From aeb8077b9600ffea6e4e7ee5caca54fbf941eb6e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 25 Jul 2006 20:05:00 +0000 Subject: r17240: move extended operations to a new file metze (This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a) --- source4/ldap_server/ldap_extended.c | 96 +++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 source4/ldap_server/ldap_extended.c (limited to 'source4/ldap_server/ldap_extended.c') diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c new file mode 100644 index 0000000000..bc757fc973 --- /dev/null +++ b/source4/ldap_server/ldap_extended.c @@ -0,0 +1,96 @@ +/* + Unix SMB/CIFS implementation. + LDAP server + Copyright (C) Stefan Metzmacher 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "ldap_server/ldap_server.h" +#include "dlinklist.h" +#include "libcli/ldap/ldap.h" +#include "lib/tls/tls.h" +#include "smbd/service_stream.h" + +struct ldapsrv_starttls_context { + struct ldapsrv_connection *conn; + struct socket_context *tls_socket; +}; + +static void ldapsrv_start_tls(void *private) +{ + struct ldapsrv_starttls_context *ctx = talloc_get_type(private, struct ldapsrv_starttls_context); + talloc_steal(ctx->conn->connection, ctx->tls_socket); + talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + + ctx->conn->sockets.tls = ctx->tls_socket; + ctx->conn->connection->socket = ctx->tls_socket; + packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); +} + +NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) +{ + struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Extended\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); + if (!reply) { + return NT_STATUS_NO_MEMORY; + } + + ZERO_STRUCT(reply->msg->r); + + /* check if we have a START_TLS call */ + if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) { + struct ldapsrv_starttls_context *ctx; + int result = 0; + const char *errstr; + ctx = talloc(call, struct ldapsrv_starttls_context); + + if (ctx) { + ctx->conn = call->conn; + ctx->tls_socket = tls_init_server(call->conn->service->tls_params, + call->conn->connection->socket, + call->conn->connection->event.fde, + NULL); + } + + if (!ctx || !ctx->tls_socket) { + result = LDAP_OPERATIONS_ERROR; + errstr = talloc_asprintf(reply, + "START-TLS: Failed to setup TLS socket"); + } else { + result = LDAP_SUCCESS; + errstr = NULL; + call->send_callback = ldapsrv_start_tls; + call->send_private = ctx; + } + + reply->msg->r.ExtendedResponse.response.resultcode = result; + reply->msg->r.ExtendedResponse.response.errormessage = errstr; + reply->msg->r.ExtendedResponse.oid = talloc_strdup(reply, req->oid); + if (!reply->msg->r.ExtendedResponse.oid) { + return NT_STATUS_NO_MEMORY; + } + } + + /* TODO: OID not recognized, return a protocol error */ + + ldapsrv_queue_reply(call, reply); + return NT_STATUS_OK; +} -- cgit From 04d776a4090de08deb9c4912636bdb56082ce9d2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 26 Jul 2006 06:18:13 +0000 Subject: r17251: - split out the starttls into its own function - give an operations error when tls is already on the socket metze (This used to be commit 9190d134c9be774c53f6dae52b7c4cdcc053d00f) --- source4/ldap_server/ldap_extended.c | 138 +++++++++++++++++++++++++----------- 1 file changed, 96 insertions(+), 42 deletions(-) (limited to 'source4/ldap_server/ldap_extended.c') diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index bc757fc973..06e5feb828 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -41,56 +41,110 @@ static void ldapsrv_start_tls(void *private) packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } -NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call, + struct ldapsrv_reply *reply, + const char **errstr) { - struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest; - struct ldapsrv_reply *reply; + struct ldapsrv_starttls_context *ctx; - DEBUG(10, ("Extended\n")); + (*errstr) = NULL; - reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); - if (!reply) { - return NT_STATUS_NO_MEMORY; + /* + * TODO: give LDAP_OPERATIONS_ERROR also when + * there're pending requests or there's + * a SASL bind in progress + * (see rfc4513 section 3.1.1) + */ + if (call->conn->sockets.tls) { + (*errstr) = talloc_asprintf(reply, "START-TLS: TLS is already enabled on this LDAP session"); + return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - ZERO_STRUCT(reply->msg->r); - - /* check if we have a START_TLS call */ - if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) { - struct ldapsrv_starttls_context *ctx; - int result = 0; - const char *errstr; - ctx = talloc(call, struct ldapsrv_starttls_context); - - if (ctx) { - ctx->conn = call->conn; - ctx->tls_socket = tls_init_server(call->conn->service->tls_params, - call->conn->connection->socket, - call->conn->connection->event.fde, - NULL); - } - - if (!ctx || !ctx->tls_socket) { - result = LDAP_OPERATIONS_ERROR; - errstr = talloc_asprintf(reply, - "START-TLS: Failed to setup TLS socket"); - } else { - result = LDAP_SUCCESS; - errstr = NULL; - call->send_callback = ldapsrv_start_tls; - call->send_private = ctx; - } - - reply->msg->r.ExtendedResponse.response.resultcode = result; - reply->msg->r.ExtendedResponse.response.errormessage = errstr; - reply->msg->r.ExtendedResponse.oid = talloc_strdup(reply, req->oid); - if (!reply->msg->r.ExtendedResponse.oid) { - return NT_STATUS_NO_MEMORY; - } + ctx = talloc(call, struct ldapsrv_starttls_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->conn = call->conn; + ctx->tls_socket = tls_init_server(call->conn->service->tls_params, + call->conn->connection->socket, + call->conn->connection->event.fde, + NULL); + if (!ctx->tls_socket) { + (*errstr) = talloc_asprintf(reply, "START-TLS: Failed to setup TLS socket"); + return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - /* TODO: OID not recognized, return a protocol error */ + call->send_callback = ldapsrv_start_tls; + call->send_private = ctx; + + reply->msg->r.ExtendedResponse.response.resultcode = LDAP_SUCCESS; + reply->msg->r.ExtendedResponse.response.errormessage = NULL; ldapsrv_queue_reply(call, reply); return NT_STATUS_OK; } + +struct ldapsrv_extended_operation { + const char *oid; + NTSTATUS (*fn)(struct ldapsrv_call *call, struct ldapsrv_reply *reply, const char **errorstr); +}; + +static struct ldapsrv_extended_operation extended_ops[] = { + { + .oid = LDB_EXTENDED_START_TLS_OID, + .fn = ldapsrv_StartTLS, + },{ + .oid = NULL, + .fn = NULL, + } +}; + +NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) +{ + struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest; + struct ldapsrv_reply *reply; + int result = LDAP_PROTOCOL_ERROR; + const char *error_str = NULL; + NTSTATUS status = NT_STATUS_OK; + uint32_t i; + + DEBUG(10, ("Extended\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); + NT_STATUS_HAVE_NO_MEMORY(reply); + + ZERO_STRUCT(reply->msg->r); + reply->msg->r.ExtendedResponse.oid = talloc_steal(reply, req->oid); + reply->msg->r.ExtendedResponse.response.resultcode = LDAP_PROTOCOL_ERROR; + reply->msg->r.ExtendedResponse.response.errormessage = NULL; + + for (i=0; extended_ops[i].oid; i++) { + if (strcmp(extended_ops[i].oid,req->oid) != 0) continue; + + /* + * if the backend function returns an error we + * need to send the reply otherwise the reply is already + * send and we need to return directly + */ + status = extended_ops[i].fn(call, reply, &error_str); + NT_STATUS_IS_OK_RETURN(status); + + if (NT_STATUS_IS_LDAP(status)) { + result = NT_STATUS_LDAP_CODE(status); + } else { + result = LDAP_OPERATIONS_ERROR; + error_str = talloc_asprintf(reply, "Extended Operation(%s) failed: %s", + req->oid, nt_errstr(status)); + } + } + /* if we haven't found the oid, then status is still NT_STATUS_OK */ + if (NT_STATUS_IS_OK(status)) { + error_str = talloc_asprintf(reply, "Extended Operation(%s) not supported", + req->oid); + } + + reply->msg->r.ExtendedResponse.response.resultcode = result; + reply->msg->r.ExtendedResponse.response.errormessage = error_str; + + ldapsrv_queue_reply(call, reply); + return NT_STATUS_OK; +} -- cgit From 0329d755a7611ba3897fc1ee9bdce410cc33d7f8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 30 Aug 2006 11:29:34 +0000 Subject: r17930: Merge noinclude branch: * Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42) --- source4/ldap_server/ldap_extended.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_extended.c') diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index 06e5feb828..607700d759 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -20,7 +20,7 @@ #include "includes.h" #include "ldap_server/ldap_server.h" -#include "dlinklist.h" +#include "lib/util/dlinklist.h" #include "libcli/ldap/ldap.h" #include "lib/tls/tls.h" #include "smbd/service_stream.h" -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/ldap_server/ldap_extended.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_extended.c') diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index 607700d759..fe917cf7f2 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit