static int count_key(BerElement *ber)
{
char *end;
ber_len_t len;
ber_tag_t tag;
int count = 0;
/* Server Side Sort Control is a SEQUENCE of SEQUENCE */
for ( tag = ber_first_element( ber, &len, &end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, end ))
{
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
++count;
}
ber_rewind( ber );
return count;
}
int
ldap_send_server_request(
LDAP *ld,
BerElement *ber,
ber_int_t msgid,
LDAPRequest *parentreq,
LDAPURLDesc **srvlist,
LDAPConn *lc,
LDAPreqinfo *bind,
int m_noconn,
int m_res )
{
LDAPRequest *lr;
int incparent, rc;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_send_server_request\n", 0, 0, 0 );
incparent = 0;
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
LDAP_CONN_LOCK_IF(m_noconn);
if ( lc == NULL ) {
if ( srvlist == NULL ) {
lc = ld->ld_defconn;
} else {
lc = find_connection( ld, *srvlist, 1 );
if ( lc == NULL ) {
if ( (bind != NULL) && (parentreq != NULL) ) {
/* Remember the bind in the parent */
incparent = 1;
++parentreq->lr_outrefcnt;
}
lc = ldap_new_connection( ld, srvlist, 0,
1, bind, 1, m_res );
}
}
}
/* async connect... */
if ( lc != NULL && lc->lconn_status == LDAP_CONNST_CONNECTING ) {
ber_socket_t sd = AC_SOCKET_ERROR;
struct timeval tv = { 0 };
ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_GET_FD, &sd );
/* poll ... */
switch ( ldap_int_poll( ld, sd, &tv, 1 ) ) {
case 0:
/* go on! */
lc->lconn_status = LDAP_CONNST_CONNECTED;
break;
case -2:
/* async only occurs if a network timeout is set */
/* honor network timeout */
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
if ( time( NULL ) - lc->lconn_created <= ld->ld_options.ldo_tm_net.tv_sec )
{
/* caller will have to call again */
ld->ld_errno = LDAP_X_CONNECTING;
}
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
/* fallthru */
default:
/* error */
break;
}
}
if ( lc == NULL || lc->lconn_status != LDAP_CONNST_CONNECTED ) {
if ( ld->ld_errno == LDAP_SUCCESS ) {
ld->ld_errno = LDAP_SERVER_DOWN;
}
ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( -1 );
}
use_connection( ld, lc );
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP( ld )) {
BerElement tmpber = *ber;
ber_rewind( &tmpber );
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
rc = ber_write( &tmpber, ld->ld_options.ldo_peer,
sizeof( struct sockaddr_storage ), 0 );
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
if ( rc == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
LDAP_CONN_UNLOCK_IF(m_noconn);
return rc;
}
}
#endif
/* If we still have an incomplete write, try to finish it before
* dealing with the new request. If we don't finish here, return
* LDAP_BUSY and let the caller retry later. We only allow a single
* request to be in WRITING state.
*/
rc = 0;
if ( ld->ld_requests &&
ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
ldap_int_flush_request( ld, ld->ld_requests ) < 0 )
{
rc = -1;
}
if ( rc ) {
LDAP_CONN_UNLOCK_IF(m_noconn);
return rc;
}
lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ) );
if ( lr == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
ldap_free_connection( ld, lc, 0, 0 );
ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( -1 );
}
lr->lr_msgid = msgid;
lr->lr_status = LDAP_REQST_INPROGRESS;
lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */
lr->lr_ber = ber;
lr->lr_conn = lc;
if ( parentreq != NULL ) { /* sub-request */
if ( !incparent ) {
/* Increment if we didn't do it before the bind */
++parentreq->lr_outrefcnt;
}
lr->lr_origid = parentreq->lr_origid;
lr->lr_parentcnt = ++parentreq->lr_parentcnt;
lr->lr_parent = parentreq;
lr->lr_refnext = parentreq->lr_child;
parentreq->lr_child = lr;
} else { /* original request */
lr->lr_origid = lr->lr_msgid;
}
/* Extract requestDN for future reference */
#ifdef LDAP_CONNECTIONLESS
if ( !LDAP_IS_UDP(ld) )
#endif
{
BerElement tmpber = *ber;
ber_int_t bint;
ber_tag_t tag, rtag;
ber_reset( &tmpber, 1 );
rtag = ber_scanf( &tmpber, "{it", /*}*/ &bint, &tag );
switch ( tag ) {
case LDAP_REQ_BIND:
rtag = ber_scanf( &tmpber, "{i" /*}*/, &bint );
break;
case LDAP_REQ_DELETE:
break;
default:
rtag = ber_scanf( &tmpber, "{" /*}*/ );
case LDAP_REQ_ABANDON:
break;
}
if ( tag != LDAP_REQ_ABANDON ) {
ber_skip_tag( &tmpber, &lr->lr_dn.bv_len );
lr->lr_dn.bv_val = tmpber.ber_ptr;
}
}
lr->lr_prev = NULL;
lr->lr_next = ld->ld_requests;
if ( lr->lr_next != NULL ) {
lr->lr_next->lr_prev = lr;
}
ld->ld_requests = lr;
ld->ld_errno = LDAP_SUCCESS;
if ( ldap_int_flush_request( ld, lr ) == -1 ) {
msgid = -1;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( msgid );
}
/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN.
* x509_name must be raw DER. If func is non-NULL, the
* constructed DN will use numeric OIDs to identify attributeTypes,
* and the func() will be invoked to rewrite the DN with the given
* flags.
*
* Otherwise the DN will use shortNames from a hardcoded table.
*/
int
ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
unsigned flags )
{
LDAPDN newDN;
LDAPRDN newRDN;
LDAPAVA *newAVA, *baseAVA;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
char oids[8192], *oidptr = oids, *oidbuf = NULL;
void *ptrs[2048];
char *dn_end, *rdn_end;
int i, navas, nrdns, rc = LDAP_SUCCESS;
size_t dnsize, oidrem = sizeof(oids), oidsize = 0;
int csize;
ber_tag_t tag;
ber_len_t len;
oid_name *oidname;
struct berval Oid, Val, oid2, *in = x509_name;
assert( bv != NULL );
bv->bv_len = 0;
bv->bv_val = NULL;
navas = 0;
nrdns = 0;
/* A DN is a SEQUENCE of RDNs. An RDN is a SET of AVAs.
* An AVA is a SEQUENCE of attr and value.
* Count the number of AVAs and RDNs
*/
ber_init2( ber, in, LBER_USE_DER );
tag = ber_peek_tag( ber, &len );
if ( tag != LBER_SEQUENCE )
return LDAP_DECODING_ERROR;
for ( tag = ber_first_element( ber, &len, &dn_end );
tag == LBER_SET;
tag = ber_next_element( ber, &len, dn_end )) {
nrdns++;
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
navas++;
}
}
/* Allocate the DN/RDN/AVA stuff as a single block */
dnsize = sizeof(LDAPRDN) * (nrdns+1);
dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
dnsize += sizeof(LDAPAVA) * navas;
if (dnsize > sizeof(ptrs)) {
newDN = (LDAPDN)LDAP_MALLOC( dnsize );
if ( newDN == NULL )
return LDAP_NO_MEMORY;
} else {
newDN = (LDAPDN)(char *)ptrs;
}
newDN[nrdns] = NULL;
newRDN = (LDAPRDN)(newDN + nrdns+1);
newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
baseAVA = newAVA;
/* Rewind and start extracting */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
for ( i = nrdns - 1; i >= 0; i-- ) {
newDN[i] = newRDN;
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
*newRDN++ = newAVA;
tag = ber_skip_tag( ber, &len );
tag = ber_get_stringbv( ber, &Oid, LBER_BV_NOTERM );
if ( tag != LBER_TAG_OID ) {
rc = LDAP_DECODING_ERROR;
goto nomem;
}
oid2.bv_val = oidptr;
oid2.bv_len = oidrem;
if ( ber_decode_oid( &Oid, &oid2 ) < 0 ) {
rc = LDAP_DECODING_ERROR;
goto nomem;
}
oidname = find_oid( &oid2 );
if ( !oidname ) {
newAVA->la_attr = oid2;
oidptr += oid2.bv_len + 1;
oidrem -= oid2.bv_len + 1;
/* Running out of OID buffer space? */
if (oidrem < 128) {
if ( oidsize == 0 ) {
oidsize = sizeof(oids) * 2;
oidrem = oidsize;
oidbuf = LDAP_MALLOC( oidsize );
if ( oidbuf == NULL ) goto nomem;
oidptr = oidbuf;
} else {
char *old = oidbuf;
oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 );
if ( oidbuf == NULL ) goto nomem;
/* Buffer moved! Fix AVA pointers */
if ( old != oidbuf ) {
LDAPAVA *a;
long dif = oidbuf - old;
for (a=baseAVA; a<=newAVA; a++){
if (a->la_attr.bv_val >= old &&
a->la_attr.bv_val <= (old + oidsize))
a->la_attr.bv_val += dif;
}
}
oidptr = oidbuf + oidsize - oidrem;
oidrem += oidsize;
oidsize *= 2;
}
}
} else {
if ( func ) {
newAVA->la_attr = oidname->oid;
} else {
newAVA->la_attr = oidname->name;
}
}
newAVA->la_private = NULL;
newAVA->la_flags = LDAP_AVA_STRING;
tag = ber_get_stringbv( ber, &Val, LBER_BV_NOTERM );
switch(tag) {
case LBER_TAG_UNIVERSAL:
/* This uses 32-bit ISO 10646-1 */
csize = 4; goto to_utf8;
case LBER_TAG_BMP:
/* This uses 16-bit ISO 10646-1 */
csize = 2; goto to_utf8;
case LBER_TAG_TELETEX:
/* This uses 8-bit, assume ISO 8859-1 */
csize = 1;
to_utf8: rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value );
newAVA->la_flags |= LDAP_AVA_NONPRINTABLE;
allocd:
newAVA->la_flags |= LDAP_AVA_FREE_VALUE;
if (rc != LDAP_SUCCESS) goto nomem;
break;
case LBER_TAG_UTF8:
newAVA->la_flags |= LDAP_AVA_NONPRINTABLE;
/* This is already in UTF-8 encoding */
case LBER_TAG_IA5:
case LBER_TAG_PRINTABLE:
/* These are always 7-bit strings */
newAVA->la_value = Val;
break;
case LBER_BITSTRING:
/* X.690 bitString value converted to RFC4517 Bit String */
rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
goto allocd;
default:
/* Not a string type at all */
newAVA->la_flags = 0;
newAVA->la_value = Val;
break;
}
newAVA++;
}
*newRDN++ = NULL;
tag = ber_next_element( ber, &len, dn_end );
}
if ( func ) {
rc = func( newDN, flags, NULL );
if ( rc != LDAP_SUCCESS )
goto nomem;
}
rc = ldap_dn2bv_x( newDN, bv, LDAP_DN_FORMAT_LDAPV3, NULL );
nomem:
for (;baseAVA < newAVA; baseAVA++) {
if (baseAVA->la_flags & LDAP_AVA_FREE_ATTR)
LDAP_FREE( baseAVA->la_attr.bv_val );
if (baseAVA->la_flags & LDAP_AVA_FREE_VALUE)
LDAP_FREE( baseAVA->la_value.bv_val );
}
if ( oidsize != 0 )
LDAP_FREE( oidbuf );
if ( newDN != (LDAPDN)(char *) ptrs )
LDAP_FREE( newDN );
return rc;
}
