifyDNRequest = 12,
- LDAP_TAG_ModifyDNResponse = 13,
- LDAP_TAG_CompareRequest = 14,
- LDAP_TAG_CompareResponse = 15,
- LDAP_TAG_AbandonRequest = 16,
- LDAP_TAG_SearchResultReference = 19,
- LDAP_TAG_ExtendedRequest = 23,
- LDAP_TAG_ExtendedResponse = 24
-};
-
-enum ldap_auth_mechanism {
- LDAP_AUTH_MECH_SIMPLE = 0,
- LDAP_AUTH_MECH_SASL = 3
-};
-
-struct ldap_Result {
- int resultcode;
- const char *dn;
- const char *errormessage;
- const char *referral;
-};
-
-struct ldap_BindRequest {
- int version;
- const char *dn;
- enum ldap_auth_mechanism mechanism;
- union {
- const char *password;
- struct {
- const char *mechanism;
- DATA_BLOB *secblob;/* optional */
- } SASL;
- } creds;
-};
-
-struct ldap_BindResponse {
- struct ldap_Result response;
- union {
- DATA_BLOB *secblob;/* optional */
- } SASL;
-};
-
-struct ldap_UnbindRequest {
- uint8_t __dummy;
-};
-
-enum ldap_scope {
- LDAP_SEARCH_SCOPE_BASE = 0,
- LDAP_SEARCH_SCOPE_SINGLE = 1,
- LDAP_SEARCH_SCOPE_SUB = 2
-};
-
-enum ldap_deref {
- LDAP_DEREFERENCE_NEVER = 0,
- LDAP_DEREFERENCE_IN_SEARCHING = 1,
- LDAP_DEREFERENCE_FINDING_BASE = 2,
- LDAP_DEREFERENCE_ALWAYS
-};
-
-struct ldap_SearchRequest {
- const char *basedn;
- enum ldap_scope scope;
- enum ldap_deref deref;
- uint32_t timelimit;
- uint32_t sizelimit;
- bool attributesonly;
- struct ldb_parse_tree *tree;
- int num_attributes;
- const char * const *attributes;
-};
-
-struct ldap_SearchResEntry {
- const char *dn;
- int num_attributes;
- struct ldb_message_element *attributes;
-};
-
-struct ldap_SearchResRef {
- const char *referral;
-};
-
-enum ldap_modify_type {
- LDAP_MODIFY_NONE = -1,
- LDAP_MODIFY_ADD = 0,
- LDAP_MODIFY_DELETE = 1,
- LDAP_MODIFY_REPLACE = 2
-};
-
-struct ldap_mod {
- enum ldap_modify_type type;
- struct ldb_message_element attrib;
-};
-
-struct ldap_ModifyRequest {
- const char *dn;
- int num_mods;
- struct ldap_mod *mods;
-};
-
-struct ldap_AddRequest {
- const char *dn;
- int num_attributes;
- struct ldb_message_element *attributes;
-};
-
-struct ldap_DelRequest {
- const char *dn;
-};
-
-struct ldap_ModifyDNRequest {
- const char *dn;
- const char *newrdn;
- bool deleteolddn;
- const char *newsuperior;/* optional */
-};
-
-struct ldap_CompareRequest {
- const char *dn;
- const char *attribute;
- DATA_BLOB value;
-};
-
-struct ldap_AbandonRequest {
- uint32_t messageid;
-};
-
-struct ldap_ExtendedRequest {
- const char *oid;
- DATA_BLOB *value;/* optional */
-};
-
-struct ldap_ExtendedResponse {
- struct ldap_Result response;
- const char *oid;/* optional */
- DATA_BLOB *value;/* optional */
-};
-
-union ldap_Request {
- struct ldap_Result GeneralResult;
- struct ldap_BindRequest BindRequest;
- struct ldap_BindResponse BindResponse;
- struct ldap_UnbindRequest UnbindRequest;
- struct ldap_SearchRequest SearchRequest;
- struct ldap_SearchResEntry SearchResultEntry;
- struct ldap_Result SearchResultDone;
- struct ldap_SearchResRef SearchResultReference;
- struct ldap_ModifyRequest ModifyRequest;
- struct ldap_Result ModifyResponse;
- struct ldap_AddRequest AddRequest;
- struct ldap_Result AddResponse;
- struct ldap_DelRequest DelRequest;
- struct ldap_Result DelResponse;
- struct ldap_ModifyDNRequest ModifyDNRequest;
- struct ldap_Result ModifyDNResponse;
- struct ldap_CompareRequest CompareRequest;
- struct ldap_Result CompareResponse;
- struct ldap_AbandonRequest AbandonRequest;
- struct ldap_ExtendedRequest ExtendedRequest;
- struct ldap_ExtendedResponse ExtendedResponse;
-};
-
-
-struct ldap_message {
- int messageid;
- enum ldap_request_tag type;
- union ldap_Request r;
- struct ldb_control **controls;
- bool *controls_decoded;
-};
-
struct tevent_context;
struct cli_credentials;
struct dom_sid;
-struct asn1_data;
-
-struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx);
-NTSTATUS ldap_decode(struct asn1_data *data, struct ldap_message *msg);
-bool ldap_encode(struct ldap_message *msg, DATA_BLOB *result, TALLOC_CTX *mem_ctx);
#endif
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 3e54d7fff0..304a2e1253 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -200,7 +200,7 @@ static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
- status = ldap_decode(asn1, msg);
+ status = ldap_decode(asn1, samba_ldap_control_handlers(), msg);
if (!NT_STATUS_IS_OK(status)) {
asn1_free(asn1);
return status;
@@ -608,7 +608,7 @@ _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
msg->messageid = req->messageid;
- if (!ldap_encode(msg, &req->data, req)) {
+ if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
status = NT_STATUS_INTERNAL_ERROR;
goto failed;
}
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 109837c2bf..7949758a80 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -26,14 +26,9 @@
#include "libcli/ldap/ldap_proto.h"
#include "dsdb/samdb/samdb.h"
-struct control_handler {
- const char *oid;
- bool (*decode)(void *mem_ctx, DATA_BLOB in, void **out);
- bool (*encode)(void *mem_ctx, void *in, DATA_BLOB *out);
-};
-
-static bool decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB attr;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_sort_resp_control *lsrc;
@@ -77,8 +72,9 @@ static bool decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB attr;
DATA_BLOB rule;
struct asn1_data *data = asn1_init(mem_ctx);
@@ -156,8 +152,9 @@ static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
struct asn1_data *data;
struct ldb_extended_dn_control *ledc;
@@ -196,8 +193,9 @@ static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_sd_flags_control *lsdfc;
@@ -229,8 +227,9 @@ static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_search_options_control *lsoc;
@@ -262,8 +261,9 @@ static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **ou
return true;
}
-static bool decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB cookie;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_paged_control *lprc;
@@ -310,8 +310,9 @@ static bool decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out
return true;
}
-static bool decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB cookie;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_dirsync_control *ldc;
@@ -365,8 +366,9 @@ static bool decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out)
/* seem that this controls has 2 forms one in case it is used with
* a Search Request and another when used ina Search Response
*/
-static bool decode_asq_control(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_asq_control(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB source_attribute;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_asq_control *lac;
@@ -425,7 +427,7 @@ static bool decode_asq_control(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_domain_scope_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_domain_scope_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
if (in.length != 0) {
return false;
@@ -434,7 +436,7 @@ static bool decode_domain_scope_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_notification_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_notification_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
if (in.length != 0) {
return false;
@@ -443,7 +445,7 @@ static bool decode_notification_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_show_deleted_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_show_deleted_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
if (in.length != 0) {
return false;
@@ -452,7 +454,7 @@ static bool decode_show_deleted_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_permissive_modify_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_permissive_modify_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
if (in.length != 0) {
return false;
@@ -461,7 +463,7 @@ static bool decode_permissive_modify_request(void *mem_ctx, DATA_BLOB in, void *
return true;
}
-static bool decode_manageDSAIT_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_manageDSAIT_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
if (in.length != 0) {
return false;
@@ -470,8 +472,9 @@ static bool decode_manageDSAIT_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB assertion_value, context_id;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_vlv_req_control *lvrc;
@@ -582,8 +585,9 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
DATA_BLOB context_id;
struct asn1_data *data = asn1_init(mem_ctx);
struct ldb_vlv_resp_control *lvrc;
@@ -1132,8 +1136,9 @@ static bool encode_openldap_dereference(void *mem_ctx, void *in, DATA_BLOB *out)
return true;
}
-static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void **out)
+static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void *_out)
{
+ void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx);
struct dsdb_openldap_dereference_result_control *control;
struct dsdb_openldap_dereference_result **r = NULL;
@@ -1201,7 +1206,7 @@ static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void **out)
return true;
}
-struct control_handler ldap_known_controls[] = {
+static const struct ldap_control_handler ldap_known_controls[] = {
{ "1.2.840.113556.1.4.319", decode_paged_results_request, encode_paged_results_request },
{ "1.2.840.113556.1.4.529", decode_extended_dn_request, encode_extended_dn_request },
{ "1.2.840.113556.1.4.473", decode_server_sort_request, encode_server_sort_request },
@@ -1225,121 +1230,8 @@ struct control_handler ldap_known_controls[] = {
{ NULL, NULL, NULL }
};
-bool ldap_decode_control_value(void *mem_ctx, DATA_BLOB value, struct ldb_control *ctrl)
+const struct ldap_control_handler *samba_ldap_control_handlers(void)
{
- int i;
-
- for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
- if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
- if (!ldap_known_controls[i].decode || !ldap_known_controls[i].decode(mem_ctx, value, &ctrl->data)) {
- return false;
- }
- break;
- }
- }
- if (ldap_known_controls[i].oid == NULL) {
- return false;
- }
-
- return true;
+ return ldap_known_controls;
}
-bool ldap_decode_control_wrapper(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl, DATA_BLOB *value)
-{
- DATA_BLOB oid;
-
- if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
- return false;
- }
-
- if (!asn1_read_OctetString(data, mem_ctx, &oid)) {
- return false;
- }
- ctrl->oid = talloc_strndup(mem_ctx, (char *)oid.data, oid.length);
- if (!ctrl->oid) {
- return false;
- }
-
- if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
- bool critical;
- if (!asn1_read_BOOLEAN(data, &critical)) {
- return false;
- }
- ctrl->critical = critical;
- } else {
- ctrl->critical = false;
- }
-
- ctrl->data = NULL;
-
- if (!asn1_peek_tag(data, ASN1_OCTET_STRING)) {
- *value = data_blob(NULL, 0);
- goto end_tag;
- }
-
- if (!asn1_read_OctetString(data, mem_ctx, value)) {
- return false;
- }
-
-end_tag:
- if (!asn1_end_tag(data)) {
- return false;
- }
-
- return true;
-}
-
-bool ldap_encode_control(void *mem_ctx, struct asn1_data *data, struct ldb_control *ctrl)
-{
- DATA_BLOB value;
- int i;
-
- for (i = 0; ldap_known_controls[i].oid != NULL; i++) {
- if (strcmp(ldap_known_controls[i].oid, ctrl->oid) == 0) {
- if (!ldap_known_controls[i].encode) {
- if (ctrl->critical) {
- return false;
- } else {
- /* not encoding this control */
- return true;
- }
- }
- if (!ldap_known_controls[i].encode(mem_ctx, ctrl->data, &value)) {
- return false;
- }
- break;
- }
- }
- if (ldap_known_controls[i].oid == NULL) {
- return false;
- }
-
- if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
- return false;
- }
-
- if (!asn1_write_OctetString(data, ctrl->oid, strlen(ctrl->oid))) {
- return false;
- }
-
- if (ctrl->critical) {
- if (!asn1_write_BOOLEAN(data, ctrl->critical)) {
- return false;
- }
- }
-
- if (!ctrl->data) {
- goto pop_tag;
- }
-
- if (!asn1_write_OctetString(data, value.data, value.length)) {
- return false;
- }
-
-pop_tag:
- if (!asn1_pop_tag(data)) {
- return false;
- }
-
- return true;
-}
diff --git a/source4/libcli/ldap/ldap_errors.h b/source4/libcli/ldap/ldap_errors.h
deleted file mode 100644
index 17ac43814c..0000000000
--- a/source4/libcli/ldap/ldap_errors.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- Unix SMB/CIFS Implementation.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Volker Lendecke 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#ifndef _SMB_LDAP_ERRORS_H_
-#define _SMB_LDAP_ERRORS_H_
-
-enum ldap_result_code {
- LDAP_SUCCESS = 0,
- LDAP_OPERATIONS_ERROR = 1,
- LDAP_PROTOCOL_ERROR = 2,
- LDAP_TIME_LIMIT_EXCEEDED = 3,
- LDAP_SIZE_LIMIT_EXCEEDED = 4,
- LDAP_COMPARE_FALSE = 5,
- LDAP_COMPARE_TRUE = 6,
- LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
- LDAP_STRONG_AUTH_REQUIRED = 8,
- LDAP_REFERRAL = 10,
- LDAP_ADMIN_LIMIT_EXCEEDED = 11,
- LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
- LDAP_CONFIDENTIALITY_REQUIRED = 13,
- LDAP_SASL_BIND_IN_PROGRESS = 14,
- LDAP_NO_SUCH_ATTRIBUTE = 16,
- LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
- LDAP_INAPPROPRIATE_MATCHING = 18,
- LDAP_CONSTRAINT_VIOLATION = 19,
- LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
- LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
- LDAP_NO_SUCH_OBJECT = 32,
- LDAP_ALIAS_PROBLEM = 33,
- LDAP_INVALID_DN_SYNTAX = 34,
- LDAP_ALIAS_DEREFERENCING_PROBLEM = 36,
- LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
- LDAP_INVALID_CREDENTIALS = 49,
- LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50,
- LDAP_BUSY = 51,
- LDAP_UNAVAILABLE = 52,
- LDAP_UNWILLING_TO_PERFORM = 53,
- LDAP_LOOP_DETECT = 54,
- LDAP_NAMING_VIOLATION = 64,
- LDAP_OBJECT_CLASS_VIOLATION = 65,
- LDAP_NOT_ALLOWED_ON_NON_LEAF = 66,
- LDAP_NOT_ALLOWED_ON_RDN = 67,
- LDAP_ENTRY_ALREADY_EXISTS = 68,
- LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
- LDAP_AFFECTS_MULTIPLE_DSAS = 71,
- LDAP_OTHER = 80
-};
-
-#endif /* _SMB_LDAP_ERRORS_H_ */
diff --git a/source4/libcli/ldap/ldap_msg.c b/source4/libcli/ldap/ldap_msg.c
deleted file mode 100644
index e45213c004..0000000000
--- a/source4/libcli/ldap/ldap_msg.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- Unix SMB/CIFS mplementation.
-
- LDAP protocol helper functions for SAMBA
-
- Copyright (C) Andrew Tridgell 2005
- Copyright (C) Volker Lendecke 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "libcli/ldap/ldap.h"
-#include "libcli/ldap/ldap_client.h"
-#include "libcli/ldap/ldap_proto.h"
-
-
-_PUBLIC_ struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx)
-{
- return talloc_zero(mem_ctx, struct ldap_message);
-}
-
-
-bool add_value_to_attrib(TALLOC_CTX *mem_ctx, struct ldb_val *value,
- struct ldb_message_element *attrib)
-{
- attrib->values = talloc_realloc(mem_ctx,
- attrib->values,
- DATA_BLOB,
- attrib->num_values+1);
- if (attrib->values == NULL)
- return false;
-
- attrib->values[attrib->num_values].data = talloc_steal(attrib->values,
- value->data);
- attrib->values[attrib->num_values].length = value->length;
- attrib->num_values += 1;
- return true;
-}
-
-bool add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx,
- const struct ldb_message_element *attrib,
- struct ldb_message_element **attribs,
- int *num_attribs)
-{
- *attribs = talloc_realloc(mem_ctx,
- *attribs,
- struct ldb_message_element,
- *num_attribs+1);
-
- if (*attribs == NULL)
- return false;
-
- (*attribs)[*num_attribs] = *attrib;
- talloc_steal(*attribs, attrib->values);
- talloc_steal(*attribs, attrib->name);
- *num_attribs += 1;
- return true;
-}
-
-bool add_mod_to_array_talloc(TALLOC_CTX *mem_ctx,
- struct ldap_mod *mod,
- struct ldap_mod **mods,
- int *num_mods)
-{
- *mods = talloc_realloc(mem_ctx, *mods, struct ldap_mod, (*num_mods)+1);
-
- if (*mods == NULL)
- return false;
-
- (*mods)[*num_mods] = *mod;
- *num_mods += 1;
- return true;
-}
-
diff --git a/source4/libcli/ldap/ldap_ndr.c b/source4/libcli/ldap/ldap_ndr.c
deleted file mode 100644
index f0a11ba41f..0000000000
--- a/source4/libcli/ldap/ldap_ndr.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- Unix SMB/CIFS mplementation.
-
- wrap/unwrap NDR encoded elements for ldap calls
-
- Copyright (C) Andrew Tridgell 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "libcli/ldap/ldap.h"
-#include "librpc/gen_ndr/ndr_security.h"
-#include "librpc/gen_ndr/ndr_misc.h"
-#include "libcli/ldap/ldap_ndr.h"
-
-/*
- encode a NDR uint32 as a ldap filter element
-*/
-char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value)
-{
- uint8_t buf[4];
- struct ldb_val val;
- SIVAL(buf, 0, value);
- val.data = buf;
- val.length = 4;
- return ldb_binary_encode(mem_ctx, val);
-}
-
-/*
- encode a NDR dom_sid as a ldap filter element
-*/
-char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
-{
- DATA_BLOB blob;
- enum ndr_err_code ndr_err;
- char *ret;
- ndr_err = ndr_push_struct_blob(&blob, mem_ctx, NULL, sid,
- (ndr_push_flags_fn_t)ndr_push_dom_sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return NULL;
- }
- ret = ldb_binary_encode(mem_ctx, blob);
- data_blob_free(&blob);
- return ret;
-}
-
-
-/*
- encode a NDR GUID as a ldap filter element
-*/
-char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid)
-{
- DATA_BLOB blob;
- enum ndr_err_code ndr_err;
- char *ret;
- ndr_err = ndr_push_struct_blob(&blob, mem_ctx, NULL, guid,
- (ndr_push_flags_fn_t)ndr_push_GUID);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return NULL;
- }
- ret = ldb_binary_encode(mem_ctx, blob);
- data_blob_free(&blob);
- return ret;
-}
-
-/*
- decode a NDR GUID from a ldap filter element
-*/
-NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid)
-{
- DATA_BLOB blob;
- enum ndr_err_code ndr_err;
-
- blob.data = val.data;
- blob.length = val.length;
- ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, guid,
- (ndr_pull_flags_fn_t)ndr_pull_GUID);
- talloc_free(val.data);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
- return NT_STATUS_OK;
-}
diff --git a/source4/libcli/ldap/ldap_ndr.h b/source4/libcli/ldap/ldap_ndr.h
deleted file mode 100644
index ee1f702c78..0000000000
--- a/source4/libcli/ldap/ldap_ndr.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef __LIBCLI_LDAP_LDAP_NDR_H__
-#define __LIBCLI_LDAP_LDAP_NDR_H__
-
-#include "librpc/gen_ndr/ndr_misc.h"
-
-char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value);
-char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
-char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid);
-NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid);
-
-#endif /* __LIBCLI_LDAP_LDAP_NDR_H__ */
-
diff --git a/source4/libcli/util/nterr.c b/source4/libcli/util/nterr.c
index 8371837dcb..4e7cdf5c3a 100644
--- a/source4/libcli/util/nterr.c
+++ b/source4/libcli/util/nterr.c
@@ -20,7 +20,7 @@
/* NT error codes. please read nterr.h */
#include "includes.h"
-#include "libcli/ldap/ldap_errors.h"
+#include "../libcli/ldap/ldap_errors.h"
#undef strcasecmp
typedef struct