The branch, master has been updated via 023164f77e36694f4dc7435119f28f42ea0fb0ec (commit) via f6b0a99cefaedfa7642af31f8fcc4457bacb07a3 (commit) via 7b1c5c94f6a08108d90a73ba78a91df661d68064 (commit) via 18b30e5646d7a484c1714eac9b9ce1f8c1a8241a (commit) via 7aaec963c1764869b042240fb5b5d6a339ee052b (commit) via ef0fa403f1c5d670b7991770e7fbb8394879de4b (commit) via 536318549fba35a4d9eb60fbb2d0e91b88c44a7b (commit) via 1ab9c1a40290fbecf8b7090492363eab0443c7c6 (commit) via 12184d413205d2ad7cbb9e1aaf2db97c7bcb4fc2 (commit) via d1922725c66c9f4de25c1d664ae03c90e6c098fb (commit) via dc03a328d8ff55df30a5b996b4a17e82db29708b (commit) from d7ca4997017e86b6f23ced64f1f1672bfb15716b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 023164f77e36694f4dc7435119f28f42ea0fb0ec Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 14:23:12 2009 +0100 s3:Makefile: build libcli/ldap files metze commit f6b0a99cefaedfa7642af31f8fcc4457bacb07a3 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 16:49:26 2009 +0100 libcli/ldap: move generic ldap control encoding code to ldap_message.c As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze commit 7b1c5c94f6a08108d90a73ba78a91df661d68064 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 14:45:01 2009 +0100 s4:libcli/ldap: don't use 'void **out' as arguments as the behavior is not defined in C. metze commit 18b30e5646d7a484c1714eac9b9ce1f8c1a8241a Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 12:50:43 2009 +0100 libcli/ldap: move ldap_ndr from source4/ to toplevel metze commit 7aaec963c1764869b042240fb5b5d6a339ee052b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 12:29:59 2009 +0100 libcli/ldap: fix compiler warnings metze commit ef0fa403f1c5d670b7991770e7fbb8394879de4b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 16:52:37 2009 +0100 libcli/ldap: move ldap_errors.h to the toplevel and install it metze commit 536318549fba35a4d9eb60fbb2d0e91b88c44a7b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 12:13:41 2009 +0100 libcli/ldap: move ldap_message.[ch] from source4/ to the toplevel metze commit 1ab9c1a40290fbecf8b7090492363eab0443c7c6 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 12:09:11 2009 +0100 s4:libcli/ldap: remove reference to DEBUG() This prepares using ldap_message.c in source3/ later metze commit 12184d413205d2ad7cbb9e1aaf2db97c7bcb4fc2 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 11:40:18 2009 +0100 s4:libcli: split out LIBCLI_LDAP_MESSAGE subsystem metze commit d1922725c66c9f4de25c1d664ae03c90e6c098fb Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 14:06:27 2009 +0100 s3: remove unused smb_ldap.h metze commit dc03a328d8ff55df30a5b996b4a17e82db29708b Author: Stefan Metzmacher <me...@samba.org> Date: Tue Feb 24 15:28:54 2009 +0100 s3:example/VFS: fix the build metze ----------------------------------------------------------------------- Summary of changes: examples/VFS/skel_opaque.c | 6 +- examples/VFS/skel_transparent.c | 6 +- libcli/ldap/config.mk | 15 + libcli/ldap/ldap_errors.h | 68 ++ libcli/ldap/ldap_message.c | 1611 ++++++++++++++++++++++++++++ libcli/ldap/ldap_message.h | 235 ++++ libcli/ldap/ldap_ndr.c | 96 ++ {source4/libcli => libcli}/ldap/ldap_ndr.h | 0 source3/Makefile.in | 23 +- source3/include/includes.h | 2 - source3/include/smb_ldap.h | 255 ----- source4/headermap.txt | 4 +- source4/ldap_server/ldap_server.c | 4 +- source4/libcli/cldap/cldap.c | 12 +- source4/libcli/ldap/config.mk | 16 +- source4/libcli/ldap/ldap.c | 1411 ------------------------ source4/libcli/ldap/ldap.h | 191 +---- source4/libcli/ldap/ldap_client.c | 4 +- source4/libcli/ldap/ldap_controls.c | 168 +--- source4/libcli/ldap/ldap_errors.h | 66 -- source4/libcli/ldap/ldap_msg.c | 87 -- source4/libcli/ldap/ldap_ndr.c | 96 -- source4/libcli/util/nterr.c | 2 +- source4/main.mk | 2 + 24 files changed, 2098 insertions(+), 2282 deletions(-) create mode 100644 libcli/ldap/config.mk create mode 100644 libcli/ldap/ldap_errors.h create mode 100644 libcli/ldap/ldap_message.c create mode 100644 libcli/ldap/ldap_message.h create mode 100644 libcli/ldap/ldap_ndr.c rename {source4/libcli => libcli}/ldap/ldap_ndr.h (100%) delete mode 100644 source3/include/smb_ldap.h delete mode 100644 source4/libcli/ldap/ldap.c delete mode 100644 source4/libcli/ldap/ldap_errors.h delete mode 100644 source4/libcli/ldap/ldap_msg.c delete mode 100644 source4/libcli/ldap/ldap_ndr.c Changeset truncated at 500 lines: diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index 5845f62..118a5b9 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -85,9 +85,11 @@ static SMB_STRUCT_DIR *skel_opendir(vfs_handle_struct *handle, const char *fnam return vfswrap_opendir(NULL, fname, mask, attr); } -static SMB_STRUCT_DIRENT *skel_readdir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp) +static SMB_STRUCT_DIRENT *skel_readdir(vfs_handle_struct *handle, + SMB_STRUCT_DIR *dirp, + SMB_STRUCT_STAT *sbuf) { - return vfswrap_readdir(NULL, dirp); + return vfswrap_readdir(NULL, dirp, sbuf); } static void skel_seekdir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp, long offset) diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index 7036c73..a95b5ae 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -79,9 +79,11 @@ static SMB_STRUCT_DIR *skel_opendir(vfs_handle_struct *handle, const char *fnam return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr); } -static SMB_STRUCT_DIRENT *skel_readdir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp) +static SMB_STRUCT_DIRENT *skel_readdir(vfs_handle_struct *handle, + SMB_STRUCT_DIR *dirp, + SMB_STRUCT_STAT *sbuf) { - return SMB_VFS_NEXT_READDIR(handle, dirp); + return SMB_VFS_NEXT_READDIR(handle, dirp, sbuf); } static void skel_seekdir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp, long offset) diff --git a/libcli/ldap/config.mk b/libcli/ldap/config.mk new file mode 100644 index 0000000..22cad8c --- /dev/null +++ b/libcli/ldap/config.mk @@ -0,0 +1,15 @@ +[SUBSYSTEM::LIBCLI_LDAP_MESSAGE] +PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTALLOC LIBLDB +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL ASN1_UTIL + +LIBCLI_LDAP_MESSAGE_OBJ_FILES = $(addprefix ../libcli/ldap/, \ + ldap_message.o) +PUBLIC_HEADERS += ../libcli/ldap/ldap_message.h ../libcli/ldap/ldap_errors.h + +[SUBSYSTEM::LIBCLI_LDAP_NDR] +PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTALLOC +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB NDR_MISC NDR_SECURITY + +LIBCLI_LDAP_NDR_OBJ_FILES = ../libcli/ldap/ldap_ndr.o +PUBLIC_HEADERS += ../libcli/ldap/ldap_ndr.h + diff --git a/libcli/ldap/ldap_errors.h b/libcli/ldap/ldap_errors.h new file mode 100644 index 0000000..fa929c6 --- /dev/null +++ b/libcli/ldap/ldap_errors.h @@ -0,0 +1,68 @@ +/* + Unix SMB/CIFS Implementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Volker Lendecke 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +*/ + +#ifndef _SMB_LDAP_ERRORS_H_ +#define _SMB_LDAP_ERRORS_H_ + +#ifndef LDAP_SUCCESS +enum ldap_result_code { + LDAP_SUCCESS = 0, + LDAP_OPERATIONS_ERROR = 1, + LDAP_PROTOCOL_ERROR = 2, + LDAP_TIME_LIMIT_EXCEEDED = 3, + LDAP_SIZE_LIMIT_EXCEEDED = 4, + LDAP_COMPARE_FALSE = 5, + LDAP_COMPARE_TRUE = 6, + LDAP_AUTH_METHOD_NOT_SUPPORTED = 7, + LDAP_STRONG_AUTH_REQUIRED = 8, + LDAP_REFERRAL = 10, + LDAP_ADMIN_LIMIT_EXCEEDED = 11, + LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12, + LDAP_CONFIDENTIALITY_REQUIRED = 13, + LDAP_SASL_BIND_IN_PROGRESS = 14, + LDAP_NO_SUCH_ATTRIBUTE = 16, + LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17, + LDAP_INAPPROPRIATE_MATCHING = 18, + LDAP_CONSTRAINT_VIOLATION = 19, + LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20, + LDAP_INVALID_ATTRIBUTE_SYNTAX = 21, + LDAP_NO_SUCH_OBJECT = 32, + LDAP_ALIAS_PROBLEM = 33, + LDAP_INVALID_DN_SYNTAX = 34, + LDAP_ALIAS_DEREFERENCING_PROBLEM = 36, + LDAP_INAPPROPRIATE_AUTHENTICATION = 48, + LDAP_INVALID_CREDENTIALS = 49, + LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50, + LDAP_BUSY = 51, + LDAP_UNAVAILABLE = 52, + LDAP_UNWILLING_TO_PERFORM = 53, + LDAP_LOOP_DETECT = 54, + LDAP_NAMING_VIOLATION = 64, + LDAP_OBJECT_CLASS_VIOLATION = 65, + LDAP_NOT_ALLOWED_ON_NON_LEAF = 66, + LDAP_NOT_ALLOWED_ON_RDN = 67, + LDAP_ENTRY_ALREADY_EXISTS = 68, + LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69, + LDAP_AFFECTS_MULTIPLE_DSAS = 71, + LDAP_OTHER = 80 +}; +#endif + +#endif /* _SMB_LDAP_ERRORS_H_ */ diff --git a/libcli/ldap/ldap_message.c b/libcli/ldap/ldap_message.c new file mode 100644 index 0000000..9b00d01 --- /dev/null +++ b/libcli/ldap/ldap_message.c @@ -0,0 +1,1611 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + + Copyright (C) Andrew Tridgell 2004 + Copyright (C) Volker Lendecke 2004 + Copyright (C) Stefan Metzmacher 2004 + Copyright (C) Simo Sorce 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +*/ + +#include "includes.h" +#include "../lib/util/asn1.h" +#include "../libcli/ldap/ldap_message.h" + +_PUBLIC_ struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx) +{ + return talloc_zero(mem_ctx, struct ldap_message); +} + + +static bool add_value_to_attrib(TALLOC_CTX *mem_ctx, struct ldb_val *value, + struct ldb_message_element *attrib) +{ + attrib->values = talloc_realloc(mem_ctx, + attrib->values, + DATA_BLOB, + attrib->num_values+1); + if (attrib->values == NULL) + return false; + + attrib->values[attrib->num_values].data = talloc_steal(attrib->values, + value->data); + attrib->values[attrib->num_values].length = value->length; + attrib->num_values += 1; + return true; +} + +static bool add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx, + const struct ldb_message_element *attrib, + struct ldb_message_element **attribs, + int *num_attribs) +{ + *attribs = talloc_realloc(mem_ctx, + *attribs, + struct ldb_message_element, + *num_attribs+1); + + if (*attribs == NULL) + return false; + + (*attribs)[*num_attribs] = *attrib; + talloc_steal(*attribs, attrib->values); + talloc_steal(*attribs, attrib->name); + *num_attribs += 1; + return true; +} + +static bool add_mod_to_array_talloc(TALLOC_CTX *mem_ctx, + struct ldap_mod *mod, + struct ldap_mod **mods, + int *num_mods) +{ + *mods = talloc_realloc(mem_ctx, *mods, struct ldap_mod, (*num_mods)+1); + + if (*mods == NULL) + return false; + + (*mods)[*num_mods] = *mod; + *num_mods += 1; + return true; +} + +static bool ldap_decode_control_value(void *mem_ctx, DATA_BLOB value, + const struct ldap_control_handler *handlers, + struct ldb_control *ctrl) +{ + int i; + + if (!handlers) { + return true; + } + + for (i = 0; handlers[i].oid != NULL; i++) { + if (strcmp(handlers[i].oid, ctrl->oid) == 0) { + if (!handlers[i].decode || !handlers[i].decode(mem_ctx, value, &ctrl->data)) { + return false; + } + break; + } + } + if (handlers[i].oid == NULL) { + return false; + } + + return true; +} + +static bool ldap_decode_control_wrapper(void *mem_ctx, struct asn1_data *data, + struct ldb_control *ctrl, DATA_BLOB *value) +{ + DATA_BLOB oid; + + if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) { + return false; + } + + if (!asn1_read_OctetString(data, mem_ctx, &oid)) { + return false; + } + ctrl->oid = talloc_strndup(mem_ctx, (char *)oid.data, oid.length); + if (!ctrl->oid) { + return false; + } + + if (asn1_peek_tag(data, ASN1_BOOLEAN)) { + bool critical; + if (!asn1_read_BOOLEAN(data, &critical)) { + return false; + } + ctrl->critical = critical; + } else { + ctrl->critical = false; + } + + ctrl->data = NULL; + + if (!asn1_peek_tag(data, ASN1_OCTET_STRING)) { + *value = data_blob(NULL, 0); + goto end_tag; + } + + if (!asn1_read_OctetString(data, mem_ctx, value)) { + return false; + } + +end_tag: + if (!asn1_end_tag(data)) { + return false; + } + + return true; +} + +static bool ldap_encode_control(void *mem_ctx, struct asn1_data *data, + const struct ldap_control_handler *handlers, + struct ldb_control *ctrl) +{ + DATA_BLOB value; + int i; + + if (!handlers) { + return false; + } + + for (i = 0; handlers[i].oid != NULL; i++) { + if (strcmp(handlers[i].oid, ctrl->oid) == 0) { + if (!handlers[i].encode) { + if (ctrl->critical) { + return false; + } else { + /* not encoding this control */ + return true; + } + } + if (!handlers[i].encode(mem_ctx, ctrl->data, &value)) { + return false; + } + break; + } + } + if (handlers[i].oid == NULL) { + return false; + } + + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { + return false; + } + + if (!asn1_write_OctetString(data, ctrl->oid, strlen(ctrl->oid))) { + return false; + } + + if (ctrl->critical) { + if (!asn1_write_BOOLEAN(data, ctrl->critical)) { + return false; + } + } + + if (!ctrl->data) { + goto pop_tag; + } + + if (!asn1_write_OctetString(data, value.data, value.length)) { + return false; + } + +pop_tag: + if (!asn1_pop_tag(data)) { + return false; + } + + return true; +} + +static bool ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree) +{ + int i; + + switch (tree->operation) { + case LDB_OP_AND: + case LDB_OP_OR: + asn1_push_tag(data, ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1)); + for (i=0; i<tree->u.list.num_elements; i++) { + if (!ldap_push_filter(data, tree->u.list.elements[i])) { + return false; + } + } + asn1_pop_tag(data); + break; + + case LDB_OP_NOT: + asn1_push_tag(data, ASN1_CONTEXT(2)); + if (!ldap_push_filter(data, tree->u.isnot.child)) { + return false; + } + asn1_pop_tag(data); + break; + + case LDB_OP_EQUALITY: + /* equality test */ + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, tree->u.equality.attr, + strlen(tree->u.equality.attr)); + asn1_write_OctetString(data, tree->u.equality.value.data, + tree->u.equality.value.length); + asn1_pop_tag(data); + break; + + case LDB_OP_SUBSTRING: + /* + SubstringFilter ::= SEQUENCE { + type AttributeDescription, + -- at least one must be present + substrings SEQUENCE OF CHOICE { + initial [0] LDAPString, + any [1] LDAPString, + final [2] LDAPString } } + */ + asn1_push_tag(data, ASN1_CONTEXT(4)); + asn1_write_OctetString(data, tree->u.substring.attr, strlen(tree->u.substring.attr)); + asn1_push_tag(data, ASN1_SEQUENCE(0)); + i = 0; + if ( ! tree->u.substring.start_with_wildcard) { + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0)); + asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]); + asn1_pop_tag(data); + i++; + } + while (tree->u.substring.chunks[i]) { + int ctx; + + if (( ! tree->u.substring.chunks[i + 1]) && + (tree->u.substring.end_with_wildcard == 0)) { + ctx = 2; + } else { + ctx = 1; + } + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx)); + asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i]); + asn1_pop_tag(data); + i++; + } + asn1_pop_tag(data); + asn1_pop_tag(data); + break; + + case LDB_OP_GREATER: + /* greaterOrEqual test */ + asn1_push_tag(data, ASN1_CONTEXT(5)); + asn1_write_OctetString(data, tree->u.comparison.attr, + strlen(tree->u.comparison.attr)); + asn1_write_OctetString(data, tree->u.comparison.value.data, + tree->u.comparison.value.length); + asn1_pop_tag(data); + break; + + case LDB_OP_LESS: + /* lessOrEqual test */ + asn1_push_tag(data, ASN1_CONTEXT(6)); + asn1_write_OctetString(data, tree->u.comparison.attr, + strlen(tree->u.comparison.attr)); + asn1_write_OctetString(data, tree->u.comparison.value.data, + tree->u.comparison.value.length); + asn1_pop_tag(data); + break; + + case LDB_OP_PRESENT: + /* present test */ + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7)); + asn1_write_LDAPString(data, tree->u.present.attr); + asn1_pop_tag(data); + return !data->has_error; + + case LDB_OP_APPROX: + /* approx test */ + asn1_push_tag(data, ASN1_CONTEXT(8)); + asn1_write_OctetString(data, tree->u.comparison.attr, + strlen(tree->u.comparison.attr)); + asn1_write_OctetString(data, tree->u.comparison.value.data, + tree->u.comparison.value.length); + asn1_pop_tag(data); + break; + + case LDB_OP_EXTENDED: + /* + MatchingRuleAssertion ::= SEQUENCE { + matchingRule [1] MatchingRuleID OPTIONAL, + type [2] AttributeDescription OPTIONAL, + matchValue [3] AssertionValue, + dnAttributes [4] BOOLEAN DEFAULT FALSE + } + */ + asn1_push_tag(data, ASN1_CONTEXT(9)); + if (tree->u.extended.rule_id) { + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1)); + asn1_write_LDAPString(data, tree->u.extended.rule_id); + asn1_pop_tag(data); + } + if (tree->u.extended.attr) { + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2)); + asn1_write_LDAPString(data, tree->u.extended.attr); + asn1_pop_tag(data); + } + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3)); + asn1_write_DATA_BLOB_LDAPString(data, &tree->u.extended.value); + asn1_pop_tag(data); + asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4)); + asn1_write_uint8(data, tree->u.extended.dnAttributes); + asn1_pop_tag(data); + asn1_pop_tag(data); + break; + + default: + return false; + } + return !data->has_error; +} + +static void ldap_encode_response(struct asn1_data *data, struct ldap_Result *result) -- Samba Shared Repository