source: vendor/3.5.11/source3/libads/ldap_utils.c

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import
File size: 9.2 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3
4 Some Helpful wrappers on LDAP
5
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Guenther Deschner 2006,2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21*/
22
23#include "includes.h"
24
25#ifdef HAVE_LDAP
26/*
27 a wrapper around ldap_search_s that retries depending on the error code
28 this is supposed to catch dropped connections and auto-reconnect
29*/
30static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope,
31 const char *expr,
32 const char **attrs, void *args,
33 LDAPMessage **res)
34{
35 ADS_STATUS status = ADS_SUCCESS;
36 int count = 3;
37 char *bp;
38
39 *res = NULL;
40
41 if (!ads->ldap.ld &&
42 time(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) {
43 return ADS_ERROR(LDAP_SERVER_DOWN);
44 }
45
46 bp = SMB_STRDUP(bind_path);
47
48 if (!bp) {
49 return ADS_ERROR(LDAP_NO_MEMORY);
50 }
51
52 *res = NULL;
53
54 /* when binding anonymously, we cannot use the paged search LDAP
55 * control - Guenther */
56
57 if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
58 status = ads_do_search(ads, bp, scope, expr, attrs, res);
59 } else {
60 status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
61 }
62 if (ADS_ERR_OK(status)) {
63 DEBUG(5,("Search for %s in <%s> gave %d replies\n",
64 expr, bp, ads_count_replies(ads, *res)));
65 SAFE_FREE(bp);
66 return status;
67 }
68
69 while (--count) {
70
71 if (*res)
72 ads_msgfree(ads, *res);
73 *res = NULL;
74
75 DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
76 ads->config.realm, ads_errstr(status)));
77
78 ads_disconnect(ads);
79 status = ads_connect(ads);
80
81 if (!ADS_ERR_OK(status)) {
82 DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
83 ads_errstr(status)));
84 ads_destroy(&ads);
85 SAFE_FREE(bp);
86 return status;
87 }
88
89 *res = NULL;
90
91 /* when binding anonymously, we cannot use the paged search LDAP
92 * control - Guenther */
93
94 if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
95 status = ads_do_search(ads, bp, scope, expr, attrs, res);
96 } else {
97 status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
98 }
99
100 if (ADS_ERR_OK(status)) {
101 DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
102 expr, bp, ads_count_replies(ads, *res)));
103 SAFE_FREE(bp);
104 return status;
105 }
106 }
107 SAFE_FREE(bp);
108
109 if (!ADS_ERR_OK(status)) {
110 DEBUG(1,("ads reopen failed after error %s\n",
111 ads_errstr(status)));
112 }
113 return status;
114}
115
116 ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path,
117 int scope, const char *expr,
118 const char **attrs, LDAPMessage **res)
119{
120 return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, NULL, res);
121}
122
123 ADS_STATUS ads_do_search_retry_args(ADS_STRUCT *ads, const char *bind_path,
124 int scope, const char *expr,
125 const char **attrs, void *args,
126 LDAPMessage **res)
127{
128 return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, args, res);
129}
130
131
132 ADS_STATUS ads_search_retry(ADS_STRUCT *ads, LDAPMessage **res,
133 const char *expr, const char **attrs)
134{
135 return ads_do_search_retry(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
136 expr, attrs, res);
137}
138
139 ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, LDAPMessage **res,
140 const char *dn,
141 const char **attrs)
142{
143 return ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
144 "(objectclass=*)", attrs, res);
145}
146
147 ADS_STATUS ads_search_retry_extended_dn(ADS_STRUCT *ads, LDAPMessage **res,
148 const char *dn,
149 const char **attrs,
150 enum ads_extended_dn_flags flags)
151{
152 ads_control args;
153
154 args.control = ADS_EXTENDED_DN_OID;
155 args.val = flags;
156 args.critical = True;
157
158 return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
159 "(objectclass=*)", attrs, &args, res);
160}
161
162 ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
163 uint32 sd_flags,
164 const char *dn,
165 const char **attrs)
166{
167 ads_control args;
168
169 args.control = ADS_SD_FLAGS_OID;
170 args.val = sd_flags;
171 args.critical = True;
172
173 return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
174 "(objectclass=*)", attrs, &args, res);
175}
176
177 ADS_STATUS ads_search_retry_extended_dn_ranged(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
178 const char *dn,
179 const char **attrs,
180 enum ads_extended_dn_flags flags,
181 char ***strings,
182 size_t *num_strings)
183{
184 ads_control args;
185
186 args.control = ADS_EXTENDED_DN_OID;
187 args.val = flags;
188 args.critical = True;
189
190 /* we can only range process one attribute */
191 if (!attrs || !attrs[0] || attrs[1]) {
192 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
193 }
194
195 return ads_ranged_search(ads, mem_ctx, LDAP_SCOPE_BASE, dn,
196 "(objectclass=*)", &args, attrs[0],
197 strings, num_strings);
198
199}
200
201 ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
202 const DOM_SID *sid,
203 const char **attrs)
204{
205 char *dn, *sid_string;
206 ADS_STATUS status;
207
208 sid_string = sid_binstring_hex(sid);
209 if (sid_string == NULL) {
210 return ADS_ERROR(LDAP_NO_MEMORY);
211 }
212
213 if (!asprintf(&dn, "<SID=%s>", sid_string)) {
214 SAFE_FREE(sid_string);
215 return ADS_ERROR(LDAP_NO_MEMORY);
216 }
217
218 status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
219 "(objectclass=*)", attrs, res);
220 SAFE_FREE(dn);
221 SAFE_FREE(sid_string);
222 return status;
223}
224
225ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
226 TALLOC_CTX *mem_ctx,
227 int scope,
228 const char *base,
229 const char *filter,
230 void *args,
231 const char *range_attr,
232 char ***strings,
233 size_t *num_strings)
234{
235 ADS_STATUS status;
236 uint32 first_usn;
237 int num_retries = 0;
238 const char **attrs;
239 bool more_values = False;
240
241 *num_strings = 0;
242 *strings = NULL;
243
244 attrs = TALLOC_ARRAY(mem_ctx, const char *, 3);
245 ADS_ERROR_HAVE_NO_MEMORY(attrs);
246
247 attrs[0] = talloc_strdup(mem_ctx, range_attr);
248 attrs[1] = talloc_strdup(mem_ctx, "usnChanged");
249 attrs[2] = NULL;
250
251 ADS_ERROR_HAVE_NO_MEMORY(attrs[0]);
252 ADS_ERROR_HAVE_NO_MEMORY(attrs[1]);
253
254 do {
255 status = ads_ranged_search_internal(ads, mem_ctx,
256 scope, base, filter,
257 attrs, args, range_attr,
258 strings, num_strings,
259 &first_usn, &num_retries,
260 &more_values);
261
262 if (NT_STATUS_EQUAL(STATUS_MORE_ENTRIES, ads_ntstatus(status))) {
263 continue;
264 }
265
266 if (!ADS_ERR_OK(status)) {
267 *num_strings = 0;
268 strings = NULL;
269 goto done;
270 }
271
272 } while (more_values);
273
274 done:
275 DEBUG(10,("returning with %d strings\n", (int)*num_strings));
276
277 return status;
278}
279
280ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
281 TALLOC_CTX *mem_ctx,
282 int scope,
283 const char *base,
284 const char *filter,
285 const char **attrs,
286 void *args,
287 const char *range_attr,
288 char ***strings,
289 size_t *num_strings,
290 uint32 *first_usn,
291 int *num_retries,
292 bool *more_values)
293{
294 LDAPMessage *res = NULL;
295 ADS_STATUS status;
296 int count;
297 uint32 current_usn;
298
299 DEBUG(10, ("Searching for attrs[0] = %s, attrs[1] = %s\n", attrs[0], attrs[1]));
300
301 *more_values = False;
302
303 status = ads_do_search_retry_internal(ads, base, scope, filter, attrs, args, &res);
304
305 if (!ADS_ERR_OK(status)) {
306 DEBUG(1,("ads_search: %s\n",
307 ads_errstr(status)));
308 return status;
309 }
310
311 if (!res) {
312 return ADS_ERROR(LDAP_NO_MEMORY);
313 }
314
315 count = ads_count_replies(ads, res);
316 if (count == 0) {
317 ads_msgfree(ads, res);
318 return ADS_ERROR(LDAP_SUCCESS);
319 }
320
321 if (*num_strings == 0) {
322 if (!ads_pull_uint32(ads, res, "usnChanged", first_usn)) {
323 DEBUG(1, ("could not pull first usnChanged!\n"));
324 ads_msgfree(ads, res);
325 return ADS_ERROR(LDAP_NO_MEMORY);
326 }
327 }
328
329 if (!ads_pull_uint32(ads, res, "usnChanged", &current_usn)) {
330 DEBUG(1, ("could not pull current usnChanged!\n"));
331 ads_msgfree(ads, res);
332 return ADS_ERROR(LDAP_NO_MEMORY);
333 }
334
335 if (*first_usn != current_usn) {
336 DEBUG(5, ("USN on this record changed"
337 " - restarting search\n"));
338 if (*num_retries < 5) {
339 (*num_retries)++;
340 *num_strings = 0;
341 ads_msgfree(ads, res);
342 return ADS_ERROR_NT(STATUS_MORE_ENTRIES);
343 } else {
344 DEBUG(5, ("USN on this record changed"
345 " - restarted search too many times, aborting!\n"));
346 ads_msgfree(ads, res);
347 return ADS_ERROR(LDAP_NO_MEMORY);
348 }
349 }
350
351 *strings = ads_pull_strings_range(ads, mem_ctx, res,
352 range_attr,
353 *strings,
354 &attrs[0],
355 num_strings,
356 more_values);
357
358 ads_msgfree(ads, res);
359
360 /* paranoia checks */
361 if (*strings == NULL && *more_values) {
362 DEBUG(0,("no strings found but more values???\n"));
363 return ADS_ERROR(LDAP_NO_MEMORY);
364 }
365 if (*num_strings == 0 && *more_values) {
366 DEBUG(0,("no strings found but more values???\n"));
367 return ADS_ERROR(LDAP_NO_MEMORY);
368 }
369
370 return (*more_values) ? ADS_ERROR_NT(STATUS_MORE_ENTRIES) : ADS_ERROR(LDAP_SUCCESS);
371}
372
373#endif
Note: See TracBrowser for help on using the repository browser.