From bab977dad76e9204278c7afe0bb905cda064f488 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 16 Jun 2005 05:39:40 +0000 Subject: r7626: a new ldap client library. Main features are: - hooked into events system, so requests can be truly async and won't interfere with other processing happening at the same time - uses NTSTATUS codes for errors (previously errors were mostly ignored). In a similar fashion to the DOS error handling, I have reserved a range of the NTSTATUS code 32 bit space for LDAP error codes, so a function can return a LDAP error code in a NTSTATUS - much cleaner packet handling (This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0) --- source4/libcli/ldap/ldap_client.h | 86 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 source4/libcli/ldap/ldap_client.h (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h new file mode 100644 index 0000000000..719c3639c1 --- /dev/null +++ b/source4/libcli/ldap/ldap_client.h @@ -0,0 +1,86 @@ +/* + Unix SMB/CIFS Implementation. + + ldap client side header + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +enum ldap_request_state {LDAP_REQUEST_SEND, LDAP_REQUEST_PENDING, LDAP_REQUEST_DONE}; + +/* this is the handle that the caller gets when an async ldap message + is sent */ +struct ldap_request { + struct ldap_request *next, *prev; + struct ldap_connection *conn; + + enum ldap_request_tag type; + int messageid; + enum ldap_request_state state; + + int num_replies; + struct ldap_message **replies; + + NTSTATUS status; + DATA_BLOB data; + struct { + void (*fn)(struct ldap_request *); + void *private; + } async; +}; + + +/* main context for a ldap client connection */ +struct ldap_connection { + struct socket_context *sock; + char *host; + uint16_t port; + BOOL ldaps; + + const char *auth_dn; + const char *simple_pw; + + /* next message id to assign */ + unsigned next_messageid; + + /* outgoing send queue */ + struct ldap_request *send_queue; + + /* Outstanding LDAP requests that have not yet been replied to */ + struct ldap_request *pending; + + /* Let's support SASL */ + struct gensec_security *gensec; + + /* set if we are wrapping requests */ + BOOL enable_wrap; + + /* partially received packet */ + DATA_BLOB partial; + + /* the default timeout for messages */ + int timeout; + + /* last error message */ + char *last_error; + + struct { + struct event_context *event_ctx; + struct fd_event *fde; + } event; +}; -- cgit From 5eccf719fba324e9f1ce4a5b425b29a25125d4f1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 20 Jun 2005 01:17:29 +0000 Subject: r7770: added ldaps support to our ldap client library (This used to be commit 8f5c2e8682795258a6361b9516a38a8fabdef150) --- source4/libcli/ldap/ldap_client.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 719c3639c1..b61f765b40 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -47,6 +47,7 @@ struct ldap_request { /* main context for a ldap client connection */ struct ldap_connection { + struct tls_context *tls; struct socket_context *sock; char *host; uint16_t port; -- cgit From 69307693dc47cdaa931551c99914e85273037886 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 5 Nov 2005 23:46:57 +0000 Subject: r11528: Separate finding dcs from initializing a domain. Makes it easier to possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253) --- source4/libcli/ldap/ldap_client.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index b61f765b40..38e043da1f 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -21,6 +21,8 @@ */ +#include "libcli/ldap/ldap.h" + enum ldap_request_state {LDAP_REQUEST_SEND, LDAP_REQUEST_PENDING, LDAP_REQUEST_DONE}; /* this is the handle that the caller gets when an async ldap message -- cgit From 65baaafc34b2befac50541c5aef86e5d906d2797 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Nov 2005 00:28:02 +0000 Subject: r11620: switch the ldap client code over to using the generic packet code (This used to be commit 1d29ad2a27d89454e5e3c4a3cf05cc5edde0208c) --- source4/libcli/ldap/ldap_client.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 38e043da1f..ee458dc5b0 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -61,9 +61,6 @@ struct ldap_connection { /* next message id to assign */ unsigned next_messageid; - /* outgoing send queue */ - struct ldap_request *send_queue; - /* Outstanding LDAP requests that have not yet been replied to */ struct ldap_request *pending; @@ -73,9 +70,6 @@ struct ldap_connection { /* set if we are wrapping requests */ BOOL enable_wrap; - /* partially received packet */ - DATA_BLOB partial; - /* the default timeout for messages */ int timeout; @@ -86,4 +80,6 @@ struct ldap_connection { struct event_context *event_ctx; struct fd_event *fde; } event; + + struct packet_context *packet; }; -- cgit From 00fe70e5b917769418f68eaa255d3a06a9a08ce7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Feb 2006 01:31:35 +0000 Subject: r13609: Get in the initial work on making ldb async Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5) --- source4/libcli/ldap/ldap_client.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index ee458dc5b0..3f71c42f22 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -42,8 +42,10 @@ struct ldap_request { DATA_BLOB data; struct { void (*fn)(struct ldap_request *); - void *private; + void *private_data; } async; + + struct timed_event *time_event; }; -- cgit From 8f164299473553ee28f4fbf1d9a120840c5e5feb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 25 Apr 2006 11:50:32 +0000 Subject: r15238: Add some code to automatically reconnect if we want to. (This used to be commit e2102999e26566543162455b34adbd2b0486b74d) --- source4/libcli/ldap/ldap_client.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 3f71c42f22..7801f8b6bc 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -23,7 +23,7 @@ #include "libcli/ldap/ldap.h" -enum ldap_request_state {LDAP_REQUEST_SEND, LDAP_REQUEST_PENDING, LDAP_REQUEST_DONE}; +enum ldap_request_state { LDAP_REQUEST_SEND=1, LDAP_REQUEST_PENDING=2, LDAP_REQUEST_DONE=3, LDAP_REQUEST_ERROR=4 }; /* this is the handle that the caller gets when an async ldap message is sent */ @@ -60,6 +60,18 @@ struct ldap_connection { const char *auth_dn; const char *simple_pw; + struct { + char *url; + int max_retries; + int retries; + time_t previous; + } reconnect; + + struct { + enum { LDAP_BIND_SIMPLE, LDAP_BIND_SASL } type; + void *creds; + } bind; + /* next message id to assign */ unsigned next_messageid; -- cgit From 742c110cd67f4995639822981e8bfcb1f652f2c4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 May 2006 20:15:47 +0000 Subject: r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497) --- source4/libcli/ldap/ldap_client.h | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 7801f8b6bc..28b9f2763c 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -51,7 +51,6 @@ struct ldap_request { /* main context for a ldap client connection */ struct ldap_connection { - struct tls_context *tls; struct socket_context *sock; char *host; uint16_t port; -- cgit From ba07fa43d0b0090f5e686d8c1822468049f52416 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 23 Jul 2006 02:50:08 +0000 Subject: r17197: This patch moves the encryption of bulk data on SASL negotiated security contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0) --- source4/libcli/ldap/ldap_client.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 28b9f2763c..849737d8a9 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -80,9 +80,6 @@ struct ldap_connection { /* Let's support SASL */ struct gensec_security *gensec; - /* set if we are wrapping requests */ - BOOL enable_wrap; - /* the default timeout for messages */ int timeout; -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/libcli/ldap/ldap_client.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 849737d8a9..0850e8ff64 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From 61ffa08f4c95e29d301de9fbabd6e71c2dbc1056 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 27 Aug 2007 18:10:19 +0000 Subject: r24712: No longer expose the 'BOOL' data type in any interfaces. (This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae) --- source4/libcli/ldap/ldap_client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index 0850e8ff64..d2a12ee8b5 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -53,7 +53,7 @@ struct ldap_connection { struct socket_context *sock; char *host; uint16_t port; - BOOL ldaps; + bool ldaps; const char *auth_dn; const char *simple_pw; -- cgit From b65dba2245bf382c47d65c95ac9b1efa43918fc0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 04:33:16 +0100 Subject: r26355: Eliminate global_loadparm in more places. (This used to be commit 5d589a0d94bd76a9b4c9fc748854e8098ea43c4d) --- source4/libcli/ldap/ldap_client.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index d2a12ee8b5..d5ff441aff 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -51,6 +51,8 @@ struct ldap_request { /* main context for a ldap client connection */ struct ldap_connection { struct socket_context *sock; + struct loadparm_context *lp_ctx; + char *host; uint16_t port; bool ldaps; -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/libcli/ldap/ldap_client.h | 44 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'source4/libcli/ldap/ldap_client.h') diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h index d5ff441aff..13b0bf725c 100644 --- a/source4/libcli/ldap/ldap_client.h +++ b/source4/libcli/ldap/ldap_client.h @@ -94,3 +94,47 @@ struct ldap_connection { struct packet_context *packet; }; + +struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct event_context *ev); + +NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url); +struct composite_context *ldap_connect_send(struct ldap_connection *conn, + const char *url); + +NTSTATUS ldap_rebind(struct ldap_connection *conn); +NTSTATUS ldap_bind_simple(struct ldap_connection *conn, + const char *userdn, const char *password); +NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, + struct cli_credentials *creds, + struct loadparm_context *lp_ctx); +struct ldap_request *ldap_request_send(struct ldap_connection *conn, + struct ldap_message *msg); +NTSTATUS ldap_request_wait(struct ldap_request *req); +struct composite_context; +NTSTATUS ldap_connect_recv(struct composite_context *ctx); +NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg); +NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type); +NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg); +const char *ldap_errstr(struct ldap_connection *conn, + TALLOC_CTX *mem_ctx, + NTSTATUS status); +NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r); +void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries); +int ildap_count_entries(struct ldap_connection *conn, struct ldap_message **res); +NTSTATUS ildap_search_bytree(struct ldap_connection *conn, const char *basedn, + int scope, struct ldb_parse_tree *tree, + const char * const *attrs, bool attributesonly, + struct ldb_control **control_req, + struct ldb_control ***control_res, + struct ldap_message ***results); +NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, + int scope, const char *expression, + const char * const *attrs, bool attributesonly, + struct ldb_control **control_req, + struct ldb_control ***control_res, + struct ldap_message ***results); + + + -- cgit