From a560d554bdfade75b81780e427e51cc436d9488a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 13 Sep 2004 10:36:59 +0000 Subject: r2321: add complately untested LDAP server start based on volker's patch this is compiled by default but not started by default metze (This used to be commit 5387bc423d4dc669cbac6626f8dd3a5498a6519d) --- source4/ldap_server/ldap_server.c | 455 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 455 insertions(+) create mode 100644 source4/ldap_server/ldap_server.c (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c new file mode 100644 index 0000000000..d9c2957027 --- /dev/null +++ b/source4/ldap_server/ldap_server.c @@ -0,0 +1,455 @@ +/* + Unix SMB/CIFS implementation. + LDAP server + Copyright (C) Volker Lendecke 2004 + Copyright (C) Stefan Metzmacher 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + close the socket and shutdown a server_context +*/ +static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) +{ + server_terminate_connection(ldap_conn->connection, reason); +} + +/* + add a socket address to the list of events, one event per port +*/ +static void add_socket(struct server_service *service, + const struct model_ops *model_ops, + struct socket_context *socket_ctx, + struct in_addr *ifip) +{ + uint16_t port = 389; + + service_setup_socket(service, model_ops, socket_ctx, ifip, &port); +} + +/**************************************************************************** + Open the socket communication. +****************************************************************************/ +static void ldapsrv_init(struct server_service *service, + const struct model_ops *model_ops) +{ + DEBUG(1,("ldapsrv_init\n")); + + if (lp_interfaces() && lp_bind_interfaces_only()) { + int num_interfaces = iface_count(); + int i; + + /* We have been given an interfaces line, and been + told to only bind to those interfaces. Create a + socket per interface and bind to only these. + */ + for(i = 0; i < num_interfaces; i++) { + struct in_addr *ifip = iface_n_ip(i); + + if (ifip == NULL) { + DEBUG(0,("ldapsrv_init: interface %d has NULL " + "IP address !\n", i)); + continue; + } + + add_socket(service, model_ops, NULL, ifip); + } + } else { + struct in_addr *ifip; + TALLOC_CTX *mem_ctx = talloc_init("ldapsrv_init"); + + if (!mem_ctx) { + smb_panic("No memory"); + } + + /* Just bind to lp_socket_address() (usually 0.0.0.0) */ + ifip = interpret_addr2(mem_ctx, lp_socket_address()); + add_socket(service, model_ops, NULL, ifip); + + talloc_destroy(mem_ctx); + } +} + +/* This rw-buf api is made to avoid memcpy. For now do that like mad... The + idea is to write into a circular list of buffers where the ideal case is + that a read(2) holds a complete request that is then thrown away + completely. */ + +static BOOL append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) +{ + buf->data = realloc(buf->data, buf->length+length); + + if (buf->data == NULL) + return False; + + memcpy(buf->data+buf->length, data, length); + + buf->length += length; + return True; +} + +static BOOL read_into_buf(int fd, struct rw_buffer *buf) +{ + char tmp_buf[1024]; + int len; + + len = read(fd, tmp_buf, sizeof(tmp_buf)); + if (len == 0) + return False; + + return append_to_buf(buf, tmp_buf, len); +} + +static BOOL write_from_buf(int fd, struct rw_buffer *buf) +{ + int len; + + len = write(fd, buf->data, buf->length); + if (len != buf->length) + return False; + + return True; +} + +static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, + size_t *out_length) +{ + *out = buf->data; + *out_length = buf->length; +} + +static void consumed_from_read_buf(struct rw_buffer *buf, + size_t length) +{ + memcpy(buf->data, buf->data+length, buf->length-length); + buf->length -= length; +} + +static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) +{ + DATA_BLOB blob; + BOOL res; + + if (!ldap_encode(msg, &blob)) + return False; + + res = append_to_buf(buf, blob.data, blob.length); + + data_blob_free(&blob); + return res; +} + +static void reply_unwilling(struct ldapsrv_connection *ldap_conn, int error) +{ + struct ldap_message *msg; + struct ldap_ExtendedResponse *r; + + msg = new_ldap_message(); + + if (msg == NULL) { + ldapsrv_terminate_connection(ldap_conn, "new_ldap_message() failed"); + return; + } + + msg->messageid = 0; + r = &msg->r.ExtendedResponse; + + /* When completely freaking out, OpenLDAP responds with an ExtResp */ + msg->type = LDAP_TAG_ExtendedResponse; + r->response.resultcode = error; + r->response.dn = NULL; + r->response.errormessage = NULL; + r->response.referral = NULL; + r->name = NULL; + r->value.data = NULL; + r->value.length = 0; + + ldap_append_to_buf(msg, &ldap_conn->out_buffer); + + talloc_destroy(msg->mem_ctx); +} + +static void ldap_reply_BindRequest(struct ldapsrv_connection *conn, + struct ldap_message *request) +{ + struct ldap_BindRequest *req = &request->r.BindRequest; + + struct ldap_message *msg; + struct ldap_BindResponse *resp; + + DEBUG(5, ("Binding as %s with pw %s\n", + req->dn, req->creds.password)); + + msg = new_ldap_message(); + + if (msg == NULL) { + ldapsrv_terminate_connection(conn, "new_ldap_message() failed"); + return; + } + + resp = &msg->r.BindResponse; + + msg->messageid = request->messageid; + msg->type = LDAP_TAG_BindResponse; + resp->response.resultcode = 0; + resp->response.dn = NULL; + resp->response.errormessage = NULL; + resp->response.referral = NULL; + resp->SASL.secblob = data_blob(NULL, 0); + + ldap_append_to_buf(msg, &conn->out_buffer); + talloc_destroy(msg->mem_ctx); +} + +static void ldap_reply_SearchRequest(struct ldapsrv_connection *conn, + struct ldap_message *request) +{ + struct ldap_SearchRequest *req = &request->r.SearchRequest; + + struct ldap_message *msg; + struct ldap_Result *resp; + + DEBUG(10, ("Search filter: %s\n", req->filter)); + + msg = new_ldap_message(); + + if (msg == NULL) { + ldapsrv_terminate_connection(conn, "new_ldap_message() failed"); + return; + } + + msg->messageid = request->messageid; + resp = &msg->r.SearchResultDone; + + /* Is this a rootdse request? */ + if ((strlen(req->basedn) == 0) && + (req->scope == LDAP_SEARCH_SCOPE_BASE) && + strequal(req->filter, "(objectclass=*)")) { + msg->type = LDAP_TAG_SearchResultEntry; + msg->r.SearchResultEntry.dn = ""; + msg->r.SearchResultEntry.num_attributes = 0; + msg->r.SearchResultEntry.attributes = NULL; + return; + } + + msg->type = LDAP_TAG_SearchResultDone; + resp->resultcode = 0; + resp->dn = NULL; + resp->errormessage = NULL; + resp->referral = NULL; + + ldap_append_to_buf(msg, &conn->out_buffer); + talloc_destroy(msg->mem_ctx); +} + +static void switch_ldap_message(struct ldapsrv_connection *conn, + struct ldap_message *msg) +{ + switch(msg->type) { + case LDAP_TAG_BindRequest: + ldap_reply_BindRequest(conn, msg); + break; + case LDAP_TAG_SearchRequest: + ldap_reply_SearchRequest(conn, msg); + break; + default: + reply_unwilling(conn, 2); + break; + } +} + +static void ldap_queue_run(struct server_connection *conn) +{ + struct ldapsrv_connection *ldap_conn = conn->private_data; + + while (ldap_conn->in_queue) { + struct ldap_message_queue *req = ldap_conn->in_queue; + DLIST_REMOVE(ldap_conn->in_queue, req); + + switch_ldap_message(ldap_conn, req->msg); + talloc_destroy(req->msg->mem_ctx); + } +} + +/* + called when a LDAP socket becomes readable +*/ +static void ldapsrv_recv(struct server_connection *conn, time_t t, + uint16_t flags) +{ + struct ldapsrv_connection *ldap_conn = conn->private_data; + uint8_t *buf; + int buf_length, msg_length; + DATA_BLOB blob; + ASN1_DATA data; + struct ldap_message *msg; + struct ldap_message_queue *queue_entry; + + DEBUG(10,("ldapsrv_recv\n")); + + if (!read_into_buf(conn->event.fde->fd, &ldap_conn->in_buffer)) { + ldapsrv_terminate_connection(ldap_conn, "read_into_buf() failed"); + return; + } + + peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); + + while (buf_length > 0) { + + /* LDAP Messages are always SEQUENCES */ + + if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0), + &msg_length)) { + ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed"); + return; + } + + if (buf_length < msg_length) { + /* Not enough yet */ + break; + } + + /* We've got a complete LDAP request in the in-buffer, convert + * that to a ldap_message and put it into the incoming + * queue. */ + + blob.data = buf; + blob.length = msg_length; + + if (!asn1_load(&data, blob)) { + ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed"); + return; + } + + msg = new_ldap_message(); + + if ((msg == NULL) || !ldap_decode(&data, msg)) { + ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); + return; + } + + queue_entry = talloc_p(msg->mem_ctx, struct ldap_message_queue); + + if (queue_entry == NULL) { + ldapsrv_terminate_connection(ldap_conn, "alloc_p(msg->mem_ctx, struct ldap_message_queue) failed"); + return; + } + + queue_entry->msg = msg; + + DLIST_ADD_END(ldap_conn->in_queue, queue_entry, + struct ldap_message_queue *); + + consumed_from_read_buf(&ldap_conn->in_buffer, msg_length); + + peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); + } + + ldap_queue_run(conn); + + return; +} + +/* + called when a LDAP socket becomes writable +*/ +static void ldapsrv_send(struct server_connection *conn, time_t t, + uint16_t flags) +{ + struct ldapsrv_connection *ldap_conn = conn->private_data; + + DEBUG(10,("ldapsrv_send\n")); + + if (!write_from_buf(conn->event.fde->fd, &ldap_conn->out_buffer)) { + ldapsrv_terminate_connection(ldap_conn, "write_from_buf() failed"); + return; + } + + return; +} + +/* + called when connection is idle +*/ +static void ldapsrv_idle(struct server_connection *conn, time_t t) +{ + DEBUG(10,("ldapsrv_idle: not implemented!\n")); + return; +} + +static void ldapsrv_close(struct server_connection *conn, const char *reason) +{ + struct ldapsrv_connection *ldap_conn = conn->private_data; + + talloc_free(ldap_conn); + + return; +} + +/* + initialise a server_context from a open socket and register a event handler + for reading from that socket +*/ +static void ldapsrv_accept(struct server_connection *conn) +{ + struct ldapsrv_connection *ldap_conn; + + DEBUG(5, ("ldapsrv_accept\n")); + + ldap_conn = talloc_p(NULL, struct ldapsrv_connection); + + if (ldap_conn == NULL) + return; + + ZERO_STRUCTP(ldap_conn); + ldap_conn->connection = conn; + + conn->private_data = ldap_conn; + + return; +} + +/* + called on a fatal error that should cause this server to terminate +*/ +static void ldapsrv_exit(struct server_service *service, const char *reason) +{ + DEBUG(1,("ldapsrv_exit\n")); + return; +} + +static const struct server_service_ops ldap_server_ops = { + .name = "ldap", + .service_init = ldapsrv_init, + .accept_connection = ldapsrv_accept, + .recv_handler = ldapsrv_recv, + .send_handler = ldapsrv_send, + .idle_handler = ldapsrv_idle, + .close_connection = ldapsrv_close, + .service_exit = ldapsrv_exit, +}; + +const struct server_service_ops *ldapsrv_get_ops(void) +{ + return &ldap_server_ops; +} + +NTSTATUS server_service_ldap_init(void) +{ + return NT_STATUS_OK; +} -- cgit From 9041c3560fe1d8e272e6199f2e7c56407d49d3cb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 18 Sep 2004 08:13:06 +0000 Subject: r2401: make our LDAP server useable: - we need to mark the fd event as writable otherwise we'll never senda packet to the client - a search response have to ended by a LDAP result message - return currentTime, supportedLDAPVersion and dnsHostName for testing ldap -x -s base -h ldap://localhost/ is now works against our LDAP server metze (This used to be commit 3a9ca351166cf56de878e4408e221df299271c32) --- source4/ldap_server/ldap_server.c | 203 +++++++++++++++++++++++++++++++++++++- 1 file changed, 200 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d9c2957027..09df833722 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -240,11 +240,204 @@ static void ldap_reply_SearchRequest(struct ldapsrv_connection *conn, if ((strlen(req->basedn) == 0) && (req->scope == LDAP_SEARCH_SCOPE_BASE) && strequal(req->filter, "(objectclass=*)")) { + +#define ATTR_BLOB_CONST(val) data_blob(val, sizeof(val)-1) +#define ATTR_CONST_SINGLE(attr, blob, nam, val) do { \ + attr.name = nam; \ + attr.num_values = ARRAY_SIZE(blob); \ + attr.values = blob; \ + blob[0] = ATTR_BLOB_CONST(val); \ +} while(0) +#define ATTR_CONST_SINGLE_NOVAL(attr, blob, nam) do { \ + attr.name = nam;\ + attr.num_values = ARRAY_SIZE(blob); \ + attr.values = blob;\ +} while(0) + TALLOC_CTX *mem_ctx; + struct ldap_attribute attrs[3]; + DATA_BLOB currentTime[1]; + DATA_BLOB supportedLDAPVersion[2]; + DATA_BLOB dnsHostName[1]; + + mem_ctx = talloc_init("rootDSE"); + if (!mem_ctx) { + ldapsrv_terminate_connection(conn, "no memory"); + return; + } + + /* + * currentTime + * 20040918090350.0Z + */ + ATTR_CONST_SINGLE_NOVAL(attrs[0], currentTime, "currentTime"); + { + char *str = ldap_timestring(mem_ctx, time(NULL)); + if (!str) { + ldapsrv_terminate_connection(conn, "no memory"); + return; + } + currentTime[0] = data_blob(str, strlen(str)); + talloc_free(str); + } + + /* + * subschemaSubentry + * CN=Aggregate,CN=Schema,CN=Configuration,DC=DOM,DC=TLD + */ + + /* + * dsServiceName + * CN=NTDS Settings,CN=NETBIOSNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOM,DC=TLD + */ + + /* + * namingContexts + * DC=DOM,DC=TLD + * CN=Configuration,DC=DOM,DC=TLD + * CN=Schema,CN=Configuration,DC=DOM,DC=TLD + * DC=DomainDnsZones,DC=DOM,DC=TLD + * DC=ForestDnsZones,DC=DOM,DC=TLD + */ + + /* + * defaultNamingContext + * DC=DOM,DC=TLD + */ + + /* + * schemaNamingContext + * CN=Schema,CN=Configuration,DC=DOM,DC=TLD + */ + + /* + * configurationNamingContext + * CN=Configuration,DC=DOM,DC=TLD + */ + + /* + * rootDomainNamingContext + * DC=DOM,DC=TLD + */ + + /* + * supportedControl + * 1.2.840.113556.1.4.319 + * 1.2.840.113556.1.4.801 + * 1.2.840.113556.1.4.473 + * 1.2.840.113556.1.4.528 + * 1.2.840.113556.1.4.417 + * 1.2.840.113556.1.4.619 + * 1.2.840.113556.1.4.841 + * 1.2.840.113556.1.4.529 + * 1.2.840.113556.1.4.805 + * 1.2.840.113556.1.4.521 + * 1.2.840.113556.1.4.970 + * 1.2.840.113556.1.4.1338 + * 1.2.840.113556.1.4.474 + * 1.2.840.113556.1.4.1339 + * 1.2.840.113556.1.4.1340 + * 1.2.840.113556.1.4.1413 + * 2.16.840.1.113730.3.4.9 + * 2.16.840.1.113730.3.4.10 + * 1.2.840.113556.1.4.1504 + * 1.2.840.113556.1.4.1852 + * 1.2.840.113556.1.4.802 + */ + + /* + * supportedLDAPVersion + * 3 + * 2 + */ + ATTR_CONST_SINGLE_NOVAL(attrs[1], supportedLDAPVersion, "supportedLDAPVersion"); + supportedLDAPVersion[0] = ATTR_BLOB_CONST("3"); + supportedLDAPVersion[1] = ATTR_BLOB_CONST("2"); + + /* + * supportedLDAPPolicies + * MaxPoolThreads + * MaxDatagramRecv + * MaxReceiveBuffer + * InitRecvTimeout + * MaxConnections + * MaxConnIdleTime + * MaxPageSize + * MaxQueryDuration + * MaxTempTableSize + * MaxResultSetSize + * MaxNotificationPerConn + * MaxValRange + */ + + /* + * highestCommittedUSN + * 4555 + */ + + /* + * supportedSASLMechanisms + * GSSAPI + * GSS-SPNEGO + * EXTERNAL + * DIGEST-MD5 + */ + + /* + * dnsHostName + * netbiosname.dom.tld + */ + ATTR_CONST_SINGLE_NOVAL(attrs[2], dnsHostName, "dnsHostName"); + dnsHostName[0] = data_blob(lp_netbios_name(),strlen(lp_netbios_name())); + + /* + * ldapServiceName + * dom.tld:netbiosname$@DOM.TLD + */ + + /* + * serverName: + * CN=NETBIOSNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOM,DC=TLD + */ + + /* + * supportedCapabilities + * 1.2.840.113556.1.4.800 + * 1.2.840.113556.1.4.1670 + * 1.2.840.113556.1.4.1791 + */ + + /* + * isSynchronized: + * TRUE/FALSE + */ + + /* + * isGlobalCatalogReady + * TRUE/FALSE + */ + + /* + * domainFunctionality + * 0 + */ + + /* + * forestFunctionality + * 0 + */ + + /* + * domainControllerFunctionality + * 2 + */ + msg->type = LDAP_TAG_SearchResultEntry; msg->r.SearchResultEntry.dn = ""; - msg->r.SearchResultEntry.num_attributes = 0; - msg->r.SearchResultEntry.attributes = NULL; - return; + msg->r.SearchResultEntry.num_attributes = ARRAY_SIZE(attrs); + msg->r.SearchResultEntry.attributes = attrs; + + ldap_append_to_buf(msg, &conn->out_buffer); + talloc_free(mem_ctx); } msg->type = LDAP_TAG_SearchResultDone; @@ -362,6 +555,8 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, ldap_queue_run(conn); + conn->event.fde->flags |= EVENT_FD_WRITE; + return; } @@ -380,6 +575,8 @@ static void ldapsrv_send(struct server_connection *conn, time_t t, return; } + conn->event.fde->flags &= ~EVENT_FD_WRITE; + return; } -- cgit From 7d06a06584e5163b69f712e38dc46afc2668389c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 20 Sep 2004 12:31:07 +0000 Subject: r2447: let the server code use the new lib/socket/ stuff metze (This used to be commit 2fd577d2417e117a7e8c1a56feb147eae805df34) --- source4/ldap_server/ldap_server.c | 55 ++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 18 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 09df833722..59065e142d 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -33,13 +33,15 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, c add a socket address to the list of events, one event per port */ static void add_socket(struct server_service *service, - const struct model_ops *model_ops, - struct socket_context *socket_ctx, + const struct model_ops *model_ops, struct in_addr *ifip) { uint16_t port = 389; + char *ip_str = talloc_strdup(service->mem_ctx, inet_ntoa(*ifip)); - service_setup_socket(service, model_ops, socket_ctx, ifip, &port); + service_setup_socket(service, model_ops, ip_str, &port); + + talloc_free(ip_str); } /**************************************************************************** @@ -67,7 +69,7 @@ static void ldapsrv_init(struct server_service *service, continue; } - add_socket(service, model_ops, NULL, ifip); + add_socket(service, model_ops, ifip); } } else { struct in_addr *ifip; @@ -79,7 +81,7 @@ static void ldapsrv_init(struct server_service *service, /* Just bind to lp_socket_address() (usually 0.0.0.0) */ ifip = interpret_addr2(mem_ctx, lp_socket_address()); - add_socket(service, model_ops, NULL, ifip); + add_socket(service, model_ops, ifip); talloc_destroy(mem_ctx); } @@ -103,25 +105,42 @@ static BOOL append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) return True; } -static BOOL read_into_buf(int fd, struct rw_buffer *buf) +static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) { - char tmp_buf[1024]; - int len; + NTSTATUS status; + DATA_BLOB tmp_blob; + BOOL ret; - len = read(fd, tmp_buf, sizeof(tmp_buf)); - if (len == 0) + status = socket_recv(sock, sock, &tmp_blob, 1024, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("socket_recv: %s\n",nt_errstr(status))); return False; + } + + ret = append_to_buf(buf, tmp_blob.data, tmp_blob.length); - return append_to_buf(buf, tmp_buf, len); + talloc_free(tmp_blob.data); + + return ret; } -static BOOL write_from_buf(int fd, struct rw_buffer *buf) +static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) { - int len; + NTSTATUS status; + DATA_BLOB tmp_blob; + size_t sendlen; + + tmp_blob.data = buf->data; + tmp_blob.length = buf->length; - len = write(fd, buf->data, buf->length); - if (len != buf->length) + status = socket_send(sock, sock, &tmp_blob, &sendlen, 0); + if (!NT_STATUS_IS_OK(status)) { return False; + } + + if (buf->length != sendlen) { + return False; + } return True; } @@ -495,7 +514,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, DEBUG(10,("ldapsrv_recv\n")); - if (!read_into_buf(conn->event.fde->fd, &ldap_conn->in_buffer)) { + if (!read_into_buf(conn->socket, &ldap_conn->in_buffer)) { ldapsrv_terminate_connection(ldap_conn, "read_into_buf() failed"); return; } @@ -570,7 +589,7 @@ static void ldapsrv_send(struct server_connection *conn, time_t t, DEBUG(10,("ldapsrv_send\n")); - if (!write_from_buf(conn->event.fde->fd, &ldap_conn->out_buffer)) { + if (!write_from_buf(conn->socket, &ldap_conn->out_buffer)) { ldapsrv_terminate_connection(ldap_conn, "write_from_buf() failed"); return; } @@ -617,7 +636,7 @@ static void ldapsrv_accept(struct server_connection *conn) ldap_conn->connection = conn; conn->private_data = ldap_conn; - + return; } -- cgit From b6d3ba9672642dac9e88e9382b0259d759e48734 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Sep 2004 10:48:32 +0000 Subject: r2509: add a struct ldapsrv_call which is simular to the dcesrv_call_state struct and related stuff... metze (This used to be commit dc1f8212ff717765c40ea5668e841db50e636748) --- source4/ldap_server/ldap_server.c | 528 ++++++++++++++++++-------------------- 1 file changed, 245 insertions(+), 283 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 59065e142d..529af3fe2a 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -36,10 +36,11 @@ static void add_socket(struct server_service *service, const struct model_ops *model_ops, struct in_addr *ifip) { + struct server_socket *srv_sock; uint16_t port = 389; char *ip_str = talloc_strdup(service->mem_ctx, inet_ntoa(*ifip)); - service_setup_socket(service, model_ops, ip_str, &port); + srv_sock = service_setup_socket(service, model_ops, ip_str, &port); talloc_free(ip_str); } @@ -92,6 +93,13 @@ static void ldapsrv_init(struct server_service *service, that a read(2) holds a complete request that is then thrown away completely. */ +static void consumed_from_buf(struct rw_buffer *buf, + size_t length) +{ + memcpy(buf->data, buf->data+length, buf->length-length); + buf->length -= length; +} + static BOOL append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) { buf->data = realloc(buf->data, buf->length+length); @@ -135,12 +143,11 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) status = socket_send(sock, sock, &tmp_blob, &sendlen, 0); if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("socket_send() %s\n",nt_errstr(status))); return False; } - if (buf->length != sendlen) { - return False; - } + consumed_from_buf(buf, sendlen); return True; } @@ -152,13 +159,6 @@ static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, *out_length = buf->length; } -static void consumed_from_read_buf(struct rw_buffer *buf, - size_t length) -{ - memcpy(buf->data, buf->data+length, buf->length-length); - buf->length -= length; -} - static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) { DATA_BLOB blob; @@ -173,23 +173,38 @@ static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) return res; } -static void reply_unwilling(struct ldapsrv_connection *ldap_conn, int error) +static struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type) +{ + struct ldapsrv_reply *reply; + + reply = talloc_p(call, struct ldapsrv_reply); + if (!reply) { + return NULL; + } + + reply->prev = reply->next = NULL; + reply->state = LDAPSRV_REPLY_STATE_NEW; + reply->msg.messageid = call->request.messageid; + reply->msg.type = type; + reply->msg.mem_ctx = reply; + + return reply; +} + +static void ldapsrv_unwilling(struct ldapsrv_call *call, int error) { - struct ldap_message *msg; + struct ldapsrv_reply *reply; struct ldap_ExtendedResponse *r; - msg = new_ldap_message(); + DEBUG(0,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid)); - if (msg == NULL) { - ldapsrv_terminate_connection(ldap_conn, "new_ldap_message() failed"); + reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); return; } - msg->messageid = 0; - r = &msg->r.ExtendedResponse; - - /* When completely freaking out, OpenLDAP responds with an ExtResp */ - msg->type = LDAP_TAG_ExtendedResponse; + r = &reply->msg.r.ExtendedResponse; r->response.resultcode = error; r->response.dn = NULL; r->response.errormessage = NULL; @@ -198,303 +213,243 @@ static void reply_unwilling(struct ldapsrv_connection *ldap_conn, int error) r->value.data = NULL; r->value.length = 0; - ldap_append_to_buf(msg, &ldap_conn->out_buffer); - - talloc_destroy(msg->mem_ctx); + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); } -static void ldap_reply_BindRequest(struct ldapsrv_connection *conn, - struct ldap_message *request) +static void ldapsrv_BindRequest(struct ldapsrv_call *call) { - struct ldap_BindRequest *req = &request->r.BindRequest; - - struct ldap_message *msg; + struct ldap_BindRequest *req = &call->request.r.BindRequest; + struct ldapsrv_reply *reply; struct ldap_BindResponse *resp; DEBUG(5, ("Binding as %s with pw %s\n", req->dn, req->creds.password)); - msg = new_ldap_message(); - - if (msg == NULL) { - ldapsrv_terminate_connection(conn, "new_ldap_message() failed"); + reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); return; } - resp = &msg->r.BindResponse; - - msg->messageid = request->messageid; - msg->type = LDAP_TAG_BindResponse; + resp = &reply->msg.r.BindResponse; resp->response.resultcode = 0; resp->response.dn = NULL; resp->response.errormessage = NULL; resp->response.referral = NULL; resp->SASL.secblob = data_blob(NULL, 0); - ldap_append_to_buf(msg, &conn->out_buffer); - talloc_destroy(msg->mem_ctx); + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); } -static void ldap_reply_SearchRequest(struct ldapsrv_connection *conn, - struct ldap_message *request) +static void ldapsrv_UnbindRequest(struct ldapsrv_call *call) { - struct ldap_SearchRequest *req = &request->r.SearchRequest; +// struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest; + DEBUG(10, ("Unbind\n")); +} - struct ldap_message *msg; +static void ldapsrv_SearchRequest(struct ldapsrv_call *call) +{ + struct ldap_SearchRequest *req = &call->request.r.SearchRequest; + struct ldapsrv_reply *reply; struct ldap_Result *resp; DEBUG(10, ("Search filter: %s\n", req->filter)); - msg = new_ldap_message(); - - if (msg == NULL) { - ldapsrv_terminate_connection(conn, "new_ldap_message() failed"); - return; - } - - msg->messageid = request->messageid; - resp = &msg->r.SearchResultDone; - /* Is this a rootdse request? */ if ((strlen(req->basedn) == 0) && (req->scope == LDAP_SEARCH_SCOPE_BASE) && strequal(req->filter, "(objectclass=*)")) { -#define ATTR_BLOB_CONST(val) data_blob(val, sizeof(val)-1) -#define ATTR_CONST_SINGLE(attr, blob, nam, val) do { \ - attr.name = nam; \ - attr.num_values = ARRAY_SIZE(blob); \ - attr.values = blob; \ - blob[0] = ATTR_BLOB_CONST(val); \ -} while(0) -#define ATTR_CONST_SINGLE_NOVAL(attr, blob, nam) do { \ - attr.name = nam;\ - attr.num_values = ARRAY_SIZE(blob); \ - attr.values = blob;\ -} while(0) - TALLOC_CTX *mem_ctx; - struct ldap_attribute attrs[3]; - DATA_BLOB currentTime[1]; - DATA_BLOB supportedLDAPVersion[2]; - DATA_BLOB dnsHostName[1]; - - mem_ctx = talloc_init("rootDSE"); - if (!mem_ctx) { - ldapsrv_terminate_connection(conn, "no memory"); - return; - } - - /* - * currentTime - * 20040918090350.0Z - */ - ATTR_CONST_SINGLE_NOVAL(attrs[0], currentTime, "currentTime"); - { - char *str = ldap_timestring(mem_ctx, time(NULL)); - if (!str) { - ldapsrv_terminate_connection(conn, "no memory"); - return; - } - currentTime[0] = data_blob(str, strlen(str)); - talloc_free(str); - } + } - /* - * subschemaSubentry - * CN=Aggregate,CN=Schema,CN=Configuration,DC=DOM,DC=TLD - */ - - /* - * dsServiceName - * CN=NTDS Settings,CN=NETBIOSNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOM,DC=TLD - */ - - /* - * namingContexts - * DC=DOM,DC=TLD - * CN=Configuration,DC=DOM,DC=TLD - * CN=Schema,CN=Configuration,DC=DOM,DC=TLD - * DC=DomainDnsZones,DC=DOM,DC=TLD - * DC=ForestDnsZones,DC=DOM,DC=TLD - */ - - /* - * defaultNamingContext - * DC=DOM,DC=TLD - */ - - /* - * schemaNamingContext - * CN=Schema,CN=Configuration,DC=DOM,DC=TLD - */ - - /* - * configurationNamingContext - * CN=Configuration,DC=DOM,DC=TLD - */ - - /* - * rootDomainNamingContext - * DC=DOM,DC=TLD - */ - - /* - * supportedControl - * 1.2.840.113556.1.4.319 - * 1.2.840.113556.1.4.801 - * 1.2.840.113556.1.4.473 - * 1.2.840.113556.1.4.528 - * 1.2.840.113556.1.4.417 - * 1.2.840.113556.1.4.619 - * 1.2.840.113556.1.4.841 - * 1.2.840.113556.1.4.529 - * 1.2.840.113556.1.4.805 - * 1.2.840.113556.1.4.521 - * 1.2.840.113556.1.4.970 - * 1.2.840.113556.1.4.1338 - * 1.2.840.113556.1.4.474 - * 1.2.840.113556.1.4.1339 - * 1.2.840.113556.1.4.1340 - * 1.2.840.113556.1.4.1413 - * 2.16.840.1.113730.3.4.9 - * 2.16.840.1.113730.3.4.10 - * 1.2.840.113556.1.4.1504 - * 1.2.840.113556.1.4.1852 - * 1.2.840.113556.1.4.802 - */ - - /* - * supportedLDAPVersion - * 3 - * 2 - */ - ATTR_CONST_SINGLE_NOVAL(attrs[1], supportedLDAPVersion, "supportedLDAPVersion"); - supportedLDAPVersion[0] = ATTR_BLOB_CONST("3"); - supportedLDAPVersion[1] = ATTR_BLOB_CONST("2"); - - /* - * supportedLDAPPolicies - * MaxPoolThreads - * MaxDatagramRecv - * MaxReceiveBuffer - * InitRecvTimeout - * MaxConnections - * MaxConnIdleTime - * MaxPageSize - * MaxQueryDuration - * MaxTempTableSize - * MaxResultSetSize - * MaxNotificationPerConn - * MaxValRange - */ - - /* - * highestCommittedUSN - * 4555 - */ - - /* - * supportedSASLMechanisms - * GSSAPI - * GSS-SPNEGO - * EXTERNAL - * DIGEST-MD5 - */ - - /* - * dnsHostName - * netbiosname.dom.tld - */ - ATTR_CONST_SINGLE_NOVAL(attrs[2], dnsHostName, "dnsHostName"); - dnsHostName[0] = data_blob(lp_netbios_name(),strlen(lp_netbios_name())); - - /* - * ldapServiceName - * dom.tld:netbiosname$@DOM.TLD - */ - - /* - * serverName: - * CN=NETBIOSNAME,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOM,DC=TLD - */ - - /* - * supportedCapabilities - * 1.2.840.113556.1.4.800 - * 1.2.840.113556.1.4.1670 - * 1.2.840.113556.1.4.1791 - */ - - /* - * isSynchronized: - * TRUE/FALSE - */ - - /* - * isGlobalCatalogReady - * TRUE/FALSE - */ - - /* - * domainFunctionality - * 0 - */ - - /* - * forestFunctionality - * 0 - */ - - /* - * domainControllerFunctionality - * 2 - */ - - msg->type = LDAP_TAG_SearchResultEntry; - msg->r.SearchResultEntry.dn = ""; - msg->r.SearchResultEntry.num_attributes = ARRAY_SIZE(attrs); - msg->r.SearchResultEntry.attributes = attrs; - - ldap_append_to_buf(msg, &conn->out_buffer); - talloc_free(mem_ctx); + reply = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; } - msg->type = LDAP_TAG_SearchResultDone; + resp = &reply->msg.r.SearchResultDone; resp->resultcode = 0; resp->dn = NULL; resp->errormessage = NULL; resp->referral = NULL; - ldap_append_to_buf(msg, &conn->out_buffer); - talloc_destroy(msg->mem_ctx); + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_ModifyRequest(struct ldapsrv_call *call) +{ +// struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Modify\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_AddRequest(struct ldapsrv_call *call) +{ +// struct ldap_AddRequest *req = &call->request.r.AddRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Add\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); } -static void switch_ldap_message(struct ldapsrv_connection *conn, - struct ldap_message *msg) +static void ldapsrv_DelRequest(struct ldapsrv_call *call) { - switch(msg->type) { +// struct ldap_DelRequest *req = &call->request.r.DelRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Del\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) +{ +// struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Modify\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_CompareRequest(struct ldapsrv_call *call) +{ +// struct ldap_CompareRequest *req = &call->request.r.CompareRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Compare\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_AbandonRequest(struct ldapsrv_call *call) +{ +// struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest; + DEBUG(10, ("Abandon\n")); +} + +static void ldapsrv_ExtendedRequest(struct ldapsrv_call *call) +{ +// struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest; + struct ldapsrv_reply *reply; + + DEBUG(10, ("Extended\n")); + + reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); + if (!reply) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + ZERO_STRUCT(reply->msg.r); + + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +static void ldapsrv_do_call(struct ldapsrv_call *call) +{ + switch(call->request.type) { case LDAP_TAG_BindRequest: - ldap_reply_BindRequest(conn, msg); + ldapsrv_BindRequest(call); + break; + case LDAP_TAG_UnbindRequest: + ldapsrv_UnbindRequest(call); break; case LDAP_TAG_SearchRequest: - ldap_reply_SearchRequest(conn, msg); + ldapsrv_SearchRequest(call); + break; + case LDAP_TAG_ModifyRequest: + ldapsrv_ModifyRequest(call); + break; + case LDAP_TAG_AddRequest: + ldapsrv_AddRequest(call); + break; + case LDAP_TAG_DelRequest: + ldapsrv_DelRequest(call); + break; + case LDAP_TAG_ModifyDNRequest: + ldapsrv_ModifyDNRequest(call); + break; + case LDAP_TAG_CompareRequest: + ldapsrv_CompareRequest(call); + break; + case LDAP_TAG_AbandonRequest: + ldapsrv_AbandonRequest(call); + break; + case LDAP_TAG_ExtendedRequest: + ldapsrv_ExtendedRequest(call); break; default: - reply_unwilling(conn, 2); + ldapsrv_unwilling(call, 2); break; } } -static void ldap_queue_run(struct server_connection *conn) +static void ldapsrv_do_responses(struct ldapsrv_connection *conn) { - struct ldapsrv_connection *ldap_conn = conn->private_data; - - while (ldap_conn->in_queue) { - struct ldap_message_queue *req = ldap_conn->in_queue; - DLIST_REMOVE(ldap_conn->in_queue, req); + struct ldapsrv_call *call, *next_call = NULL; + struct ldapsrv_reply *reply, *next_reply = NULL; - switch_ldap_message(ldap_conn, req->msg); - talloc_destroy(req->msg->mem_ctx); + for (call=conn->calls; call; call=next_call) { + for (reply=call->replies; reply; reply=next_reply) { + if (!ldap_append_to_buf(&reply->msg, &conn->out_buffer)) { + ldapsrv_terminate_connection(conn, "append_to_buf() failed"); + return; + } + next_reply = reply->next; + DLIST_REMOVE(call->replies, reply); + reply->state = LDAPSRV_REPLY_STATE_SEND; + talloc_free(reply); + } + next_call = call->next; + DLIST_REMOVE(conn->calls, call); + call->state = LDAPSRV_CALL_STATE_COMPLETE; + talloc_free(call); } } @@ -509,8 +464,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, int buf_length, msg_length; DATA_BLOB blob; ASN1_DATA data; - struct ldap_message *msg; - struct ldap_message_queue *queue_entry; + struct ldapsrv_call *call; DEBUG(10,("ldapsrv_recv\n")); @@ -523,6 +477,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, while (buf_length > 0) { + peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); /* LDAP Messages are always SEQUENCES */ if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0), @@ -548,33 +503,38 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, return; } - msg = new_ldap_message(); - - if ((msg == NULL) || !ldap_decode(&data, msg)) { - ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); - return; + call = talloc_p(ldap_conn, struct ldapsrv_call); + if (!call) { + ldapsrv_terminate_connection(ldap_conn, "no memory"); + return; } - queue_entry = talloc_p(msg->mem_ctx, struct ldap_message_queue); + ZERO_STRUCTP(call); + call->state = LDAPSRV_CALL_STATE_NEW; + call->conn = ldap_conn; + call->request.mem_ctx = call; - if (queue_entry == NULL) { - ldapsrv_terminate_connection(ldap_conn, "alloc_p(msg->mem_ctx, struct ldap_message_queue) failed"); + if (!ldap_decode(&data, &call->request)) { + dump_data(0,buf, msg_length); + ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); return; } - queue_entry->msg = msg; + DLIST_ADD_END(ldap_conn->calls, call, + struct ldapsrv_call *); - DLIST_ADD_END(ldap_conn->in_queue, queue_entry, - struct ldap_message_queue *); + consumed_from_buf(&ldap_conn->in_buffer, msg_length); - consumed_from_read_buf(&ldap_conn->in_buffer, msg_length); + ldapsrv_do_call(call); peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); } - ldap_queue_run(conn); + ldapsrv_do_responses(ldap_conn); - conn->event.fde->flags |= EVENT_FD_WRITE; + if (ldap_conn->out_buffer.length > 0) { + conn->event.fde->flags |= EVENT_FD_WRITE; + } return; } @@ -594,7 +554,9 @@ static void ldapsrv_send(struct server_connection *conn, time_t t, return; } - conn->event.fde->flags &= ~EVENT_FD_WRITE; + if (ldap_conn->out_buffer.length == 0) { + conn->event.fde->flags &= ~EVENT_FD_WRITE; + } return; } -- cgit From 6ad5996ef5e346d042da12874485c16b89536fc2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Sep 2004 13:01:00 +0000 Subject: r2523: - readd rootDSE reply - add infrastructure start for having multiple directory partitions (backends) metze (This used to be commit 5103e7fe7873c0309461ad471f0529223d7c38eb) --- source4/ldap_server/ldap_server.c | 162 ++++++++++++++++++++------------------ 1 file changed, 86 insertions(+), 76 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 529af3fe2a..f4ebd0d74c 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -24,7 +24,7 @@ /* close the socket and shutdown a server_context */ -static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) +void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) { server_terminate_connection(ldap_conn->connection, reason); } @@ -173,7 +173,7 @@ static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) return res; } -static struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type) +struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type) { struct ldapsrv_reply *reply; @@ -191,7 +191,22 @@ static struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum return reply; } -static void ldapsrv_unwilling(struct ldapsrv_call *call, int error) +void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply) +{ + DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); +} + +struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn) +{ + static const struct ldapsrv_partition_ops null_ops; + static struct ldapsrv_partition null_part = { + .ops = &null_ops + }; + + return &null_part; +} + +void ldapsrv_unwilling(struct ldapsrv_call *call, int error) { struct ldapsrv_reply *reply; struct ldap_ExtendedResponse *r; @@ -213,7 +228,7 @@ static void ldapsrv_unwilling(struct ldapsrv_call *call, int error) r->value.data = NULL; r->value.length = 0; - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + ldapsrv_queue_reply(call, reply); } static void ldapsrv_BindRequest(struct ldapsrv_call *call) @@ -222,8 +237,7 @@ static void ldapsrv_BindRequest(struct ldapsrv_call *call) struct ldapsrv_reply *reply; struct ldap_BindResponse *resp; - DEBUG(5, ("Binding as %s with pw %s\n", - req->dn, req->creds.password)); + DEBUG(5, ("BindRequest dn: %s\n",req->dn)); reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); if (!reply) { @@ -238,144 +252,140 @@ static void ldapsrv_BindRequest(struct ldapsrv_call *call) resp->response.referral = NULL; resp->SASL.secblob = data_blob(NULL, 0); - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + ldapsrv_queue_reply(call, reply); } static void ldapsrv_UnbindRequest(struct ldapsrv_call *call) { -// struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest; - DEBUG(10, ("Unbind\n")); +/* struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest;*/ + DEBUG(10, ("UnbindRequest\n")); } static void ldapsrv_SearchRequest(struct ldapsrv_call *call) { struct ldap_SearchRequest *req = &call->request.r.SearchRequest; - struct ldapsrv_reply *reply; - struct ldap_Result *resp; + struct ldapsrv_partition *part; - DEBUG(10, ("Search filter: %s\n", req->filter)); + DEBUG(10, ("SearchRequest")); + DEBUGADD(10, (" basedn: %s", req->basedn)); + DEBUGADD(10, (" filter: %s\n", req->filter)); - /* Is this a rootdse request? */ - if ((strlen(req->basedn) == 0) && - (req->scope == LDAP_SEARCH_SCOPE_BASE) && - strequal(req->filter, "(objectclass=*)")) { + if ((strcasecmp("", req->basedn) == 0) && + (req->scope == LDAP_SEARCH_SCOPE_BASE)) { + ldapsrv_RootDSE_Search(call, req); + return; + } - } + part = ldapsrv_get_partition(call->conn, req->basedn); - reply = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + if (!part->ops->Search) { + ldapsrv_unwilling(call, 2); return; } - resp = &reply->msg.r.SearchResultDone; - resp->resultcode = 0; - resp->dn = NULL; - resp->errormessage = NULL; - resp->referral = NULL; - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->Search(part, call, req); } static void ldapsrv_ModifyRequest(struct ldapsrv_call *call) { -// struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest; - struct ldapsrv_reply *reply; + struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest; + struct ldapsrv_partition *part; - DEBUG(10, ("Modify\n")); + DEBUG(10, ("ModifyRequest")); + DEBUGADD(10, (" dn: %s", req->dn)); - reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + part = ldapsrv_get_partition(call->conn, req->dn); + + if (!part->ops->Modify) { + ldapsrv_unwilling(call, 2); return; } - ZERO_STRUCT(reply->msg.r); - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->Modify(part, call, req); } static void ldapsrv_AddRequest(struct ldapsrv_call *call) { -// struct ldap_AddRequest *req = &call->request.r.AddRequest; - struct ldapsrv_reply *reply; + struct ldap_AddRequest *req = &call->request.r.AddRequest; + struct ldapsrv_partition *part; - DEBUG(10, ("Add\n")); + DEBUG(10, ("AddRequest")); + DEBUGADD(10, (" dn: %s", req->dn)); - reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + part = ldapsrv_get_partition(call->conn, req->dn); + + if (!part->ops->Add) { + ldapsrv_unwilling(call, 2); return; } - ZERO_STRUCT(reply->msg.r); - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->Add(part, call, req); } static void ldapsrv_DelRequest(struct ldapsrv_call *call) { -// struct ldap_DelRequest *req = &call->request.r.DelRequest; - struct ldapsrv_reply *reply; + struct ldap_DelRequest *req = &call->request.r.DelRequest; + struct ldapsrv_partition *part; - DEBUG(10, ("Del\n")); + DEBUG(10, ("DelRequest")); + DEBUGADD(10, (" dn: %s", req->dn)); - reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + part = ldapsrv_get_partition(call->conn, req->dn); + + if (!part->ops->Del) { + ldapsrv_unwilling(call, 2); return; } - ZERO_STRUCT(reply->msg.r); - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->Del(part, call, req); } static void ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) { -// struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest; - struct ldapsrv_reply *reply; + struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest; + struct ldapsrv_partition *part; - DEBUG(10, ("Modify\n")); + DEBUG(10, ("ModifyDNRequrest")); + DEBUGADD(10, (" dn: %s", req->dn)); + DEBUGADD(10, (" newrdn: %s", req->newrdn)); - reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + part = ldapsrv_get_partition(call->conn, req->dn); + + if (!part->ops->ModifyDN) { + ldapsrv_unwilling(call, 2); return; } - ZERO_STRUCT(reply->msg.r); - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->ModifyDN(part, call, req); } static void ldapsrv_CompareRequest(struct ldapsrv_call *call) { -// struct ldap_CompareRequest *req = &call->request.r.CompareRequest; - struct ldapsrv_reply *reply; + struct ldap_CompareRequest *req = &call->request.r.CompareRequest; + struct ldapsrv_partition *part; - DEBUG(10, ("Compare\n")); + DEBUG(10, ("CompareRequest")); + DEBUGADD(10, (" dn: %s", req->dn)); - reply = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse); - if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + part = ldapsrv_get_partition(call->conn, req->dn); + + if (!part->ops->Compare) { + ldapsrv_unwilling(call, 2); return; } - ZERO_STRUCT(reply->msg.r); - - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + part->ops->Compare(part, call, req); } static void ldapsrv_AbandonRequest(struct ldapsrv_call *call) { -// struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest; - DEBUG(10, ("Abandon\n")); +/* struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/ + DEBUG(10, ("AbandonRequest\n")); } static void ldapsrv_ExtendedRequest(struct ldapsrv_call *call) { -// struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest; +/* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/ struct ldapsrv_reply *reply; DEBUG(10, ("Extended\n")); @@ -388,7 +398,7 @@ static void ldapsrv_ExtendedRequest(struct ldapsrv_call *call) ZERO_STRUCT(reply->msg.r); - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + ldapsrv_queue_reply(call, reply); } static void ldapsrv_do_call(struct ldapsrv_call *call) -- cgit From 1efef4a19f4bb7990d47ab5403d7b4fde60f8013 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Sep 2004 13:08:30 +0000 Subject: r2525: fix a search response when the backend didn't support Search we return LDAP error 32 (noSuchObject) now instead of a protocol error metze (This used to be commit f9dc34cd0b5e5e05e5ca6b034a7056b34053c4d0) --- source4/ldap_server/ldap_server.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index f4ebd0d74c..bb52a1bbb3 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -279,7 +279,22 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->basedn); if (!part->ops->Search) { - ldapsrv_unwilling(call, 2); + struct ldap_Result *done; + struct ldapsrv_reply *done_r; + + done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone); + if (!done_r) { + ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); + return; + } + + done = &done_r->msg.r.SearchResultDone; + done->resultcode = 32; + done->dn = NULL; + done->errormessage = NULL; + done->referral = NULL; + + ldapsrv_queue_reply(call, done_r); return; } -- cgit From 0c7a18525cc662d4552e20796404a21ed9debcd5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Sep 2004 13:14:56 +0000 Subject: r2526: use LDAP error 53 (unwillingToPerform) when the backend didn't implement the call metze (This used to be commit e2fe6858494da311ee9a3f06dd84509572318893) --- source4/ldap_server/ldap_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index bb52a1bbb3..1db6c4f8fb 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -289,7 +289,7 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) } done = &done_r->msg.r.SearchResultDone; - done->resultcode = 32; + done->resultcode = 53; done->dn = NULL; done->errormessage = NULL; done->referral = NULL; @@ -312,7 +312,7 @@ static void ldapsrv_ModifyRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Modify) { - ldapsrv_unwilling(call, 2); + ldapsrv_unwilling(call, 53); return; } @@ -330,7 +330,7 @@ static void ldapsrv_AddRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Add) { - ldapsrv_unwilling(call, 2); + ldapsrv_unwilling(call, 53); return; } @@ -348,7 +348,7 @@ static void ldapsrv_DelRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Del) { - ldapsrv_unwilling(call, 2); + ldapsrv_unwilling(call, 53); return; } @@ -367,7 +367,7 @@ static void ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->ModifyDN) { - ldapsrv_unwilling(call, 2); + ldapsrv_unwilling(call, 53); return; } @@ -385,7 +385,7 @@ static void ldapsrv_CompareRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Compare) { - ldapsrv_unwilling(call, 2); + ldapsrv_unwilling(call, 53); return; } -- cgit From 9a7c87bb645d908fab4527824376e328f4f3b0e0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Sep 2004 14:16:42 +0000 Subject: r2527: - add a dummy for a simple ldb backend - handle the complete rootDSE search (maybe this will be also a partition module) metze (This used to be commit 6fc904a71cf5305d0c5c260ad1665499ea6c6f9a) --- source4/ldap_server/ldap_server.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 1db6c4f8fb..31376a7db2 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -198,10 +198,9 @@ void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply) struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn) { - static const struct ldapsrv_partition_ops null_ops; - static struct ldapsrv_partition null_part = { - .ops = &null_ops - }; + static struct ldapsrv_partition null_part; + + null_part.ops = ldapsrv_get_sldb_partition_ops(); return &null_part; } @@ -270,11 +269,10 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) DEBUGADD(10, (" basedn: %s", req->basedn)); DEBUGADD(10, (" filter: %s\n", req->filter)); - if ((strcasecmp("", req->basedn) == 0) && - (req->scope == LDAP_SEARCH_SCOPE_BASE)) { + if (strcasecmp("", req->basedn) == 0) { ldapsrv_RootDSE_Search(call, req); return; - } + } part = ldapsrv_get_partition(call->conn, req->basedn); -- cgit From 223e78990a16f134a01d1223a0dad8b2accd5fed Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 25 Sep 2004 11:48:30 +0000 Subject: r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 31376a7db2..976b55ee01 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -612,7 +612,7 @@ static void ldapsrv_accept(struct server_connection *conn) DEBUG(5, ("ldapsrv_accept\n")); - ldap_conn = talloc_p(NULL, struct ldapsrv_connection); + ldap_conn = talloc_p(conn, struct ldapsrv_connection); if (ldap_conn == NULL) return; -- cgit From 764eddb69647681f784f343a122251ca1ecf62df Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 26 Sep 2004 03:05:04 +0000 Subject: r2646: - use a talloc destructor to ensure that sockets from the new socket library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 976b55ee01..45b96ba8e9 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -38,7 +38,7 @@ static void add_socket(struct server_service *service, { struct server_socket *srv_sock; uint16_t port = 389; - char *ip_str = talloc_strdup(service->mem_ctx, inet_ntoa(*ifip)); + char *ip_str = talloc_strdup(service, inet_ntoa(*ifip)); srv_sock = service_setup_socket(service, model_ops, ip_str, &port); -- cgit From 718bb5e8ffb04ab48cb5e9c0a7df848212340a57 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Sep 2004 13:20:59 +0000 Subject: r2688: - fix case where listed attributes are asked - use the return code of the functions and only call ldapsrv_terminate_connection from ldapsrv_recv() or ldapsrv_send() - the rootdse is now a normal partition metze (This used to be commit af1501a28d700f90cd2243fbfdce6527a0f62961) --- source4/ldap_server/ldap_server.c | 151 ++++++++++++++++++-------------------- 1 file changed, 70 insertions(+), 81 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 45b96ba8e9..1aaaf8e066 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -24,7 +24,7 @@ /* close the socket and shutdown a server_context */ -void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) +static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) { server_terminate_connection(ldap_conn->connection, reason); } @@ -121,7 +121,7 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) status = socket_recv(sock, sock, &tmp_blob, 1024, 0); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("socket_recv: %s\n",nt_errstr(status))); + DEBUG(1,("socket_recv: %s\n",nt_errstr(status))); return False; } @@ -191,21 +191,26 @@ struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_re return reply; } -void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply) +NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply) { DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); + return NT_STATUS_OK; } struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn) { static struct ldapsrv_partition null_part; - null_part.ops = ldapsrv_get_sldb_partition_ops(); + if (strcasecmp("", dn) == 0) { + null_part.ops = ldapsrv_get_rootdse_partition_ops(); + } else { + null_part.ops = ldapsrv_get_sldb_partition_ops(); + } return &null_part; } -void ldapsrv_unwilling(struct ldapsrv_call *call, int error) +NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error) { struct ldapsrv_reply *reply; struct ldap_ExtendedResponse *r; @@ -214,8 +219,7 @@ void ldapsrv_unwilling(struct ldapsrv_call *call, int error) reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); - return; + return NT_STATUS_NO_MEMORY; } r = &reply->msg.r.ExtendedResponse; @@ -227,10 +231,10 @@ void ldapsrv_unwilling(struct ldapsrv_call *call, int error) r->value.data = NULL; r->value.length = 0; - ldapsrv_queue_reply(call, reply); + return ldapsrv_queue_reply(call, reply); } -static void ldapsrv_BindRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call) { struct ldap_BindRequest *req = &call->request.r.BindRequest; struct ldapsrv_reply *reply; @@ -240,8 +244,7 @@ static void ldapsrv_BindRequest(struct ldapsrv_call *call) reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); - return; + return NT_STATUS_NO_MEMORY; } resp = &reply->msg.r.BindResponse; @@ -251,16 +254,17 @@ static void ldapsrv_BindRequest(struct ldapsrv_call *call) resp->response.referral = NULL; resp->SASL.secblob = data_blob(NULL, 0); - ldapsrv_queue_reply(call, reply); + return ldapsrv_queue_reply(call, reply); } -static void ldapsrv_UnbindRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_UnbindRequest(struct ldapsrv_call *call) { /* struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest;*/ DEBUG(10, ("UnbindRequest\n")); + return NT_STATUS_OK; } -static void ldapsrv_SearchRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) { struct ldap_SearchRequest *req = &call->request.r.SearchRequest; struct ldapsrv_partition *part; @@ -269,11 +273,6 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) DEBUGADD(10, (" basedn: %s", req->basedn)); DEBUGADD(10, (" filter: %s\n", req->filter)); - if (strcasecmp("", req->basedn) == 0) { - ldapsrv_RootDSE_Search(call, req); - return; - } - part = ldapsrv_get_partition(call->conn, req->basedn); if (!part->ops->Search) { @@ -282,8 +281,7 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone); if (!done_r) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); - return; + return NT_STATUS_NO_MEMORY; } done = &done_r->msg.r.SearchResultDone; @@ -292,14 +290,13 @@ static void ldapsrv_SearchRequest(struct ldapsrv_call *call) done->errormessage = NULL; done->referral = NULL; - ldapsrv_queue_reply(call, done_r); - return; + return ldapsrv_queue_reply(call, done_r); } - part->ops->Search(part, call, req); + return part->ops->Search(part, call, req); } -static void ldapsrv_ModifyRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) { struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest; struct ldapsrv_partition *part; @@ -310,14 +307,13 @@ static void ldapsrv_ModifyRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Modify) { - ldapsrv_unwilling(call, 53); - return; + return ldapsrv_unwilling(call, 53); } - part->ops->Modify(part, call, req); + return part->ops->Modify(part, call, req); } -static void ldapsrv_AddRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) { struct ldap_AddRequest *req = &call->request.r.AddRequest; struct ldapsrv_partition *part; @@ -328,14 +324,13 @@ static void ldapsrv_AddRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Add) { - ldapsrv_unwilling(call, 53); - return; + return ldapsrv_unwilling(call, 53); } - part->ops->Add(part, call, req); + return part->ops->Add(part, call, req); } -static void ldapsrv_DelRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) { struct ldap_DelRequest *req = &call->request.r.DelRequest; struct ldapsrv_partition *part; @@ -346,14 +341,13 @@ static void ldapsrv_DelRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Del) { - ldapsrv_unwilling(call, 53); - return; + return ldapsrv_unwilling(call, 53); } - part->ops->Del(part, call, req); + return part->ops->Del(part, call, req); } -static void ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) { struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest; struct ldapsrv_partition *part; @@ -365,14 +359,13 @@ static void ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->ModifyDN) { - ldapsrv_unwilling(call, 53); - return; + return ldapsrv_unwilling(call, 53); } - part->ops->ModifyDN(part, call, req); + return part->ops->ModifyDN(part, call, req); } -static void ldapsrv_CompareRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call) { struct ldap_CompareRequest *req = &call->request.r.CompareRequest; struct ldapsrv_partition *part; @@ -383,20 +376,20 @@ static void ldapsrv_CompareRequest(struct ldapsrv_call *call) part = ldapsrv_get_partition(call->conn, req->dn); if (!part->ops->Compare) { - ldapsrv_unwilling(call, 53); - return; + return ldapsrv_unwilling(call, 53); } - part->ops->Compare(part, call, req); + return part->ops->Compare(part, call, req); } -static void ldapsrv_AbandonRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call) { /* struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/ DEBUG(10, ("AbandonRequest\n")); + return NT_STATUS_OK; } -static void ldapsrv_ExtendedRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) { /* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/ struct ldapsrv_reply *reply; @@ -405,55 +398,43 @@ static void ldapsrv_ExtendedRequest(struct ldapsrv_call *call) reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); if (!reply) { - ldapsrv_terminate_connection(call->conn, "ldapsrv_init_reply() failed"); - return; + return NT_STATUS_NO_MEMORY; } ZERO_STRUCT(reply->msg.r); - ldapsrv_queue_reply(call, reply); + return ldapsrv_queue_reply(call, reply); } -static void ldapsrv_do_call(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) { switch(call->request.type) { case LDAP_TAG_BindRequest: - ldapsrv_BindRequest(call); - break; + return ldapsrv_BindRequest(call); case LDAP_TAG_UnbindRequest: - ldapsrv_UnbindRequest(call); - break; + return ldapsrv_UnbindRequest(call); case LDAP_TAG_SearchRequest: - ldapsrv_SearchRequest(call); - break; + return ldapsrv_SearchRequest(call); case LDAP_TAG_ModifyRequest: - ldapsrv_ModifyRequest(call); - break; + return ldapsrv_ModifyRequest(call); case LDAP_TAG_AddRequest: - ldapsrv_AddRequest(call); - break; + return ldapsrv_AddRequest(call); case LDAP_TAG_DelRequest: - ldapsrv_DelRequest(call); - break; + return ldapsrv_DelRequest(call); case LDAP_TAG_ModifyDNRequest: - ldapsrv_ModifyDNRequest(call); - break; + return ldapsrv_ModifyDNRequest(call); case LDAP_TAG_CompareRequest: - ldapsrv_CompareRequest(call); - break; + return ldapsrv_CompareRequest(call); case LDAP_TAG_AbandonRequest: - ldapsrv_AbandonRequest(call); - break; + return ldapsrv_AbandonRequest(call); case LDAP_TAG_ExtendedRequest: - ldapsrv_ExtendedRequest(call); - break; + return ldapsrv_ExtendedRequest(call); default: - ldapsrv_unwilling(call, 2); - break; + return ldapsrv_unwilling(call, 2); } } -static void ldapsrv_do_responses(struct ldapsrv_connection *conn) +static NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) { struct ldapsrv_call *call, *next_call = NULL; struct ldapsrv_reply *reply, *next_reply = NULL; @@ -461,8 +442,7 @@ static void ldapsrv_do_responses(struct ldapsrv_connection *conn) for (call=conn->calls; call; call=next_call) { for (reply=call->replies; reply; reply=next_reply) { if (!ldap_append_to_buf(&reply->msg, &conn->out_buffer)) { - ldapsrv_terminate_connection(conn, "append_to_buf() failed"); - return; + return NT_STATUS_FOOBAR; } next_reply = reply->next; DLIST_REMOVE(call->replies, reply); @@ -474,6 +454,8 @@ static void ldapsrv_do_responses(struct ldapsrv_connection *conn) call->state = LDAPSRV_CALL_STATE_COMPLETE; talloc_free(call); } + + return NT_STATUS_OK; } /* @@ -488,6 +470,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, DATA_BLOB blob; ASN1_DATA data; struct ldapsrv_call *call; + NTSTATUS status; DEBUG(10,("ldapsrv_recv\n")); @@ -535,6 +518,8 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, ZERO_STRUCTP(call); call->state = LDAPSRV_CALL_STATE_NEW; call->conn = ldap_conn; + /* TODO: we should use talloc_reference() here */ + call->session_info = ldap_conn->session_info; call->request.mem_ctx = call; if (!ldap_decode(&data, &call->request)) { @@ -548,12 +533,20 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, consumed_from_buf(&ldap_conn->in_buffer, msg_length); - ldapsrv_do_call(call); + status = ldapsrv_do_call(call); + if (!NT_STATUS_IS_OK(status)) { + ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed"); + return; + } peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); } - ldapsrv_do_responses(ldap_conn); + status = ldapsrv_do_responses(ldap_conn); + if (!NT_STATUS_IS_OK(status)) { + ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed"); + return; + } if (ldap_conn->out_buffer.length > 0) { conn->event.fde->flags |= EVENT_FD_WRITE; @@ -595,10 +588,6 @@ static void ldapsrv_idle(struct server_connection *conn, time_t t) static void ldapsrv_close(struct server_connection *conn, const char *reason) { - struct ldapsrv_connection *ldap_conn = conn->private_data; - - talloc_free(ldap_conn); - return; } -- cgit From 456e2f82e801cbc26898fad20c273b05248ee0d6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 27 Sep 2004 14:11:11 +0000 Subject: r2689: Use consistent naming Del -> Delete Add delete functionality to ldb simple lda server backend add some const in ldap.h (This used to be commit 5ed9a6eb184f34eb572dd81202237042518ec7cd) --- source4/ldap_server/ldap_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 1aaaf8e066..b59a884442 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,21 +330,21 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) return part->ops->Add(part, call, req); } -static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_DeleteRequest(struct ldapsrv_call *call) { - struct ldap_DelRequest *req = &call->request.r.DelRequest; + struct ldap_DeleteRequest *req = &call->request.r.DeleteRequest; struct ldapsrv_partition *part; - DEBUG(10, ("DelRequest")); + DEBUG(10, ("DeleteRequest")); DEBUGADD(10, (" dn: %s", req->dn)); part = ldapsrv_get_partition(call->conn, req->dn); - if (!part->ops->Del) { + if (!part->ops->Delete) { return ldapsrv_unwilling(call, 53); } - return part->ops->Del(part, call, req); + return part->ops->Delete(part, call, req); } static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) @@ -419,8 +419,8 @@ static NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) return ldapsrv_ModifyRequest(call); case LDAP_TAG_AddRequest: return ldapsrv_AddRequest(call); - case LDAP_TAG_DelRequest: - return ldapsrv_DelRequest(call); + case LDAP_TAG_DeleteRequest: + return ldapsrv_DeleteRequest(call); case LDAP_TAG_ModifyDNRequest: return ldapsrv_ModifyDNRequest(call); case LDAP_TAG_CompareRequest: -- cgit From eac532ee3af95654b62d4db57feea0df6abab345 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 27 Sep 2004 15:40:12 +0000 Subject: r2695: revert "Del" renaming (This used to be commit ddd74dae8efe4e04b5a56ee9ecd9d4f87f99d104) --- source4/ldap_server/ldap_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index b59a884442..1aaaf8e066 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,21 +330,21 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) return part->ops->Add(part, call, req); } -static NTSTATUS ldapsrv_DeleteRequest(struct ldapsrv_call *call) +static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) { - struct ldap_DeleteRequest *req = &call->request.r.DeleteRequest; + struct ldap_DelRequest *req = &call->request.r.DelRequest; struct ldapsrv_partition *part; - DEBUG(10, ("DeleteRequest")); + DEBUG(10, ("DelRequest")); DEBUGADD(10, (" dn: %s", req->dn)); part = ldapsrv_get_partition(call->conn, req->dn); - if (!part->ops->Delete) { + if (!part->ops->Del) { return ldapsrv_unwilling(call, 53); } - return part->ops->Delete(part, call, req); + return part->ops->Del(part, call, req); } static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) @@ -419,8 +419,8 @@ static NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) return ldapsrv_ModifyRequest(call); case LDAP_TAG_AddRequest: return ldapsrv_AddRequest(call); - case LDAP_TAG_DeleteRequest: - return ldapsrv_DeleteRequest(call); + case LDAP_TAG_DelRequest: + return ldapsrv_DelRequest(call); case LDAP_TAG_ModifyDNRequest: return ldapsrv_ModifyDNRequest(call); case LDAP_TAG_CompareRequest: -- cgit From 6baf35077137eb81d727185988322705f5ed4255 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 28 Sep 2004 12:36:20 +0000 Subject: r2724: - use ldapsrv_service and set it up with the rootDSE and default partition (this is not complete yet) - call asn1_free() after each call metze (This used to be commit 0aa622bdc497e4ae1a23bd47ad9d9bf2757c8fd5) --- source4/ldap_server/ldap_server.c | 55 ++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 13 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 1aaaf8e066..77f4e3cdb4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -51,8 +51,42 @@ static void add_socket(struct server_service *service, static void ldapsrv_init(struct server_service *service, const struct model_ops *model_ops) { + struct ldapsrv_service *ldap_service; + struct ldapsrv_partition *part; + DEBUG(1,("ldapsrv_init\n")); + ldap_service = talloc_p(service, struct ldapsrv_service); + if (!ldap_service) { + DEBUG(0,("talloc_p(service, struct ldapsrv_service) failed\n")); + return; + } + ZERO_STRUCTP(ldap_service); + + part = talloc_p(ldap_service, struct ldapsrv_partition); + if (!ldap_service) { + DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n")); + return; + } + part->base_dn = ""; /* RootDSE */ + part->ops = ldapsrv_get_rootdse_partition_ops(); + + ldap_service->rootDSE = part; + DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); + + part = talloc_p(ldap_service, struct ldapsrv_partition); + if (!ldap_service) { + DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n")); + return; + } + part->base_dn = "*"; /* default partition */ + part->ops = ldapsrv_get_sldb_partition_ops(); + + ldap_service->default_partition = part; + DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); + + service->private_data = ldap_service; + if (lp_interfaces() && lp_bind_interfaces_only()) { int num_interfaces = iface_count(); int i; @@ -74,17 +108,12 @@ static void ldapsrv_init(struct server_service *service, } } else { struct in_addr *ifip; - TALLOC_CTX *mem_ctx = talloc_init("ldapsrv_init"); - - if (!mem_ctx) { - smb_panic("No memory"); - } /* Just bind to lp_socket_address() (usually 0.0.0.0) */ - ifip = interpret_addr2(mem_ctx, lp_socket_address()); + ifip = interpret_addr2(service, lp_socket_address()); add_socket(service, model_ops, ifip); - talloc_destroy(mem_ctx); + talloc_destroy(ifip); } } @@ -199,15 +228,11 @@ NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *re struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn) { - static struct ldapsrv_partition null_part; - if (strcasecmp("", dn) == 0) { - null_part.ops = ldapsrv_get_rootdse_partition_ops(); - } else { - null_part.ops = ldapsrv_get_sldb_partition_ops(); + return conn->service->rootDSE; } - return &null_part; + return conn->service->default_partition; } NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error) @@ -524,10 +549,13 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, if (!ldap_decode(&data, &call->request)) { dump_data(0,buf, msg_length); + asn1_free(&data); ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); return; } + asn1_free(&data); + DLIST_ADD_END(ldap_conn->calls, call, struct ldapsrv_call *); @@ -608,6 +636,7 @@ static void ldapsrv_accept(struct server_connection *conn) ZERO_STRUCTP(ldap_conn); ldap_conn->connection = conn; + ldap_conn->service = talloc_reference(ldap_conn, conn->service->private_data); conn->private_data = ldap_conn; -- cgit From ab5a0d31a37930300470c6e0891ed700f9f42f08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 28 Sep 2004 13:50:15 +0000 Subject: r2731: use debug level 10 everywhere metze (This used to be commit a0e4dca3dab1da02edc09fd5f80690ec0b764c17) --- source4/ldap_server/ldap_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 77f4e3cdb4..494981f99d 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -54,7 +54,7 @@ static void ldapsrv_init(struct server_service *service, struct ldapsrv_service *ldap_service; struct ldapsrv_partition *part; - DEBUG(1,("ldapsrv_init\n")); + DEBUG(10,("ldapsrv_init\n")); ldap_service = talloc_p(service, struct ldapsrv_service); if (!ldap_service) { @@ -150,7 +150,7 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) status = socket_recv(sock, sock, &tmp_blob, 1024, 0); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1,("socket_recv: %s\n",nt_errstr(status))); + DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); return False; } @@ -172,7 +172,7 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) status = socket_send(sock, sock, &tmp_blob, &sendlen, 0); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("socket_send() %s\n",nt_errstr(status))); + DEBUG(10,("socket_send() %s\n",nt_errstr(status))); return False; } @@ -240,7 +240,7 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error) struct ldapsrv_reply *reply; struct ldap_ExtendedResponse *r; - DEBUG(0,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid)); + DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid)); reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); if (!reply) { @@ -265,7 +265,7 @@ static NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call) struct ldapsrv_reply *reply; struct ldap_BindResponse *resp; - DEBUG(5, ("BindRequest dn: %s\n",req->dn)); + DEBUG(10, ("BindRequest dn: %s\n",req->dn)); reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); if (!reply) { @@ -627,7 +627,7 @@ static void ldapsrv_accept(struct server_connection *conn) { struct ldapsrv_connection *ldap_conn; - DEBUG(5, ("ldapsrv_accept\n")); + DEBUG(10, ("ldapsrv_accept\n")); ldap_conn = talloc_p(conn, struct ldapsrv_connection); @@ -648,7 +648,7 @@ static void ldapsrv_accept(struct server_connection *conn) */ static void ldapsrv_exit(struct server_service *service, const char *reason) { - DEBUG(1,("ldapsrv_exit\n")); + DEBUG(10,("ldapsrv_exit\n")); return; } -- cgit From 2a1ee36e7f5b4b7ce654887011d9305f017ce08b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Oct 2004 12:19:08 +0000 Subject: r2862: prepare LDAP SASL support for the server metze (This used to be commit 9a7505bd74a453b10aa2d40071bb80eb656bc61f) --- source4/ldap_server/ldap_server.c | 200 +++++++++++++++++++++++++++++++++++--- 1 file changed, 188 insertions(+), 12 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 494981f99d..34a4fc59e1 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -129,6 +129,13 @@ static void consumed_from_buf(struct rw_buffer *buf, buf->length -= length; } +static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, + size_t *out_length) +{ + *out = buf->data; + *out_length = buf->length; +} + static BOOL append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) { buf->data = realloc(buf->data, buf->length+length); @@ -161,6 +168,104 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) return ret; } +static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) +{ + NTSTATUS status; + DATA_BLOB tmp_blob; + DATA_BLOB creds; + BOOL ret; + uint8_t *buf; + int buf_length, sasl_length; + struct socket_context *sock = conn->connection->socket; + TALLOC_CTX *mem_ctx; + + if (!conn->gensec || + !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && + gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { + return read_into_buf(sock, &conn->in_buffer); + } + + mem_ctx = talloc(conn, 0); + if (!mem_ctx) { + DEBUG(0,("no memory\n")); + return False; + } + + status = socket_recv(sock, mem_ctx, &tmp_blob, 1024, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + + ret = append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); + if (!ret) { + talloc_free(mem_ctx); + return False; + } + + peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length); + + if (buf_length < 4) { + /* not enough yet */ + talloc_free(mem_ctx); + return True; + } + + sasl_length = RIVAL(buf, 0); + + if (buf_length < (4 + sasl_length)) { + /* not enough yet */ + talloc_free(mem_ctx); + return True; + } + + creds.data = buf + 4; + creds.length = gensec_sig_size(conn->gensec); + + if (creds.length > sasl_length) { + /* invalid packet? */ + talloc_free(mem_ctx); + return False; + } + + tmp_blob.data = buf + (4 + creds.length); + tmp_blob.length = (4 + sasl_length) - (4 + creds.length); + + if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) { + status = gensec_unseal_packet(conn->gensec, mem_ctx, + tmp_blob.data, tmp_blob.length, + tmp_blob.data, tmp_blob.length, + &creds); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_unseal_packet: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + } else { + status = gensec_check_packet(conn->gensec, mem_ctx, + tmp_blob.data, tmp_blob.length, + tmp_blob.data, tmp_blob.length, + &creds); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_check_packet: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + } + + ret = append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length); + if (!ret) { + talloc_free(mem_ctx); + return False; + } + + consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length); + + talloc_free(mem_ctx); + return ret; +} + static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) { NTSTATUS status; @@ -181,11 +286,84 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) return True; } -static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, - size_t *out_length) +static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) { - *out = buf->data; - *out_length = buf->length; + NTSTATUS status; + DATA_BLOB tmp_blob; + DATA_BLOB creds; + DATA_BLOB sasl; + size_t sendlen; + BOOL ret; + struct socket_context *sock = conn->connection->socket; + TALLOC_CTX *mem_ctx; + + if (!conn->gensec || + !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && + gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { + return write_from_buf(sock, &conn->out_buffer); + } + + mem_ctx = talloc(conn, 0); + if (!mem_ctx) { + DEBUG(0,("no memory\n")); + return False; + } + + tmp_blob.data = conn->out_buffer.data; + tmp_blob.length = conn->out_buffer.length; + + if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) { + status = gensec_seal_packet(conn->gensec, mem_ctx, + tmp_blob.data, tmp_blob.length, + tmp_blob.data, tmp_blob.length, + &creds); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_seal_packet: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + } else { + status = gensec_sign_packet(conn->gensec, mem_ctx, + tmp_blob.data, tmp_blob.length, + tmp_blob.data, tmp_blob.length, + &creds); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_sign_packet: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + } + + sasl = data_blob_talloc(mem_ctx, NULL, 4 + creds.length + tmp_blob.length); + if (!sasl.data) { + DEBUG(0,("no memory\n")); + talloc_free(mem_ctx); + return False; + } + + RSIVAL(sasl.data, 0, creds.length + tmp_blob.length); + memcpy(sasl.data + 4, creds.data, creds.length); + memcpy(sasl.data + 4 + creds.length, tmp_blob.data, tmp_blob.length); + + ret = append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length); + if (!ret) { + talloc_free(mem_ctx); + return False; + } + consumed_from_buf(&conn->out_buffer, tmp_blob.length); + + status = socket_send(sock, mem_ctx, &tmp_blob, &sendlen, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("socket_send() %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; + } + + consumed_from_buf(&conn->sasl_out_buffer, sendlen); + + talloc_free(mem_ctx); + + return True; } static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) @@ -499,16 +677,14 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, DEBUG(10,("ldapsrv_recv\n")); - if (!read_into_buf(conn->socket, &ldap_conn->in_buffer)) { - ldapsrv_terminate_connection(ldap_conn, "read_into_buf() failed"); + if (!ldapsrv_read_buf(ldap_conn)) { + ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed"); return; } peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); while (buf_length > 0) { - - peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); /* LDAP Messages are always SEQUENCES */ if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0), @@ -576,7 +752,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, return; } - if (ldap_conn->out_buffer.length > 0) { + if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) { conn->event.fde->flags |= EVENT_FD_WRITE; } @@ -593,12 +769,12 @@ static void ldapsrv_send(struct server_connection *conn, time_t t, DEBUG(10,("ldapsrv_send\n")); - if (!write_from_buf(conn->socket, &ldap_conn->out_buffer)) { - ldapsrv_terminate_connection(ldap_conn, "write_from_buf() failed"); + if (!ldapsrv_write_buf(ldap_conn)) { + ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed"); return; } - if (ldap_conn->out_buffer.length == 0) { + if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) { conn->event.fde->flags &= ~EVENT_FD_WRITE; } -- cgit From 7a4478845f903fd7380d0d28c7187e7151fe3c3b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Oct 2004 12:26:14 +0000 Subject: r2863: move the logical ldapsrv functions to a seperate file metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d) --- source4/ldap_server/ldap_server.c | 257 -------------------------------------- 1 file changed, 257 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 34a4fc59e1..2ce6b03762 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -380,263 +380,6 @@ static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) return res; } -struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type) -{ - struct ldapsrv_reply *reply; - - reply = talloc_p(call, struct ldapsrv_reply); - if (!reply) { - return NULL; - } - - reply->prev = reply->next = NULL; - reply->state = LDAPSRV_REPLY_STATE_NEW; - reply->msg.messageid = call->request.messageid; - reply->msg.type = type; - reply->msg.mem_ctx = reply; - - return reply; -} - -NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply) -{ - DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *); - return NT_STATUS_OK; -} - -struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn) -{ - if (strcasecmp("", dn) == 0) { - return conn->service->rootDSE; - } - - return conn->service->default_partition; -} - -NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error) -{ - struct ldapsrv_reply *reply; - struct ldap_ExtendedResponse *r; - - DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid)); - - reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); - if (!reply) { - return NT_STATUS_NO_MEMORY; - } - - r = &reply->msg.r.ExtendedResponse; - r->response.resultcode = error; - r->response.dn = NULL; - r->response.errormessage = NULL; - r->response.referral = NULL; - r->name = NULL; - r->value.data = NULL; - r->value.length = 0; - - return ldapsrv_queue_reply(call, reply); -} - -static NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call) -{ - struct ldap_BindRequest *req = &call->request.r.BindRequest; - struct ldapsrv_reply *reply; - struct ldap_BindResponse *resp; - - DEBUG(10, ("BindRequest dn: %s\n",req->dn)); - - reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); - if (!reply) { - return NT_STATUS_NO_MEMORY; - } - - resp = &reply->msg.r.BindResponse; - resp->response.resultcode = 0; - resp->response.dn = NULL; - resp->response.errormessage = NULL; - resp->response.referral = NULL; - resp->SASL.secblob = data_blob(NULL, 0); - - return ldapsrv_queue_reply(call, reply); -} - -static NTSTATUS ldapsrv_UnbindRequest(struct ldapsrv_call *call) -{ -/* struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest;*/ - DEBUG(10, ("UnbindRequest\n")); - return NT_STATUS_OK; -} - -static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) -{ - struct ldap_SearchRequest *req = &call->request.r.SearchRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("SearchRequest")); - DEBUGADD(10, (" basedn: %s", req->basedn)); - DEBUGADD(10, (" filter: %s\n", req->filter)); - - part = ldapsrv_get_partition(call->conn, req->basedn); - - if (!part->ops->Search) { - struct ldap_Result *done; - struct ldapsrv_reply *done_r; - - done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone); - if (!done_r) { - return NT_STATUS_NO_MEMORY; - } - - done = &done_r->msg.r.SearchResultDone; - done->resultcode = 53; - done->dn = NULL; - done->errormessage = NULL; - done->referral = NULL; - - return ldapsrv_queue_reply(call, done_r); - } - - return part->ops->Search(part, call, req); -} - -static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) -{ - struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("ModifyRequest")); - DEBUGADD(10, (" dn: %s", req->dn)); - - part = ldapsrv_get_partition(call->conn, req->dn); - - if (!part->ops->Modify) { - return ldapsrv_unwilling(call, 53); - } - - return part->ops->Modify(part, call, req); -} - -static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) -{ - struct ldap_AddRequest *req = &call->request.r.AddRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("AddRequest")); - DEBUGADD(10, (" dn: %s", req->dn)); - - part = ldapsrv_get_partition(call->conn, req->dn); - - if (!part->ops->Add) { - return ldapsrv_unwilling(call, 53); - } - - return part->ops->Add(part, call, req); -} - -static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) -{ - struct ldap_DelRequest *req = &call->request.r.DelRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("DelRequest")); - DEBUGADD(10, (" dn: %s", req->dn)); - - part = ldapsrv_get_partition(call->conn, req->dn); - - if (!part->ops->Del) { - return ldapsrv_unwilling(call, 53); - } - - return part->ops->Del(part, call, req); -} - -static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) -{ - struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("ModifyDNRequrest")); - DEBUGADD(10, (" dn: %s", req->dn)); - DEBUGADD(10, (" newrdn: %s", req->newrdn)); - - part = ldapsrv_get_partition(call->conn, req->dn); - - if (!part->ops->ModifyDN) { - return ldapsrv_unwilling(call, 53); - } - - return part->ops->ModifyDN(part, call, req); -} - -static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call) -{ - struct ldap_CompareRequest *req = &call->request.r.CompareRequest; - struct ldapsrv_partition *part; - - DEBUG(10, ("CompareRequest")); - DEBUGADD(10, (" dn: %s", req->dn)); - - part = ldapsrv_get_partition(call->conn, req->dn); - - if (!part->ops->Compare) { - return ldapsrv_unwilling(call, 53); - } - - return part->ops->Compare(part, call, req); -} - -static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call) -{ -/* struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/ - DEBUG(10, ("AbandonRequest\n")); - return NT_STATUS_OK; -} - -static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) -{ -/* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/ - struct ldapsrv_reply *reply; - - DEBUG(10, ("Extended\n")); - - reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse); - if (!reply) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCT(reply->msg.r); - - return ldapsrv_queue_reply(call, reply); -} - -static NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) -{ - switch(call->request.type) { - case LDAP_TAG_BindRequest: - return ldapsrv_BindRequest(call); - case LDAP_TAG_UnbindRequest: - return ldapsrv_UnbindRequest(call); - case LDAP_TAG_SearchRequest: - return ldapsrv_SearchRequest(call); - case LDAP_TAG_ModifyRequest: - return ldapsrv_ModifyRequest(call); - case LDAP_TAG_AddRequest: - return ldapsrv_AddRequest(call); - case LDAP_TAG_DelRequest: - return ldapsrv_DelRequest(call); - case LDAP_TAG_ModifyDNRequest: - return ldapsrv_ModifyDNRequest(call); - case LDAP_TAG_CompareRequest: - return ldapsrv_CompareRequest(call); - case LDAP_TAG_AbandonRequest: - return ldapsrv_AbandonRequest(call); - case LDAP_TAG_ExtendedRequest: - return ldapsrv_ExtendedRequest(call); - default: - return ldapsrv_unwilling(call, 2); - } -} - static NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) { struct ldapsrv_call *call, *next_call = NULL; -- cgit From 73e9f435f5e797b7c3b9874b57d081c2714a8bca Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 9 Oct 2004 22:00:00 +0000 Subject: r2878: add server sasl support (there are a lot of clean ups following later, but the LDAP-BASIC test works :-) metze (This used to be commit 34fe29c04a76f2f53f27adcaf9be2dce8d177516) --- source4/ldap_server/ldap_server.c | 48 +++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 19 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 2ce6b03762..5336cc04f1 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -122,7 +122,7 @@ static void ldapsrv_init(struct server_service *service, that a read(2) holds a complete request that is then thrown away completely. */ -static void consumed_from_buf(struct rw_buffer *buf, +void ldapsrv_consumed_from_buf(struct rw_buffer *buf, size_t length) { memcpy(buf->data, buf->data+length, buf->length-length); @@ -136,7 +136,7 @@ static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, *out_length = buf->length; } -static BOOL append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) +BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) { buf->data = realloc(buf->data, buf->length+length); @@ -161,7 +161,7 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) return False; } - ret = append_to_buf(buf, tmp_blob.data, tmp_blob.length); + ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length); talloc_free(tmp_blob.data); @@ -179,7 +179,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; - if (!conn->gensec || + if (!conn->gensec || !conn->session_info || !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { return read_into_buf(sock, &conn->in_buffer); @@ -198,7 +198,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) return False; } - ret = append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); + ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); if (!ret) { talloc_free(mem_ctx); return False; @@ -254,13 +254,13 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) } } - ret = append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length); + ret = ldapsrv_append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length); if (!ret) { talloc_free(mem_ctx); return False; } - consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length); + ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length); talloc_free(mem_ctx); return ret; @@ -281,7 +281,7 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) return False; } - consumed_from_buf(buf, sendlen); + ldapsrv_consumed_from_buf(buf, sendlen); return True; } @@ -297,7 +297,7 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; - if (!conn->gensec || + if (!conn->gensec || !conn->session_info || !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { return write_from_buf(sock, &conn->out_buffer); @@ -312,6 +312,10 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) tmp_blob.data = conn->out_buffer.data; tmp_blob.length = conn->out_buffer.length; + if (tmp_blob.length == 0) { + goto nodata; + } + if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) { status = gensec_seal_packet(conn->gensec, mem_ctx, tmp_blob.data, tmp_blob.length, @@ -345,12 +349,15 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) memcpy(sasl.data + 4, creds.data, creds.length); memcpy(sasl.data + 4 + creds.length, tmp_blob.data, tmp_blob.length); - ret = append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length); + ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length); if (!ret) { talloc_free(mem_ctx); return False; } - consumed_from_buf(&conn->out_buffer, tmp_blob.length); + ldapsrv_consumed_from_buf(&conn->out_buffer, tmp_blob.length); +nodata: + tmp_blob.data = conn->sasl_out_buffer.data; + tmp_blob.length = conn->sasl_out_buffer.length; status = socket_send(sock, mem_ctx, &tmp_blob, &sendlen, 0); if (!NT_STATUS_IS_OK(status)) { @@ -359,14 +366,14 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) return False; } - consumed_from_buf(&conn->sasl_out_buffer, sendlen); + ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen); talloc_free(mem_ctx); return True; } -static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) +static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf) { DATA_BLOB blob; BOOL res; @@ -374,20 +381,20 @@ static BOOL ldap_append_to_buf(struct ldap_message *msg, struct rw_buffer *buf) if (!ldap_encode(msg, &blob)) return False; - res = append_to_buf(buf, blob.data, blob.length); + res = ldapsrv_append_to_buf(buf, blob.data, blob.length); data_blob_free(&blob); return res; } -static NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) +NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) { struct ldapsrv_call *call, *next_call = NULL; struct ldapsrv_reply *reply, *next_reply = NULL; for (call=conn->calls; call; call=next_call) { for (reply=call->replies; reply; reply=next_reply) { - if (!ldap_append_to_buf(&reply->msg, &conn->out_buffer)) { + if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) { return NT_STATUS_FOOBAR; } next_reply = reply->next; @@ -404,6 +411,11 @@ static NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) return NT_STATUS_OK; } +NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) +{ + return NT_STATUS_OK; +} + /* called when a LDAP socket becomes readable */ @@ -462,8 +474,6 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, ZERO_STRUCTP(call); call->state = LDAPSRV_CALL_STATE_NEW; call->conn = ldap_conn; - /* TODO: we should use talloc_reference() here */ - call->session_info = ldap_conn->session_info; call->request.mem_ctx = call; if (!ldap_decode(&data, &call->request)) { @@ -478,7 +488,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, DLIST_ADD_END(ldap_conn->calls, call, struct ldapsrv_call *); - consumed_from_buf(&ldap_conn->in_buffer, msg_length); + ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length); status = ldapsrv_do_call(call); if (!NT_STATUS_IS_OK(status)) { -- cgit From c4005997b9e286f8601a22ad853354a5ec2f9c66 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 9 Oct 2004 22:25:24 +0000 Subject: r2881: also bind the ldap service on the global catalog service port (port 3268) metze (This used to be commit 7d17122c71e5a84c4804b5630790ba2d1dac73ee) --- source4/ldap_server/ldap_server.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5336cc04f1..9065647e01 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -42,6 +42,9 @@ static void add_socket(struct server_service *service, srv_sock = service_setup_socket(service, model_ops, ip_str, &port); + port = 3268; + srv_sock = service_setup_socket(service, model_ops, ip_str, &port); + talloc_free(ip_str); } -- cgit From 8debe5a6b88c9625826e191b04244ae3e4b42590 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 22 Oct 2004 10:52:57 +0000 Subject: r3136: - Allow specifying socket type when adding smbd service - Make sure a epm_tower struct is completely initialized - Some more minor fixes (This used to be commit d560dcbdb85cb2c6915bdb9e2f82f1872b0f5a52) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9065647e01..dcce32874d 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,10 +40,10 @@ static void add_socket(struct server_service *service, uint16_t port = 389; char *ip_str = talloc_strdup(service, inet_ntoa(*ifip)); - srv_sock = service_setup_socket(service, model_ops, ip_str, &port); + srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port); port = 3268; - srv_sock = service_setup_socket(service, model_ops, ip_str, &port); + srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port); talloc_free(ip_str); } -- cgit From 9d055846f225bea4953822f40fab1d2f1a2e2d07 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 27 Oct 2004 03:15:42 +0000 Subject: r3278: - rewrote the client side rpc connection code to use lib/socket/ rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205) --- source4/ldap_server/ldap_server.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index dcce32874d..6ce2dfdd79 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -110,13 +110,11 @@ static void ldapsrv_init(struct server_service *service, add_socket(service, model_ops, ifip); } } else { - struct in_addr *ifip; + struct in_addr ifip; /* Just bind to lp_socket_address() (usually 0.0.0.0) */ - ifip = interpret_addr2(service, lp_socket_address()); - add_socket(service, model_ops, ifip); - - talloc_destroy(ifip); + ifip = interpret_addr2(lp_socket_address()); + add_socket(service, model_ops, &ifip); } } -- cgit From c6888da1487ab301292c3d4d05d0464833f3ce57 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 28 Oct 2004 04:00:43 +0000 Subject: r3304: changed the API to lib/socket/ a little. The main change is to make socket_recv() take a pre-allocated buffer, rather than allocating one itself. This allows non-blocking users of this API to avoid a memcpy(). As a result our messaging code is now about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also faster. The second change was to remove the unused mem_ctx argument from socket_send(). Having it there implied that memory could be allocated, which meant the caller had to worry about freeing that memory (if for example it is sending in a tight loop using the same memory context). Removing that unused argument keeps life simpler for users. (This used to be commit a16e4756cd68ca8aab4ffc59d4d9db0b6e44dbd1) --- source4/ldap_server/ldap_server.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 6ce2dfdd79..70191c4827 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -155,10 +155,17 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) NTSTATUS status; DATA_BLOB tmp_blob; BOOL ret; + size_t nread; - status = socket_recv(sock, sock, &tmp_blob, 1024, 0); + tmp_blob = data_blob_talloc(sock, NULL, 1024); + if (tmp_blob.data == NULL) { + return False; + } + + status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); + talloc_free(tmp_blob.data); return False; } @@ -179,6 +186,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) int buf_length, sasl_length; struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; + size_t nread; if (!conn->gensec || !conn->session_info || !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && @@ -192,12 +200,19 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) return False; } - status = socket_recv(sock, mem_ctx, &tmp_blob, 1024, 0); + tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024); + if (tmp_blob.data == NULL) { + talloc_free(mem_ctx); + return False; + } + + status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); talloc_free(mem_ctx); return False; } + tmp_blob.length = nread; ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); if (!ret) { @@ -276,7 +291,7 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) tmp_blob.data = buf->data; tmp_blob.length = buf->length; - status = socket_send(sock, sock, &tmp_blob, &sendlen, 0); + status = socket_send(sock, &tmp_blob, &sendlen, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_send() %s\n",nt_errstr(status))); return False; @@ -360,7 +375,7 @@ nodata: tmp_blob.data = conn->sasl_out_buffer.data; tmp_blob.length = conn->sasl_out_buffer.length; - status = socket_send(sock, mem_ctx, &tmp_blob, &sendlen, 0); + status = socket_send(sock, &tmp_blob, &sendlen, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_send() %s\n",nt_errstr(status))); talloc_free(mem_ctx); -- cgit From c4cff94beb3eb8e78aa4a291ff0d8eea9512c6c0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 28 Oct 2004 08:36:23 +0000 Subject: r3316: give the LDAP server a chance of operating correctly non-blocking (it didn't handle EINTR or EAGAIN) (This used to be commit c35a8f92c2df354e972ced9371d33657ce99988e) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 70191c4827..a9aea2b449 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -163,7 +163,7 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) } status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_ERR(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); talloc_free(tmp_blob.data); return False; @@ -207,7 +207,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) } status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_ERR(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); talloc_free(mem_ctx); return False; -- cgit From 284349482f5293a9a23d0f72d7c2aab46b55843b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 1 Nov 2004 22:48:25 +0000 Subject: r3443: the next stage in the include files re-organisation. I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349) --- source4/ldap_server/ldap_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a9aea2b449..6013b6ecf4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -34,11 +34,11 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, c */ static void add_socket(struct server_service *service, const struct model_ops *model_ops, - struct in_addr *ifip) + struct ipv4_addr *ifip) { struct server_socket *srv_sock; uint16_t port = 389; - char *ip_str = talloc_strdup(service, inet_ntoa(*ifip)); + char *ip_str = talloc_strdup(service, sys_inet_ntoa(*ifip)); srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port); @@ -99,7 +99,7 @@ static void ldapsrv_init(struct server_service *service, socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { - struct in_addr *ifip = iface_n_ip(i); + struct ipv4_addr *ifip = iface_n_ip(i); if (ifip == NULL) { DEBUG(0,("ldapsrv_init: interface %d has NULL " @@ -110,7 +110,7 @@ static void ldapsrv_init(struct server_service *service, add_socket(service, model_ops, ifip); } } else { - struct in_addr ifip; + struct ipv4_addr ifip; /* Just bind to lp_socket_address() (usually 0.0.0.0) */ ifip = interpret_addr2(lp_socket_address()); -- cgit From edbfc0f6e70150e321822365bf0eead2821551bd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 02:57:18 +0000 Subject: r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 6013b6ecf4..0cc83eca65 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "auth/auth.h" /* close the socket and shutdown a server_context -- cgit From 3643fb11092e28a9538ef32cedce8ff21ad86a28 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 06:42:15 +0000 Subject: r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a) --- source4/ldap_server/ldap_server.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 0cc83eca65..0ef3a523e8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -21,6 +21,8 @@ #include "includes.h" #include "auth/auth.h" +#include "dlinklist.h" +#include "asn_1.h" /* close the socket and shutdown a server_context @@ -443,7 +445,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, uint8_t *buf; int buf_length, msg_length; DATA_BLOB blob; - ASN1_DATA data; + struct asn1_data data; struct ldapsrv_call *call; NTSTATUS status; -- cgit From a42142439aee9e75796e25cdf05e042174926abf Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 06:52:59 +0000 Subject: r3464: split out registry.h, rap.h and ldap_server.h (This used to be commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 0ef3a523e8..c9812d1d2f 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -23,6 +23,7 @@ #include "auth/auth.h" #include "dlinklist.h" #include "asn_1.h" +#include "ldap_server/ldap_server.h" /* close the socket and shutdown a server_context -- cgit From a99b6219a810a1cd10bd62a6716780602808f0cd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 12:15:17 +0000 Subject: r3481: split out client.h and events.h (This used to be commit c6f486574470a311e0d336c026103f131451e21e) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c9812d1d2f..3b4ccb6b73 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "events.h" #include "auth/auth.h" #include "dlinklist.h" #include "asn_1.h" -- cgit From dde07058075d357cfdc63624c8dcaa67ebd40add Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 3 Nov 2004 10:09:48 +0000 Subject: r3507: - added deferred replies on sharing violation in pvfs open. The deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831) --- source4/ldap_server/ldap_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 3b4ccb6b73..9338baa165 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -440,7 +440,7 @@ NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) /* called when a LDAP socket becomes readable */ -static void ldapsrv_recv(struct server_connection *conn, time_t t, +static void ldapsrv_recv(struct server_connection *conn, struct timeval t, uint16_t flags) { struct ldapsrv_connection *ldap_conn = conn->private_data; @@ -536,7 +536,7 @@ static void ldapsrv_recv(struct server_connection *conn, time_t t, /* called when a LDAP socket becomes writable */ -static void ldapsrv_send(struct server_connection *conn, time_t t, +static void ldapsrv_send(struct server_connection *conn, struct timeval t, uint16_t flags) { struct ldapsrv_connection *ldap_conn = conn->private_data; @@ -558,7 +558,7 @@ static void ldapsrv_send(struct server_connection *conn, time_t t, /* called when connection is idle */ -static void ldapsrv_idle(struct server_connection *conn, time_t t) +static void ldapsrv_idle(struct server_connection *conn, struct timeval t) { DEBUG(10,("ldapsrv_idle: not implemented!\n")); return; -- cgit From 0a5ea499ecd75eb8f3ec764dd73fba4e228eeabb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 Nov 2004 17:27:07 +0000 Subject: r3762: - only load the readed bytes into the input buffer - fix compiler warnings with gcc-4.0 metze (This used to be commit 7a931ea0f4884d866bbb05b7b81f8e0598364813) --- source4/ldap_server/ldap_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9338baa165..9f256b0b8b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -173,6 +173,7 @@ static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) talloc_free(tmp_blob.data); return False; } + tmp_blob.length = nread; ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length); @@ -188,7 +189,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) DATA_BLOB creds; BOOL ret; uint8_t *buf; - int buf_length, sasl_length; + size_t buf_length, sasl_length; struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; size_t nread; @@ -445,7 +446,7 @@ static void ldapsrv_recv(struct server_connection *conn, struct timeval t, { struct ldapsrv_connection *ldap_conn = conn->private_data; uint8_t *buf; - int buf_length, msg_length; + size_t buf_length, msg_length; DATA_BLOB blob; struct asn1_data data; struct ldapsrv_call *call; -- cgit From 0ad10aec63201c45b09f91541e9eee17fcf7ede5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Dec 2004 15:44:17 +0000 Subject: r4079: implement the gensec_have_feature() correctly by asking the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737) --- source4/ldap_server/ldap_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9f256b0b8b..ea1b8cb9b4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -195,8 +195,8 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) size_t nread; if (!conn->gensec || !conn->session_info || - !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && - gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { + !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) && + gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { return read_into_buf(sock, &conn->in_buffer); } @@ -254,7 +254,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) tmp_blob.data = buf + (4 + creds.length); tmp_blob.length = (4 + sasl_length) - (4 + creds.length); - if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) { + if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) { status = gensec_unseal_packet(conn->gensec, mem_ctx, tmp_blob.data, tmp_blob.length, tmp_blob.data, tmp_blob.length, @@ -320,8 +320,8 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) TALLOC_CTX *mem_ctx; if (!conn->gensec || !conn->session_info || - !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) && - gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) { + !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) && + gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { return write_from_buf(sock, &conn->out_buffer); } @@ -338,7 +338,7 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) goto nodata; } - if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) { + if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) { status = gensec_seal_packet(conn->gensec, mem_ctx, tmp_blob.data, tmp_blob.length, tmp_blob.data, tmp_blob.length, -- cgit From 9a6671cf9529fd7817c5ef266da3d3bea46a88c0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 31 Dec 2004 22:45:11 +0000 Subject: r4459: GENSEC refinements: In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6) --- source4/ldap_server/ldap_server.c | 113 +++++++++++++++----------------------- 1 file changed, 44 insertions(+), 69 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ea1b8cb9b4..0bace4b690 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -131,7 +131,7 @@ static void ldapsrv_init(struct server_service *service, void ldapsrv_consumed_from_buf(struct rw_buffer *buf, size_t length) { - memcpy(buf->data, buf->data+length, buf->length-length); + memmove(buf->data, buf->data+length, buf->length-length); buf->length -= length; } @@ -186,7 +186,8 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) { NTSTATUS status; DATA_BLOB tmp_blob; - DATA_BLOB creds; + DATA_BLOB wrapped; + DATA_BLOB unwrapped; BOOL ret; uint8_t *buf; size_t buf_length, sasl_length; @@ -194,9 +195,14 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) TALLOC_CTX *mem_ctx; size_t nread; - if (!conn->gensec || !conn->session_info || - !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) && - gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { + if (!conn->gensec) { + return read_into_buf(sock, &conn->in_buffer); + } + if (!conn->session_info) { + return read_into_buf(sock, &conn->in_buffer); + } + if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || + gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { return read_into_buf(sock, &conn->in_buffer); } @@ -236,47 +242,25 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) sasl_length = RIVAL(buf, 0); - if (buf_length < (4 + sasl_length)) { + if ((buf_length - 4) < sasl_length) { /* not enough yet */ talloc_free(mem_ctx); return True; } - creds.data = buf + 4; - creds.length = gensec_sig_size(conn->gensec); + wrapped.data = buf + 4; + wrapped.length = sasl_length; - if (creds.length > sasl_length) { - /* invalid packet? */ + status = gensec_unwrap(conn->gensec, mem_ctx, + &wrapped, + &unwrapped); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_unwrap: %s\n",nt_errstr(status))); talloc_free(mem_ctx); return False; } - tmp_blob.data = buf + (4 + creds.length); - tmp_blob.length = (4 + sasl_length) - (4 + creds.length); - - if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) { - status = gensec_unseal_packet(conn->gensec, mem_ctx, - tmp_blob.data, tmp_blob.length, - tmp_blob.data, tmp_blob.length, - &creds); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_unseal_packet: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } - } else { - status = gensec_check_packet(conn->gensec, mem_ctx, - tmp_blob.data, tmp_blob.length, - tmp_blob.data, tmp_blob.length, - &creds); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_check_packet: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } - } - - ret = ldapsrv_append_to_buf(&conn->in_buffer, tmp_blob.data, tmp_blob.length); + ret = ldapsrv_append_to_buf(&conn->in_buffer, unwrapped.data, unwrapped.length); if (!ret) { talloc_free(mem_ctx); return False; @@ -311,17 +295,23 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) { NTSTATUS status; + DATA_BLOB wrapped; DATA_BLOB tmp_blob; - DATA_BLOB creds; DATA_BLOB sasl; size_t sendlen; BOOL ret; struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; - if (!conn->gensec || !conn->session_info || - !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) && - gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { + + if (!conn->gensec) { + return write_from_buf(sock, &conn->out_buffer); + } + if (!conn->session_info) { + return write_from_buf(sock, &conn->out_buffer); + } + if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || + gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { return write_from_buf(sock, &conn->out_buffer); } @@ -331,52 +321,37 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) return False; } - tmp_blob.data = conn->out_buffer.data; - tmp_blob.length = conn->out_buffer.length; - - if (tmp_blob.length == 0) { + if (conn->out_buffer.length == 0) { goto nodata; } - if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) { - status = gensec_seal_packet(conn->gensec, mem_ctx, - tmp_blob.data, tmp_blob.length, - tmp_blob.data, tmp_blob.length, - &creds); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_seal_packet: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } - } else { - status = gensec_sign_packet(conn->gensec, mem_ctx, - tmp_blob.data, tmp_blob.length, - tmp_blob.data, tmp_blob.length, - &creds); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_sign_packet: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } + tmp_blob.data = conn->out_buffer.data; + tmp_blob.length = conn->out_buffer.length; + status = gensec_wrap(conn->gensec, mem_ctx, + &tmp_blob, + &wrapped); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("gensec_wrap: %s\n",nt_errstr(status))); + talloc_free(mem_ctx); + return False; } - sasl = data_blob_talloc(mem_ctx, NULL, 4 + creds.length + tmp_blob.length); + sasl = data_blob_talloc(mem_ctx, NULL, 4 + wrapped.length); if (!sasl.data) { DEBUG(0,("no memory\n")); talloc_free(mem_ctx); return False; } - RSIVAL(sasl.data, 0, creds.length + tmp_blob.length); - memcpy(sasl.data + 4, creds.data, creds.length); - memcpy(sasl.data + 4 + creds.length, tmp_blob.data, tmp_blob.length); + RSIVAL(sasl.data, 0, wrapped.length); + memcpy(sasl.data + 4, wrapped.data, wrapped.length); ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length); if (!ret) { talloc_free(mem_ctx); return False; } - ldapsrv_consumed_from_buf(&conn->out_buffer, tmp_blob.length); + ldapsrv_consumed_from_buf(&conn->out_buffer, conn->out_buffer.length); nodata: tmp_blob.data = conn->sasl_out_buffer.data; tmp_blob.length = conn->sasl_out_buffer.length; -- cgit From cc55aef7c116d03ba2817625b0ba9edb378525e3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Jan 2005 02:32:43 +0000 Subject: r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 0bace4b690..a301c14084 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -206,7 +206,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) return read_into_buf(sock, &conn->in_buffer); } - mem_ctx = talloc(conn, 0); + mem_ctx = talloc_new(conn); if (!mem_ctx) { DEBUG(0,("no memory\n")); return False; @@ -315,7 +315,7 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) return write_from_buf(sock, &conn->out_buffer); } - mem_ctx = talloc(conn, 0); + mem_ctx = talloc_new(conn); if (!mem_ctx) { DEBUG(0,("no memory\n")); return False; -- cgit From ef4e85614e038ee3f2c63e111b2bae8f079892b9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 12 Jan 2005 16:30:36 +0000 Subject: r4716: add a real ugly hack to get all ldap queries of an w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option="ldapsrv:hacked=yes" so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze (This used to be commit d72760d26ffe531e34bcbec623b986761152ae5b) --- source4/ldap_server/ldap_server.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a301c14084..bc851713b5 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -88,7 +88,11 @@ static void ldapsrv_init(struct server_service *service, return; } part->base_dn = "*"; /* default partition */ - part->ops = ldapsrv_get_sldb_partition_ops(); + if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { + part->ops = ldapsrv_get_hldb_partition_ops(); + } else { + part->ops = ldapsrv_get_sldb_partition_ops(); + } ldap_service->default_partition = part; DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); -- cgit From 9327ec51d11855ec0ceac3ce1f4e0a75c8b57081 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Jan 2005 01:32:56 +0000 Subject: r4728: split up server_services into: - stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0) --- source4/ldap_server/ldap_server.c | 68 ++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 41 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index bc851713b5..52a519721f 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -34,21 +34,22 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, c server_terminate_connection(ldap_conn->connection, reason); } +static const struct server_stream_ops *ldapsrv_get_stream_ops(void); + /* add a socket address to the list of events, one event per port */ -static void add_socket(struct server_service *service, - const struct model_ops *model_ops, +static void add_socket(struct server_service *service, struct ipv4_addr *ifip) { - struct server_socket *srv_sock; + struct server_stream_socket *stream_socket; uint16_t port = 389; char *ip_str = talloc_strdup(service, sys_inet_ntoa(*ifip)); - srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port); + stream_socket = service_setup_stream_socket(service, ldapsrv_get_stream_ops(), "ipv4", ip_str, &port); port = 3268; - srv_sock = service_setup_socket(service, model_ops, "ipv4", ip_str, &port); + stream_socket = service_setup_stream_socket(service, ldapsrv_get_stream_ops(), "ipv4", ip_str, &port); talloc_free(ip_str); } @@ -56,8 +57,7 @@ static void add_socket(struct server_service *service, /**************************************************************************** Open the socket communication. ****************************************************************************/ -static void ldapsrv_init(struct server_service *service, - const struct model_ops *model_ops) +static void ldapsrv_init(struct server_service *service) { struct ldapsrv_service *ldap_service; struct ldapsrv_partition *part; @@ -97,7 +97,7 @@ static void ldapsrv_init(struct server_service *service, ldap_service->default_partition = part; DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); - service->private_data = ldap_service; + service->service.private_data = ldap_service; if (lp_interfaces() && lp_bind_interfaces_only()) { int num_interfaces = iface_count(); @@ -116,14 +116,14 @@ static void ldapsrv_init(struct server_service *service, continue; } - add_socket(service, model_ops, ifip); + add_socket(service, ifip); } } else { struct ipv4_addr ifip; /* Just bind to lp_socket_address() (usually 0.0.0.0) */ ifip = interpret_addr2(lp_socket_address()); - add_socket(service, model_ops, &ifip); + add_socket(service, &ifip); } } @@ -423,7 +423,7 @@ NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) static void ldapsrv_recv(struct server_connection *conn, struct timeval t, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = conn->private_data; + struct ldapsrv_connection *ldap_conn = conn->connection.private_data; uint8_t *buf; size_t buf_length, msg_length; DATA_BLOB blob; @@ -519,7 +519,7 @@ static void ldapsrv_recv(struct server_connection *conn, struct timeval t, static void ldapsrv_send(struct server_connection *conn, struct timeval t, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = conn->private_data; + struct ldapsrv_connection *ldap_conn = conn->connection.private_data; DEBUG(10,("ldapsrv_send\n")); @@ -535,20 +535,6 @@ static void ldapsrv_send(struct server_connection *conn, struct timeval t, return; } -/* - called when connection is idle -*/ -static void ldapsrv_idle(struct server_connection *conn, struct timeval t) -{ - DEBUG(10,("ldapsrv_idle: not implemented!\n")); - return; -} - -static void ldapsrv_close(struct server_connection *conn, const char *reason) -{ - return; -} - /* initialise a server_context from a open socket and register a event handler for reading from that socket @@ -566,31 +552,31 @@ static void ldapsrv_accept(struct server_connection *conn) ZERO_STRUCTP(ldap_conn); ldap_conn->connection = conn; - ldap_conn->service = talloc_reference(ldap_conn, conn->service->private_data); + ldap_conn->service = talloc_reference(ldap_conn, conn->stream_socket->service); - conn->private_data = ldap_conn; + conn->connection.private_data = ldap_conn; return; } -/* - called on a fatal error that should cause this server to terminate -*/ -static void ldapsrv_exit(struct server_service *service, const char *reason) +static const struct server_stream_ops ldap_stream_ops = { + .name = "ldap", + .socket_init = NULL, + .accept_connection = ldapsrv_accept, + .recv_handler = ldapsrv_recv, + .send_handler = ldapsrv_send, + .idle_handler = NULL, + .close_connection = NULL +}; + +static const struct server_stream_ops *ldapsrv_get_stream_ops(void) { - DEBUG(10,("ldapsrv_exit\n")); - return; + return &ldap_stream_ops; } static const struct server_service_ops ldap_server_ops = { .name = "ldap", - .service_init = ldapsrv_init, - .accept_connection = ldapsrv_accept, - .recv_handler = ldapsrv_recv, - .send_handler = ldapsrv_send, - .idle_handler = ldapsrv_idle, - .close_connection = ldapsrv_close, - .service_exit = ldapsrv_exit, + .service_init = ldapsrv_init }; const struct server_service_ops *ldapsrv_get_ops(void) -- cgit From 757a063a134ab466f437e60b1eed5215b992d80c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 21 Jan 2005 12:45:11 +0000 Subject: r4897: Unbreak the LDAP server. Somehow the generic service structures (which seem just a little too complex) changed, but this code was not updated or tested. Also clarify the existing code, by not reusing variables. Andrew Bartlett (This used to be commit eb46adade4a0b9f0977479eb767c0bc7936a9585) --- source4/ldap_server/ldap_server.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 52a519721f..3c27577b66 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -60,6 +60,7 @@ static void add_socket(struct server_service *service, static void ldapsrv_init(struct server_service *service) { struct ldapsrv_service *ldap_service; + struct ldapsrv_partition *rootDSE_part; struct ldapsrv_partition *part; DEBUG(10,("ldapsrv_init\n")); @@ -71,16 +72,16 @@ static void ldapsrv_init(struct server_service *service) } ZERO_STRUCTP(ldap_service); - part = talloc_p(ldap_service, struct ldapsrv_partition); - if (!ldap_service) { + rootDSE_part = talloc_p(ldap_service, struct ldapsrv_partition); + if (!rootDSE_part) { DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n")); return; } - part->base_dn = ""; /* RootDSE */ - part->ops = ldapsrv_get_rootdse_partition_ops(); + rootDSE_part->base_dn = ""; /* RootDSE */ + rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); - ldap_service->rootDSE = part; - DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); + ldap_service->rootDSE = rootDSE_part; + DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); part = talloc_p(ldap_service, struct ldapsrv_partition); if (!ldap_service) { @@ -552,7 +553,7 @@ static void ldapsrv_accept(struct server_connection *conn) ZERO_STRUCTP(ldap_conn); ldap_conn->connection = conn; - ldap_conn->service = talloc_reference(ldap_conn, conn->stream_socket->service); + ldap_conn->service = talloc_reference(ldap_conn, conn->stream_socket->service->service.private_data); conn->connection.private_data = ldap_conn; -- cgit From 759da3b915e2006d4c87b5ace47f399accd9ce91 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Jan 2005 07:08:20 +0000 Subject: r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0) --- source4/ldap_server/ldap_server.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 3c27577b66..d5b4aaae43 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -65,16 +65,16 @@ static void ldapsrv_init(struct server_service *service) DEBUG(10,("ldapsrv_init\n")); - ldap_service = talloc_p(service, struct ldapsrv_service); + ldap_service = talloc(service, struct ldapsrv_service); if (!ldap_service) { - DEBUG(0,("talloc_p(service, struct ldapsrv_service) failed\n")); + DEBUG(0,("talloc(service, struct ldapsrv_service) failed\n")); return; } ZERO_STRUCTP(ldap_service); - rootDSE_part = talloc_p(ldap_service, struct ldapsrv_partition); + rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); if (!rootDSE_part) { - DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n")); + DEBUG(0,("talloc(ldap_service, struct ldapsrv_partition) failed\n")); return; } rootDSE_part->base_dn = ""; /* RootDSE */ @@ -83,9 +83,9 @@ static void ldapsrv_init(struct server_service *service) ldap_service->rootDSE = rootDSE_part; DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); - part = talloc_p(ldap_service, struct ldapsrv_partition); + part = talloc(ldap_service, struct ldapsrv_partition); if (!ldap_service) { - DEBUG(0,("talloc_p(ldap_service, struct ldapsrv_partition) failed\n")); + DEBUG(0,("talloc(ldap_service, struct ldapsrv_partition) failed\n")); return; } part->base_dn = "*"; /* default partition */ @@ -467,7 +467,7 @@ static void ldapsrv_recv(struct server_connection *conn, struct timeval t, return; } - call = talloc_p(ldap_conn, struct ldapsrv_call); + call = talloc(ldap_conn, struct ldapsrv_call); if (!call) { ldapsrv_terminate_connection(ldap_conn, "no memory"); return; @@ -546,7 +546,7 @@ static void ldapsrv_accept(struct server_connection *conn) DEBUG(10, ("ldapsrv_accept\n")); - ldap_conn = talloc_p(conn, struct ldapsrv_connection); + ldap_conn = talloc(conn, struct ldapsrv_connection); if (ldap_conn == NULL) return; -- cgit From 55d4d36993293fee914a009f1d8f05810e347f2b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 30 Jan 2005 00:54:57 +0000 Subject: r5102: This is a major simplification of the logic for controlling top level servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e) --- source4/ldap_server/ldap_server.c | 205 ++++++++++++++++---------------------- 1 file changed, 84 insertions(+), 121 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d5b4aaae43..96305b1b2a 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -25,107 +25,14 @@ #include "dlinklist.h" #include "asn_1.h" #include "ldap_server/ldap_server.h" +#include "smbd/service_stream.h" /* close the socket and shutdown a server_context */ static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) { - server_terminate_connection(ldap_conn->connection, reason); -} - -static const struct server_stream_ops *ldapsrv_get_stream_ops(void); - -/* - add a socket address to the list of events, one event per port -*/ -static void add_socket(struct server_service *service, - struct ipv4_addr *ifip) -{ - struct server_stream_socket *stream_socket; - uint16_t port = 389; - char *ip_str = talloc_strdup(service, sys_inet_ntoa(*ifip)); - - stream_socket = service_setup_stream_socket(service, ldapsrv_get_stream_ops(), "ipv4", ip_str, &port); - - port = 3268; - stream_socket = service_setup_stream_socket(service, ldapsrv_get_stream_ops(), "ipv4", ip_str, &port); - - talloc_free(ip_str); -} - -/**************************************************************************** - Open the socket communication. -****************************************************************************/ -static void ldapsrv_init(struct server_service *service) -{ - struct ldapsrv_service *ldap_service; - struct ldapsrv_partition *rootDSE_part; - struct ldapsrv_partition *part; - - DEBUG(10,("ldapsrv_init\n")); - - ldap_service = talloc(service, struct ldapsrv_service); - if (!ldap_service) { - DEBUG(0,("talloc(service, struct ldapsrv_service) failed\n")); - return; - } - ZERO_STRUCTP(ldap_service); - - rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); - if (!rootDSE_part) { - DEBUG(0,("talloc(ldap_service, struct ldapsrv_partition) failed\n")); - return; - } - rootDSE_part->base_dn = ""; /* RootDSE */ - rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); - - ldap_service->rootDSE = rootDSE_part; - DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); - - part = talloc(ldap_service, struct ldapsrv_partition); - if (!ldap_service) { - DEBUG(0,("talloc(ldap_service, struct ldapsrv_partition) failed\n")); - return; - } - part->base_dn = "*"; /* default partition */ - if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { - part->ops = ldapsrv_get_hldb_partition_ops(); - } else { - part->ops = ldapsrv_get_sldb_partition_ops(); - } - - ldap_service->default_partition = part; - DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); - - service->service.private_data = ldap_service; - - if (lp_interfaces() && lp_bind_interfaces_only()) { - int num_interfaces = iface_count(); - int i; - - /* We have been given an interfaces line, and been - told to only bind to those interfaces. Create a - socket per interface and bind to only these. - */ - for(i = 0; i < num_interfaces; i++) { - struct ipv4_addr *ifip = iface_n_ip(i); - - if (ifip == NULL) { - DEBUG(0,("ldapsrv_init: interface %d has NULL " - "IP address !\n", i)); - continue; - } - - add_socket(service, ifip); - } - } else { - struct ipv4_addr ifip; - - /* Just bind to lp_socket_address() (usually 0.0.0.0) */ - ifip = interpret_addr2(lp_socket_address()); - add_socket(service, &ifip); - } + stream_terminate_connection(ldap_conn->connection, reason); } /* This rw-buf api is made to avoid memcpy. For now do that like mad... The @@ -421,10 +328,10 @@ NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) /* called when a LDAP socket becomes readable */ -static void ldapsrv_recv(struct server_connection *conn, struct timeval t, +static void ldapsrv_recv(struct stream_connection *conn, struct timeval t, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = conn->connection.private_data; + struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); uint8_t *buf; size_t buf_length, msg_length; DATA_BLOB blob; @@ -517,10 +424,10 @@ static void ldapsrv_recv(struct server_connection *conn, struct timeval t, /* called when a LDAP socket becomes writable */ -static void ldapsrv_send(struct server_connection *conn, struct timeval t, +static void ldapsrv_send(struct stream_connection *conn, struct timeval t, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = conn->connection.private_data; + struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); DEBUG(10,("ldapsrv_send\n")); @@ -540,52 +447,108 @@ static void ldapsrv_send(struct server_connection *conn, struct timeval t, initialise a server_context from a open socket and register a event handler for reading from that socket */ -static void ldapsrv_accept(struct server_connection *conn) +static void ldapsrv_accept(struct stream_connection *conn) { struct ldapsrv_connection *ldap_conn; DEBUG(10, ("ldapsrv_accept\n")); - ldap_conn = talloc(conn, struct ldapsrv_connection); + ldap_conn = talloc_zero(conn, struct ldapsrv_connection); if (ldap_conn == NULL) return; - ZERO_STRUCTP(ldap_conn); ldap_conn->connection = conn; - ldap_conn->service = talloc_reference(ldap_conn, conn->stream_socket->service->service.private_data); - - conn->connection.private_data = ldap_conn; - - return; + ldap_conn->service = talloc_get_type(conn->private, struct ldapsrv_service); + conn->private = ldap_conn; } -static const struct server_stream_ops ldap_stream_ops = { +static const struct stream_server_ops ldap_stream_ops = { .name = "ldap", - .socket_init = NULL, .accept_connection = ldapsrv_accept, .recv_handler = ldapsrv_recv, .send_handler = ldapsrv_send, - .idle_handler = NULL, - .close_connection = NULL }; -static const struct server_stream_ops *ldapsrv_get_stream_ops(void) +/* + add a socket address to the list of events, one event per port +*/ +static NTSTATUS add_socket(struct event_context *event_context, const struct model_ops *model_ops, + const char *address, struct ldapsrv_service *ldap_service) { - return &ldap_stream_ops; + uint16_t port = 389; + NTSTATUS status; + + status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + "ipv4", address, &port, ldap_service); + NT_STATUS_NOT_OK_RETURN(status); + + port = 3268; + + return stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + "ipv4", address, &port, ldap_service); } -static const struct server_service_ops ldap_server_ops = { - .name = "ldap", - .service_init = ldapsrv_init -}; +/* + open the ldap server sockets +*/ +static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct model_ops *model_ops) +{ + struct ldapsrv_service *ldap_service; + struct ldapsrv_partition *rootDSE_part; + struct ldapsrv_partition *part; + NTSTATUS status; -const struct server_service_ops *ldapsrv_get_ops(void) -{ - return &ldap_server_ops; + DEBUG(10,("ldapsrv_init\n")); + + ldap_service = talloc_zero(event_context, struct ldapsrv_service); + NT_STATUS_HAVE_NO_MEMORY(ldap_service); + + rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); + NT_STATUS_HAVE_NO_MEMORY(rootDSE_part); + + rootDSE_part->base_dn = ""; /* RootDSE */ + rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); + + ldap_service->rootDSE = rootDSE_part; + DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); + + part = talloc(ldap_service, struct ldapsrv_partition); + NT_STATUS_HAVE_NO_MEMORY(part); + + part->base_dn = "*"; /* default partition */ + if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { + part->ops = ldapsrv_get_hldb_partition_ops(); + } else { + part->ops = ldapsrv_get_sldb_partition_ops(); + } + + ldap_service->default_partition = part; + DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); + + if (lp_interfaces() && lp_bind_interfaces_only()) { + int num_interfaces = iface_count(); + int i; + + /* We have been given an interfaces line, and been + told to only bind to those interfaces. Create a + socket per interface and bind to only these. + */ + for(i = 0; i < num_interfaces; i++) { + const char *address = sys_inet_ntoa(*iface_n_ip(i)); + status = add_socket(event_context, model_ops, address, ldap_service); + NT_STATUS_NOT_OK_RETURN(status); + } + } else { + status = add_socket(event_context, model_ops, lp_socket_address(), ldap_service); + NT_STATUS_NOT_OK_RETURN(status); + } + + return NT_STATUS_OK; } + NTSTATUS server_service_ldap_init(void) { - return NT_STATUS_OK; + return register_server_service("ldap", ldapsrv_init); } -- cgit From 66170ef8b36b499aa5b44ef10c1bd362a50f2636 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 3 Feb 2005 02:35:52 +0000 Subject: r5185: make all the events data structures private to events.c. This will make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 96305b1b2a..87e46a3d51 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -415,7 +415,7 @@ static void ldapsrv_recv(struct stream_connection *conn, struct timeval t, } if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) { - conn->event.fde->flags |= EVENT_FD_WRITE; + EVENT_FD_WRITEABLE(conn->event.fde); } return; @@ -437,7 +437,7 @@ static void ldapsrv_send(struct stream_connection *conn, struct timeval t, } if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) { - conn->event.fde->flags &= ~EVENT_FD_WRITE; + EVENT_FD_NOT_WRITEABLE(conn->event.fde); } return; -- cgit From 0798d54b4fc28be881e2c4012663b1461bc85ba7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 3 Feb 2005 11:25:52 +0000 Subject: r5195: most events don't need the time of the event, so save a gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc) --- source4/ldap_server/ldap_server.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 87e46a3d51..70c9f62aec 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -328,8 +328,7 @@ NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) /* called when a LDAP socket becomes readable */ -static void ldapsrv_recv(struct stream_connection *conn, struct timeval t, - uint16_t flags) +static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags) { struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); uint8_t *buf; @@ -424,8 +423,7 @@ static void ldapsrv_recv(struct stream_connection *conn, struct timeval t, /* called when a LDAP socket becomes writable */ -static void ldapsrv_send(struct stream_connection *conn, struct timeval t, - uint16_t flags) +static void ldapsrv_send(struct stream_connection *conn, uint16_t flags) { struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); -- cgit From 131dc76d56df40b3511c47e54f15412a25b491f8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 3 Feb 2005 11:56:03 +0000 Subject: r5197: moved events code to lib/events/ (suggestion from metze) (This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 70c9f62aec..ebc232a4c8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -20,7 +20,7 @@ */ #include "includes.h" -#include "events.h" +#include "lib/events/events.h" #include "auth/auth.h" #include "dlinklist.h" #include "asn_1.h" -- cgit From b9bb7f596de51496c18580863efbb8ac17c78970 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Feb 2005 03:22:47 +0000 Subject: r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ebc232a4c8..3a0e3d1cde 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -533,7 +533,7 @@ static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct m socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { - const char *address = sys_inet_ntoa(*iface_n_ip(i)); + const char *address = iface_n_ip(i); status = add_socket(event_context, model_ops, address, ldap_service); NT_STATUS_NOT_OK_RETURN(status); } -- cgit From bed7c9ec32b7d4083ba4ed2abbf3b6126bee7a25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Feb 2005 06:59:29 +0000 Subject: r5304: removed lib/socket/socket.h from includes.h (This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 3a0e3d1cde..7319c1c7ac 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -26,6 +26,7 @@ #include "asn_1.h" #include "ldap_server/ldap_server.h" #include "smbd/service_stream.h" +#include "lib/socket/socket.h" /* close the socket and shutdown a server_context -- cgit From 2e8968714455be3f8f643faf3880f64ec4d65d5b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 14 Jun 2005 03:51:49 +0000 Subject: r7565: fixed handling of sasl data in ldap server (This used to be commit 9b7a89735f18f66ead010d5a1a0a6516ee9b93fe) --- source4/ldap_server/ldap_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 7319c1c7ac..9f62d72e2c 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -223,7 +223,8 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) if (!conn->session_info) { return write_from_buf(sock, &conn->out_buffer); } - if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || + if (conn->sasl_out_buffer.length == 0 && + !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { return write_from_buf(sock, &conn->out_buffer); } -- cgit From c0947b0d7f809f5139fbfcdbd618ed7b0a77d2be Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 15 Jun 2005 00:27:51 +0000 Subject: r7593: simplified the memory management in the ldap code. Having a mem_ctx element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53) --- source4/ldap_server/ldap_server.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9f62d72e2c..9c5f5fccc8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -305,7 +305,7 @@ NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) for (call=conn->calls; call; call=next_call) { for (reply=call->replies; reply; reply=next_reply) { - if (!ldap_encode_to_buf(&reply->msg, &conn->out_buffer)) { + if (!ldap_encode_to_buf(reply->msg, &conn->out_buffer)) { return NT_STATUS_FOOBAR; } next_reply = reply->next; @@ -375,18 +375,22 @@ static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags) return; } - call = talloc(ldap_conn, struct ldapsrv_call); + call = talloc_zero(ldap_conn, struct ldapsrv_call); if (!call) { ldapsrv_terminate_connection(ldap_conn, "no memory"); return; } - ZERO_STRUCTP(call); + call->request = talloc_zero(call, struct ldap_message); + if (call->request == NULL) { + ldapsrv_terminate_connection(ldap_conn, "no memory"); + return; + } + call->state = LDAPSRV_CALL_STATE_NEW; call->conn = ldap_conn; - call->request.mem_ctx = call; - if (!ldap_decode(&data, &call->request)) { + if (!ldap_decode(&data, call->request)) { dump_data(0,buf, msg_length); asn1_free(&data); ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); -- cgit From 68853a1c7be11ffaaef4ad2e3f78a97f0b401b68 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 07:21:18 +0000 Subject: r7746: - added TLS support to our ldap server - this involved changing the buffer handling in the ldap server quite a lot, as it didn't handle partial packets at all - removed completely bogus asn1_object_length() function. You can't do that with BER/DER (This used to be commit fed6f4cc6ceaf83aacb581499aeaf6af4ee8ddd2) --- source4/ldap_server/ldap_server.c | 194 ++++++++++++++++++++++---------------- 1 file changed, 112 insertions(+), 82 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9c5f5fccc8..01a48b78b2 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -1,6 +1,9 @@ /* Unix SMB/CIFS implementation. + LDAP server + + Copyright (C) Andrew Tridgell 2005 Copyright (C) Volker Lendecke 2004 Copyright (C) Stefan Metzmacher 2004 @@ -25,14 +28,18 @@ #include "dlinklist.h" #include "asn_1.h" #include "ldap_server/ldap_server.h" +#include "smbd/service_task.h" #include "smbd/service_stream.h" #include "lib/socket/socket.h" +#include "lib/tls/tls.h" /* close the socket and shutdown a server_context */ static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) { + talloc_free(ldap_conn->tls); + ldap_conn->tls = NULL; stream_terminate_connection(ldap_conn->connection, reason); } @@ -65,27 +72,36 @@ BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) memcpy(buf->data+buf->length, data, length); buf->length += length; + return True; } -static BOOL read_into_buf(struct socket_context *sock, struct rw_buffer *buf) +static BOOL read_into_buf(struct ldapsrv_connection *conn, struct rw_buffer *buf) { NTSTATUS status; DATA_BLOB tmp_blob; BOOL ret; size_t nread; - tmp_blob = data_blob_talloc(sock, NULL, 1024); + tmp_blob = data_blob_talloc(conn, NULL, 1024); if (tmp_blob.data == NULL) { return False; } - status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); + status = tls_socket_recv(conn->tls, tmp_blob.data, tmp_blob.length, &nread); + if (NT_STATUS_IS_OK(status) && nread == 0) { + return False; + } if (NT_STATUS_IS_ERR(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); talloc_free(tmp_blob.data); return False; } + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_blob.data); + return True; + } + tmp_blob.length = nread; ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length); @@ -104,19 +120,13 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) BOOL ret; uint8_t *buf; size_t buf_length, sasl_length; - struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; size_t nread; - if (!conn->gensec) { - return read_into_buf(sock, &conn->in_buffer); - } - if (!conn->session_info) { - return read_into_buf(sock, &conn->in_buffer); - } - if (!(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || + if (!conn->gensec || !conn->session_info || + !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { - return read_into_buf(sock, &conn->in_buffer); + return read_into_buf(conn, &conn->in_buffer); } mem_ctx = talloc_new(conn); @@ -131,12 +141,20 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) return False; } - status = socket_recv(sock, tmp_blob.data, tmp_blob.length, &nread, 0); + status = tls_socket_recv(conn->tls, tmp_blob.data, tmp_blob.length, &nread); + if (NT_STATUS_IS_OK(status) && nread == 0) { + talloc_free(conn->tls); + return False; + } if (NT_STATUS_IS_ERR(status)) { DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); talloc_free(mem_ctx); return False; } + if (!NT_STATUS_IS_OK(status)) { + talloc_free(mem_ctx); + return True; + } tmp_blob.length = nread; ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); @@ -185,7 +203,7 @@ static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) return ret; } -static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) +static BOOL write_from_buf(struct ldapsrv_connection *conn, struct rw_buffer *buf) { NTSTATUS status; DATA_BLOB tmp_blob; @@ -194,7 +212,7 @@ static BOOL write_from_buf(struct socket_context *sock, struct rw_buffer *buf) tmp_blob.data = buf->data; tmp_blob.length = buf->length; - status = socket_send(sock, &tmp_blob, &sendlen, 0); + status = tls_socket_send(conn->tls, &tmp_blob, &sendlen); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_send() %s\n",nt_errstr(status))); return False; @@ -213,20 +231,19 @@ static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) DATA_BLOB sasl; size_t sendlen; BOOL ret; - struct socket_context *sock = conn->connection->socket; TALLOC_CTX *mem_ctx; if (!conn->gensec) { - return write_from_buf(sock, &conn->out_buffer); + return write_from_buf(conn, &conn->out_buffer); } if (!conn->session_info) { - return write_from_buf(sock, &conn->out_buffer); + return write_from_buf(conn, &conn->out_buffer); } if (conn->sasl_out_buffer.length == 0 && !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { - return write_from_buf(sock, &conn->out_buffer); + return write_from_buf(conn, &conn->out_buffer); } mem_ctx = talloc_new(conn); @@ -270,7 +287,7 @@ nodata: tmp_blob.data = conn->sasl_out_buffer.data; tmp_blob.length = conn->sasl_out_buffer.length; - status = socket_send(sock, &tmp_blob, &sendlen, 0); + status = tls_socket_send(conn->tls, &tmp_blob, &sendlen); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("socket_send() %s\n",nt_errstr(status))); talloc_free(mem_ctx); @@ -334,14 +351,10 @@ static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags) { struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); uint8_t *buf; - size_t buf_length, msg_length; - DATA_BLOB blob; - struct asn1_data data; + size_t buf_length; struct ldapsrv_call *call; NTSTATUS status; - DEBUG(10,("ldapsrv_recv\n")); - if (!ldapsrv_read_buf(ldap_conn)) { ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed"); return; @@ -350,59 +363,45 @@ static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags) peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); while (buf_length > 0) { - /* LDAP Messages are always SEQUENCES */ - - if (!asn1_object_length(buf, buf_length, ASN1_SEQUENCE(0), - &msg_length)) { - ldapsrv_terminate_connection(ldap_conn, "asn1_object_length() failed"); - return; - } - - if (buf_length < msg_length) { - /* Not enough yet */ - break; - } - - /* We've got a complete LDAP request in the in-buffer, convert - * that to a ldap_message and put it into the incoming - * queue. */ + DATA_BLOB blob; + struct asn1_data data; + struct ldap_message *msg = talloc(conn, struct ldap_message); blob.data = buf; - blob.length = msg_length; + blob.length = buf_length; if (!asn1_load(&data, blob)) { ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed"); return; } - call = talloc_zero(ldap_conn, struct ldapsrv_call); - if (!call) { - ldapsrv_terminate_connection(ldap_conn, "no memory"); - return; + if (!ldap_decode(&data, msg)) { + if (data.ofs == data.length) { + /* we don't have a complete msg yet */ + talloc_free(msg); + asn1_free(&data); + return; + } + asn1_free(&data); + talloc_free(msg); + ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); + return; } - call->request = talloc_zero(call, struct ldap_message); - if (call->request == NULL) { + ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, data.ofs); + asn1_free(&data); + + call = talloc_zero(ldap_conn, struct ldapsrv_call); + if (!call) { ldapsrv_terminate_connection(ldap_conn, "no memory"); return; } + call->request = talloc_steal(call, msg); call->state = LDAPSRV_CALL_STATE_NEW; call->conn = ldap_conn; - if (!ldap_decode(&data, call->request)) { - dump_data(0,buf, msg_length); - asn1_free(&data); - ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); - return; - } - - asn1_free(&data); - - DLIST_ADD_END(ldap_conn->calls, call, - struct ldapsrv_call *); - - ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, msg_length); + DLIST_ADD_END(ldap_conn->calls, call, struct ldapsrv_call *); status = ldapsrv_do_call(call); if (!NT_STATUS_IS_OK(status)) { @@ -453,18 +452,27 @@ static void ldapsrv_send(struct stream_connection *conn, uint16_t flags) */ static void ldapsrv_accept(struct stream_connection *conn) { + struct ldapsrv_service *ldapsrv_service = + talloc_get_type(conn->private, struct ldapsrv_service); struct ldapsrv_connection *ldap_conn; - DEBUG(10, ("ldapsrv_accept\n")); - ldap_conn = talloc_zero(conn, struct ldapsrv_connection); - - if (ldap_conn == NULL) - return; + if (ldap_conn == NULL) goto failed; ldap_conn->connection = conn; ldap_conn->service = talloc_get_type(conn->private, struct ldapsrv_service); conn->private = ldap_conn; + + /* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on + any ldap connection */ + ldap_conn->tls = tls_init_server(ldapsrv_service->tls_params, conn->socket, + conn->event.fde, "0"); + if (ldap_conn->tls == NULL) goto failed; + + return; + +failed: + talloc_free(conn); } static const struct stream_server_ops ldap_stream_ops = { @@ -485,31 +493,40 @@ static NTSTATUS add_socket(struct event_context *event_context, const struct mod status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); - NT_STATUS_NOT_OK_RETURN(status); - - port = 3268; + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", + address, port, nt_errstr(status))); + } - return stream_setup_socket(event_context, model_ops, &ldap_stream_ops, - "ipv4", address, &port, ldap_service); + /* add ldaps server */ + port = 636; + status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + "ipv4", address, &port, ldap_service); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", + address, port, nt_errstr(status))); + } + return status; } /* open the ldap server sockets */ -static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct model_ops *model_ops) +static void ldapsrv_task_init(struct task_server *task) { struct ldapsrv_service *ldap_service; struct ldapsrv_partition *rootDSE_part; struct ldapsrv_partition *part; NTSTATUS status; - DEBUG(10,("ldapsrv_init\n")); + ldap_service = talloc_zero(task, struct ldapsrv_service); + if (ldap_service == NULL) goto failed; - ldap_service = talloc_zero(event_context, struct ldapsrv_service); - NT_STATUS_HAVE_NO_MEMORY(ldap_service); + ldap_service->tls_params = tls_initialise(ldap_service); + if (ldap_service->tls_params == NULL) goto failed; rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); - NT_STATUS_HAVE_NO_MEMORY(rootDSE_part); + if (rootDSE_part == NULL) goto failed; rootDSE_part->base_dn = ""; /* RootDSE */ rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); @@ -518,7 +535,7 @@ static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct m DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); part = talloc(ldap_service, struct ldapsrv_partition); - NT_STATUS_HAVE_NO_MEMORY(part); + if (part == NULL) goto failed; part->base_dn = "*"; /* default partition */ if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { @@ -540,15 +557,28 @@ static NTSTATUS ldapsrv_init(struct event_context *event_context, const struct m */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(i); - status = add_socket(event_context, model_ops, address, ldap_service); - NT_STATUS_NOT_OK_RETURN(status); + status = add_socket(task->event_ctx, task->model_ops, address, ldap_service); + if (!NT_STATUS_IS_OK(status)) goto failed; } } else { - status = add_socket(event_context, model_ops, lp_socket_address(), ldap_service); - NT_STATUS_NOT_OK_RETURN(status); + status = add_socket(task->event_ctx, task->model_ops, lp_socket_address(), ldap_service); + if (!NT_STATUS_IS_OK(status)) goto failed; } - return NT_STATUS_OK; + return; + +failed: + task_terminate(task, "Failed to startup ldap server task"); +} + +/* + called on startup of the web server service It's job is to start + listening on all configured sockets +*/ +static NTSTATUS ldapsrv_init(struct event_context *event_context, + const struct model_ops *model_ops) +{ + return task_server_startup(event_context, model_ops, ldapsrv_task_init); } -- cgit From c7496c6cdb7bdcdd483868c21457350f567ec054 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 09:31:34 +0000 Subject: r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a) --- source4/ldap_server/ldap_server.c | 586 +++++++++++++++----------------------- 1 file changed, 234 insertions(+), 352 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 01a48b78b2..bf64735b0b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -36,443 +36,321 @@ /* close the socket and shutdown a server_context */ -static void ldapsrv_terminate_connection(struct ldapsrv_connection *ldap_conn, const char *reason) +static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, + const char *reason) { - talloc_free(ldap_conn->tls); - ldap_conn->tls = NULL; - stream_terminate_connection(ldap_conn->connection, reason); + talloc_free(conn->tls); + conn->tls = NULL; + stream_terminate_connection(conn->connection, reason); } -/* This rw-buf api is made to avoid memcpy. For now do that like mad... The - idea is to write into a circular list of buffers where the ideal case is - that a read(2) holds a complete request that is then thrown away - completely. */ - -void ldapsrv_consumed_from_buf(struct rw_buffer *buf, - size_t length) -{ - memmove(buf->data, buf->data+length, buf->length-length); - buf->length -= length; -} - -static void peek_into_read_buf(struct rw_buffer *buf, uint8_t **out, - size_t *out_length) -{ - *out = buf->data; - *out_length = buf->length; -} - -BOOL ldapsrv_append_to_buf(struct rw_buffer *buf, uint8_t *data, size_t length) -{ - buf->data = realloc(buf->data, buf->length+length); - - if (buf->data == NULL) - return False; - - memcpy(buf->data+buf->length, data, length); - - buf->length += length; - - return True; -} - -static BOOL read_into_buf(struct ldapsrv_connection *conn, struct rw_buffer *buf) +/* + process a decoded ldap message +*/ +static void ldapsrv_process_message(struct ldapsrv_connection *conn, + struct ldap_message *msg) { + struct ldapsrv_call *call; NTSTATUS status; - DATA_BLOB tmp_blob; - BOOL ret; - size_t nread; + DATA_BLOB blob; + struct ldapsrv_send *q; + BOOL enable_wrap = conn->enable_wrap; - tmp_blob = data_blob_talloc(conn, NULL, 1024); - if (tmp_blob.data == NULL) { - return False; + call = talloc(conn, struct ldapsrv_call); + if (!call) { + ldapsrv_terminate_connection(conn, "no memory"); + return; } + + call->request = talloc_steal(call, msg); + call->conn = conn; + call->replies = NULL; - status = tls_socket_recv(conn->tls, tmp_blob.data, tmp_blob.length, &nread); - if (NT_STATUS_IS_OK(status) && nread == 0) { - return False; - } - if (NT_STATUS_IS_ERR(status)) { - DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); - talloc_free(tmp_blob.data); - return False; - } + /* make the call */ + status = ldapsrv_do_call(call); if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_blob.data); - return True; - } - - tmp_blob.length = nread; - - ret = ldapsrv_append_to_buf(buf, tmp_blob.data, tmp_blob.length); - - talloc_free(tmp_blob.data); - - return ret; -} - -static BOOL ldapsrv_read_buf(struct ldapsrv_connection *conn) -{ - NTSTATUS status; - DATA_BLOB tmp_blob; - DATA_BLOB wrapped; - DATA_BLOB unwrapped; - BOOL ret; - uint8_t *buf; - size_t buf_length, sasl_length; - TALLOC_CTX *mem_ctx; - size_t nread; - - if (!conn->gensec || !conn->session_info || - !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || - gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { - return read_into_buf(conn, &conn->in_buffer); - } - - mem_ctx = talloc_new(conn); - if (!mem_ctx) { - DEBUG(0,("no memory\n")); - return False; + goto failed; } + + blob = data_blob(NULL, 0); - tmp_blob = data_blob_talloc(mem_ctx, NULL, 1024); - if (tmp_blob.data == NULL) { - talloc_free(mem_ctx); - return False; + if (call->replies == NULL) { + talloc_free(call); + return; } - status = tls_socket_recv(conn->tls, tmp_blob.data, tmp_blob.length, &nread); - if (NT_STATUS_IS_OK(status) && nread == 0) { - talloc_free(conn->tls); - return False; - } - if (NT_STATUS_IS_ERR(status)) { - DEBUG(10,("socket_recv: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } - if (!NT_STATUS_IS_OK(status)) { - talloc_free(mem_ctx); - return True; - } - tmp_blob.length = nread; + /* build all the replies into a single blob */ + while (call->replies) { + DATA_BLOB b; - ret = ldapsrv_append_to_buf(&conn->sasl_in_buffer, tmp_blob.data, tmp_blob.length); - if (!ret) { - talloc_free(mem_ctx); - return False; - } + msg = call->replies->msg; + if (!ldap_encode(msg, &b)) { + DEBUG(0,("Failed to encode ldap reply of type %d\n", msg->type)); + goto failed; + } - peek_into_read_buf(&conn->sasl_in_buffer, &buf, &buf_length); + status = data_blob_append(call, &blob, b.data, b.length); + if (!NT_STATUS_IS_OK(status)) goto failed; - if (buf_length < 4) { - /* not enough yet */ - talloc_free(mem_ctx); - return True; + DLIST_REMOVE(call->replies, call->replies); } - sasl_length = RIVAL(buf, 0); + /* possibly encrypt/sign the reply */ + if (enable_wrap) { + DATA_BLOB wrapped; - if ((buf_length - 4) < sasl_length) { - /* not enough yet */ - talloc_free(mem_ctx); - return True; + status = gensec_wrap(conn->gensec, call, &blob, &wrapped); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + data_blob_free(&blob); + blob = data_blob_talloc(call, NULL, wrapped.length + 4); + if (q->data.data == NULL) { + goto failed; + } + RSIVAL(blob.data, 0, wrapped.length); + memcpy(blob.data+4, wrapped.data, wrapped.length); + data_blob_free(&wrapped); } - wrapped.data = buf + 4; - wrapped.length = sasl_length; + q = talloc(conn, struct ldapsrv_send); + if (q == NULL) goto failed; - status = gensec_unwrap(conn->gensec, mem_ctx, - &wrapped, - &unwrapped); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_unwrap: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } - - ret = ldapsrv_append_to_buf(&conn->in_buffer, unwrapped.data, unwrapped.length); - if (!ret) { - talloc_free(mem_ctx); - return False; + q->data = blob; + talloc_steal(q, blob.data); + + if (conn->send_queue == NULL) { + EVENT_FD_WRITEABLE(conn->connection->event.fde); } + DLIST_ADD_END(conn->send_queue, q, struct ldapsrv_send *); + talloc_free(call); + return; - ldapsrv_consumed_from_buf(&conn->sasl_in_buffer, 4 + sasl_length); - - talloc_free(mem_ctx); - return ret; +failed: + talloc_free(call); } -static BOOL write_from_buf(struct ldapsrv_connection *conn, struct rw_buffer *buf) -{ - NTSTATUS status; - DATA_BLOB tmp_blob; - size_t sendlen; - - tmp_blob.data = buf->data; - tmp_blob.length = buf->length; - status = tls_socket_send(conn->tls, &tmp_blob, &sendlen); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("socket_send() %s\n",nt_errstr(status))); - return False; - } - - ldapsrv_consumed_from_buf(buf, sendlen); - - return True; -} - -static BOOL ldapsrv_write_buf(struct ldapsrv_connection *conn) +/* + try and decode the partial input buffer +*/ +static void ldapsrv_try_decode_plain(struct ldapsrv_connection *conn) { - NTSTATUS status; - DATA_BLOB wrapped; - DATA_BLOB tmp_blob; - DATA_BLOB sasl; - size_t sendlen; - BOOL ret; - TALLOC_CTX *mem_ctx; - - - if (!conn->gensec) { - return write_from_buf(conn, &conn->out_buffer); - } - if (!conn->session_info) { - return write_from_buf(conn, &conn->out_buffer); - } - if (conn->sasl_out_buffer.length == 0 && - !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || - gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) { - return write_from_buf(conn, &conn->out_buffer); - } - - mem_ctx = talloc_new(conn); - if (!mem_ctx) { - DEBUG(0,("no memory\n")); - return False; - } - - if (conn->out_buffer.length == 0) { - goto nodata; - } + struct asn1_data asn1; - tmp_blob.data = conn->out_buffer.data; - tmp_blob.length = conn->out_buffer.length; - status = gensec_wrap(conn->gensec, mem_ctx, - &tmp_blob, - &wrapped); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("gensec_wrap: %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; - } + file_save("asn1.dat", conn->partial.data, conn->partial.length); - sasl = data_blob_talloc(mem_ctx, NULL, 4 + wrapped.length); - if (!sasl.data) { - DEBUG(0,("no memory\n")); - talloc_free(mem_ctx); - return False; + if (!asn1_load(&asn1, conn->partial)) { + ldapsrv_terminate_connection(conn, "out of memory"); + return; } - RSIVAL(sasl.data, 0, wrapped.length); - memcpy(sasl.data + 4, wrapped.data, wrapped.length); + /* try and decode - this will fail if we don't have a full packet yet */ + while (asn1.ofs < asn1.length) { + struct ldap_message *msg = talloc(conn, struct ldap_message); + off_t saved_ofs = asn1.ofs; + + if (msg == NULL) { + ldapsrv_terminate_connection(conn, "out of memory"); + return; + } - ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, sasl.data, sasl.length); - if (!ret) { - talloc_free(mem_ctx); - return False; + if (ldap_decode(&asn1, msg)) { + ldapsrv_process_message(conn, msg); + } else { + if (asn1.ofs < asn1.length) { + ldapsrv_terminate_connection(conn, "ldap_decode failed"); + return; + } + asn1.ofs = saved_ofs; + talloc_free(msg); + break; + } } - ldapsrv_consumed_from_buf(&conn->out_buffer, conn->out_buffer.length); -nodata: - tmp_blob.data = conn->sasl_out_buffer.data; - tmp_blob.length = conn->sasl_out_buffer.length; - status = tls_socket_send(conn->tls, &tmp_blob, &sendlen); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("socket_send() %s\n",nt_errstr(status))); - talloc_free(mem_ctx); - return False; + /* keep any remaining data in conn->partial */ + data_blob_free(&conn->partial); + if (asn1.ofs != asn1.length) { + conn->partial = data_blob_talloc(conn, + asn1.data + asn1.ofs, + asn1.length - asn1.ofs); } + asn1_free(&asn1); +} - ldapsrv_consumed_from_buf(&conn->sasl_out_buffer, sendlen); - talloc_free(mem_ctx); +/* + try and decode/process wrapped data +*/ +static void ldapsrv_try_decode_wrapped(struct ldapsrv_connection *conn) +{ + uint32_t len; - return True; -} + /* keep decoding while we have a full wrapped packet */ + while (conn->partial.length >= 4 && + (len=RIVAL(conn->partial.data, 0)) <= conn->partial.length-4) { + DATA_BLOB wrapped, unwrapped; + struct asn1_data asn1; + struct ldap_message *msg = talloc(conn, struct ldap_message); + NTSTATUS status; -static BOOL ldap_encode_to_buf(struct ldap_message *msg, struct rw_buffer *buf) -{ - DATA_BLOB blob; - BOOL res; + if (msg == NULL) { + ldapsrv_terminate_connection(conn, "out of memory"); + return; + } - if (!ldap_encode(msg, &blob)) - return False; + wrapped.data = conn->partial.data+4; + wrapped.length = len; - res = ldapsrv_append_to_buf(buf, blob.data, blob.length); + status = gensec_unwrap(conn->gensec, msg, &wrapped, &unwrapped); + if (!NT_STATUS_IS_OK(status)) { + ldapsrv_terminate_connection(conn, "gensec unwrap failed"); + return; + } - data_blob_free(&blob); - return res; -} + if (!asn1_load(&asn1, unwrapped)) { + ldapsrv_terminate_connection(conn, "out of memory"); + return; + } -NTSTATUS ldapsrv_do_responses(struct ldapsrv_connection *conn) -{ - struct ldapsrv_call *call, *next_call = NULL; - struct ldapsrv_reply *reply, *next_reply = NULL; + while (ldap_decode(&asn1, msg)) { + ldapsrv_process_message(conn, msg); + msg = talloc(conn, struct ldap_message); + } - for (call=conn->calls; call; call=next_call) { - for (reply=call->replies; reply; reply=next_reply) { - if (!ldap_encode_to_buf(reply->msg, &conn->out_buffer)) { - return NT_STATUS_FOOBAR; - } - next_reply = reply->next; - DLIST_REMOVE(call->replies, reply); - reply->state = LDAPSRV_REPLY_STATE_SEND; - talloc_free(reply); + if (asn1.ofs < asn1.length) { + ldapsrv_terminate_connection(conn, "ldap_decode failed"); + return; + } + + talloc_free(msg); + asn1_free(&asn1); + + if (conn->partial.length == len + 4) { + data_blob_free(&conn->partial); + } else { + memmove(conn->partial.data, conn->partial.data+len+4, + conn->partial.length - (len+4)); + conn->partial.length -= len + 4; } - next_call = call->next; - DLIST_REMOVE(conn->calls, call); - call->state = LDAPSRV_CALL_STATE_COMPLETE; - talloc_free(call); } - - return NT_STATUS_OK; } -NTSTATUS ldapsrv_flush_responses(struct ldapsrv_connection *conn) -{ - return NT_STATUS_OK; -} /* called when a LDAP socket becomes readable */ -static void ldapsrv_recv(struct stream_connection *conn, uint16_t flags) +static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); - uint8_t *buf; - size_t buf_length; - struct ldapsrv_call *call; + struct ldapsrv_connection *conn = + talloc_get_type(c->private, struct ldapsrv_connection); NTSTATUS status; + size_t npending, nread; - if (!ldapsrv_read_buf(ldap_conn)) { - ldapsrv_terminate_connection(ldap_conn, "ldapsrv_read_buf() failed"); + /* work out how much data is pending */ + status = tls_socket_pending(conn->tls, &npending); + if (!NT_STATUS_IS_OK(status)) { + ldapsrv_terminate_connection(conn, "socket_pening() failed"); + return; + } + if (npending == 0) { return; } - peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); - - while (buf_length > 0) { - DATA_BLOB blob; - struct asn1_data data; - struct ldap_message *msg = talloc(conn, struct ldap_message); - - blob.data = buf; - blob.length = buf_length; - - if (!asn1_load(&data, blob)) { - ldapsrv_terminate_connection(ldap_conn, "asn1_load() failed"); - return; - } - - if (!ldap_decode(&data, msg)) { - if (data.ofs == data.length) { - /* we don't have a complete msg yet */ - talloc_free(msg); - asn1_free(&data); - return; - } - asn1_free(&data); - talloc_free(msg); - ldapsrv_terminate_connection(ldap_conn, "ldap_decode() failed"); - return; - } - - ldapsrv_consumed_from_buf(&ldap_conn->in_buffer, data.ofs); - asn1_free(&data); - - call = talloc_zero(ldap_conn, struct ldapsrv_call); - if (!call) { - ldapsrv_terminate_connection(ldap_conn, "no memory"); - return; - } - - call->request = talloc_steal(call, msg); - call->state = LDAPSRV_CALL_STATE_NEW; - call->conn = ldap_conn; - - DLIST_ADD_END(ldap_conn->calls, call, struct ldapsrv_call *); - - status = ldapsrv_do_call(call); - if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_call() failed"); - return; - } - peek_into_read_buf(&ldap_conn->in_buffer, &buf, &buf_length); + conn->partial.data = talloc_realloc_size(conn, conn->partial.data, + conn->partial.length + npending); + if (conn->partial.data == NULL) { + ldapsrv_terminate_connection(conn, "out of memory"); + return; } - status = ldapsrv_do_responses(ldap_conn); + /* receive the data */ + status = tls_socket_recv(conn->tls, conn->partial.data + conn->partial.length, + npending, &nread); + if (NT_STATUS_IS_ERR(status)) { + ldapsrv_terminate_connection(conn, "socket_recv() failed"); + return; + } if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(ldap_conn, "ldapsrv_do_responses() failed"); return; } - - if ((ldap_conn->out_buffer.length > 0)||(ldap_conn->sasl_out_buffer.length > 0)) { - EVENT_FD_WRITEABLE(conn->event.fde); + if (nread == 0) { + ldapsrv_terminate_connection(conn, "EOF from client"); + return; } + conn->partial.length += nread; - return; + /* see if we can decode what we have */ + if (conn->enable_wrap) { + ldapsrv_try_decode_wrapped(conn); + } else { + ldapsrv_try_decode_plain(conn); + } } /* called when a LDAP socket becomes writable */ -static void ldapsrv_send(struct stream_connection *conn, uint16_t flags) +static void ldapsrv_send(struct stream_connection *c, uint16_t flags) { - struct ldapsrv_connection *ldap_conn = talloc_get_type(conn->private, struct ldapsrv_connection); - - DEBUG(10,("ldapsrv_send\n")); + struct ldapsrv_connection *conn = + talloc_get_type(c->private, struct ldapsrv_connection); + while (conn->send_queue) { + struct ldapsrv_send *q = conn->send_queue; + size_t nsent; + NTSTATUS status; + + status = tls_socket_send(conn->tls, &q->data, &nsent); + if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { + break; + } + if (!NT_STATUS_IS_OK(status)) { + ldapsrv_terminate_connection(conn, "socket_send error"); + return; + } - if (!ldapsrv_write_buf(ldap_conn)) { - ldapsrv_terminate_connection(ldap_conn, "ldapsrv_write_buf() failed"); - return; + q->data.data += nsent; + q->data.length -= nsent; + if (q->data.length == 0) { + DLIST_REMOVE(conn->send_queue, q); + } } - - if (ldap_conn->out_buffer.length == 0 && ldap_conn->sasl_out_buffer.length == 0) { - EVENT_FD_NOT_WRITEABLE(conn->event.fde); + if (conn->send_queue == NULL) { + EVENT_FD_NOT_WRITEABLE(c->event.fde); } - - return; } /* initialise a server_context from a open socket and register a event handler for reading from that socket */ -static void ldapsrv_accept(struct stream_connection *conn) +static void ldapsrv_accept(struct stream_connection *c) { struct ldapsrv_service *ldapsrv_service = - talloc_get_type(conn->private, struct ldapsrv_service); - struct ldapsrv_connection *ldap_conn; + talloc_get_type(c->private, struct ldapsrv_service); + struct ldapsrv_connection *conn; - ldap_conn = talloc_zero(conn, struct ldapsrv_connection); - if (ldap_conn == NULL) goto failed; + conn = talloc_zero(c, struct ldapsrv_connection); + if (conn == NULL) goto failed; - ldap_conn->connection = conn; - ldap_conn->service = talloc_get_type(conn->private, struct ldapsrv_service); - conn->private = ldap_conn; + conn->enable_wrap = False; + conn->partial = data_blob(NULL, 0); + conn->send_queue = NULL; + conn->connection = c; + conn->service = talloc_get_type(c->private, struct ldapsrv_service); + c->private = conn; /* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on any ldap connection */ - ldap_conn->tls = tls_init_server(ldapsrv_service->tls_params, conn->socket, - conn->event.fde, "0"); - if (ldap_conn->tls == NULL) goto failed; + conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, + c->event.fde, "0"); + if (conn->tls == NULL) goto failed; return; failed: - talloc_free(conn); + talloc_free(c); } static const struct stream_server_ops ldap_stream_ops = { @@ -485,7 +363,8 @@ static const struct stream_server_ops ldap_stream_ops = { /* add a socket address to the list of events, one event per port */ -static NTSTATUS add_socket(struct event_context *event_context, const struct model_ops *model_ops, +static NTSTATUS add_socket(struct event_context *event_context, + const struct model_ops *model_ops, const char *address, struct ldapsrv_service *ldap_service) { uint16_t port = 389; @@ -498,14 +377,17 @@ static NTSTATUS add_socket(struct event_context *event_context, const struct mod address, port, nt_errstr(status))); } - /* add ldaps server */ - port = 636; - status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, - "ipv4", address, &port, ldap_service); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", - address, port, nt_errstr(status))); + if (tls_support(ldap_service->tls_params)) { + /* add ldaps server */ + port = 636; + status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + "ipv4", address, &port, ldap_service); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", + address, port, nt_errstr(status))); + } } + return status; } -- cgit From 7267cb3312f148be8cd00eb76b8e137cd4b2a314 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 10:37:45 +0000 Subject: r7749: some bug fixes from testing with socket:testnonblock - fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index bf64735b0b..5ac50bd514 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -254,10 +254,10 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) return; } if (npending == 0) { + ldapsrv_terminate_connection(conn, "EOF from client"); return; } - conn->partial.data = talloc_realloc_size(conn, conn->partial.data, conn->partial.length + npending); if (conn->partial.data == NULL) { -- cgit From 7a17da2186c628f0d8e8a43ca34320b0f10d9d8f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 11:10:15 +0000 Subject: r7751: only enable tls on the ldaps port in ldap server, and reject non-tls connections on that port (This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064) --- source4/ldap_server/ldap_server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5ac50bd514..88df0ed876 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + int port; conn = talloc_zero(c, struct ldapsrv_connection); if (conn == NULL) goto failed; @@ -341,10 +342,12 @@ static void ldapsrv_accept(struct stream_connection *c) conn->service = talloc_get_type(c->private, struct ldapsrv_service); c->private = conn; + port = socket_get_my_port(c->socket); + /* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on any ldap connection */ conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, - c->event.fde, "0"); + c->event.fde, NULL, port != 389); if (conn->tls == NULL) goto failed; return; -- cgit From b3e862b2d586712635f7409100ebb7885d6836d1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 12:06:27 +0000 Subject: r7753: removed debugging code :-) (This used to be commit 51ea22db2df3a002de3779302cd455bfb2e3fec2) --- source4/ldap_server/ldap_server.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 88df0ed876..c006a9e4da 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -138,8 +138,6 @@ static void ldapsrv_try_decode_plain(struct ldapsrv_connection *conn) { struct asn1_data asn1; - file_save("asn1.dat", conn->partial.data, conn->partial.length); - if (!asn1_load(&asn1, conn->partial)) { ldapsrv_terminate_connection(conn, "out of memory"); return; -- cgit From a7bbc024edea5dde86aaf77bc0ace39573a9d19a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Jun 2005 06:08:40 +0000 Subject: r7801: the ldap server needs this logic too (This used to be commit 1dbb5bf2c1c6e11b3467b6eb1a2206c6299bc25b) --- source4/ldap_server/ldap_server.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c006a9e4da..8d2a404ec4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -245,6 +245,11 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) NTSTATUS status; size_t npending, nread; + if (conn->processing) { + EVENT_FD_NOT_READABLE(c->event.fde); + return; + } + /* work out how much data is pending */ status = tls_socket_pending(conn->tls, &npending); if (!NT_STATUS_IS_OK(status)) { @@ -279,12 +284,16 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) } conn->partial.length += nread; + conn->processing = True; /* see if we can decode what we have */ if (conn->enable_wrap) { ldapsrv_try_decode_wrapped(conn); } else { ldapsrv_try_decode_plain(conn); } + conn->processing = False; + + EVENT_FD_READABLE(c->event.fde); } /* @@ -338,6 +347,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->send_queue = NULL; conn->connection = c; conn->service = talloc_get_type(c->private, struct ldapsrv_service); + conn->processing = False; c->private = conn; port = socket_get_my_port(c->socket); -- cgit From b3e493470f3465cfe5cfa958b019ac8cfb8f12f2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 25 Jun 2005 23:53:14 +0000 Subject: r7911: task_terminate() is defined in the macosx headers, so change the name to task_server_terminate() (This used to be commit a7447e25ac203f0ee09ffdf72df1094eb70e7c0c) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 8d2a404ec4..e635dae1ab 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -461,7 +461,7 @@ static void ldapsrv_task_init(struct task_server *task) return; failed: - task_terminate(task, "Failed to startup ldap server task"); + task_server_terminate(task, "Failed to startup ldap server task"); } /* -- cgit From 3214f2e2129eaa693658185c4ebebf1760a039ac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 26 Jun 2005 03:29:26 +0000 Subject: r7918: fixed a crash bug in the ldap server (This used to be commit 44ded17bc2501cd8d03fb3a94a3b7c502f5a2128) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index e635dae1ab..9c0e883e36 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -105,7 +105,7 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, } data_blob_free(&blob); blob = data_blob_talloc(call, NULL, wrapped.length + 4); - if (q->data.data == NULL) { + if (blob.data == NULL) { goto failed; } RSIVAL(blob.data, 0, wrapped.length); -- cgit From c6881d1e650fd284a366af76f5a214a5de05cc0c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Jul 2005 01:08:10 +0000 Subject: r8272: added the hooks for adding a name to a messaging context, so we will be able to send a message to the "ldap_server" task without having to know its task ID. (This used to be commit 8f69867867857e0c9a9246c2dec9612ccc234724) --- source4/ldap_server/ldap_server.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9c0e883e36..c898471e27 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -32,6 +32,7 @@ #include "smbd/service_stream.h" #include "lib/socket/socket.h" #include "lib/tls/tls.h" +#include "lib/messaging/irpc.h" /* close the socket and shutdown a server_context @@ -358,6 +359,8 @@ static void ldapsrv_accept(struct stream_connection *c) c->event.fde, NULL, port != 389); if (conn->tls == NULL) goto failed; + irpc_add_name(c->msg_ctx, "ldap_server"); + return; failed: -- cgit From a8ec371a61d5786f40ebb29f3e79b3ec45c3ffbe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Sep 2005 11:26:05 +0000 Subject: r10078: - add a 'struct data_blob_list_item' - use this for the send_queue's of the different stream_servers to not redefine the same struct so often, and it maybe will be used in other places too metze (This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9) --- source4/ldap_server/ldap_server.c | 41 +++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c898471e27..4320a0ad5e 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,8 +40,10 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - talloc_free(conn->tls); - conn->tls = NULL; + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } stream_terminate_connection(conn->connection, reason); } @@ -54,7 +56,7 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, struct ldapsrv_call *call; NTSTATUS status; DATA_BLOB blob; - struct ldapsrv_send *q; + struct data_blob_list_item *q; BOOL enable_wrap = conn->enable_wrap; call = talloc(conn, struct ldapsrv_call); @@ -114,16 +116,16 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, data_blob_free(&wrapped); } - q = talloc(conn, struct ldapsrv_send); + q = talloc(conn, struct data_blob_list_item); if (q == NULL) goto failed; - q->data = blob; + q->blob = blob; talloc_steal(q, blob.data); if (conn->send_queue == NULL) { EVENT_FD_WRITEABLE(conn->connection->event.fde); } - DLIST_ADD_END(conn->send_queue, q, struct ldapsrv_send *); + DLIST_ADD_END(conn->send_queue, q, struct data_blob_list_item *); talloc_free(call); return; @@ -305,11 +307,11 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); while (conn->send_queue) { - struct ldapsrv_send *q = conn->send_queue; + struct data_blob_list_item *q = conn->send_queue; size_t nsent; NTSTATUS status; - status = tls_socket_send(conn->tls, &q->data, &nsent); + status = tls_socket_send(conn->tls, &q->blob, &nsent); if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { break; } @@ -318,9 +320,9 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) return; } - q->data.data += nsent; - q->data.length -= nsent; - if (q->data.length == 0) { + q->blob.data += nsent; + q->blob.length -= nsent; + if (q->blob.length == 0) { DLIST_REMOVE(conn->send_queue, q); } } @@ -341,13 +343,16 @@ static void ldapsrv_accept(struct stream_connection *c) int port; conn = talloc_zero(c, struct ldapsrv_connection); - if (conn == NULL) goto failed; + if (!conn) { + stream_terminate_connection(c, "ldapsrv_accept: out of memory"); + return; + } conn->enable_wrap = False; conn->partial = data_blob(NULL, 0); conn->send_queue = NULL; conn->connection = c; - conn->service = talloc_get_type(c->private, struct ldapsrv_service); + conn->service = ldapsrv_service; conn->processing = False; c->private = conn; @@ -357,14 +362,12 @@ static void ldapsrv_accept(struct stream_connection *c) any ldap connection */ conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, c->event.fde, NULL, port != 389); - if (conn->tls == NULL) goto failed; + if (!conn->tls) { + ldapsrv_terminate_connection(c, "ldapsrv_accept: tls_init_server() failed"); + return; + } irpc_add_name(c->msg_ctx, "ldap_server"); - - return; - -failed: - talloc_free(c); } static const struct stream_server_ops ldap_stream_ops = { -- cgit From a129ad36eb34bbeda80c75b2f8d771bdaca8451e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 13 Sep 2005 22:05:45 +0000 Subject: r10213: fixed a memory leak in the ldap client and server code spotted by Karl Melcher. ldap_encode() now takes a memory context to use for the data blob (This used to be commit 09948a59336a7f02bf2b4605f2d4d886e65b85f2) --- source4/ldap_server/ldap_server.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 4320a0ad5e..92adc8a890 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -87,12 +87,14 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, DATA_BLOB b; msg = call->replies->msg; - if (!ldap_encode(msg, &b)) { + if (!ldap_encode(msg, &b, call)) { DEBUG(0,("Failed to encode ldap reply of type %d\n", msg->type)); goto failed; } status = data_blob_append(call, &blob, b.data, b.length); + data_blob_free(&b); + if (!NT_STATUS_IS_OK(status)) goto failed; DLIST_REMOVE(call->replies, call->replies); -- cgit From 84951a4cee52b66bf8b2f2a510274bfc8f77431c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Sep 2005 09:55:16 +0000 Subject: r10237: fix parameter, how have I missed this...? metze (This used to be commit d02e1aa049f29590fbb5e08a32ee54177baa71a7) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 92adc8a890..5cc0748c29 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -365,7 +365,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, c->event.fde, NULL, port != 389); if (!conn->tls) { - ldapsrv_terminate_connection(c, "ldapsrv_accept: tls_init_server() failed"); + ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); return; } -- cgit From 5c40f9cd9b59041b3382ec24a1091a60134dd8c5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 20 Sep 2005 15:43:58 +0000 Subject: r10353: Fix typo (This used to be commit b871ecbc2cf5ef2222e498f7819a06aa9082e155) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5cc0748c29..71a7172e5c 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -258,7 +258,7 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) /* work out how much data is pending */ status = tls_socket_pending(conn->tls, &npending); if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(conn, "socket_pening() failed"); + ldapsrv_terminate_connection(conn, "socket_pending() failed"); return; } if (npending == 0) { -- cgit From a04f65b1c703e7622ebc1a85170f9980c2b33227 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 4 Oct 2005 10:18:07 +0000 Subject: r10709: fixed a crash bug rather similar to the one volker found in the dcerpc code, where a stream_terminate_connection() while processing a request can cause a later defererence of the connection structure to die. (This used to be commit efbcb0f74176058a74d7134dae4658b891fc6f16) --- source4/ldap_server/ldap_server.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 71a7172e5c..83ce059756 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,11 +40,12 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, reason); + /* we don't actually do the stream termination here as the + recv/send functions dereference the connection after the + packet processing callbacks. Instead we mark it for + termination and do the real termination in the send/recv + functions */ + conn->terminate = reason; } /* @@ -299,6 +300,14 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) conn->processing = False; EVENT_FD_READABLE(c->event.fde); + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* @@ -331,6 +340,14 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) if (conn->send_queue == NULL) { EVENT_FD_NOT_WRITEABLE(c->event.fde); } + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* -- cgit From 1377cca5f4beb43cf67fcc65eed79f14178d6349 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Oct 2005 11:31:45 +0000 Subject: r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71) --- source4/ldap_server/ldap_server.c | 62 ++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 24 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 83ce059756..dac7feecfb 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -356,6 +356,8 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) */ static void ldapsrv_accept(struct stream_connection *c) { + struct ldapsrv_partition *rootDSE_part; + struct ldapsrv_partition *part; struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; @@ -386,6 +388,42 @@ static void ldapsrv_accept(struct stream_connection *c) return; } + /* Connections start out anonymous */ + if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { + ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); + return; + } + + rootDSE_part = talloc(conn, struct ldapsrv_partition); + if (rootDSE_part == NULL) { + ldapsrv_terminate_connection(conn, "talloc failed"); + return; + } + + rootDSE_part->base_dn = ""; /* RootDSE */ + rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); + if (!NT_STATUS_IS_OK(rootDSE_part->ops->Init(rootDSE_part, conn))) { + ldapsrv_terminate_connection(conn, "rootDSE Init failed"); + } + + conn->rootDSE = rootDSE_part; + DLIST_ADD_END(conn->partitions, rootDSE_part, struct ldapsrv_partition *); + + part = talloc(conn, struct ldapsrv_partition); + if (part == NULL) { + ldapsrv_terminate_connection(conn, "talloc failed"); + return; + } + + part->base_dn = "*"; /* default partition */ + part->ops = ldapsrv_get_sldb_partition_ops(); + if (!NT_STATUS_IS_OK(part->ops->Init(part, conn))) { + ldapsrv_terminate_connection(conn, "default partition Init failed"); + } + + conn->default_partition = part; + DLIST_ADD_END(conn->partitions, part, struct ldapsrv_partition *); + irpc_add_name(c->msg_ctx, "ldap_server"); } @@ -433,8 +471,6 @@ static NTSTATUS add_socket(struct event_context *event_context, static void ldapsrv_task_init(struct task_server *task) { struct ldapsrv_service *ldap_service; - struct ldapsrv_partition *rootDSE_part; - struct ldapsrv_partition *part; NTSTATUS status; ldap_service = talloc_zero(task, struct ldapsrv_service); @@ -443,28 +479,6 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service->tls_params = tls_initialise(ldap_service); if (ldap_service->tls_params == NULL) goto failed; - rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); - if (rootDSE_part == NULL) goto failed; - - rootDSE_part->base_dn = ""; /* RootDSE */ - rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); - - ldap_service->rootDSE = rootDSE_part; - DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); - - part = talloc(ldap_service, struct ldapsrv_partition); - if (part == NULL) goto failed; - - part->base_dn = "*"; /* default partition */ - if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { - part->ops = ldapsrv_get_hldb_partition_ops(); - } else { - part->ops = ldapsrv_get_sldb_partition_ops(); - } - - ldap_service->default_partition = part; - DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); - if (lp_interfaces() && lp_bind_interfaces_only()) { int num_interfaces = iface_count(); int i; -- cgit From 374ced5ab0b03bc84f5144822e28a1dab31ece4f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Oct 2005 11:32:20 +0000 Subject: r11112: listen on the global catalog ldap server port as well if we are a PDC. I suspect we should behave slightly differently on the two ports, but this is a lot closer than not listening at all. When creating a user with mmc the global catalog port is used to check for an existing user (This used to be commit f8430c3f41313d0a71cea23e1a2ef98f088aff44) --- source4/ldap_server/ldap_server.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index dac7feecfb..d9631573c7 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -462,6 +462,17 @@ static NTSTATUS add_socket(struct event_context *event_context, } } + /* if we are a PDC, then also enable the global catalog server port, 3268 */ + if (lp_server_role() == ROLE_DOMAIN_PDC) { + port = 3268; + status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + "ipv4", address, &port, ldap_service); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", + address, port, nt_errstr(status))); + } + } + return status; } -- cgit From f8ebd5a53ce115b9d9dc6e87e0dbe4cdd6f9b79d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 1 Nov 2005 23:44:01 +0000 Subject: r11447: fixed a problem with the ldap server spinning using CPU time (This used to be commit c913f466cd27030f8c696ab60b1a4a2eb2ac260c) --- source4/ldap_server/ldap_server.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d9631573c7..3b8d9e9289 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -260,18 +260,18 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) status = tls_socket_pending(conn->tls, &npending); if (!NT_STATUS_IS_OK(status)) { ldapsrv_terminate_connection(conn, "socket_pending() failed"); - return; + goto done; } if (npending == 0) { ldapsrv_terminate_connection(conn, "EOF from client"); - return; + goto done; } conn->partial.data = talloc_realloc_size(conn, conn->partial.data, conn->partial.length + npending); if (conn->partial.data == NULL) { ldapsrv_terminate_connection(conn, "out of memory"); - return; + goto done; } /* receive the data */ @@ -279,14 +279,14 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) npending, &nread); if (NT_STATUS_IS_ERR(status)) { ldapsrv_terminate_connection(conn, "socket_recv() failed"); - return; + goto done; } if (!NT_STATUS_IS_OK(status)) { return; } if (nread == 0) { ldapsrv_terminate_connection(conn, "EOF from client"); - return; + goto done; } conn->partial.length += nread; @@ -301,6 +301,7 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) EVENT_FD_READABLE(c->event.fde); +done: if (conn->terminate) { if (conn->tls) { talloc_free(conn->tls); @@ -328,7 +329,7 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) } if (!NT_STATUS_IS_OK(status)) { ldapsrv_terminate_connection(conn, "socket_send error"); - return; + goto done; } q->blob.data += nsent; @@ -341,6 +342,7 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) EVENT_FD_NOT_WRITEABLE(c->event.fde); } +done: if (conn->terminate) { if (conn->tls) { talloc_free(conn->tls); @@ -385,25 +387,25 @@ static void ldapsrv_accept(struct stream_connection *c) c->event.fde, NULL, port != 389); if (!conn->tls) { ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); - return; + goto done; } /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); - return; + goto done; } rootDSE_part = talloc(conn, struct ldapsrv_partition); if (rootDSE_part == NULL) { ldapsrv_terminate_connection(conn, "talloc failed"); - return; } rootDSE_part->base_dn = ""; /* RootDSE */ rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); if (!NT_STATUS_IS_OK(rootDSE_part->ops->Init(rootDSE_part, conn))) { ldapsrv_terminate_connection(conn, "rootDSE Init failed"); + goto done; } conn->rootDSE = rootDSE_part; @@ -412,19 +414,29 @@ static void ldapsrv_accept(struct stream_connection *c) part = talloc(conn, struct ldapsrv_partition); if (part == NULL) { ldapsrv_terminate_connection(conn, "talloc failed"); - return; + goto done; } part->base_dn = "*"; /* default partition */ part->ops = ldapsrv_get_sldb_partition_ops(); if (!NT_STATUS_IS_OK(part->ops->Init(part, conn))) { ldapsrv_terminate_connection(conn, "default partition Init failed"); + goto done; } conn->default_partition = part; DLIST_ADD_END(conn->partitions, part, struct ldapsrv_partition *); irpc_add_name(c->msg_ctx, "ldap_server"); + +done: + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } static const struct stream_server_ops ldap_stream_ops = { -- cgit From f59c61d41386000cc030511963c42a16dc8a816c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Nov 2005 01:41:47 +0000 Subject: r11622: convert the ldap server to the generic packet code (This used to be commit 6ef4ba0c81002c9960dc5fe4fbfd0622957d492a) --- source4/ldap_server/ldap_server.c | 271 ++++++++++++++------------------------ 1 file changed, 101 insertions(+), 170 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 3b8d9e9289..3465c8ad86 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -33,6 +33,7 @@ #include "lib/socket/socket.h" #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" +#include "lib/stream/packet.h" /* close the socket and shutdown a server_context @@ -48,6 +49,16 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, conn->terminate = reason; } +/* + handle packet errors +*/ +static void ldapsrv_error_handler(void *private, NTSTATUS status) +{ + struct ldapsrv_connection *conn = talloc_get_type(private, + struct ldapsrv_connection); + ldapsrv_terminate_connection(conn, nt_errstr(status)); +} + /* process a decoded ldap message */ @@ -57,7 +68,6 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, struct ldapsrv_call *call; NTSTATUS status; DATA_BLOB blob; - struct data_blob_list_item *q; BOOL enable_wrap = conn->enable_wrap; call = talloc(conn, struct ldapsrv_call); @@ -119,16 +129,7 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, data_blob_free(&wrapped); } - q = talloc(conn, struct data_blob_list_item); - if (q == NULL) goto failed; - - q->blob = blob; - talloc_steal(q, blob.data); - - if (conn->send_queue == NULL) { - EVENT_FD_WRITEABLE(conn->connection->event.fde); - } - DLIST_ADD_END(conn->send_queue, q, struct data_blob_list_item *); + packet_send(conn->packet, blob); talloc_free(call); return; @@ -138,108 +139,88 @@ failed: /* - try and decode the partial input buffer + decode the input buffer */ -static void ldapsrv_try_decode_plain(struct ldapsrv_connection *conn) +static NTSTATUS ldapsrv_decode_plain(struct ldapsrv_connection *conn, DATA_BLOB blob) { struct asn1_data asn1; + struct ldap_message *msg = talloc(conn, struct ldap_message); - if (!asn1_load(&asn1, conn->partial)) { - ldapsrv_terminate_connection(conn, "out of memory"); - return; + if (msg == NULL) { + return NT_STATUS_NO_MEMORY; } - /* try and decode - this will fail if we don't have a full packet yet */ - while (asn1.ofs < asn1.length) { - struct ldap_message *msg = talloc(conn, struct ldap_message); - off_t saved_ofs = asn1.ofs; - - if (msg == NULL) { - ldapsrv_terminate_connection(conn, "out of memory"); - return; - } - - if (ldap_decode(&asn1, msg)) { - ldapsrv_process_message(conn, msg); - } else { - if (asn1.ofs < asn1.length) { - ldapsrv_terminate_connection(conn, "ldap_decode failed"); - return; - } - asn1.ofs = saved_ofs; - talloc_free(msg); - break; - } + if (!asn1_load(&asn1, blob)) { + return NT_STATUS_NO_MEMORY; } - /* keep any remaining data in conn->partial */ - data_blob_free(&conn->partial); - if (asn1.ofs != asn1.length) { - conn->partial = data_blob_talloc(conn, - asn1.data + asn1.ofs, - asn1.length - asn1.ofs); + if (!ldap_decode(&asn1, msg)) { + asn1_free(&asn1); + return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } + + data_blob_free(&blob); + ldapsrv_process_message(conn, msg); asn1_free(&asn1); + return NT_STATUS_OK; } /* - try and decode/process wrapped data + decode/process wrapped data */ -static void ldapsrv_try_decode_wrapped(struct ldapsrv_connection *conn) +static NTSTATUS ldapsrv_decode_wrapped(struct ldapsrv_connection *conn, + DATA_BLOB blob) { - uint32_t len; - - /* keep decoding while we have a full wrapped packet */ - while (conn->partial.length >= 4 && - (len=RIVAL(conn->partial.data, 0)) <= conn->partial.length-4) { - DATA_BLOB wrapped, unwrapped; - struct asn1_data asn1; - struct ldap_message *msg = talloc(conn, struct ldap_message); - NTSTATUS status; - - if (msg == NULL) { - ldapsrv_terminate_connection(conn, "out of memory"); - return; - } + DATA_BLOB wrapped, unwrapped; + struct asn1_data asn1; + struct ldap_message *msg = talloc(conn, struct ldap_message); + NTSTATUS status; - wrapped.data = conn->partial.data+4; - wrapped.length = len; + if (msg == NULL) { + return NT_STATUS_NO_MEMORY; + } - status = gensec_unwrap(conn->gensec, msg, &wrapped, &unwrapped); - if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(conn, "gensec unwrap failed"); - return; - } + wrapped = data_blob_const(blob.data+4, blob.length-4); - if (!asn1_load(&asn1, unwrapped)) { - ldapsrv_terminate_connection(conn, "out of memory"); - return; - } + status = gensec_unwrap(conn->gensec, msg, &wrapped, &unwrapped); + if (!NT_STATUS_IS_OK(status)) { + return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); + } - while (ldap_decode(&asn1, msg)) { - ldapsrv_process_message(conn, msg); - msg = talloc(conn, struct ldap_message); - } + data_blob_free(&blob); - if (asn1.ofs < asn1.length) { - ldapsrv_terminate_connection(conn, "ldap_decode failed"); - return; - } - - talloc_free(msg); - asn1_free(&asn1); + if (!asn1_load(&asn1, unwrapped)) { + return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); + } - if (conn->partial.length == len + 4) { - data_blob_free(&conn->partial); - } else { - memmove(conn->partial.data, conn->partial.data+len+4, - conn->partial.length - (len+4)); - conn->partial.length -= len + 4; - } + while (ldap_decode(&asn1, msg)) { + ldapsrv_process_message(conn, msg); + msg = talloc(conn, struct ldap_message); + } + + if (asn1.ofs < asn1.length) { + return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } + + talloc_free(msg); + asn1_free(&asn1); + + return NT_STATUS_OK; } +/* + decode/process data +*/ +static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) +{ + struct ldapsrv_connection *conn = talloc_get_type(private, + struct ldapsrv_connection); + if (conn->enable_wrap) { + return ldapsrv_decode_wrapped(conn, blob); + } + return ldapsrv_decode_plain(conn, blob); +} /* called when a LDAP socket becomes readable @@ -248,60 +229,9 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) { struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); - NTSTATUS status; - size_t npending, nread; - - if (conn->processing) { - EVENT_FD_NOT_READABLE(c->event.fde); - return; - } - - /* work out how much data is pending */ - status = tls_socket_pending(conn->tls, &npending); - if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(conn, "socket_pending() failed"); - goto done; - } - if (npending == 0) { - ldapsrv_terminate_connection(conn, "EOF from client"); - goto done; - } - - conn->partial.data = talloc_realloc_size(conn, conn->partial.data, - conn->partial.length + npending); - if (conn->partial.data == NULL) { - ldapsrv_terminate_connection(conn, "out of memory"); - goto done; - } - - /* receive the data */ - status = tls_socket_recv(conn->tls, conn->partial.data + conn->partial.length, - npending, &nread); - if (NT_STATUS_IS_ERR(status)) { - ldapsrv_terminate_connection(conn, "socket_recv() failed"); - goto done; - } - if (!NT_STATUS_IS_OK(status)) { - return; - } - if (nread == 0) { - ldapsrv_terminate_connection(conn, "EOF from client"); - goto done; - } - conn->partial.length += nread; - - conn->processing = True; - /* see if we can decode what we have */ - if (conn->enable_wrap) { - ldapsrv_try_decode_wrapped(conn); - } else { - ldapsrv_try_decode_plain(conn); - } - conn->processing = False; - - EVENT_FD_READABLE(c->event.fde); + + packet_recv(conn->packet); -done: if (conn->terminate) { if (conn->tls) { talloc_free(conn->tls); @@ -310,6 +240,20 @@ done: stream_terminate_connection(conn->connection, conn->terminate); } } + +/* + check if a blob is a complete ldap packet + handle wrapper or unwrapped connections +*/ +NTSTATUS ldapsrv_complete_packet(void *private, DATA_BLOB blob, size_t *size) +{ + struct ldapsrv_connection *conn = talloc_get_type(private, + struct ldapsrv_connection); + if (conn->enable_wrap) { + return packet_full_request_u32(private, blob, size); + } + return ldap_full_packet(private, blob, size); +} /* called when a LDAP socket becomes writable @@ -318,31 +262,9 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) { struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); - while (conn->send_queue) { - struct data_blob_list_item *q = conn->send_queue; - size_t nsent; - NTSTATUS status; - - status = tls_socket_send(conn->tls, &q->blob, &nsent); - if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - break; - } - if (!NT_STATUS_IS_OK(status)) { - ldapsrv_terminate_connection(conn, "socket_send error"); - goto done; - } - - q->blob.data += nsent; - q->blob.length -= nsent; - if (q->blob.length == 0) { - DLIST_REMOVE(conn->send_queue, q); - } - } - if (conn->send_queue == NULL) { - EVENT_FD_NOT_WRITEABLE(c->event.fde); - } + + packet_queue_run(conn->packet); -done: if (conn->terminate) { if (conn->tls) { talloc_free(conn->tls); @@ -372,17 +294,13 @@ static void ldapsrv_accept(struct stream_connection *c) } conn->enable_wrap = False; - conn->partial = data_blob(NULL, 0); - conn->send_queue = NULL; + conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; - conn->processing = False; c->private = conn; port = socket_get_my_port(c->socket); - /* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on - any ldap connection */ conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, c->event.fde, NULL, port != 389); if (!conn->tls) { @@ -390,6 +308,19 @@ static void ldapsrv_accept(struct stream_connection *c) goto done; } + conn->packet = packet_init(conn); + if (conn->packet == NULL) { + ldapsrv_terminate_connection(conn, "out of memory"); + goto done; + } + packet_set_private(conn->packet, conn); + packet_set_tls(conn->packet, conn->tls); + packet_set_callback(conn->packet, ldapsrv_decode); + packet_set_full_request(conn->packet, ldapsrv_complete_packet); + packet_set_error_handler(conn->packet, ldapsrv_error_handler); + packet_set_event_context(conn->packet, c->event.ctx); + packet_set_serialise(conn->packet, c->event.fde); + /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); -- cgit From 614950aed35353854019db5cccec5b3154643ca3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Nov 2005 03:45:57 +0000 Subject: r11713: separate out the setting of the fde in the packet context from the enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb) --- source4/ldap_server/ldap_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 3465c8ad86..b74bec0b1b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -319,7 +319,8 @@ static void ldapsrv_accept(struct stream_connection *c) packet_set_full_request(conn->packet, ldapsrv_complete_packet); packet_set_error_handler(conn->packet, ldapsrv_error_handler); packet_set_event_context(conn->packet, c->event.ctx); - packet_set_serialise(conn->packet, c->event.fde); + packet_set_fde(conn->packet, c->event.fde); + packet_set_serialise(conn->packet); /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { -- cgit From 53562f774662eda06563870bb7daf857df01590f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 08:55:13 +0000 Subject: r11955: got rid of the old rootDSE code in the ldap server. The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead (This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5) --- source4/ldap_server/ldap_server.c | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index b74bec0b1b..11ee72d989 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -280,7 +280,6 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) */ static void ldapsrv_accept(struct stream_connection *c) { - struct ldapsrv_partition *rootDSE_part; struct ldapsrv_partition *part; struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); @@ -328,21 +327,6 @@ static void ldapsrv_accept(struct stream_connection *c) goto done; } - rootDSE_part = talloc(conn, struct ldapsrv_partition); - if (rootDSE_part == NULL) { - ldapsrv_terminate_connection(conn, "talloc failed"); - } - - rootDSE_part->base_dn = ""; /* RootDSE */ - rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); - if (!NT_STATUS_IS_OK(rootDSE_part->ops->Init(rootDSE_part, conn))) { - ldapsrv_terminate_connection(conn, "rootDSE Init failed"); - goto done; - } - - conn->rootDSE = rootDSE_part; - DLIST_ADD_END(conn->partitions, rootDSE_part, struct ldapsrv_partition *); - part = talloc(conn, struct ldapsrv_partition); if (part == NULL) { ldapsrv_terminate_connection(conn, "talloc failed"); -- cgit From e246a067515b1fdb725ca1f8e7b406cc84a89e81 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Dec 2005 10:23:56 +0000 Subject: r12126: get rid of the local ->terminate hacks, we do that genericly now metze (This used to be commit a7baf165c10c00096265b790d5362905c527806a) --- source4/ldap_server/ldap_server.c | 46 +++++++++------------------------------ 1 file changed, 10 insertions(+), 36 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 11ee72d989..ba72326084 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -41,12 +41,11 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - /* we don't actually do the stream termination here as the - recv/send functions dereference the connection after the - packet processing callbacks. Instead we mark it for - termination and do the real termination in the send/recv - functions */ - conn->terminate = reason; + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, reason); } /* @@ -231,14 +230,6 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) talloc_get_type(c->private, struct ldapsrv_connection); packet_recv(conn->packet); - - if (conn->terminate) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, conn->terminate); - } } /* @@ -264,14 +255,6 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) talloc_get_type(c->private, struct ldapsrv_connection); packet_queue_run(conn->packet); - - if (conn->terminate) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, conn->terminate); - } } /* @@ -304,13 +287,13 @@ static void ldapsrv_accept(struct stream_connection *c) c->event.fde, NULL, port != 389); if (!conn->tls) { ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); - goto done; + return; } conn->packet = packet_init(conn); if (conn->packet == NULL) { ldapsrv_terminate_connection(conn, "out of memory"); - goto done; + return; } packet_set_private(conn->packet, conn); packet_set_tls(conn->packet, conn->tls); @@ -324,35 +307,26 @@ static void ldapsrv_accept(struct stream_connection *c) /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); - goto done; + return; } part = talloc(conn, struct ldapsrv_partition); if (part == NULL) { ldapsrv_terminate_connection(conn, "talloc failed"); - goto done; + return; } part->base_dn = "*"; /* default partition */ part->ops = ldapsrv_get_sldb_partition_ops(); if (!NT_STATUS_IS_OK(part->ops->Init(part, conn))) { ldapsrv_terminate_connection(conn, "default partition Init failed"); - goto done; + return; } conn->default_partition = part; DLIST_ADD_END(conn->partitions, part, struct ldapsrv_partition *); irpc_add_name(c->msg_ctx, "ldap_server"); - -done: - if (conn->terminate) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, conn->terminate); - } } static const struct stream_server_ops ldap_stream_ops = { -- cgit From bedfb063268f70e66f16fdd0e9bdd29d176a0634 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jan 2006 00:10:15 +0000 Subject: r12686: Push the real SASL list into the rootdse. Get this out of the server credentials, and push it down to ldb via an opaque pointer. Andrew Bartlett (This used to be commit 61700252e05e0be6b4ffa72ffc24a95c665597e3) --- source4/ldap_server/ldap_server.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ba72326084..26bb2402e8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -267,6 +267,8 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + struct cli_credentials *server_credentials; + NTSTATUS status; int port; conn = talloc_zero(c, struct ldapsrv_connection); @@ -279,6 +281,24 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, "Failed to init server credentials\n"); + talloc_free(conn); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); + talloc_free(conn); + return; + } + conn->server_credentials = server_credentials; + c->private = conn; port = socket_get_my_port(c->socket); -- cgit From 78c50015bb8bd5a1d831a6e7ec796b3367c73145 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 3 Jan 2006 15:40:05 +0000 Subject: r12694: Move some headers to the directory of the subsystem they belong to. (This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 26bb2402e8..d573652143 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -26,7 +26,7 @@ #include "lib/events/events.h" #include "auth/auth.h" #include "dlinklist.h" -#include "asn_1.h" +#include "libcli/util/asn_1.h" #include "ldap_server/ldap_server.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" -- cgit From f55ea8bb3dca868e21663cd90eaea7a35cd7886c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 9 Jan 2006 22:12:53 +0000 Subject: r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2) --- source4/ldap_server/ldap_server.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d573652143..28995f6eb2 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -268,6 +268,7 @@ static void ldapsrv_accept(struct stream_connection *c) talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; struct cli_credentials *server_credentials; + struct socket_address *socket_address; NTSTATUS status; int port; @@ -301,7 +302,13 @@ static void ldapsrv_accept(struct stream_connection *c) c->private = conn; - port = socket_get_my_port(c->socket); + socket_address = socket_get_my_addr(c->socket, conn); + if (!socket_address) { + ldapsrv_terminate_connection(conn, "ldapsrv_accept: failed to obtain local socket address!"); + return; + } + port = socket_address->port; + talloc_free(socket_address); conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, c->event.fde, NULL, port != 389); -- cgit From a7a79d2b256c97bd6ffa6e9740d14366ebc7602e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 13 Jan 2006 00:38:35 +0000 Subject: r12880: Remove ldap partitions useless now and probably we will not use it anyway as we plan to support partitions in ldb directly like with rootdse Merge ldap_simple_ldb into ldap_backend, it is not simple anymore and makes no sense to have it separated now that ldap partitions are gone Initial attempt at working to some limit to avoid DOSs for the ldap server. Simo. (This used to be commit 97bff3e049eba48019f2b0f3eb5a19e32fef2e23) --- source4/ldap_server/ldap_server.c | 43 +++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 13 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 28995f6eb2..d8124e5f24 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -228,7 +228,12 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) { struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); - + + if (conn->limits.ite) { + talloc_free(conn->limits.ite); + conn->limits.ite = NULL; + } + packet_recv(conn->packet); } @@ -257,13 +262,22 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) packet_queue_run(conn->packet); } +static void ldapsrv_conn_init_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private) +{ + struct ldapsrv_connection *conn = talloc_get_type(private, struct ldapsrv_connection); + + ldapsrv_terminate_connection(conn, "Timeout. No requests after initial connection"); +} + /* initialise a server_context from a open socket and register a event handler for reading from that socket */ static void ldapsrv_accept(struct stream_connection *c) { - struct ldapsrv_partition *part; struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; @@ -337,23 +351,26 @@ static void ldapsrv_accept(struct stream_connection *c) return; } - part = talloc(conn, struct ldapsrv_partition); - if (part == NULL) { - ldapsrv_terminate_connection(conn, "talloc failed"); + if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) { + ldapsrv_terminate_connection(conn, "backend Init failed"); return; } - part->base_dn = "*"; /* default partition */ - part->ops = ldapsrv_get_sldb_partition_ops(); - if (!NT_STATUS_IS_OK(part->ops->Init(part, conn))) { - ldapsrv_terminate_connection(conn, "default partition Init failed"); - return; - } + /* TODO: load limits from the conf partition */ + + conn->limits.initial_timeout = 10; + conn->limits.conn_idle_time = 60; + conn->limits.max_page_size = 100; + conn->limits.search_timeout = 10; - conn->default_partition = part; - DLIST_ADD_END(conn->partitions, part, struct ldapsrv_partition *); + /* register the server */ irpc_add_name(c->msg_ctx, "ldap_server"); + + /* set connections limits */ + conn->limits.ite = event_add_timed(c->event.ctx, conn, + timeval_current_ofs(conn->limits.initial_timeout, 0), + ldapsrv_conn_init_timeout, conn); } static const struct stream_server_ops ldap_stream_ops = { -- cgit From d45a8de617eaeb42ce43435f57916bab4274af13 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 13 Jan 2006 15:40:15 +0000 Subject: r12905: add some ldap policies not yet enforced except for the initial connection timeout (This used to be commit fa1ae9a44b0321b8e458bcb7fd1dcc9475b9bad3) --- source4/ldap_server/ldap_server.c | 106 +++++++++++++++++++++++++++++++++++--- 1 file changed, 99 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d8124e5f24..4272cea678 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -34,6 +34,8 @@ #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" #include "lib/stream/packet.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" /* close the socket and shutdown a server_context @@ -272,6 +274,101 @@ static void ldapsrv_conn_init_timeout(struct event_context *ev, ldapsrv_terminate_connection(conn, "Timeout. No requests after initial connection"); } +static int ldapsrv_load_limits(struct ldapsrv_connection *conn) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { "configurationNamingContext", NULL }; + const char *attrs2[] = { "lDAPAdminLimits", NULL }; + const char *conf_dn_s; + struct ldb_message_element *el; + struct ldb_result *res = NULL; + struct ldb_dn *basedn; + struct ldb_dn *conf_dn; + struct ldb_dn *policy_dn; + int i,ret; + + /* set defaults limits in case of failure */ + conn->limits.initial_timeout = 120; + conn->limits.conn_idle_time = 900; + conn->limits.max_page_size = 1000; + conn->limits.search_timeout = 120; + + + tmp_ctx = talloc_new(conn); + if (tmp_ctx == NULL) { + return -1; + } + + basedn = ldb_dn_explode(tmp_ctx, ""); + if (basedn == NULL) { + goto failed; + } + + ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res); + talloc_steal(tmp_ctx, res); + if (ret != LDB_SUCCESS || res->count != 1) { + goto failed; + } + + conf_dn_s = ldb_msg_find_string(res->msgs[0], "configurationNamingContext", NULL); + if (conf_dn_s == NULL) { + goto failed; + } + conf_dn = ldb_dn_explode(tmp_ctx, conf_dn_s); + if (conf_dn == NULL) { + goto failed; + } + + policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services"); + if (policy_dn == NULL) { + goto failed; + } + + ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res); + talloc_steal(tmp_ctx, res); + if (ret != LDB_SUCCESS || res->count != 1) { + goto failed; + } + + el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits"); + if (el == NULL) { + goto failed; + } + + for (i = 0; i < el->num_values; i++) { + char policy_name[256]; + int policy_value, s; + + s = sscanf(el->values[i].data, "%255[^=]=%d", policy_name, &policy_value); + if (ret != 2 || policy_value == 0) + continue; + + if (strcasecmp("InitRecvTimeout", policy_name) == 0) { + conn->limits.initial_timeout = policy_value; + continue; + } + if (strcasecmp("MaxConnIdleTime", policy_name) == 0) { + conn->limits.conn_idle_time = policy_value; + continue; + } + if (strcasecmp("MaxPageSize", policy_name) == 0) { + conn->limits.max_page_size = policy_value; + continue; + } + if (strcasecmp("MaxQueryDuration", policy_name) == 0) { + conn->limits.search_timeout = policy_value; + continue; + } + } + + return 0; + +failed: + DEBUG(0, ("Failed to load ldap server query policies\n")); + talloc_free(tmp_ctx); + return -1; +} + /* initialise a server_context from a open socket and register a event handler for reading from that socket @@ -356,13 +453,8 @@ static void ldapsrv_accept(struct stream_connection *c) return; } - /* TODO: load limits from the conf partition */ - - conn->limits.initial_timeout = 10; - conn->limits.conn_idle_time = 60; - conn->limits.max_page_size = 100; - conn->limits.search_timeout = 10; - + /* load limits from the conf partition */ + ldapsrv_load_limits(conn); /* should we fail on error ? */ /* register the server */ irpc_add_name(c->msg_ctx, "ldap_server"); -- cgit From eed0a95128714b93b9ff484780e5d74fc301be6d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 13 Jan 2006 22:48:08 +0000 Subject: r12917: fix decoding of ldap controls some more work on timeouts (This used to be commit a7e2fe3cb33be2effff7eb764047567f2da3cd55) --- source4/ldap_server/ldap_server.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 4272cea678..a9a4b06645 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -223,6 +223,19 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) return ldapsrv_decode_plain(conn, blob); } +/* + Idle timeout handler +*/ +static void ldapsrv_conn_idle_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private) +{ + struct ldapsrv_connection *conn = talloc_get_type(private, struct ldapsrv_connection); + + ldapsrv_terminate_connection(conn, "Timeout. No requests after bind"); +} + /* called when a LDAP socket becomes readable */ @@ -231,12 +244,22 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); - if (conn->limits.ite) { + if (conn->limits.ite) { /* clean initial timeout if any */ talloc_free(conn->limits.ite); conn->limits.ite = NULL; } + if (conn->limits.te) { /* clean idle timeout if any */ + talloc_free(conn->limits.te); + conn->limits.te = NULL; + } + packet_recv(conn->packet); + + /* set idle timeout */ + conn->limits.te = event_add_timed(c->event.ctx, conn, + timeval_current_ofs(conn->limits.conn_idle_time, 0), + ldapsrv_conn_idle_timeout, conn); } /* -- cgit From 26af14c39b88b0e7eb53657b89be65d865804688 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 2 Mar 2006 16:32:53 +0000 Subject: r13786: [merge] Add registration functions for LDB modules Applications that use LDB modules will now have to run ldb_global_init() before they can use LDB. The next step will be adding support for loading LDB modules from .so files. This will also allow us to use one LDB without difference between the standalone and the Samba-specific build (This used to be commit 52a235650514039bf8ffee99a784bbc1b6ae6b92) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a9a4b06645..b919894d69 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -545,6 +545,8 @@ static void ldapsrv_task_init(struct task_server *task) struct ldapsrv_service *ldap_service; NTSTATUS status; + ldb_global_init(); + ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; -- cgit From 20c7347f4305cb236f9752db127ac57471843e86 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 3 Mar 2006 08:23:57 +0000 Subject: r13812: fix compiler warning metze (This used to be commit 1340cb1f3bdbde4d3759d77b28631611c4e150bb) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index b919894d69..a6786e2990 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -362,7 +362,7 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) char policy_name[256]; int policy_value, s; - s = sscanf(el->values[i].data, "%255[^=]=%d", policy_name, &policy_value); + s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value); if (ret != 2 || policy_value == 0) continue; -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a6786e2990..b1ef4ff006 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -36,6 +36,8 @@ #include "lib/stream/packet.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" +#include "system/network.h" +#include "netif/netif.h" /* close the socket and shutdown a server_context -- cgit From 9bd7dd912124d8ffda6f9967d6ba358c16be2aa0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 12:08:58 +0000 Subject: r13926: More header splitups. (This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index b1ef4ff006..40a1dc0b9b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -30,6 +30,7 @@ #include "ldap_server/ldap_server.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" +#include "smbd/proto.h" #include "lib/socket/socket.h" #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" -- cgit From c9e5d884fcc7b83f8b15ae2e690d0c3b4be7dea6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 7 Mar 2006 14:13:38 +0000 Subject: r13941: fix the build metze (This used to be commit d9da948b0f7f9698decc140a0a549d27675d14e4) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 40a1dc0b9b..247b877e1a 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -30,7 +30,7 @@ #include "ldap_server/ldap_server.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" -#include "smbd/proto.h" +#include "smbd/service.h" #include "lib/socket/socket.h" #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" -- cgit From 60823d1878563c398373ff2c761dd91a588af3b5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 9 Mar 2006 17:39:24 +0000 Subject: r14078: move ldb_global_init() to the main smbd code, to fix the process_model standard metze (This used to be commit a465126e15490c5605064eb2387fb589d312db7b) --- source4/ldap_server/ldap_server.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 247b877e1a..867f576827 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -548,8 +548,6 @@ static void ldapsrv_task_init(struct task_server *task) struct ldapsrv_service *ldap_service; NTSTATUS status; - ldb_global_init(); - ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; -- cgit From 651ca6553edadb2b97339fd3c112fdb6ef6c08bc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 9 Mar 2006 17:48:41 +0000 Subject: r14079: I just found the setproctitle library from alt linux:-) - add set_title hook to the process models - use setproctitle library in process_model standard if available - the the title for the task servers and on connections metze (This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 867f576827..ee203abc79 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -548,6 +548,8 @@ static void ldapsrv_task_init(struct task_server *task) struct ldapsrv_service *ldap_service; NTSTATUS status; + task_server_set_title(task, "task[ldapsrv]"); + ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; -- cgit From 13f45733a3b3c4985864ad19cae9735aa48feec8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 23 Mar 2006 12:00:00 +0000 Subject: r14673: Don't double-free conn, it is below 'c' free'ed by stream_terminate_connection() Andrew Bartlett (This used to be commit a6c797986053ecf6bbce54028d7ea4106635c558) --- source4/ldap_server/ldap_server.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ee203abc79..9ce371b99b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -424,7 +424,6 @@ static void ldapsrv_accept(struct stream_connection *c) = cli_credentials_init(conn); if (!server_credentials) { stream_terminate_connection(c, "Failed to init server credentials\n"); - talloc_free(conn); return; } @@ -432,7 +431,6 @@ static void ldapsrv_accept(struct stream_connection *c) status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); - talloc_free(conn); return; } conn->server_credentials = server_credentials; -- cgit From 26259ce98b20e6ae797afdfe9d3b8cf43cf01702 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Apr 2006 09:20:22 +0000 Subject: r15317: Because LDB is now async, there are more places were we might run the even context again. We need to ensure we don't process packets until we are finished setting up the connection, have the ldb in place etc. We may need to do the same in other servers. Andrew Bartlett (This used to be commit 9bbc93bef2881251b734732d84bf0b2e5cf8b285) --- source4/ldap_server/ldap_server.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9ce371b99b..ba5f415169 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -420,21 +420,6 @@ static void ldapsrv_accept(struct stream_connection *c) conn->connection = c; conn->service = ldapsrv_service; - server_credentials - = cli_credentials_init(conn); - if (!server_credentials) { - stream_terminate_connection(c, "Failed to init server credentials\n"); - return; - } - - cli_credentials_set_conf(server_credentials); - status = cli_credentials_set_machine_account(server_credentials); - if (!NT_STATUS_IS_OK(status)) { - stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); - return; - } - conn->server_credentials = server_credentials; - c->private = conn; socket_address = socket_get_my_addr(c->socket, conn); @@ -457,6 +442,7 @@ static void ldapsrv_accept(struct stream_connection *c) ldapsrv_terminate_connection(conn, "out of memory"); return; } + packet_set_private(conn->packet, conn); packet_set_tls(conn->packet, conn->tls); packet_set_callback(conn->packet, ldapsrv_decode); @@ -465,6 +451,24 @@ static void ldapsrv_accept(struct stream_connection *c) packet_set_event_context(conn->packet, c->event.ctx); packet_set_fde(conn->packet, c->event.fde); packet_set_serialise(conn->packet); + + /* Ensure we don't get packets until the database is ready below */ + packet_recv_disable(conn->packet); + + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, "Failed to init server credentials\n"); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); + return; + } + conn->server_credentials = server_credentials; /* Connections start out anonymous */ if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { @@ -487,6 +491,9 @@ static void ldapsrv_accept(struct stream_connection *c) conn->limits.ite = event_add_timed(c->event.ctx, conn, timeval_current_ofs(conn->limits.initial_timeout, 0), ldapsrv_conn_init_timeout, conn); + + packet_recv_enable(conn->packet); + } static const struct stream_server_ops ldap_stream_ops = { -- cgit From 742c110cd67f4995639822981e8bfcb1f652f2c4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 May 2006 20:15:47 +0000 Subject: r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497) --- source4/ldap_server/ldap_server.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ba5f415169..6f57073f18 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -46,10 +46,6 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } stream_terminate_connection(conn->connection, reason); } @@ -430,13 +426,14 @@ static void ldapsrv_accept(struct stream_connection *c) port = socket_address->port; talloc_free(socket_address); - conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, - c->event.fde, NULL, port != 389); - if (!conn->tls) { - ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); - return; + if (port == 636) { + c->socket = tls_init_server(ldapsrv_service->tls_params, c->socket, + c->event.fde, NULL); + if (!c->socket) { + ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); + return; + } } - conn->packet = packet_init(conn); if (conn->packet == NULL) { ldapsrv_terminate_connection(conn, "out of memory"); @@ -444,7 +441,7 @@ static void ldapsrv_accept(struct stream_connection *c) } packet_set_private(conn->packet, conn); - packet_set_tls(conn->packet, conn->tls); + packet_set_socket(conn->packet, c->socket); packet_set_callback(conn->packet, ldapsrv_decode); packet_set_full_request(conn->packet, ldapsrv_complete_packet); packet_set_error_handler(conn->packet, ldapsrv_error_handler); -- cgit From 32ab51876728577375b954a04103f71ddd4d93dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 12 Jul 2006 04:59:41 +0000 Subject: r16972: Replace the sequence_number function pointer in ldb with the ldb flags. The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 6f57073f18..07b1bc6a27 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -433,6 +433,8 @@ static void ldapsrv_accept(struct stream_connection *c) ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); return; } + } else if (port == 3268) /* Global catalog */ { + conn->global_catalog = True; } conn->packet = packet_init(conn); if (conn->packet == NULL) { -- cgit From ba07fa43d0b0090f5e686d8c1822468049f52416 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 23 Jul 2006 02:50:08 +0000 Subject: r17197: This patch moves the encryption of bulk data on SASL negotiated security contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0) --- source4/ldap_server/ldap_server.c | 127 +++++++------------------------------- 1 file changed, 21 insertions(+), 106 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 07b1bc6a27..cfbe6eb5b2 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -31,10 +31,8 @@ #include "smbd/service_task.h" #include "smbd/service_stream.h" #include "smbd/service.h" -#include "lib/socket/socket.h" #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" -#include "lib/stream/packet.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "system/network.h" @@ -43,7 +41,7 @@ /* close the socket and shutdown a server_context */ -static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, +void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { stream_terminate_connection(conn->connection, reason); @@ -68,7 +66,6 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, struct ldapsrv_call *call; NTSTATUS status; DATA_BLOB blob; - BOOL enable_wrap = conn->enable_wrap; call = talloc(conn, struct ldapsrv_call); if (!call) { @@ -79,11 +76,14 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, call->request = talloc_steal(call, msg); call->conn = conn; call->replies = NULL; - + call->send_callback = NULL; + call->send_private = NULL; + /* make the call */ status = ldapsrv_do_call(call); if (!NT_STATUS_IS_OK(status)) { - goto failed; + talloc_free(call); + return; } blob = data_blob(NULL, 0); @@ -100,49 +100,36 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, msg = call->replies->msg; if (!ldap_encode(msg, &b, call)) { DEBUG(0,("Failed to encode ldap reply of type %d\n", msg->type)); - goto failed; + talloc_free(call); + return; } status = data_blob_append(call, &blob, b.data, b.length); data_blob_free(&b); - if (!NT_STATUS_IS_OK(status)) goto failed; - - DLIST_REMOVE(call->replies, call->replies); - } + talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet"); - /* possibly encrypt/sign the reply */ - if (enable_wrap) { - DATA_BLOB wrapped; - - status = gensec_wrap(conn->gensec, call, &blob, &wrapped); if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - data_blob_free(&blob); - blob = data_blob_talloc(call, NULL, wrapped.length + 4); - if (blob.data == NULL) { - goto failed; + talloc_free(call); + return; } - RSIVAL(blob.data, 0, wrapped.length); - memcpy(blob.data+4, wrapped.data, wrapped.length); - data_blob_free(&wrapped); + + DLIST_REMOVE(call->replies, call->replies); } - packet_send(conn->packet, blob); + packet_send_callback(conn->packet, blob, + call->send_callback, call->send_private); talloc_free(call); return; - -failed: - talloc_free(call); } - /* - decode the input buffer + decode/process data */ -static NTSTATUS ldapsrv_decode_plain(struct ldapsrv_connection *conn, DATA_BLOB blob) +static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) { + struct ldapsrv_connection *conn = talloc_get_type(private, + struct ldapsrv_connection); struct asn1_data asn1; struct ldap_message *msg = talloc(conn, struct ldap_message); @@ -165,63 +152,6 @@ static NTSTATUS ldapsrv_decode_plain(struct ldapsrv_connection *conn, DATA_BLOB return NT_STATUS_OK; } - -/* - decode/process wrapped data -*/ -static NTSTATUS ldapsrv_decode_wrapped(struct ldapsrv_connection *conn, - DATA_BLOB blob) -{ - DATA_BLOB wrapped, unwrapped; - struct asn1_data asn1; - struct ldap_message *msg = talloc(conn, struct ldap_message); - NTSTATUS status; - - if (msg == NULL) { - return NT_STATUS_NO_MEMORY; - } - - wrapped = data_blob_const(blob.data+4, blob.length-4); - - status = gensec_unwrap(conn->gensec, msg, &wrapped, &unwrapped); - if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); - } - - data_blob_free(&blob); - - if (!asn1_load(&asn1, unwrapped)) { - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); - } - - while (ldap_decode(&asn1, msg)) { - ldapsrv_process_message(conn, msg); - msg = talloc(conn, struct ldap_message); - } - - if (asn1.ofs < asn1.length) { - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); - } - - talloc_free(msg); - asn1_free(&asn1); - - return NT_STATUS_OK; -} - -/* - decode/process data -*/ -static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) -{ - struct ldapsrv_connection *conn = talloc_get_type(private, - struct ldapsrv_connection); - if (conn->enable_wrap) { - return ldapsrv_decode_wrapped(conn, blob); - } - return ldapsrv_decode_plain(conn, blob); -} - /* Idle timeout handler */ @@ -238,7 +168,7 @@ static void ldapsrv_conn_idle_timeout(struct event_context *ev, /* called when a LDAP socket becomes readable */ -static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) +void ldapsrv_recv(struct stream_connection *c, uint16_t flags) { struct ldapsrv_connection *conn = talloc_get_type(c->private, struct ldapsrv_connection); @@ -261,20 +191,6 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) ldapsrv_conn_idle_timeout, conn); } -/* - check if a blob is a complete ldap packet - handle wrapper or unwrapped connections -*/ -NTSTATUS ldapsrv_complete_packet(void *private, DATA_BLOB blob, size_t *size) -{ - struct ldapsrv_connection *conn = talloc_get_type(private, - struct ldapsrv_connection); - if (conn->enable_wrap) { - return packet_full_request_u32(private, blob, size); - } - return ldap_full_packet(private, blob, size); -} - /* called when a LDAP socket becomes writable */ @@ -411,7 +327,6 @@ static void ldapsrv_accept(struct stream_connection *c) return; } - conn->enable_wrap = False; conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; @@ -445,7 +360,7 @@ static void ldapsrv_accept(struct stream_connection *c) packet_set_private(conn->packet, conn); packet_set_socket(conn->packet, c->socket); packet_set_callback(conn->packet, ldapsrv_decode); - packet_set_full_request(conn->packet, ldapsrv_complete_packet); + packet_set_full_request(conn->packet, ldap_full_packet); packet_set_error_handler(conn->packet, ldapsrv_error_handler); packet_set_event_context(conn->packet, c->event.ctx); packet_set_fde(conn->packet, c->event.fde); -- cgit From 9d6f2767179fad2f9a067c67c09afddb6304e4eb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Jul 2006 00:57:27 +0000 Subject: r17222: Change the function prototypes for the GENSEc and TLS socket creation routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2) --- source4/ldap_server/ldap_server.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index cfbe6eb5b2..7807a93666 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -342,12 +342,16 @@ static void ldapsrv_accept(struct stream_connection *c) talloc_free(socket_address); if (port == 636) { - c->socket = tls_init_server(ldapsrv_service->tls_params, c->socket, - c->event.fde, NULL); - if (!c->socket) { + struct socket_context *tls_socket = tls_init_server(ldapsrv_service->tls_params, c->socket, + c->event.fde, NULL); + if (!tls_socket) { ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); return; } + talloc_unlink(c, c->socket); + talloc_steal(c, tls_socket); + c->socket = tls_socket; + } else if (port == 3268) /* Global catalog */ { conn->global_catalog = True; } -- cgit From 4cdcc1789363907f850a05c4b3349746c710ebf0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 25 Jul 2006 19:20:04 +0000 Subject: r17237: - keep pointer to the different sockets - we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 7807a93666..8aacbb6369 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + conn->sockets.raw = c->socket; c->private = conn; @@ -351,6 +352,7 @@ static void ldapsrv_accept(struct stream_connection *c) talloc_unlink(c, c->socket); talloc_steal(c, tls_socket); c->socket = tls_socket; + conn->sockets.tls = tls_socket; } else if (port == 3268) /* Global catalog */ { conn->global_catalog = True; -- cgit From a23b63a8e54db7d0ec98ad95cdca11dd4d039e17 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 13 Aug 2006 08:00:36 +0000 Subject: r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 8aacbb6369..718e3e0773 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -248,7 +248,7 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) goto failed; } - conf_dn_s = ldb_msg_find_string(res->msgs[0], "configurationNamingContext", NULL); + conf_dn_s = ldb_msg_find_attr_as_string(res->msgs[0], "configurationNamingContext", NULL); if (conf_dn_s == NULL) { goto failed; } -- cgit From a2eca9174c7803732658a1e6f7e8ed873c4fb6fd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Aug 2006 13:37:04 +0000 Subject: r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on the configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 718e3e0773..9b4055f8cf 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -36,7 +36,7 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "system/network.h" -#include "netif/netif.h" +#include "lib/socket/netif.h" /* close the socket and shutdown a server_context -- cgit From c8064e1f9294ec77b198d55998347c7a962e03e5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Aug 2006 01:25:20 +0000 Subject: r17644: change the ldap server to always use the single process model. We are not aiming to produce a high performance parallel ldap server, so better to reserve the extra CPUs on a SMP box for file serving. (This used to be commit 45c0580e5d3b18301bc5706423bb407d001fb61d) --- source4/ldap_server/ldap_server.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9b4055f8cf..d48c0664d7 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -31,6 +31,7 @@ #include "smbd/service_task.h" #include "smbd/service_stream.h" #include "smbd/service.h" +#include "smbd/process_model.h" #include "lib/tls/tls.h" #include "lib/messaging/irpc.h" #include "lib/ldb/include/ldb.h" @@ -472,9 +473,14 @@ static void ldapsrv_task_init(struct task_server *task) { struct ldapsrv_service *ldap_service; NTSTATUS status; + const struct model_ops *model_ops; task_server_set_title(task, "task[ldapsrv]"); + /* run the ldap server as a single process */ + model_ops = process_model_byname("single"); + if (!model_ops) goto failed; + ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; @@ -491,11 +497,11 @@ static void ldapsrv_task_init(struct task_server *task) */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(i); - status = add_socket(task->event_ctx, task->model_ops, address, ldap_service); + status = add_socket(task->event_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } } else { - status = add_socket(task->event_ctx, task->model_ops, lp_socket_address(), ldap_service); + status = add_socket(task->event_ctx, model_ops, lp_socket_address(), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } -- cgit From 0329d755a7611ba3897fc1ee9bdce410cc33d7f8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 30 Aug 2006 11:29:34 +0000 Subject: r17930: Merge noinclude branch: * Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index d48c0664d7..6282207a52 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -25,7 +25,7 @@ #include "includes.h" #include "lib/events/events.h" #include "auth/auth.h" -#include "dlinklist.h" +#include "lib/util/dlinklist.h" #include "libcli/util/asn_1.h" #include "ldap_server/ldap_server.h" #include "smbd/service_task.h" -- cgit From 460679fd53dd47841b685907a586721f01a38b6f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 25 Sep 2006 22:55:56 +0000 Subject: r18909: use newer functions that were introduced after this code was made (This used to be commit 3ce1796eb4cca7fd78366ee540a998a1ca377866) --- source4/ldap_server/ldap_server.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 6282207a52..89f7bf0bfb 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -218,7 +218,6 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) TALLOC_CTX *tmp_ctx; const char *attrs[] = { "configurationNamingContext", NULL }; const char *attrs2[] = { "lDAPAdminLimits", NULL }; - const char *conf_dn_s; struct ldb_message_element *el; struct ldb_result *res = NULL; struct ldb_dn *basedn; @@ -238,7 +237,7 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) return -1; } - basedn = ldb_dn_explode(tmp_ctx, ""); + basedn = ldb_dn_new(tmp_ctx); if (basedn == NULL) { goto failed; } @@ -249,11 +248,7 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) goto failed; } - conf_dn_s = ldb_msg_find_attr_as_string(res->msgs[0], "configurationNamingContext", NULL); - if (conf_dn_s == NULL) { - goto failed; - } - conf_dn = ldb_dn_explode(tmp_ctx, conf_dn_s); + conf_dn = ldb_msg_find_attr_as_dn(tmp_ctx, res->msgs[0], "configurationNamingContext"); if (conf_dn == NULL) { goto failed; } -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 89f7bf0bfb..29555b14e1 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -25,6 +25,8 @@ #include "includes.h" #include "lib/events/events.h" #include "auth/auth.h" +#include "auth/credentials/credentials.h" +#include "librpc/gen_ndr/ndr_samr.h" #include "lib/util/dlinklist.h" #include "libcli/util/asn_1.h" #include "ldap_server/ldap_server.h" -- cgit From 4889eb9f7aae9349e426d0f6d2217adff67eaebd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 00:59:34 +0000 Subject: r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63) --- source4/ldap_server/ldap_server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 29555b14e1..82fc1d9660 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -239,8 +239,8 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) return -1; } - basedn = ldb_dn_new(tmp_ctx); - if (basedn == NULL) { + basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL); + if ( ! ldb_dn_validate(basedn)) { goto failed; } @@ -250,12 +250,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) goto failed; } - conf_dn = ldb_msg_find_attr_as_dn(tmp_ctx, res->msgs[0], "configurationNamingContext"); + conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext"); if (conf_dn == NULL) { goto failed; } - policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services"); + policy_dn = ldb_dn_copy(tmp_ctx, conf_dn); + ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services"); if (policy_dn == NULL) { goto failed; } -- cgit From d471e52d23bf89e472c34c58dd9f113e669323a4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 13 Dec 2006 11:19:51 +0000 Subject: r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893) --- source4/ldap_server/ldap_server.c | 45 ++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 82fc1d9660..c459c27961 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,7 +40,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "system/network.h" #include "lib/socket/netif.h" - +#include "dsdb/samdb/samdb.h" /* close the socket and shutdown a server_context */ @@ -245,8 +245,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) } ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(tmp_ctx, res); - if (ret != LDB_SUCCESS || res->count != 1) { + + if (res->count != 1) { goto failed; } @@ -262,8 +267,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) } ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(tmp_ctx, res); - if (ret != LDB_SUCCESS || res->count != 1) { + + if (res->count != 1) { goto failed; } @@ -431,6 +441,11 @@ static NTSTATUS add_socket(struct event_context *event_context, { uint16_t port = 389; NTSTATUS status; + const char *attrs[] = { "options", NULL }; + int ret; + struct ldb_result *res; + struct ldb_context *ldb; + int options; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); @@ -450,8 +465,28 @@ static NTSTATUS add_socket(struct event_context *event_context, } } - /* if we are a PDC, then also enable the global catalog server port, 3268 */ - if (lp_server_role() == ROLE_DOMAIN_PDC) { + /* Load LDAP database */ + ldb = samdb_connect(ldap_service, system_session(ldap_service)); + if (!ldb) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + /* Query cn=ntds settings,.... */ + ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, &res); + if (ret) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + if (res->count != 1) { + talloc_free(res); + return NT_STATUS_NOT_FOUND; + } + + options = ldb_msg_find_attr_as_int(res->msgs[0], "options", 0); + talloc_free(res); + talloc_free(ldb); + + /* if options attribute is 1, then enable the global catlog */ + if (options == 1) { port = 3268; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); -- cgit From 9f2945b00d3ceff42991cce57b05cec48fac18c6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 22 Dec 2006 17:40:34 +0000 Subject: r20322: I assume the options attribute of the nTDSDSA object contains mutiple flags not just 1 for being a global catalog metze (This used to be commit 202645e196b1425f9043bd34dd02a1418e2e3dd9) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c459c27961..4a05ac8851 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -485,8 +485,8 @@ static NTSTATUS add_socket(struct event_context *event_context, talloc_free(res); talloc_free(ldb); - /* if options attribute is 1, then enable the global catlog */ - if (options == 1) { + /* if options attribute has the 0x00000001 flag set, then enable the global catlog */ + if (options & 0x000000001) { port = 3268; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, ldap_service); -- cgit From 9b03286b32a916dbef59f1459eefa01f0ebfeed3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Mar 2007 00:59:06 +0000 Subject: r21806: I've been working over the last week to fix up the LDAP backend for Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817) --- source4/ldap_server/ldap_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 4a05ac8851..738215cda5 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -131,6 +131,7 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, */ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) { + NTSTATUS status; struct ldapsrv_connection *conn = talloc_get_type(private, struct ldapsrv_connection); struct asn1_data asn1; @@ -144,9 +145,10 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) return NT_STATUS_NO_MEMORY; } - if (!ldap_decode(&asn1, msg)) { + status = ldap_decode(&asn1, msg); + if (!NT_STATUS_IS_OK(status)) { asn1_free(&asn1); - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); + return status; } data_blob_free(&blob); -- cgit From 7bb939b1cb2b39a8271cf16d9f5fce5312a9af10 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 May 2007 06:12:06 +0000 Subject: r23030: finally fixed up our asn1 code to use better memory allocation. This should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d) --- source4/ldap_server/ldap_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 738215cda5..9aefbed485 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -134,26 +134,26 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) NTSTATUS status; struct ldapsrv_connection *conn = talloc_get_type(private, struct ldapsrv_connection); - struct asn1_data asn1; + struct asn1_data *asn1 = asn1_init(conn); struct ldap_message *msg = talloc(conn, struct ldap_message); if (msg == NULL) { return NT_STATUS_NO_MEMORY; } - if (!asn1_load(&asn1, blob)) { + if (!asn1_load(asn1, blob)) { return NT_STATUS_NO_MEMORY; } - status = ldap_decode(&asn1, msg); + status = ldap_decode(asn1, msg); if (!NT_STATUS_IS_OK(status)) { - asn1_free(&asn1); + asn1_free(asn1); return status; } data_blob_free(&blob); ldapsrv_process_message(conn, msg); - asn1_free(&asn1); + asn1_free(asn1); return NT_STATUS_OK; } -- cgit From 931f594cf16b8c7f9f416d7a8831432b783a0ec8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 May 2007 12:47:18 +0000 Subject: r23036: error checking on asn1_init() failure (This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2) --- source4/ldap_server/ldap_server.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9aefbed485..03fb10b4de 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -137,11 +137,13 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) struct asn1_data *asn1 = asn1_init(conn); struct ldap_message *msg = talloc(conn, struct ldap_message); - if (msg == NULL) { + if (asn1 == NULL || msg == NULL) { return NT_STATUS_NO_MEMORY; } if (!asn1_load(asn1, blob)) { + talloc_free(msg); + talloc_free(asn1); return NT_STATUS_NO_MEMORY; } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/ldap_server/ldap_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 03fb10b4de..c42ad285ec 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -9,7 +9,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -18,8 +18,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 0b91f3916430d0271eab867675d44c5439de40c2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 29 Aug 2007 13:07:03 +0000 Subject: r24780: More work allowing libutil to be used by external users. (This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190) --- source4/ldap_server/ldap_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c42ad285ec..0de76052d1 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -98,6 +98,7 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, /* build all the replies into a single blob */ while (call->replies) { DATA_BLOB b; + bool ret; msg = call->replies->msg; if (!ldap_encode(msg, &b, call)) { @@ -106,12 +107,12 @@ static void ldapsrv_process_message(struct ldapsrv_connection *conn, return; } - status = data_blob_append(call, &blob, b.data, b.length); + ret = data_blob_append(call, &blob, b.data, b.length); data_blob_free(&b); talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet"); - if (!NT_STATUS_IS_OK(status)) { + if (!ret) { talloc_free(call); return; } -- cgit From 959915a8cbea0c598ef1f29ce666329a521ef2f6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 7 Sep 2007 15:35:18 +0000 Subject: r25001: Fix more C++ and other warnings, fix some of the indentation with ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7) --- source4/ldap_server/ldap_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 0de76052d1..2ea1a96ae7 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -538,7 +538,8 @@ static void ldapsrv_task_init(struct task_server *task) if (!NT_STATUS_IS_OK(status)) goto failed; } } else { - status = add_socket(task->event_ctx, model_ops, lp_socket_address(), ldap_service); + status = add_socket(task->event_ctx, model_ops, + lp_socket_address(), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 2ea1a96ae7..a6753d46fa 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,6 +40,7 @@ #include "system/network.h" #include "lib/socket/netif.h" #include "dsdb/samdb/samdb.h" +#include "param/param.h" /* close the socket and shutdown a server_context */ -- cgit From ee257e902ade941f734d5b647511d14e051ac0d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Sep 2007 12:57:17 +0000 Subject: r25299: Modify the provision script to take an additional argument: --server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40) --- source4/ldap_server/ldap_server.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a6753d46fa..f2ffc401cb 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -513,6 +513,18 @@ static void ldapsrv_task_init(struct task_server *task) NTSTATUS status; const struct model_ops *model_ops; + switch (lp_server_role()) { + case ROLE_STANDALONE: + task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration"); + return; + case ROLE_DOMAIN_MEMBER: + task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration"); + return; + case ROLE_DOMAIN_CONTROLLER: + /* Yes, we want an LDAP server */ + break; + } + task_server_set_title(task, "task[ldapsrv]"); /* run the ldap server as a single process */ -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/ldap_server/ldap_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index f2ffc401cb..8522c59de4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -396,7 +396,7 @@ static void ldapsrv_accept(struct stream_connection *c) return; } - cli_credentials_set_conf(server_credentials); + cli_credentials_set_conf(server_credentials, global_loadparm); status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); @@ -513,7 +513,7 @@ static void ldapsrv_task_init(struct task_server *task) NTSTATUS status; const struct model_ops *model_ops; - switch (lp_server_role()) { + switch (lp_server_role(global_loadparm)) { case ROLE_STANDALONE: task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration"); return; @@ -537,7 +537,7 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service->tls_params = tls_initialise(ldap_service); if (ldap_service->tls_params == NULL) goto failed; - if (lp_interfaces() && lp_bind_interfaces_only()) { + if (lp_interfaces(global_loadparm) && lp_bind_interfaces_only(global_loadparm)) { int num_interfaces = iface_count(); int i; @@ -552,7 +552,7 @@ static void ldapsrv_task_init(struct task_server *task) } } else { status = add_socket(task->event_ctx, model_ops, - lp_socket_address(), ldap_service); + lp_socket_address(global_loadparm), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } -- cgit From 2f1c0eca139371ffa1685f6cb584f1cd3fb302c0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 21:42:58 +0000 Subject: r25548: Convert to standard bool type. (This used to be commit 190d73b44b9b9c6dabbd26212d596d985b25edab) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 8522c59de4..a74d002e9b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -369,7 +369,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->sockets.tls = tls_socket; } else if (port == 3268) /* Global catalog */ { - conn->global_catalog = True; + conn->global_catalog = true; } conn->packet = packet_init(conn); if (conn->packet == NULL) { -- cgit From 716391f10679e82835f42490e1d8a69af2acad82 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 10 Nov 2007 05:31:26 +0100 Subject: r25921: Now also listen on ldapi by default in the LDAP server Create a phpLDAPadmin configuration file example to use ldapi to talk to Samba4 Andrew Bartlett (This used to be commit 54f4c8ba6127757fd272bd97e301188eb69977ed) --- source4/ldap_server/ldap_server.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a74d002e9b..c165eb698a 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -509,6 +509,7 @@ static NTSTATUS add_socket(struct event_context *event_context, */ static void ldapsrv_task_init(struct task_server *task) { + char *ldapi_path; struct ldapsrv_service *ldap_service; NTSTATUS status; const struct model_ops *model_ops; @@ -556,6 +557,19 @@ static void ldapsrv_task_init(struct task_server *task) if (!NT_STATUS_IS_OK(status)) goto failed; } + ldapi_path = private_path(ldap_service, global_loadparm, "ldapi"); + if (!ldapi_path) { + goto failed; + } + + status = stream_setup_socket(task->event_ctx, model_ops, &ldap_stream_ops, + "unix", ldapi_path, NULL, ldap_service); + talloc_free(ldapi_path); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("ldapsrv failed to bind to %s - %s\n", + ldapi_path, nt_errstr(status))); + } + return; failed: -- cgit From f4a1083cf9f64b4d2b65b68942e93861409ea90f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 17:09:52 +0100 Subject: r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad) --- source4/ldap_server/ldap_server.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c165eb698a..1ee37dceff 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -441,6 +441,7 @@ static const struct stream_server_ops ldap_stream_ops = { add a socket address to the list of events, one event per port */ static NTSTATUS add_socket(struct event_context *event_context, + struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const char *address, struct ldapsrv_service *ldap_service) { @@ -471,7 +472,7 @@ static NTSTATUS add_socket(struct event_context *event_context, } /* Load LDAP database */ - ldb = samdb_connect(ldap_service, system_session(ldap_service)); + ldb = samdb_connect(ldap_service, lp_ctx, system_session(ldap_service)); if (!ldb) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -538,7 +539,7 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service->tls_params = tls_initialise(ldap_service); if (ldap_service->tls_params == NULL) goto failed; - if (lp_interfaces(global_loadparm) && lp_bind_interfaces_only(global_loadparm)) { + if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { int num_interfaces = iface_count(); int i; @@ -548,16 +549,16 @@ static void ldapsrv_task_init(struct task_server *task) */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(i); - status = add_socket(task->event_ctx, model_ops, address, ldap_service); + status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } } else { - status = add_socket(task->event_ctx, model_ops, - lp_socket_address(global_loadparm), ldap_service); + status = add_socket(task->event_ctx, task->lp_ctx, model_ops, + lp_socket_address(task->lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } - ldapi_path = private_path(ldap_service, global_loadparm, "ldapi"); + ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi"); if (!ldapi_path) { goto failed; } -- cgit From 51db4c3f3d81d1ed03beae6426786c843ac59807 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 17:56:09 +0100 Subject: r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166) --- source4/ldap_server/ldap_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 1ee37dceff..30afe7c590 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -389,8 +389,7 @@ static void ldapsrv_accept(struct stream_connection *c) /* Ensure we don't get packets until the database is ready below */ packet_recv_disable(conn->packet); - server_credentials - = cli_credentials_init(conn); + server_credentials = cli_credentials_init(conn); if (!server_credentials) { stream_terminate_connection(c, "Failed to init server credentials\n"); return; @@ -515,7 +514,7 @@ static void ldapsrv_task_init(struct task_server *task) NTSTATUS status; const struct model_ops *model_ops; - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration"); return; -- cgit From 291ddf433685ee5c25e172885045a4b60d7bb1ee Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 00:28:07 +0100 Subject: r26237: Add loadparm context to the server service interface. (This used to be commit 1386c5c92505a950c65411b8af74d703ce023f95) --- source4/ldap_server/ldap_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 30afe7c590..51dba26dca 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -581,6 +581,7 @@ failed: listening on all configured sockets */ static NTSTATUS ldapsrv_init(struct event_context *event_context, + struct loadparm_context *lp_ctx, const struct model_ops *model_ops) { return task_server_startup(event_context, model_ops, ldapsrv_task_init); -- cgit From bbdfbf8d9d486aee51117976b8f825759a4c4a37 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 00:28:22 +0100 Subject: r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 51dba26dca..a15b81707c 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -535,7 +535,7 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; - ldap_service->tls_params = tls_initialise(ldap_service); + ldap_service->tls_params = tls_initialise(ldap_service, task->lp_ctx); if (ldap_service->tls_params == NULL) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { -- cgit From ab69eb8d8901d23794c6a298718e67656ef4820e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 15:53:17 +0100 Subject: r26250: Avoid global_loadparm in a couple more places. (This used to be commit 2c6b755309fdf685cd0b0564272bf83038574a43) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a15b81707c..fc22b34b2d 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -404,7 +404,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->server_credentials = server_credentials; /* Connections start out anonymous */ - if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { + if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, global_loadparm, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); return; } -- cgit From 43696d2752e2faad34fb3ed2a7dbf01d40ffdc46 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 15:53:28 +0100 Subject: r26252: Specify loadparm_context explicitly when creating sessions. (This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index fc22b34b2d..9d6de732cf 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -471,7 +471,7 @@ static NTSTATUS add_socket(struct event_context *event_context, } /* Load LDAP database */ - ldb = samdb_connect(ldap_service, lp_ctx, system_session(ldap_service)); + ldb = samdb_connect(ldap_service, lp_ctx, system_session(ldap_service, lp_ctx)); if (!ldb) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From 2f8dc4f48f1802baa3405e7803563f6840e0d1b3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 21:25:06 +0100 Subject: r26266: Remove more global_loadparm uses. (This used to be commit 99113075c4a96679bcec4f4d6bba4acb3dee4245) --- source4/ldap_server/ldap_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9d6de732cf..2898d131c9 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -345,6 +345,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->connection = c; conn->service = ldapsrv_service; conn->sockets.raw = c->socket; + conn->lp_ctx = global_loadparm; c->private = conn; @@ -395,7 +396,7 @@ static void ldapsrv_accept(struct stream_connection *c) return; } - cli_credentials_set_conf(server_credentials, global_loadparm); + cli_credentials_set_conf(server_credentials, conn->lp_ctx); status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); @@ -404,7 +405,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->server_credentials = server_credentials; /* Connections start out anonymous */ - if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, global_loadparm, &conn->session_info))) { + if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, conn->lp_ctx, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); return; } -- cgit From 2f5ca872a80ad872ab864061f0c6982d8605393f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 16:54:34 +0100 Subject: r26313: Fix more uses of static loadparm. (This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608) --- source4/ldap_server/ldap_server.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 2898d131c9..81988b60f6 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -454,7 +454,9 @@ static NTSTATUS add_socket(struct event_context *event_context, int options; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, - "ipv4", address, &port, ldap_service); + "ipv4", address, &port, + lp_socket_options(lp_ctx), + ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); @@ -464,7 +466,9 @@ static NTSTATUS add_socket(struct event_context *event_context, /* add ldaps server */ port = 636; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, - "ipv4", address, &port, ldap_service); + "ipv4", address, &port, + lp_socket_options(lp_ctx), + ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); @@ -495,7 +499,9 @@ static NTSTATUS add_socket(struct event_context *event_context, if (options & 0x000000001) { port = 3268; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, - "ipv4", address, &port, ldap_service); + "ipv4", address, &port, + lp_socket_options(lp_ctx), + ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); @@ -564,7 +570,9 @@ static void ldapsrv_task_init(struct task_server *task) } status = stream_setup_socket(task->event_ctx, model_ops, &ldap_stream_ops, - "unix", ldapi_path, NULL, ldap_service); + "unix", ldapi_path, NULL, + lp_socket_options(task->lp_ctx), + ldap_service); talloc_free(ldapi_path); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s - %s\n", -- cgit From c5bf20c5fe7eaa04cd11a7ce4f365aa6ffd7b124 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 23:57:22 +0100 Subject: r26325: Remove use of global_loadparm in netif. (This used to be commit e452cb28594f23add7c00247ed39e8323aea78a6) --- source4/ldap_server/ldap_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 81988b60f6..99889f1f7f 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -546,7 +546,7 @@ static void ldapsrv_task_init(struct task_server *task) if (ldap_service->tls_params == NULL) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { - int num_interfaces = iface_count(); + int num_interfaces = iface_count(task->lp_ctx); int i; /* We have been given an interfaces line, and been @@ -554,7 +554,7 @@ static void ldapsrv_task_init(struct task_server *task) socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { - const char *address = iface_n_ip(i); + const char *address = iface_n_ip(task->lp_ctx, i); status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } -- cgit From 6f2252dace1629d7b5c5637b103caa28d2c89b07 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Dec 2007 22:23:14 +0100 Subject: r26401: Don't cache interfaces context in libnetif. (This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153) --- source4/ldap_server/ldap_server.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 99889f1f7f..9d3fa0ada4 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -546,15 +546,19 @@ static void ldapsrv_task_init(struct task_server *task) if (ldap_service->tls_params == NULL) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { - int num_interfaces = iface_count(task->lp_ctx); + struct interface *ifaces; + int num_interfaces; int i; + load_interfaces(lp_interfaces(task->lp_ctx), &ifaces); + num_interfaces = iface_count(ifaces); + /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { - const char *address = iface_n_ip(task->lp_ctx, i); + const char *address = iface_n_ip(ifaces, i); status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } -- cgit From 70f1f33af8e6e82506d0ee9ff6cc7e0923a7d0a1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Dec 2007 22:23:20 +0100 Subject: r26402: Require a talloc context in libnetif. (This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9d3fa0ada4..f0b5e56205 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -550,7 +550,7 @@ static void ldapsrv_task_init(struct task_server *task) int num_interfaces; int i; - load_interfaces(lp_interfaces(task->lp_ctx), &ifaces); + load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces); num_interfaces = iface_count(ifaces); /* We have been given an interfaces line, and been -- cgit From a2cea02584256e2cf59da5420e8e080e70c66939 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 22:46:17 +0100 Subject: r26430: require explicit specification of loadparm context. (This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index f0b5e56205..a2521ca406 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -397,7 +397,7 @@ static void ldapsrv_accept(struct stream_connection *c) } cli_credentials_set_conf(server_credentials, conn->lp_ctx); - status = cli_credentials_set_machine_account(server_credentials); + status = cli_credentials_set_machine_account(server_credentials, conn->lp_ctx); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); return; -- cgit From 636c9a7c719ef24205c40b8e2018d83040520490 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 3 Jan 2008 04:40:24 -0600 Subject: r26648: Move detection of global catalog captability to a central function, so this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907) --- source4/ldap_server/ldap_server.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index a2521ca406..9bb1279a99 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -447,11 +447,7 @@ static NTSTATUS add_socket(struct event_context *event_context, { uint16_t port = 389; NTSTATUS status; - const char *attrs[] = { "options", NULL }; - int ret; - struct ldb_result *res; struct ldb_context *ldb; - int options; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, @@ -481,22 +477,7 @@ static NTSTATUS add_socket(struct event_context *event_context, return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* Query cn=ntds settings,.... */ - ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, &res); - if (ret) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - if (res->count != 1) { - talloc_free(res); - return NT_STATUS_NOT_FOUND; - } - - options = ldb_msg_find_attr_as_int(res->msgs[0], "options", 0); - talloc_free(res); - talloc_free(ldb); - - /* if options attribute has the 0x00000001 flag set, then enable the global catlog */ - if (options & 0x000000001) { + if (samdb_is_gc(ldb)) { port = 3268; status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, "ipv4", address, &port, -- cgit From 2c8c9a535500e40084c4810da1890df8d9415659 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 5 Jan 2008 15:36:33 -0600 Subject: r26669: Janitorial: Remove uses of global_loadparm. (This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41) --- source4/ldap_server/ldap_server.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9bb1279a99..c7b1099166 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -345,7 +345,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->connection = c; conn->service = ldapsrv_service; conn->sockets.raw = c->socket; - conn->lp_ctx = global_loadparm; + conn->lp_ctx = ldapsrv_service->task->lp_ctx; c->private = conn; @@ -523,6 +523,8 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; + ldap_service->task = task; + ldap_service->tls_params = tls_initialise(ldap_service, task->lp_ctx); if (ldap_service->tls_params == NULL) goto failed; -- cgit From df408d056ec03f2abe08ce0ea487e1875b90e7bf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 5 Jan 2008 19:03:43 -0600 Subject: r26672: Janitorial: Remove uses of global_loadparm. (This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00) --- source4/ldap_server/ldap_server.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index c7b1099166..fcc9435ead 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -449,7 +449,8 @@ static NTSTATUS add_socket(struct event_context *event_context, NTSTATUS status; struct ldb_context *ldb; - status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + status = stream_setup_socket(event_context, lp_ctx, + model_ops, &ldap_stream_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); @@ -461,7 +462,8 @@ static NTSTATUS add_socket(struct event_context *event_context, if (tls_support(ldap_service->tls_params)) { /* add ldaps server */ port = 636; - status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + status = stream_setup_socket(event_context, lp_ctx, + model_ops, &ldap_stream_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); @@ -479,7 +481,8 @@ static NTSTATUS add_socket(struct event_context *event_context, if (samdb_is_gc(ldb)) { port = 3268; - status = stream_setup_socket(event_context, model_ops, &ldap_stream_ops, + status = stream_setup_socket(event_context, lp_ctx, + model_ops, &ldap_stream_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); @@ -556,7 +559,8 @@ static void ldapsrv_task_init(struct task_server *task) goto failed; } - status = stream_setup_socket(task->event_ctx, model_ops, &ldap_stream_ops, + status = stream_setup_socket(task->event_ctx, task->lp_ctx, + model_ops, &ldap_stream_ops, "unix", ldapi_path, NULL, lp_socket_options(task->lp_ctx), ldap_service); @@ -580,7 +584,8 @@ static NTSTATUS ldapsrv_init(struct event_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops) { - return task_server_startup(event_context, model_ops, ldapsrv_task_init); + return task_server_startup(event_context, lp_ctx, model_ops, + ldapsrv_task_init); } -- cgit From 939edd0eb7c3952859afb802c8e542449a2c4031 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 15 Jan 2008 01:04:38 +0100 Subject: util: Move asn1 to lib/util to trim down the number of subsystems. (This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index fcc9435ead..8380775c28 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -27,7 +27,7 @@ #include "auth/credentials/credentials.h" #include "librpc/gen_ndr/ndr_samr.h" #include "lib/util/dlinklist.h" -#include "libcli/util/asn_1.h" +#include "lib/util/asn1.h" #include "ldap_server/ldap_server.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" -- cgit From 23d681caf9c1186999ac676d70a1eb0e8a43e358 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 4 Feb 2008 17:48:51 +1100 Subject: Rework service init functions to pass down service name. This is needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0) --- source4/ldap_server/ldap_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 8380775c28..f9c763eec7 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -584,7 +584,7 @@ static NTSTATUS ldapsrv_init(struct event_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops) { - return task_server_startup(event_context, lp_ctx, model_ops, + return task_server_startup(event_context, lp_ctx, "ldap", model_ops, ldapsrv_task_init); } -- cgit From 0f8eeb81ec109cde681961614fb690f8373fa9c6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 4 Feb 2008 21:58:29 +1100 Subject: Remove useless layer of indirection, where every service called task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db) --- source4/ldap_server/ldap_server.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index f9c763eec7..5b2519c035 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -576,20 +576,8 @@ failed: task_server_terminate(task, "Failed to startup ldap server task"); } -/* - called on startup of the web server service It's job is to start - listening on all configured sockets -*/ -static NTSTATUS ldapsrv_init(struct event_context *event_context, - struct loadparm_context *lp_ctx, - const struct model_ops *model_ops) -{ - return task_server_startup(event_context, lp_ctx, "ldap", model_ops, - ldapsrv_task_init); -} - NTSTATUS server_service_ldap_init(void) { - return register_server_service("ldap", ldapsrv_init); + return register_server_service("ldap", ldapsrv_task_init); } -- cgit From 1c1c6fca660c304630672e87c20819daf8e008fc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Mar 2008 13:32:15 +1100 Subject: Fix more valgrind issues. This passes down the timeout more consistantly, and ensures that no matter how the modules screw up, we don't free() the memory we are going to write into the ASN1 packet until we actually write it out. Andrew Bartlett (This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343) --- source4/ldap_server/ldap_server.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5b2519c035..ce80941e03 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -155,8 +155,10 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) } data_blob_free(&blob); - ldapsrv_process_message(conn, msg); + talloc_steal(conn, msg); asn1_free(asn1); + + ldapsrv_process_message(conn, msg); return NT_STATUS_OK; } -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/ldap_server/ldap_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ce80941e03..11cb63e07b 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -37,6 +37,8 @@ #include "lib/messaging/irpc.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" +#include "libcli/ldap/ldap.h" +#include "libcli/ldap/ldap_proto.h" #include "system/network.h" #include "lib/socket/netif.h" #include "dsdb/samdb/samdb.h" -- cgit From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 12:23:44 +0200 Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to be commit b4e1ae07a284c044704322446c94351c2decff91) --- source4/ldap_server/ldap_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 11cb63e07b..197f84692c 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -409,7 +409,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->server_credentials = server_credentials; /* Connections start out anonymous */ - if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, conn->lp_ctx, &conn->session_info))) { + if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, c->event.ctx, conn->lp_ctx, &conn->session_info))) { ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); return; } @@ -478,7 +478,8 @@ static NTSTATUS add_socket(struct event_context *event_context, } /* Load LDAP database */ - ldb = samdb_connect(ldap_service, lp_ctx, system_session(ldap_service, lp_ctx)); + ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx, + lp_ctx, system_session(ldap_service, lp_ctx)); if (!ldb) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From 376b2a29d6a5d56be8539beec80540772cda875e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Jul 2008 11:11:25 +1000 Subject: Don't keep an extra ldb around forever. We just open it to figure out if we need to be a Global Catalog server. Andrew Bartlett (This used to be commit f13572d9e9f1962b637cbd573588184d1459d252) --- source4/ldap_server/ldap_server.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 197f84692c..39a55f4420 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -477,7 +477,7 @@ static NTSTATUS add_socket(struct event_context *event_context, } } - /* Load LDAP database */ + /* Load LDAP database, but only to read our settings */ ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx, lp_ctx, system_session(ldap_service, lp_ctx)); if (!ldb) { @@ -497,6 +497,10 @@ static NTSTATUS add_socket(struct event_context *event_context, } } + /* And once we are bound, free the tempoary ldb, it will + * connect again on each incoming LDAP connection */ + talloc_free(ldb); + return status; } -- cgit