int
ldap_append_referral( LDAP *ld, char **referralsp, char *s )
{
int first;
if ( *referralsp == NULL ) {
first = 1;
*referralsp = (char *)LDAP_MALLOC( strlen( s ) + LDAP_REF_STR_LEN
+ 1 );
} else {
first = 0;
*referralsp = (char *)LDAP_REALLOC( *referralsp,
strlen( *referralsp ) + strlen( s ) + 2 );
}
if ( *referralsp == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( -1 );
}
if ( first ) {
strcpy( *referralsp, LDAP_REF_STR );
} else {
strcat( *referralsp, "\n" );
}
strcat( *referralsp, s );
return( 0 );
}
char *
ldap_get_kerberosv4_credentials(
LDAP *ld,
LDAP_CONST char *who,
LDAP_CONST char *service,
ber_len_t *len )
{
KTEXT_ST ktxt;
int err;
char realm[REALM_SZ], *cred, *krbinstance;
Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
"krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}
err = 0;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected yet */
err = ldap_open_defconn( ld );
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
if ( err < 0 ) return NULL;
krbinstance = ld->ld_defconn->lconn_krbinstance;
if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
!= KSUCCESS )
{
Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
"krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}
if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( NULL );
}
*len = ktxt.length;
AC_MEMCPY( cred, ktxt.dat, ktxt.length );
return( cred );
}
static int
tlso_session_peercert( tls_session *sess, struct berval *der )
{
tlso_session *s = (tlso_session *)sess;
unsigned char *ptr;
X509 *x = SSL_get_peer_certificate(s);
der->bv_len = i2d_X509(x, NULL);
der->bv_val = LDAP_MALLOC(der->bv_len);
if ( !der->bv_val )
return -1;
ptr = der->bv_val;
i2d_X509(x, &ptr);
return 0;
}
/*
* Initialize TLS subsystem. Should be called only once.
*/
static int
tlsg_init( void )
{
#ifdef HAVE_GCRYPT_RAND
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
if ( lo->ldo_tls_randfile &&
gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
Debug( LDAP_DEBUG_ANY,
"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
0, 0, 0);
return -1;
}
#endif
gnutls_global_init();
#ifndef HAVE_CIPHERSUITES
/* GNUtls cipher suite handling: The library ought to parse suite
* names for us, but it doesn't. It will return a list of suite names
* that it supports, so we can do parsing ourselves. It ought to tell
* us how long the list is, but it doesn't do that either, so we just
* have to count it manually...
*/
{
int i = 0;
tls_cipher_suite *ptr, tmp;
char cs_id[2];
while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher,
&tmp.mac, &tmp.version ))
i++;
tlsg_n_ciphers = i;
/* Store a copy */
tlsg_ciphers = LDAP_MALLOC(tlsg_n_ciphers * sizeof(tls_cipher_suite));
if ( !tlsg_ciphers )
return -1;
for ( i=0; i<tlsg_n_ciphers; i++ ) {
tlsg_ciphers[i].name = gnutls_cipher_suite_info( i, cs_id,
&tlsg_ciphers[i].kx, &tlsg_ciphers[i].cipher, &tlsg_ciphers[i].mac,
&tlsg_ciphers[i].version );
}
}
#endif
return 0;
}
static int
tlsg_session_peercert( tls_session *sess, struct berval *der )
{
tlsg_session *s = (tlsg_session *)sess;
const gnutls_datum_t *peer_cert_list;
unsigned int list_size;
peer_cert_list = gnutls_certificate_get_peers( s->session, &list_size );
if (!peer_cert_list)
return -1;
der->bv_len = peer_cert_list[0].size;
der->bv_val = LDAP_MALLOC( der->bv_len );
if (!der->bv_val)
return -1;
memcpy(der->bv_val, peer_cert_list[0].data, der->bv_len);
return 0;
}
static int
tlsg_mutex_init( void **priv )
{
int err = 0;
ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t ));
if ( !lock )
err = ENOMEM;
if ( !err ) {
err = ldap_pvt_thread_mutex_init( lock );
if ( err )
LDAP_FREE( lock );
else
*priv = lock;
}
return err;
}
static stkalign_t * ldap_int_thread_get_stack( int *stacknop )
{
int i;
if ( stacks == NULL ) {
stacks = (struct stackinfo *) LDAP_CALLOC( 1, MAX_THREADS *
sizeof(struct stackinfo) );
if( stacks == NULL ) {
Debug( LDAP_DEBUG_ANY, "stacks allocation failed",
0, 0, 0 );
return NULL;
}
}
for ( i = 0; i < MAX_THREADS; i++ ) {
if ( stacks[i].stk_inuse == 0 ) {
break;
}
}
if ( i == MAX_THREADS ) {
Debug( LDAP_DEBUG_ANY,
"no more stacks (max %d) - increase MAX_THREADS for more",
MAX_THREADS, 0, 0 );
return( NULL );
}
if ( stacks[i].stk_stack == NULL ) {
stacks[i].stk_stack = (stkalign_t *) LDAP_MALLOC(
(MAX_STACK / sizeof(stkalign_t) + 1 )
* sizeof(stkalign_t) );
if( stacks[i].stk_stack == NULL ) {
Debug( LDAP_DEBUG_ANY, "stack allocation failed",
0, 0, 0 );
return( NULL );
}
}
*stacknop = i;
stacks[i].stk_inuse = 1;
return( stacks[i].stk_stack + MAX_STACK / sizeof(stkalign_t) );
}
unsigned int
ldap_pvt_thread_sleep(
unsigned int interval
)
{
thread_t mylwp;
tl_t *t, *nt;
time_t now;
if ( lwp_self( &mylwp ) < 0 ) {
return -1;
}
time( &now );
mon_enter( &sglob->tsl_mon );
if ( sglob->tsl_list != NULL ) {
for ( t = sglob->tsl_list; t != NULL; t = t->tl_next ) {
if ( SAMETHREAD( t->tl_tid, mylwp )) {
/* We're already sleeping? */
t->tl_wake = now + interval;
mon_exit( &sglob->tsl_mon );
lwp_suspend( mylwp );
return 0;
}
}
}
nt = (tl_t *) LDAP_MALLOC( sizeof( tl_t ));
if( nt == NULL ) return -1;
nt->tl_next = sglob->tsl_list;
nt->tl_wake = now + interval;
nt->tl_tid = mylwp;
sglob->tsl_list = nt;
mon_exit( &sglob->tsl_mon );
lwp_suspend( mylwp );
return 0;
}
static int
tlsg_getfile( const char *path, gnutls_datum_t *buf )
{
int rc = -1, fd;
struct stat st;
fd = open( path, O_RDONLY );
if ( fd >= 0 && fstat( fd, &st ) == 0 ) {
buf->size = st.st_size;
buf->data = LDAP_MALLOC( st.st_size + 1 );
if ( buf->data ) {
rc = read( fd, buf->data, st.st_size );
close( fd );
if ( rc < st.st_size )
rc = -1;
else
rc = 0;
}
}
return rc;
}
int
ldap_parse_page_control(
LDAP *ld,
LDAPControl **ctrls,
ber_int_t *countp,
struct berval **cookiep )
{
LDAPControl *c;
struct berval cookie;
if ( cookiep == NULL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}
if ( ctrls == NULL ) {
ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
return ld->ld_errno;
}
c = ldap_control_find( LDAP_CONTROL_PAGEDRESULTS, ctrls, NULL );
if ( c == NULL ) {
/* No page control was found. */
ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
return ld->ld_errno;
}
ld->ld_errno = ldap_parse_pageresponse_control( ld, c, countp, &cookie );
if ( ld->ld_errno == LDAP_SUCCESS ) {
*cookiep = LDAP_MALLOC( sizeof( struct berval ) );
if ( *cookiep == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
} else {
**cookiep = cookie;
}
}
return ld->ld_errno;
}
static int readNextKey( char **pNextKey, LDAPSortKey **key)
{
char *p = *pNextKey;
int rev = 0;
char *attrStart;
int attrLen;
char *oidStart = NULL;
int oidLen = 0;
/* Skip leading white space. */
while (LDAP_SPACE(*p))
p++;
if (*p == '-') /* Check if the reverse flag is present. */
{
rev=1;
p++;
}
/* We're now positioned at the start of the attribute. */
attrStart = p;
/* Get the length of the attribute until the next whitespace or ":". */
attrLen = strcspn(p, " \t:");
p += attrLen;
if (attrLen == 0) /* If no attribute name was present, quit. */
return LDAP_PARAM_ERROR;
if (*p == ':')
{
oidStart = ++p; /* Start of the OID, after the colon */
oidLen = strcspn(p, " \t"); /* Get length of OID till next whitespace */
p += oidLen;
}
*pNextKey = p; /* Update argument to point to next key */
/* Allocate an LDAPSortKey structure */
*key = LDAP_MALLOC(sizeof(LDAPSortKey));
if (*key == NULL) return LDAP_NO_MEMORY;
/* Allocate memory for the attribute and copy to it. */
(*key)->attributeType = LDAP_MALLOC(attrLen+1);
if ((*key)->attributeType == NULL) {
LDAP_FREE(*key);
return LDAP_NO_MEMORY;
}
strncpy((*key)->attributeType, attrStart, attrLen);
(*key)->attributeType[attrLen] = 0;
/* If present, allocate memory for the OID and copy to it. */
if (oidLen) {
(*key)->orderingRule = LDAP_MALLOC(oidLen+1);
if ((*key)->orderingRule == NULL) {
LDAP_FREE((*key)->attributeType);
LDAP_FREE(*key);
return LDAP_NO_MEMORY;
}
strncpy((*key)->orderingRule, oidStart, oidLen);
(*key)->orderingRule[oidLen] = 0;
} else {
(*key)->orderingRule = NULL;
}
(*key)->reverseOrder = rev;
return LDAP_SUCCESS;
}
/*
* initialize a new TLS context
*/
static int
tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
{
tlso_ctx *ctx = (tlso_ctx *)lo->ldo_tls_ctx;
int i;
if ( is_server ) {
SSL_CTX_set_session_id_context( ctx,
(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
}
#ifdef SSL_OP_NO_TLSv1
#ifdef SSL_OP_NO_TLSv1_1
#ifdef SSL_OP_NO_TLSv1_2
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2)
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
SSL_OP_NO_TLSv1_2 );
else
#endif
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_1)
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 );
else
#endif
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_0)
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1);
else
#endif
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
if ( lo->ldo_tls_ciphersuite &&
!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
{
Debug( LDAP_DEBUG_ANY,
"TLS: could not set cipher list %s.\n",
lo->ldo_tls_ciphersuite, 0, 0 );
tlso_report_error();
return -1;
}
if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) {
if ( !SSL_CTX_load_verify_locations( ctx,
lt->lt_cacertfile, lt->lt_cacertdir ) ||
!SSL_CTX_set_default_verify_paths( ctx ) )
{
Debug( LDAP_DEBUG_ANY, "TLS: "
"could not load verify locations (file:`%s',dir:`%s').\n",
lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
0 );
tlso_report_error();
return -1;
}
if ( is_server ) {
STACK_OF(X509_NAME) *calist;
/* List of CA names to send to a client */
calist = tlso_ca_list( lt->lt_cacertfile, lt->lt_cacertdir );
if ( !calist ) {
Debug( LDAP_DEBUG_ANY, "TLS: "
"could not load client CA list (file:`%s',dir:`%s').\n",
lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
0 );
tlso_report_error();
return -1;
}
SSL_CTX_set_client_CA_list( ctx, calist );
}
}
if ( lo->ldo_tls_certfile &&
!SSL_CTX_use_certificate_file( ctx,
lt->lt_certfile, SSL_FILETYPE_PEM ) )
{
Debug( LDAP_DEBUG_ANY,
"TLS: could not use certificate `%s'.\n",
lo->ldo_tls_certfile,0,0);
tlso_report_error();
return -1;
}
/* Key validity is checked automatically if cert has already been set */
if ( lo->ldo_tls_keyfile &&
!SSL_CTX_use_PrivateKey_file( ctx,
lt->lt_keyfile, SSL_FILETYPE_PEM ) )
{
Debug( LDAP_DEBUG_ANY,
"TLS: could not use key file `%s'.\n",
lo->ldo_tls_keyfile,0,0);
tlso_report_error();
return -1;
}
if ( lo->ldo_tls_dhfile ) {
DH *dh = NULL;
BIO *bio;
dhplist *p;
if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not use DH parameters file `%s'.\n",
lo->ldo_tls_dhfile,0,0);
tlso_report_error();
return -1;
}
while (( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
p = LDAP_MALLOC( sizeof(dhplist) );
if ( p != NULL ) {
p->keylength = DH_size( dh ) * 8;
p->param = dh;
p->next = tlso_dhparams;
tlso_dhparams = p;
}
}
BIO_free( bio );
}
if ( tlso_opt_trace ) {
SSL_CTX_set_info_callback( ctx, tlso_info_cb );
}
i = SSL_VERIFY_NONE;
if ( lo->ldo_tls_require_cert ) {
i = SSL_VERIFY_PEER;
if ( lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) {
i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
}
}
SSL_CTX_set_verify( ctx, i,
lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
tlso_verify_ok : tlso_verify_cb );
SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
if ( lo->ldo_tls_dhfile ) {
SSL_CTX_set_tmp_dh_callback( ctx, tlso_tmp_dh_cb );
}
#ifdef HAVE_OPENSSL_CRL
if ( lo->ldo_tls_crlcheck ) {
X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx );
if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) {
X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK );
} else if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) {
X509_STORE_set_flags( x509_s,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL );
}
}
#endif
return 0;
}
void *
ldap_memalloc( ber_len_t s )
{
return LDAP_MALLOC( s );
}
int ldap_parse_verify_credentials(
LDAP *ld,
LDAPMessage *res,
int * code,
char ** diagmsg,
struct berval **cookie,
struct berval **screds,
LDAPControl ***ctrls)
{
int rc;
char *retoid = NULL;
struct berval *retdata = NULL;
assert(ld != NULL);
assert(LDAP_VALID(ld));
assert(res != NULL);
assert(code != NULL);
assert(diagmsg != NULL);
rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_verify_credentials");
return rc;
}
if (retdata) {
ber_tag_t tag;
ber_len_t len;
ber_int_t i;
BerElement * ber = ber_init(retdata);
struct berval diagmsg_bv = BER_BVNULL;
if (!ber) {
rc = ld->ld_errno = LDAP_NO_MEMORY;
goto done;
}
ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv);
if ( diagmsg != NULL ) {
*diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 );
AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len );
(*diagmsg)[diagmsg_bv.bv_len] = '\0';
}
*code = i;
tag = ber_peek_tag(ber, &len);
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) {
ber_scanf(ber, "O", cookie);
tag = ber_peek_tag(ber, &len);
}
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) {
ber_scanf(ber, "O", screds);
tag = ber_peek_tag(ber, &len);
}
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) {
int nctrls = 0;
char * opaque;
*ctrls = LDAP_MALLOC(1 * sizeof(LDAPControl *));
if (!*ctrls) {
rc = LDAP_NO_MEMORY;
goto done;
}
*ctrls[nctrls] = NULL;
for(tag = ber_first_element(ber, &len, &opaque);
tag != LBER_ERROR;
tag = ber_next_element(ber, &len, opaque))
{
LDAPControl *tctrl;
LDAPControl **tctrls;
tctrl = LDAP_CALLOC(1, sizeof(LDAPControl));
/* allocate pointer space for current controls (nctrls)
* + this control + extra NULL
*/
tctrls = !tctrl ? NULL : LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));
if (!tctrls) {
/* allocation failure */
if (tctrl) LDAP_FREE(tctrl);
ldap_controls_free(*ctrls);
*ctrls = NULL;
rc = LDAP_NO_MEMORY;
goto done;
}
tctrls[nctrls++] = tctrl;
tctrls[nctrls] = NULL;
tag = ber_scanf(ber, "{a" /*"}"*/, &tctrl->ldctl_oid);
if (tag == LBER_ERROR) {
*ctrls = NULL;
ldap_controls_free(tctrls);
rc = LDAP_DECODING_ERROR;
goto done;
}
tag = ber_peek_tag(ber, &len);
if (tag == LBER_BOOLEAN) {
ber_int_t crit;
tag = ber_scanf(ber, "b", &crit);
tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
tag = ber_peek_tag(ber, &len);
}
if (tag == LBER_OCTETSTRING) {
tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
} else {
BER_BVZERO( &tctrl->ldctl_value );
}
*ctrls = tctrls;
}
}
ber_free(ber, 1);
}
done:
ber_bvfree(retdata);
ber_memfree(retoid);
return rc;
}
int ldap_pvt_get_controls(
BerElement *ber,
LDAPControl ***ctrls )
{
int nctrls;
ber_tag_t tag;
ber_len_t len;
char *opaque;
assert( ber != NULL );
if( ctrls == NULL ) {
return LDAP_SUCCESS;
}
*ctrls = NULL;
len = ber_pvt_ber_remaining( ber );
if( len == 0) {
/* no controls */
return LDAP_SUCCESS;
}
if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
if( tag == LBER_ERROR ) {
/* decoding error */
return LDAP_DECODING_ERROR;
}
/* ignore unexpected input */
return LDAP_SUCCESS;
}
/* set through each element */
nctrls = 0;
*ctrls = LDAP_MALLOC( 1 * sizeof(LDAPControl *) );
if( *ctrls == NULL ) {
return LDAP_NO_MEMORY;
}
*ctrls[nctrls] = NULL;
for( tag = ber_first_element( ber, &len, &opaque );
tag != LBER_ERROR;
tag = ber_next_element( ber, &len, opaque ) )
{
LDAPControl *tctrl;
LDAPControl **tctrls;
tctrl = LDAP_CALLOC( 1, sizeof(LDAPControl) );
/* allocate pointer space for current controls (nctrls)
* + this control + extra NULL
*/
tctrls = (tctrl == NULL) ? NULL :
LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));
if( tctrls == NULL ) {
/* one of the above allocation failed */
if( tctrl != NULL ) {
LDAP_FREE( tctrl );
}
ldap_controls_free(*ctrls);
*ctrls = NULL;
return LDAP_NO_MEMORY;
}
tctrls[nctrls++] = tctrl;
tctrls[nctrls] = NULL;
tag = ber_scanf( ber, "{a" /*}*/, &tctrl->ldctl_oid );
if( tag == LBER_ERROR ) {
*ctrls = NULL;
ldap_controls_free( tctrls );
return LDAP_DECODING_ERROR;
}
tag = ber_peek_tag( ber, &len );
if( tag == LBER_BOOLEAN ) {
ber_int_t crit;
tag = ber_scanf( ber, "b", &crit );
tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
tag = ber_peek_tag( ber, &len );
}
if( tag == LBER_OCTETSTRING ) {
tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
} else {
BER_BVZERO( &tctrl->ldctl_value );
}
*ctrls = tctrls;
}
return LDAP_SUCCESS;
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
*/
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_QUERY
char *request;
char *hostlist = NULL;
srv_record *hostent_head=NULL;
int i, j;
int rc, len, cur = 0;
unsigned char reply[DNSBUFSIZ];
int hostent_count=0;
assert( domain != NULL );
assert( list != NULL );
if( *domain == '\0' ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
int status;
u_short port, priority, weight;
/* Parse out query */
p = reply;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#elif defined(HFIXEDSZ)
/* Bind 4 interface w/ HFIXEDSZ */
p += HFIXEDSZ;
#else
/* Bind 4 interface w/o HFIXEDSZ */
p += sizeof(HEADER);
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
p += 4;
while (p < reply + len) {
int type, size;
int class ALLOW_UNUSED, ttl ALLOW_UNUSED;
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
type = (p[0] << 8) | p[1];
p += 2;
class = (p[0] << 8) | p[1];
p += 2;
ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
size = (p[0] << 8) | p[1];
p += 2;
if (type == T_SRV) {
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
if (status < 0) {
goto out;
}
/* Get priority weight and port */
priority = (p[0] << 8) | p[1];
weight = (p[2] << 8) | p[3];
port = (p[4] << 8) | p[5];
if ( port == 0 || host[ 0 ] == '\0' ) {
goto add_size;
}
hostent_head = (srv_record *) LDAP_REALLOC(hostent_head, (hostent_count+1)*(sizeof(srv_record)));
if(hostent_head==NULL){
rc=LDAP_NO_MEMORY;
goto out;
}
hostent_head[hostent_count].priority=priority;
hostent_head[hostent_count].weight=weight;
hostent_head[hostent_count].port=port;
strncpy(hostent_head[hostent_count].hostname, host, MAXHOST-1);
hostent_head[hostent_count].hostname[MAXHOST-1] = '\0';
hostent_count++;
}
add_size:;
p += size;
}
if (!hostent_head) goto out;
qsort(hostent_head, hostent_count, sizeof(srv_record), srv_cmp);
if (!srv_seed)
srv_srand(time(0L));
/* shuffle records of same priority */
j = 0;
priority = hostent_head[0].priority;
for (i=1; i<hostent_count; i++) {
if (hostent_head[i].priority != priority) {
priority = hostent_head[i].priority;
if (i-j > 1)
srv_shuffle(hostent_head+j, i-j);
j = i;
}
}
if (i-j > 1)
srv_shuffle(hostent_head+j, i-j);
for(i=0; i<hostent_count; i++){
int buflen;
buflen = strlen(hostent_head[i].hostname) + STRLENOF(":65535 ");
hostlist = (char *) LDAP_REALLOC(hostlist, cur+buflen+1);
if (hostlist == NULL) {
rc = LDAP_NO_MEMORY;
goto out;
}
if(cur>0){
hostlist[cur++]=' ';
}
cur += sprintf(&hostlist[cur], "%s:%hu", hostent_head[i].hostname, hostent_head[i].port);
}
}
/*
* Chase v3 referrals
*
* Parameters:
* (IN) ld = LDAP connection handle
* (IN) lr = LDAP Request structure
* (IN) refs = array of pointers to referral strings that we will chase
* The array will be free'd by this function when no longer needed
* (IN) sref != 0 if following search reference
* (OUT) errstrp = Place to return a string of referrals which could not be followed
* (OUT) hadrefp = 1 if sucessfully followed referral
*
* Return value - number of referrals followed
*
* Protected by res_mutex, conn_mutex and req_mutex (try_read1msg)
*/
int
ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char **errstrp, int *hadrefp )
{
char *unfollowed;
int unfollowedcnt = 0;
LDAPRequest *origreq;
LDAPURLDesc *srv = NULL;
BerElement *ber;
char **refarray = NULL;
LDAPConn *lc;
int rc, count, i, j, id;
LDAPreqinfo rinfo;
LDAP_NEXTREF_PROC *nextref_proc = ld->ld_nextref_proc ? ld->ld_nextref_proc : ldap_int_nextref;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 );
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
*hadrefp = 0;
unfollowed = NULL;
rc = count = 0;
/* If no referrals in array, return */
if ( (refs == NULL) || ( (refs)[0] == NULL) ) {
rc = 0;
goto done;
}
/* Check for hop limit exceeded */
if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
Debug( LDAP_DEBUG_ANY,
"more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 );
ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED;
rc = -1;
goto done;
}
/* find original request */
for ( origreq = lr;
origreq->lr_parent != NULL;
origreq = origreq->lr_parent )
{
/* empty */ ;
}
refarray = refs;
refs = NULL;
/* parse out & follow referrals */
/* NOTE: if nextref_proc == ldap_int_nextref, params is ignored */
i = -1;
for ( nextref_proc( ld, &refarray, &i, ld->ld_nextref_params );
i != -1;
nextref_proc( ld, &refarray, &i, ld->ld_nextref_params ) )
{
/* Parse the referral URL */
rc = ldap_url_parse_ext( refarray[i], &srv, LDAP_PVT_URL_PARSE_NOEMPTY_DN );
if ( rc != LDAP_URL_SUCCESS ) {
/* ldap_url_parse_ext() returns LDAP_URL_* errors
* which do not map on API errors */
ld->ld_errno = LDAP_PARAM_ERROR;
rc = -1;
goto done;
}
if( srv->lud_crit_exts ) {
int ok = 0;
#ifdef HAVE_TLS
/* If StartTLS is the only critical ext, OK. */
if ( find_tls_ext( srv ) == 2 && srv->lud_crit_exts == 1 )
ok = 1;
#endif
if ( !ok ) {
/* we do not support any other extensions */
ld->ld_errno = LDAP_NOT_SUPPORTED;
rc = -1;
goto done;
}
}
/* check connection for re-bind in progress */
if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
/* See if we've already requested this DN with this conn */
LDAPRequest *lp;
int looped = 0;
ber_len_t len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
for ( lp = origreq; lp; ) {
if ( lp->lr_conn == lc
&& len == lp->lr_dn.bv_len
&& len
&& strncmp( srv->lud_dn, lp->lr_dn.bv_val, len ) == 0 )
{
looped = 1;
break;
}
if ( lp == origreq ) {
lp = lp->lr_child;
} else {
lp = lp->lr_refnext;
}
}
if ( looped ) {
ldap_free_urllist( srv );
srv = NULL;
ld->ld_errno = LDAP_CLIENT_LOOP;
rc = -1;
continue;
}
if ( lc->lconn_rebind_inprogress ) {
/* We are already chasing a referral or search reference and a
* bind on that connection is in progress. We must queue
* referrals on that connection, so we don't get a request
* going out before the bind operation completes. This happens
* if two search references come in one behind the other
* for the same server with different contexts.
*/
Debug( LDAP_DEBUG_TRACE,
"ldap_chase_v3referrals: queue referral \"%s\"\n",
refarray[i], 0, 0);
if( lc->lconn_rebind_queue == NULL ) {
/* Create a referral list */
lc->lconn_rebind_queue =
(char ***) LDAP_MALLOC( sizeof(void *) * 2);
if( lc->lconn_rebind_queue == NULL) {
ld->ld_errno = LDAP_NO_MEMORY;
rc = -1;
goto done;
}
lc->lconn_rebind_queue[0] = refarray;
lc->lconn_rebind_queue[1] = NULL;
refarray = NULL;
} else {
/* Count how many referral arrays we already have */
for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
/* empty */;
}
/* Add the new referral to the list */
lc->lconn_rebind_queue = (char ***) LDAP_REALLOC(
lc->lconn_rebind_queue, sizeof(void *) * (j + 2));
if( lc->lconn_rebind_queue == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
rc = -1;
goto done;
}
lc->lconn_rebind_queue[j] = refarray;
lc->lconn_rebind_queue[j+1] = NULL;
refarray = NULL;
}
/* We have queued the referral/reference, now just return */
rc = 0;
*hadrefp = 1;
count = 1; /* Pretend we already followed referral */
goto done;
}
}
/* Re-encode the request with the new starting point of the search.
* Note: In the future we also need to replace the filter if one
* was provided with the search reference
*/
/* For references we don't want old dn if new dn empty */
if ( sref && srv->lud_dn == NULL ) {
srv->lud_dn = LDAP_STRDUP( "" );
}
LDAP_NEXT_MSGID( ld, id );
ber = re_encode_request( ld, origreq->lr_ber, id,
sref, srv, &rinfo.ri_request );
if( ber == NULL ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
rc = -1;
goto done;
}
Debug( LDAP_DEBUG_TRACE,
"ldap_chase_v3referral: msgid %d, url \"%s\"\n",
lr->lr_msgid, refarray[i], 0);
/* Send the new request to the server - may require a bind */
rinfo.ri_msgid = origreq->lr_origid;
rinfo.ri_url = refarray[i];
rc = ldap_send_server_request( ld, ber, id,
origreq, &srv, NULL, &rinfo, 0, 1 );
if ( rc < 0 ) {
/* Failure, try next referral in the list */
Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%d: %s)\n",
refarray[i], ld->ld_errno, ldap_err2string( ld->ld_errno ) );
unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i] );
ldap_free_urllist( srv );
srv = NULL;
ld->ld_errno = LDAP_REFERRAL;
} else {
/* Success, no need to try this referral list further */
rc = 0;
++count;
*hadrefp = 1;
/* check if there is a queue of referrals that came in during bind */
if ( lc == NULL) {
lc = find_connection( ld, srv, 1 );
if ( lc == NULL ) {
ld->ld_errno = LDAP_OPERATIONS_ERROR;
rc = -1;
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
goto done;
}
}
if ( lc->lconn_rebind_queue != NULL ) {
/* Release resources of previous list */
LDAP_VFREE( refarray );
refarray = NULL;
ldap_free_urllist( srv );
srv = NULL;
/* Pull entries off end of queue so list always null terminated */
for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++ )
;
refarray = lc->lconn_rebind_queue[j - 1];
lc->lconn_rebind_queue[j-1] = NULL;
/* we pulled off last entry from queue, free queue */
if ( j == 1 ) {
LDAP_FREE( lc->lconn_rebind_queue );
lc->lconn_rebind_queue = NULL;
}
/* restart the loop the with new referral list */
i = -1;
continue;
}
break; /* referral followed, break out of for loop */
}
} /* end for loop */
done:
LDAP_VFREE( refarray );
ldap_free_urllist( srv );
LDAP_FREE( *errstrp );
if( rc == 0 ) {
*errstrp = NULL;
LDAP_FREE( unfollowed );
return count;
} else {
*errstrp = unfollowed;
return rc;
}
}
int
ldap_get_option(
LDAP *ld,
int option,
void *outvalue)
{
struct ldapoptions *lo;
int rc = LDAP_OPT_ERROR;
/* Get pointer to global option structure */
lo = LDAP_INT_GLOBAL_OPT();
if (NULL == lo) {
return LDAP_NO_MEMORY;
}
if( lo->ldo_valid != LDAP_INITIALIZED ) {
ldap_int_initialize(lo, NULL);
if ( lo->ldo_valid != LDAP_INITIALIZED )
return LDAP_LOCAL_ERROR;
}
if(ld != NULL) {
assert( LDAP_VALID( ld ) );
if( !LDAP_VALID( ld ) ) {
return LDAP_OPT_ERROR;
}
lo = &ld->ld_options;
}
if(outvalue == NULL) {
/* no place to get to */
return LDAP_OPT_ERROR;
}
LDAP_MUTEX_LOCK( &lo->ldo_mutex );
switch(option) {
case LDAP_OPT_API_INFO: {
struct ldapapiinfo *info = (struct ldapapiinfo *) outvalue;
if(info == NULL) {
/* outvalue must point to an apiinfo structure */
break; /* LDAP_OPT_ERROR */
}
if(info->ldapai_info_version != LDAP_API_INFO_VERSION) {
/* api info version mismatch */
info->ldapai_info_version = LDAP_API_INFO_VERSION;
break; /* LDAP_OPT_ERROR */
}
info->ldapai_api_version = LDAP_API_VERSION;
info->ldapai_protocol_version = LDAP_VERSION_MAX;
if(features[0].ldapaif_name == NULL) {
info->ldapai_extensions = NULL;
} else {
int i;
info->ldapai_extensions = LDAP_MALLOC(sizeof(char *) *
sizeof(features)/sizeof(LDAPAPIFeatureInfo));
for(i=0; features[i].ldapaif_name != NULL; i++) {
info->ldapai_extensions[i] =
LDAP_STRDUP(features[i].ldapaif_name);
}
info->ldapai_extensions[i] = NULL;
}
info->ldapai_vendor_name = LDAP_STRDUP(LDAP_VENDOR_NAME);
info->ldapai_vendor_version = LDAP_VENDOR_VERSION;
rc = LDAP_OPT_SUCCESS;
break;
} break;
case LDAP_OPT_DESC:
if( ld == NULL || ld->ld_sb == NULL ) {
/* bad param */
break;
}
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, outvalue );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SOCKBUF:
if( ld == NULL ) break;
*(Sockbuf **)outvalue = ld->ld_sb;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMEOUT:
/* the caller has to free outvalue ! */
if ( lo->ldo_tm_api.tv_sec < 0 ) {
*(void **)outvalue = NULL;
} else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_api ) != 0 ) {
break; /* LDAP_OPT_ERROR */
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NETWORK_TIMEOUT:
/* the caller has to free outvalue ! */
if ( lo->ldo_tm_net.tv_sec < 0 ) {
*(void **)outvalue = NULL;
} else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_net ) != 0 ) {
break; /* LDAP_OPT_ERROR */
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEREF:
* (int *) outvalue = lo->ldo_deref;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SIZELIMIT:
* (int *) outvalue = lo->ldo_sizelimit;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMELIMIT:
* (int *) outvalue = lo->ldo_timelimit;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRALS:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_REFERRALS);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESTART:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_RESTART);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_PROTOCOL_VERSION:
* (int *) outvalue = lo->ldo_version;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SERVER_CONTROLS:
* (LDAPControl ***) outvalue =
ldap_controls_dup( lo->ldo_sctrls );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CLIENT_CONTROLS:
* (LDAPControl ***) outvalue =
ldap_controls_dup( lo->ldo_cctrls );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_HOST_NAME:
* (char **) outvalue = ldap_url_list2hosts(lo->ldo_defludp);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_URI:
* (char **) outvalue = ldap_url_list2urls(lo->ldo_defludp);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEFBASE:
if( lo->ldo_defbase == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP(lo->ldo_defbase);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_ASYNC:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_CONNECT_ASYNC);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_CB:
{
/* Getting deletes the specified callback */
ldaplist **ll = &lo->ldo_conn_cbs;
for (;*ll;ll = &(*ll)->ll_next) {
if ((*ll)->ll_data == outvalue) {
ldaplist *lc = *ll;
*ll = lc->ll_next;
LDAP_FREE(lc);
break;
}
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESULT_CODE:
if(ld == NULL) {
/* bad param */
break;
}
* (int *) outvalue = ld->ld_errno;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DIAGNOSTIC_MESSAGE:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_error == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP(ld->ld_error);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_MATCHED_DN:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_matched == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP( ld->ld_matched );
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRAL_URLS:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_referrals == NULL ) {
* (char ***) outvalue = NULL;
} else {
* (char ***) outvalue = ldap_value_dup(ld->ld_referrals);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_API_FEATURE_INFO: {
LDAPAPIFeatureInfo *info = (LDAPAPIFeatureInfo *) outvalue;
int i;
if(info == NULL)
break; /* LDAP_OPT_ERROR */
if(info->ldapaif_info_version != LDAP_FEATURE_INFO_VERSION) {
/* api info version mismatch */
info->ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
break; /* LDAP_OPT_ERROR */
}
if(info->ldapaif_name == NULL)
break; /* LDAP_OPT_ERROR */
for(i=0; features[i].ldapaif_name != NULL; i++) {
if(!strcmp(info->ldapaif_name, features[i].ldapaif_name)) {
info->ldapaif_version =
features[i].ldapaif_version;
rc = LDAP_OPT_SUCCESS;
break;
}
}
}
break;
case LDAP_OPT_DEBUG_LEVEL:
* (int *) outvalue = lo->ldo_debug;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SESSION_REFCNT:
if(ld == NULL) {
/* bad param */
break;
}
LDAP_MUTEX_LOCK( &ld->ld_ldcmutex );
* (int *) outvalue = ld->ld_ldcrefcnt;
LDAP_MUTEX_UNLOCK( &ld->ld_ldcmutex );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_IDLE:
* (int *) outvalue = lo->ldo_keepalive_idle;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_PROBES:
* (int *) outvalue = lo->ldo_keepalive_probes;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_INTERVAL:
* (int *) outvalue = lo->ldo_keepalive_interval;
rc = LDAP_OPT_SUCCESS;
break;
default:
#ifdef HAVE_TLS
if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
#ifdef HAVE_CYRUS_SASL
if ( ldap_int_sasl_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
#ifdef HAVE_GSSAPI
if ( ldap_int_gssapi_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
/* bad param */
break;
}
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( rc );
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
*/
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_QUERY
#define DNSBUFSIZ (64*1024)
char *request;
char *hostlist = NULL;
int rc, len, cur = 0;
unsigned char reply[DNSBUFSIZ];
assert( domain != NULL );
assert( list != NULL );
if( *domain == '\0' ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex);
#endif
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
int status;
u_short port;
/* int priority, weight; */
/* Parse out query */
p = reply;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#elif defined(HFIXEDSZ)
/* Bind 4 interface w/ HFIXEDSZ */
p += HFIXEDSZ;
#else
/* Bind 4 interface w/o HFIXEDSZ */
p += sizeof(HEADER);
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
p += 4;
while (p < reply + len) {
int type, class, ttl, size;
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
type = (p[0] << 8) | p[1];
p += 2;
class = (p[0] << 8) | p[1];
p += 2;
ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
size = (p[0] << 8) | p[1];
p += 2;
if (type == T_SRV) {
int buflen;
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
if (status < 0) {
goto out;
}
/* ignore priority and weight for now */
/* priority = (p[0] << 8) | p[1]; */
/* weight = (p[2] << 8) | p[3]; */
port = (p[4] << 8) | p[5];
if ( port == 0 || host[ 0 ] == '\0' ) {
goto add_size;
}
buflen = strlen(host) + STRLENOF(":65355 ");
hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1);
if (hostlist == NULL) {
rc = LDAP_NO_MEMORY;
goto out;
}
if (cur > 0) {
/* not first time around */
hostlist[cur++] = ' ';
}
cur += sprintf(&hostlist[cur], "%s:%hd", host, port);
}
add_size:;
p += size;
}
}
static ber_tag_t
try_read1msg(
LDAP *ld,
ber_int_t msgid,
int all,
LDAPConn **lcp,
LDAPMessage **result )
{
BerElement *ber;
LDAPMessage *newmsg, *l, *prev;
ber_int_t id;
int idx;
ber_tag_t tag;
ber_len_t len;
int foundit = 0;
LDAPRequest *lr, *tmplr, dummy_lr = { 0 };
LDAPConn *lc;
BerElement tmpber;
int rc, refer_cnt, hadref, simple_request;
ber_int_t lderr;
#ifdef LDAP_CONNECTIONLESS
LDAPMessage *tmp = NULL, *chain_head = NULL;
int moremsgs = 0, isv2 = 0;
#endif
assert( ld != NULL );
assert( lcp != NULL );
assert( *lcp != NULL );
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
lc = *lcp;
retry:
if ( lc->lconn_ber == NULL ) {
lc->lconn_ber = ldap_alloc_ber_with_options( ld );
if ( lc->lconn_ber == NULL ) {
return -1;
}
}
ber = lc->lconn_ber;
assert( LBER_VALID (ber) );
/* get the next message */
sock_errset(0);
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
struct sockaddr from;
ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1;
}
nextresp3:
#endif
tag = ber_get_next( lc->lconn_sb, &len, ber );
switch ( tag ) {
case LDAP_TAG_MESSAGE:
/*
* We read a complete message.
* The connection should no longer need this ber.
*/
lc->lconn_ber = NULL;
break;
case LBER_DEFAULT:
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_CONNS,
"ber_get_next failed.\n", 0, 0, 0 );
#endif
#ifdef EWOULDBLOCK
if ( sock_errno() == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
#ifdef EAGAIN
if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
ld->ld_errno = LDAP_SERVER_DOWN;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 1, 0 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
return -1;
default:
ld->ld_errno = LDAP_LOCAL_ERROR;
return -1;
}
/* message id */
if ( ber_get_int( ber, &id ) == LBER_ERROR ) {
ber_free( ber, 1 );
ld->ld_errno = LDAP_DECODING_ERROR;
return( -1 );
}
/* id == 0 iff unsolicited notification message (RFC 4511) */
/* if it's been abandoned, toss it */
if ( id > 0 ) {
if ( ldap_abandoned( ld, id, &idx ) ) {
/* the message type */
tag = ber_peek_tag( ber, &len );
switch ( tag ) {
case LDAP_RES_SEARCH_ENTRY:
case LDAP_RES_SEARCH_REFERENCE:
case LDAP_RES_INTERMEDIATE:
case LBER_ERROR:
break;
default:
/* there's no need to keep the id
* in the abandoned list any longer */
ldap_mark_abandoned( ld, id, idx );
break;
}
Debug( LDAP_DEBUG_ANY,
"abandoned/discarded ld %p msgid %ld message type %s\n",
(void *)ld, (long)id, ldap_int_msgtype2str( tag ) );
retry_ber:
ber_free( ber, 1 );
if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
goto retry;
}
return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
}
lr = ldap_find_request_by_msgid( ld, id );
if ( lr == NULL ) {
const char *msg = "unknown";
/* the message type */
tag = ber_peek_tag( ber, &len );
switch ( tag ) {
case LBER_ERROR:
break;
default:
msg = ldap_int_msgtype2str( tag );
break;
}
Debug( LDAP_DEBUG_ANY,
"no request for response on ld %p msgid %ld message type %s (tossing)\n",
(void *)ld, (long)id, msg );
goto retry_ber;
}
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) && isv2 ) {
ber_scanf(ber, "x{");
}
nextresp2:
#endif
}
/* the message type */
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( -1 );
}
Debug( LDAP_DEBUG_TRACE,
"read1msg: ld %p msgid %ld message type %s\n",
(void *)ld, (long)lr->lr_msgid, ldap_int_msgtype2str( tag ) );
if ( id == 0 ) {
/* unsolicited notification message (RFC 4511) */
if ( tag != LDAP_RES_EXTENDED ) {
/* toss it */
goto retry_ber;
/* strictly speaking, it's an error; from RFC 4511:
4.4. Unsolicited Notification
An unsolicited notification is an LDAPMessage sent from the server to
the client that is not in response to any LDAPMessage received by the
server. It is used to signal an extraordinary condition in the
server or in the LDAP session between the client and the server. The
notification is of an advisory nature, and the server will not expect
any response to be returned from the client.
The unsolicited notification is structured as an LDAPMessage in which
the messageID is zero and protocolOp is set to the extendedResp
choice using the ExtendedResponse type (See Section 4.12). The
responseName field of the ExtendedResponse always contains an LDAPOID
that is unique for this notification.
* however, since unsolicited responses
* are of advisory nature, better
* toss it, right now
*/
#if 0
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( -1 );
#endif
}
lr = &dummy_lr;
}
id = lr->lr_origid;
refer_cnt = 0;
hadref = simple_request = 0;
rc = LDAP_MSG_X_KEEP_LOOKING; /* default is to keep looking (no response found) */
lr->lr_res_msgtype = tag;
/*
* Check for V3 search reference
*/
if ( tag == LDAP_RES_SEARCH_REFERENCE ) {
if ( ld->ld_version > LDAP_VERSION2 ) {
/* This is a V3 search reference */
if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
lr->lr_parent != NULL )
{
char **refs = NULL;
tmpber = *ber;
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
} else {
/* Note: refs array is freed by ldap_chase_v3referrals */
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
1, &lr->lr_res_error, &hadref );
if ( refer_cnt > 0 ) {
/* successfully chased reference */
/* If haven't got end search, set chasing referrals */
if ( lr->lr_status != LDAP_REQST_COMPLETED ) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
Debug( LDAP_DEBUG_TRACE,
"read1msg: search ref chased, "
"mark request chasing refs, "
"id = %d\n",
lr->lr_msgid, 0, 0 );
}
}
}
}
}
} else if ( tag != LDAP_RES_SEARCH_ENTRY && tag != LDAP_RES_INTERMEDIATE ) {
/* All results that just return a status, i.e. don't return data
* go through the following code. This code also chases V2 referrals
* and checks if all referrals have been chased.
*/
char *lr_res_error = NULL;
tmpber = *ber; /* struct copy */
if ( ber_scanf( &tmpber, "{eAA", &lderr,
&lr->lr_res_matched, &lr_res_error )
!= LBER_ERROR )
{
if ( lr_res_error != NULL ) {
if ( lr->lr_res_error != NULL ) {
(void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
LDAP_FREE( (char *)lr_res_error );
} else {
lr->lr_res_error = lr_res_error;
}
lr_res_error = NULL;
}
/* Do we need to check for referrals? */
if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
lr->lr_parent != NULL )
{
char **refs = NULL;
ber_len_t len;
/* Check if V3 referral */
if ( ber_peek_tag( &tmpber, &len ) == LDAP_TAG_REFERRAL ) {
if ( ld->ld_version > LDAP_VERSION2 ) {
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral decode error, "
"mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0 );
} else {
/* Chase the referral
* refs array is freed by ldap_chase_v3referrals
*/
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
0, &lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral %s chased, "
"mark request completed, ld %p msgid %d\n",
refer_cnt > 0 ? "" : "not",
(void *)ld, lr->lr_msgid);
if ( refer_cnt < 0 ) {
refer_cnt = 0;
}
}
}
} else {
switch ( lderr ) {
case LDAP_SUCCESS:
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
break;
default:
if ( lr->lr_res_error == NULL ) {
break;
}
/* pedantic, should never happen */
if ( lr->lr_res_error[ 0 ] == '\0' ) {
LDAP_FREE( lr->lr_res_error );
lr->lr_res_error = NULL;
break;
}
/* V2 referrals are in error string */
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, -1, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: V2 referral chased, "
"mark request completed, id = %d\n",
lr->lr_msgid, 0, 0 );
break;
}
}
}
/* save errno, message, and matched string */
if ( !hadref || lr->lr_res_error == NULL ) {
lr->lr_res_errno =
lderr == LDAP_PARTIAL_RESULTS
? LDAP_SUCCESS : lderr;
} else if ( ld->ld_errno != LDAP_SUCCESS ) {
lr->lr_res_errno = ld->ld_errno;
} else {
lr->lr_res_errno = LDAP_PARTIAL_RESULTS;
}
}
/* in any case, don't leave any lr_res_error 'round */
if ( lr_res_error ) {
LDAP_FREE( lr_res_error );
}
Debug( LDAP_DEBUG_TRACE,
"read1msg: ld %p %d new referrals\n",
(void *)ld, refer_cnt, 0 );
if ( refer_cnt != 0 ) { /* chasing referrals */
ber_free( ber, 1 );
ber = NULL;
if ( refer_cnt < 0 ) {
ldap_return_request( ld, lr, 0 );
return( -1 ); /* fatal error */
}
lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
} else {
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
/* request without any referrals */
simple_request = ( hadref ? 0 : 1 );
} else {
/* request with referrals or child request */
ber_free( ber, 1 );
ber = NULL;
}
lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
Debug( LDAP_DEBUG_TRACE,
"read1msg: mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0);
while ( lr->lr_parent != NULL ) {
merge_error_info( ld, lr->lr_parent, lr );
lr = lr->lr_parent;
if ( --lr->lr_outrefcnt > 0 ) {
break; /* not completely done yet */
}
}
/* Check if all requests are finished, lr is now parent */
tmplr = lr;
if ( tmplr->lr_status == LDAP_REQST_COMPLETED ) {
for ( tmplr = lr->lr_child;
tmplr != NULL;
tmplr = tmplr->lr_refnext )
{
if ( tmplr->lr_status != LDAP_REQST_COMPLETED ) break;
}
}
/* This is the parent request if the request has referrals */
if ( lr->lr_outrefcnt <= 0 &&
lr->lr_parent == NULL &&
tmplr == NULL )
{
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_TRACE, "request done: ld %p msgid %ld\n",
(void *)ld, (long) id, 0 );
Debug( LDAP_DEBUG_TRACE,
"res_errno: %d, res_error: <%s>, "
"res_matched: <%s>\n",
lr->lr_res_errno,
lr->lr_res_error ? lr->lr_res_error : "",
lr->lr_res_matched ? lr->lr_res_matched : "" );
if ( !simple_request ) {
ber_free( ber, 1 );
ber = NULL;
if ( build_result_ber( ld, &ber, lr )
== LBER_ERROR )
{
rc = -1; /* fatal error */
}
}
if ( lr != &dummy_lr ) {
ldap_return_request( ld, lr, 1 );
}
lr = NULL;
}
/*
* RF 4511 unsolicited (id == 0) responses
* shouldn't necessarily end the connection
*/
if ( lc != NULL && id != 0 ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 0, 1 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
}
}
}
if ( lr != NULL ) {
if ( lr != &dummy_lr ) {
ldap_return_request( ld, lr, 0 );
}
lr = NULL;
}
if ( ber == NULL ) {
return( rc );
}
/* try to handle unsolicited responses as appropriate */
if ( id == 0 && msgid > LDAP_RES_UNSOLICITED ) {
int is_nod = 0;
tag = ber_peek_tag( &tmpber, &len );
/* we have a res oid */
if ( tag == LDAP_TAG_EXOP_RES_OID ) {
static struct berval bv_nod = BER_BVC( LDAP_NOTICE_OF_DISCONNECTION );
struct berval resoid = BER_BVNULL;
if ( ber_scanf( &tmpber, "m", &resoid ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return -1;
}
assert( !BER_BVISEMPTY( &resoid ) );
is_nod = ber_bvcmp( &resoid, &bv_nod ) == 0;
tag = ber_peek_tag( &tmpber, &len );
}
#if 0 /* don't need right now */
/* we have res data */
if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
struct berval resdata;
if ( ber_scanf( &tmpber, "m", &resdata ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 0 );
return ld->ld_errno;
}
/* use it... */
}
#endif
/* handle RFC 4511 "Notice of Disconnection" locally */
if ( is_nod ) {
if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return -1;
}
/* get rid of the connection... */
if ( lc != NULL ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 0, 1 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
}
/* need to return -1, because otherwise
* a valid result is expected */
return -1;
}
}
/* make a new ldap message */
newmsg = (LDAPMessage *) LDAP_CALLOC( 1, sizeof(LDAPMessage) );
if ( newmsg == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( -1 );
}
newmsg->lm_msgid = (int)id;
newmsg->lm_msgtype = tag;
newmsg->lm_ber = ber;
newmsg->lm_chain_tail = newmsg;
#ifdef LDAP_CONNECTIONLESS
/* CLDAP replies all fit in a single datagram. In LDAPv2 RFC1798
* the responses are all a sequence wrapped in one message. In
* LDAPv3 each response is in its own message. The datagram must
* end with a SearchResult. We can't just parse each response in
* separate calls to try_read1msg because the header info is only
* present at the beginning of the datagram, not at the beginning
* of each response. So parse all the responses at once and queue
* them up, then pull off the first response to return to the
* caller when all parsing is complete.
*/
if ( LDAP_IS_UDP(ld) ) {
/* If not a result, look for more */
if ( tag != LDAP_RES_SEARCH_RESULT ) {
int ok = 0;
moremsgs = 1;
if (isv2) {
/* LDAPv2: dup the current ber, skip past the current
* response, and see if there are any more after it.
*/
ber = ber_dup( ber );
ber_scanf( ber, "x" );
if ( ber_peek_tag( ber, &len ) != LBER_DEFAULT ) {
/* There's more - dup the ber buffer so they can all be
* individually freed by ldap_msgfree.
*/
struct berval bv;
ber_get_option( ber, LBER_OPT_BER_REMAINING_BYTES, &len );
bv.bv_val = LDAP_MALLOC( len );
if ( bv.bv_val ) {
ok = 1;
ber_read( ber, bv.bv_val, len );
bv.bv_len = len;
ber_init2( ber, &bv, ld->ld_lberoptions );
}
}
} else {
/* LDAPv3: Just allocate a new ber. Since this is a buffered
* datagram, if the sockbuf is readable we still have data
* to parse.
*/
ber = ldap_alloc_ber_with_options( ld );
if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) ok = 1;
}
/* set up response chain */
if ( tmp == NULL ) {
newmsg->lm_next = ld->ld_responses;
ld->ld_responses = newmsg;
chain_head = newmsg;
} else {
tmp->lm_chain = newmsg;
}
chain_head->lm_chain_tail = newmsg;
tmp = newmsg;
/* "ok" means there's more to parse */
if ( ok ) {
if ( isv2 ) {
goto nextresp2;
} else {
goto nextresp3;
}
} else {
/* got to end of datagram without a SearchResult. Free
* our dup'd ber, but leave any buffer alone. For v2 case,
* the previous response is still using this buffer. For v3,
* the new ber has no buffer to free yet.
*/
ber_free( ber, 0 );
return -1;
}
} else if ( moremsgs ) {
/* got search result, and we had multiple responses in 1 datagram.
* stick the result onto the end of the chain, and then pull the
* first response off the head of the chain.
*/
tmp->lm_chain = newmsg;
chain_head->lm_chain_tail = newmsg;
*result = chkResponseList( ld, msgid, all );
ld->ld_errno = LDAP_SUCCESS;
return( (*result)->lm_msgtype );
}
}
#endif /* LDAP_CONNECTIONLESS */
/* is this the one we're looking for? */
if ( msgid == LDAP_RES_ANY || id == msgid ) {
if ( all == LDAP_MSG_ONE
|| ( newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
&& newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
&& newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) )
{
*result = newmsg;
ld->ld_errno = LDAP_SUCCESS;
return( tag );
} else if ( newmsg->lm_msgtype == LDAP_RES_SEARCH_RESULT) {
foundit = 1; /* return the chain later */
}
}
/*
* if not, we must add it to the list of responses. if
* the msgid is already there, it must be part of an existing
* search response.
*/
prev = NULL;
for ( l = ld->ld_responses; l != NULL; l = l->lm_next ) {
if ( l->lm_msgid == newmsg->lm_msgid ) {
break;
}
prev = l;
}
/* not part of an existing search response */
if ( l == NULL ) {
if ( foundit ) {
*result = newmsg;
goto exit;
}
newmsg->lm_next = ld->ld_responses;
ld->ld_responses = newmsg;
goto exit;
}
Debug( LDAP_DEBUG_TRACE, "adding response ld %p msgid %ld type %ld:\n",
(void *)ld, (long) newmsg->lm_msgid, (long) newmsg->lm_msgtype );
/* part of a search response - add to end of list of entries */
l->lm_chain_tail->lm_chain = newmsg;
l->lm_chain_tail = newmsg;
/* return the whole chain if that's what we were looking for */
if ( foundit ) {
if ( prev == NULL ) {
ld->ld_responses = l->lm_next;
} else {
prev->lm_next = l->lm_next;
}
*result = l;
}
exit:
if ( foundit ) {
ld->ld_errno = LDAP_SUCCESS;
return( tag );
}
if ( lc && ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
goto retry;
}
return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
}
static ber_tag_t
build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
{
ber_len_t len;
ber_tag_t tag;
ber_int_t along;
BerElement *ber;
*bp = NULL;
ber = ldap_alloc_ber_with_options( ld );
if( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return LBER_ERROR;
}
if ( ber_printf( ber, "{it{ess}}", lr->lr_msgid,
lr->lr_res_msgtype, lr->lr_res_errno,
lr->lr_res_matched ? lr->lr_res_matched : "",
lr->lr_res_error ? lr->lr_res_error : "" ) == -1 )
{
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
ber_reset( ber, 1 );
if ( ber_skip_tag( ber, &len ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
if ( ber_get_enum( ber, &along ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
*bp = ber;
return tag;
}
int
ldap_set_option(
LDAP *ld,
int option,
LDAP_CONST void *invalue)
{
struct ldapoptions *lo;
int *dbglvl = NULL;
int rc = LDAP_OPT_ERROR;
/* Get pointer to global option structure */
lo = LDAP_INT_GLOBAL_OPT();
if (lo == NULL) {
return LDAP_NO_MEMORY;
}
/*
* The architecture to turn on debugging has a chicken and egg
* problem. Thus, we introduce a fix here.
*/
if (option == LDAP_OPT_DEBUG_LEVEL) {
dbglvl = (int *) invalue;
}
if( lo->ldo_valid != LDAP_INITIALIZED ) {
ldap_int_initialize(lo, dbglvl);
if ( lo->ldo_valid != LDAP_INITIALIZED )
return LDAP_LOCAL_ERROR;
}
if(ld != NULL) {
assert( LDAP_VALID( ld ) );
if( !LDAP_VALID( ld ) ) {
return LDAP_OPT_ERROR;
}
lo = &ld->ld_options;
}
LDAP_MUTEX_LOCK( &lo->ldo_mutex );
switch ( option ) {
/* options with boolean values */
case LDAP_OPT_REFERRALS:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_REFERRALS);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_REFERRALS);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESTART:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_RESTART);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_RESTART);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_ASYNC:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_CONNECT_ASYNC);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_CONNECT_ASYNC);
}
rc = LDAP_OPT_SUCCESS;
break;
/* options which can withstand invalue == NULL */
case LDAP_OPT_SERVER_CONTROLS: {
LDAPControl *const *controls =
(LDAPControl *const *) invalue;
if( lo->ldo_sctrls )
ldap_controls_free( lo->ldo_sctrls );
if( controls == NULL || *controls == NULL ) {
lo->ldo_sctrls = NULL;
rc = LDAP_OPT_SUCCESS;
break;
}
lo->ldo_sctrls = ldap_controls_dup( controls );
if(lo->ldo_sctrls == NULL) {
/* memory allocation error ? */
break; /* LDAP_OPT_ERROR */
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CLIENT_CONTROLS: {
LDAPControl *const *controls =
(LDAPControl *const *) invalue;
if( lo->ldo_cctrls )
ldap_controls_free( lo->ldo_cctrls );
if( controls == NULL || *controls == NULL ) {
lo->ldo_cctrls = NULL;
rc = LDAP_OPT_SUCCESS;
break;
}
lo->ldo_cctrls = ldap_controls_dup( controls );
if(lo->ldo_cctrls == NULL) {
/* memory allocation error ? */
break; /* LDAP_OPT_ERROR */
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_HOST_NAME: {
const char *host = (const char *) invalue;
LDAPURLDesc *ludlist = NULL;
rc = LDAP_OPT_SUCCESS;
if(host != NULL) {
rc = ldap_url_parsehosts( &ludlist, host,
lo->ldo_defport ? lo->ldo_defport : LDAP_PORT );
} else if(ld == NULL) {
/*
* must want global default returned
* to initial condition.
*/
rc = ldap_url_parselist_ext(&ludlist, "ldap://localhost/", NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else {
/*
* must want the session default
* updated to the current global default
*/
ludlist = ldap_url_duplist(
ldap_int_global_options.ldo_defludp);
if (ludlist == NULL)
rc = LDAP_NO_MEMORY;
}
if (rc == LDAP_OPT_SUCCESS) {
if (lo->ldo_defludp != NULL)
ldap_free_urllist(lo->ldo_defludp);
lo->ldo_defludp = ludlist;
}
break;
}
case LDAP_OPT_URI: {
const char *urls = (const char *) invalue;
LDAPURLDesc *ludlist = NULL;
rc = LDAP_OPT_SUCCESS;
if(urls != NULL) {
rc = ldap_url_parselist_ext(&ludlist, urls, NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else if(ld == NULL) {
/*
* must want global default returned
* to initial condition.
*/
rc = ldap_url_parselist_ext(&ludlist, "ldap://localhost/", NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else {
/*
* must want the session default
* updated to the current global default
*/
ludlist = ldap_url_duplist(
ldap_int_global_options.ldo_defludp);
if (ludlist == NULL)
rc = LDAP_URL_ERR_MEM;
}
switch (rc) {
case LDAP_URL_SUCCESS: /* Success */
rc = LDAP_SUCCESS;
break;
case LDAP_URL_ERR_MEM: /* can't allocate memory space */
rc = LDAP_NO_MEMORY;
break;
case LDAP_URL_ERR_PARAM: /* parameter is bad */
case LDAP_URL_ERR_BADSCHEME: /* URL doesn't begin with "ldap[si]://" */
case LDAP_URL_ERR_BADENCLOSURE: /* URL is missing trailing ">" */
case LDAP_URL_ERR_BADURL: /* URL is bad */
case LDAP_URL_ERR_BADHOST: /* host port is bad */
case LDAP_URL_ERR_BADATTRS: /* bad (or missing) attributes */
case LDAP_URL_ERR_BADSCOPE: /* scope string is invalid (or missing) */
case LDAP_URL_ERR_BADFILTER: /* bad or missing filter */
case LDAP_URL_ERR_BADEXTS: /* bad or missing extensions */
rc = LDAP_PARAM_ERROR;
break;
}
if (rc == LDAP_SUCCESS) {
if (lo->ldo_defludp != NULL)
ldap_free_urllist(lo->ldo_defludp);
lo->ldo_defludp = ludlist;
}
break;
}
case LDAP_OPT_DEFBASE: {
const char *newbase = (const char *) invalue;
char *defbase = NULL;
if ( newbase != NULL ) {
defbase = LDAP_STRDUP( newbase );
if ( defbase == NULL ) {
rc = LDAP_NO_MEMORY;
break;
}
} else if ( ld != NULL ) {
defbase = LDAP_STRDUP( ldap_int_global_options.ldo_defbase );
if ( defbase == NULL ) {
rc = LDAP_NO_MEMORY;
break;
}
}
if ( lo->ldo_defbase != NULL )
LDAP_FREE( lo->ldo_defbase );
lo->ldo_defbase = defbase;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DIAGNOSTIC_MESSAGE: {
const char *err = (const char *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_error ) {
LDAP_FREE(ld->ld_error);
ld->ld_error = NULL;
}
if ( err ) {
ld->ld_error = LDAP_STRDUP(err);
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_MATCHED_DN: {
const char *matched = (const char *) invalue;
if (ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_matched ) {
LDAP_FREE(ld->ld_matched);
ld->ld_matched = NULL;
}
if ( matched ) {
ld->ld_matched = LDAP_STRDUP( matched );
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRAL_URLS: {
char *const *referrals = (char *const *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_referrals ) {
LDAP_VFREE(ld->ld_referrals);
}
if ( referrals ) {
ld->ld_referrals = ldap_value_dup(referrals);
}
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_rebind_proc() */
case LDAP_OPT_REBIND_PROC: {
lo->ldo_rebind_proc = (LDAP_REBIND_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REBIND_PARAMS: {
lo->ldo_rebind_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_nextref_proc() */
case LDAP_OPT_NEXTREF_PROC: {
lo->ldo_nextref_proc = (LDAP_NEXTREF_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NEXTREF_PARAMS: {
lo->ldo_nextref_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_urllist_proc() */
case LDAP_OPT_URLLIST_PROC: {
lo->ldo_urllist_proc = (LDAP_URLLIST_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_URLLIST_PARAMS: {
lo->ldo_urllist_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* read-only options */
case LDAP_OPT_API_INFO:
case LDAP_OPT_DESC:
case LDAP_OPT_SOCKBUF:
case LDAP_OPT_API_FEATURE_INFO:
break; /* LDAP_OPT_ERROR */
/* options which cannot withstand invalue == NULL */
case LDAP_OPT_DEREF:
case LDAP_OPT_SIZELIMIT:
case LDAP_OPT_TIMELIMIT:
case LDAP_OPT_PROTOCOL_VERSION:
case LDAP_OPT_RESULT_CODE:
case LDAP_OPT_DEBUG_LEVEL:
case LDAP_OPT_TIMEOUT:
case LDAP_OPT_NETWORK_TIMEOUT:
case LDAP_OPT_CONNECT_CB:
case LDAP_OPT_X_KEEPALIVE_IDLE:
case LDAP_OPT_X_KEEPALIVE_PROBES :
case LDAP_OPT_X_KEEPALIVE_INTERVAL :
if(invalue == NULL) {
/* no place to set from */
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_ERROR );
}
break;
default:
#ifdef HAVE_TLS
if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
#ifdef HAVE_CYRUS_SASL
if ( ldap_int_sasl_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
#ifdef HAVE_GSSAPI
if ( ldap_int_gssapi_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
/* bad param */
break; /* LDAP_OPT_ERROR */
}
/* options which cannot withstand invalue == NULL */
switch(option) {
case LDAP_OPT_DEREF:
/* FIXME: check value for protocol compliance? */
lo->ldo_deref = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SIZELIMIT:
/* FIXME: check value for protocol compliance? */
lo->ldo_sizelimit = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMELIMIT:
/* FIXME: check value for protocol compliance? */
lo->ldo_timelimit = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMEOUT: {
const struct timeval *tv =
(const struct timeval *) invalue;
lo->ldo_tm_api = *tv;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NETWORK_TIMEOUT: {
const struct timeval *tv =
(const struct timeval *) invalue;
lo->ldo_tm_net = *tv;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_PROTOCOL_VERSION: {
int vers = * (const int *) invalue;
if (vers < LDAP_VERSION_MIN || vers > LDAP_VERSION_MAX) {
/* not supported */
break;
}
lo->ldo_version = vers;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESULT_CODE: {
int err = * (const int *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break;
}
ld->ld_errno = err;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEBUG_LEVEL:
lo->ldo_debug = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_CB:
{
/* setting pushes the callback */
ldaplist *ll;
ll = LDAP_MALLOC( sizeof( *ll ));
ll->ll_data = (void *)invalue;
ll->ll_next = lo->ldo_conn_cbs;
lo->ldo_conn_cbs = ll;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_IDLE:
lo->ldo_keepalive_idle = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_PROBES :
lo->ldo_keepalive_probes = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_INTERVAL :
lo->ldo_keepalive_interval = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
}
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( rc );
}
/* suites is a string of colon-separated cipher suite names. */
static int
tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
{
#ifdef HAVE_CIPHERSUITES
const char *err;
return gnutls_priority_init( &ctx->prios, suites, &err );
#else
char *ptr, *end;
int i, j, len, num;
int *list, nkx = 0, ncipher = 0, nmac = 0;
int *kx, *cipher, *mac;
num = 0;
ptr = suites;
do {
end = strchr(ptr, ':');
if ( end )
len = end - ptr;
else
len = strlen(ptr);
for (i=0; i<tlsg_n_ciphers; i++) {
if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) {
num++;
break;
}
}
if ( i == tlsg_n_ciphers ) {
/* unrecognized cipher suite */
return -1;
}
ptr += len + 1;
} while (end);
/* Space for all 3 lists */
list = LDAP_MALLOC( (num+1) * sizeof(int) * 3 );
if ( !list )
return -1;
kx = list;
cipher = kx+num+1;
mac = cipher+num+1;
ptr = suites;
do {
end = strchr(ptr, ':');
if ( end )
len = end - ptr;
else
len = strlen(ptr);
for (i=0; i<tlsg_n_ciphers; i++) {
/* For each cipher suite, insert its algorithms into
* their respective priority lists. Make sure they
* only appear once in each list.
*/
if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) {
for (j=0; j<nkx; j++)
if ( kx[j] == tlsg_ciphers[i].kx )
break;
if ( j == nkx )
kx[nkx++] = tlsg_ciphers[i].kx;
for (j=0; j<ncipher; j++)
if ( cipher[j] == tlsg_ciphers[i].cipher )
break;
if ( j == ncipher )
cipher[ncipher++] = tlsg_ciphers[i].cipher;
for (j=0; j<nmac; j++)
if ( mac[j] == tlsg_ciphers[i].mac )
break;
if ( j == nmac )
mac[nmac++] = tlsg_ciphers[i].mac;
break;
}
}
ptr += len + 1;
} while (end);
kx[nkx] = 0;
cipher[ncipher] = 0;
mac[nmac] = 0;
ctx->kx_list = kx;
ctx->cipher_list = cipher;
ctx->mac_list = mac;
return 0;
#endif
}
int
ldap_sort_entries(
LDAP *ld,
LDAPMessage **chain,
LDAP_CONST char *attr, /* NULL => sort by DN */
int (*cmp) (LDAP_CONST char *, LDAP_CONST char *)
)
{
int i, count = 0;
struct entrything *et;
LDAPMessage *e, *ehead = NULL, *etail = NULL;
LDAPMessage *ohead = NULL, *otail = NULL;
LDAPMessage **ep;
assert( ld != NULL );
/* Separate entries from non-entries */
for ( e = *chain; e; e=e->lm_chain ) {
if ( e->lm_msgtype == LDAP_RES_SEARCH_ENTRY ) {
count++;
if ( !ehead ) ehead = e;
if ( etail ) etail->lm_chain = e;
etail = e;
} else {
if ( !ohead ) ohead = e;
if ( otail ) otail->lm_chain = e;
otail = e;
}
}
if ( count < 2 ) {
/* zero or one entries -- already sorted! */
if ( ehead ) {
etail->lm_chain = ohead;
*chain = ehead;
} else {
*chain = ohead;
}
return 0;
}
if ( (et = (struct entrything *) LDAP_MALLOC( count *
sizeof(struct entrything) )) == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( -1 );
}
e = ehead;
for ( i = 0; i < count; i++ ) {
et[i].et_cmp_fn = cmp;
et[i].et_msg = e;
if ( attr == NULL ) {
char *dn;
dn = ldap_get_dn( ld, e );
et[i].et_vals = ldap_explode_dn( dn, 1 );
LDAP_FREE( dn );
} else {
et[i].et_vals = ldap_get_values( ld, e, attr );
}
e = e->lm_chain;
}
qsort( et, count, sizeof(struct entrything), et_cmp );
ep = chain;
for ( i = 0; i < count; i++ ) {
*ep = et[i].et_msg;
ep = &(*ep)->lm_chain;
LDAP_VFREE( et[i].et_vals );
}
*ep = ohead;
(*chain)->lm_chain_tail = otail ? otail : etail;
LDAP_FREE( (char *) et );
return( 0 );
}
static int
der_to_ldap_BitString (struct berval *berValue,
struct berval *ldapValue)
{
ber_len_t bitPadding=0;
ber_len_t bits, maxBits;
char *tmpStr;
unsigned char byte;
ber_len_t bitLength;
ber_len_t valLen;
unsigned char* valPtr;
ldapValue->bv_len=0;
ldapValue->bv_val=NULL;
/* Gets padding and points to binary data */
valLen=berValue->bv_len;
valPtr=(unsigned char*)berValue->bv_val;
if (valLen) {
bitPadding=(ber_len_t)(valPtr[0]);
valLen--;
valPtr++;
}
/* If Block is non DER encoding fixes to DER encoding */
if (bitPadding >= BITS_PER_BYTE) {
if (valLen*BITS_PER_BYTE > bitPadding ) {
valLen-=(bitPadding/BITS_PER_BYTE);
bitPadding%=BITS_PER_BYTE;
} else {
valLen=0;
bitPadding=0;
}
}
/* Just in case bad encoding */
if (valLen*BITS_PER_BYTE < bitPadding ) {
bitPadding=0;
valLen=0;
}
/* Gets buffer to hold RFC4517 Bit String format */
bitLength=valLen*BITS_PER_BYTE-bitPadding;
tmpStr=LDAP_MALLOC(bitLength + STR_OVERHEAD + 1);
if (!tmpStr)
return LDAP_NO_MEMORY;
ldapValue->bv_val=tmpStr;
ldapValue->bv_len=bitLength + STR_OVERHEAD;
/* Formatting in '*binary-digit'B format */
maxBits=BITS_PER_BYTE;
*tmpStr++ ='\'';
while(valLen) {
byte=*valPtr;
if (valLen==1)
maxBits-=bitPadding;
for (bits=0; bits<maxBits; bits++) {
if (0x80 & byte)
*tmpStr='1';
else
*tmpStr='0';
tmpStr++;
byte<<=1;
}
valPtr++;
valLen--;
}
*tmpStr++ ='\'';
*tmpStr++ ='B';
*tmpStr=0;
return LDAP_SUCCESS;
}
/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN.
* x509_name must be raw DER. If func is non-NULL, the
* constructed DN will use numeric OIDs to identify attributeTypes,
* and the func() will be invoked to rewrite the DN with the given
* flags.
*
* Otherwise the DN will use shortNames from a hardcoded table.
*/
int
ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
unsigned flags )
{
LDAPDN newDN;
LDAPRDN newRDN;
LDAPAVA *newAVA, *baseAVA;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
char oids[8192], *oidptr = oids, *oidbuf = NULL;
void *ptrs[2048];
char *dn_end, *rdn_end;
int i, navas, nrdns, rc = LDAP_SUCCESS;
size_t dnsize, oidrem = sizeof(oids), oidsize = 0;
int csize;
ber_tag_t tag;
ber_len_t len;
oid_name *oidname;
struct berval Oid, Val, oid2, *in = x509_name;
assert( bv != NULL );
bv->bv_len = 0;
bv->bv_val = NULL;
navas = 0;
nrdns = 0;
/* A DN is a SEQUENCE of RDNs. An RDN is a SET of AVAs.
* An AVA is a SEQUENCE of attr and value.
* Count the number of AVAs and RDNs
*/
ber_init2( ber, in, LBER_USE_DER );
tag = ber_peek_tag( ber, &len );
if ( tag != LBER_SEQUENCE )
return LDAP_DECODING_ERROR;
for ( tag = ber_first_element( ber, &len, &dn_end );
tag == LBER_SET;
tag = ber_next_element( ber, &len, dn_end )) {
nrdns++;
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
navas++;
}
}
/* Allocate the DN/RDN/AVA stuff as a single block */
dnsize = sizeof(LDAPRDN) * (nrdns+1);
dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
dnsize += sizeof(LDAPAVA) * navas;
if (dnsize > sizeof(ptrs)) {
newDN = (LDAPDN)LDAP_MALLOC( dnsize );
if ( newDN == NULL )
return LDAP_NO_MEMORY;
} else {
newDN = (LDAPDN)(char *)ptrs;
}
newDN[nrdns] = NULL;
newRDN = (LDAPRDN)(newDN + nrdns+1);
newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
baseAVA = newAVA;
/* Rewind and start extracting */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
for ( i = nrdns - 1; i >= 0; i-- ) {
newDN[i] = newRDN;
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
*newRDN++ = newAVA;
tag = ber_skip_tag( ber, &len );
tag = ber_get_stringbv( ber, &Oid, LBER_BV_NOTERM );
if ( tag != LBER_TAG_OID ) {
rc = LDAP_DECODING_ERROR;
goto nomem;
}
oid2.bv_val = oidptr;
oid2.bv_len = oidrem;
if ( ber_decode_oid( &Oid, &oid2 ) < 0 ) {
rc = LDAP_DECODING_ERROR;
goto nomem;
}
oidname = find_oid( &oid2 );
if ( !oidname ) {
newAVA->la_attr = oid2;
oidptr += oid2.bv_len + 1;
oidrem -= oid2.bv_len + 1;
/* Running out of OID buffer space? */
if (oidrem < 128) {
if ( oidsize == 0 ) {
oidsize = sizeof(oids) * 2;
oidrem = oidsize;
oidbuf = LDAP_MALLOC( oidsize );
if ( oidbuf == NULL ) goto nomem;
oidptr = oidbuf;
} else {
char *old = oidbuf;
oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 );
if ( oidbuf == NULL ) goto nomem;
/* Buffer moved! Fix AVA pointers */
if ( old != oidbuf ) {
LDAPAVA *a;
long dif = oidbuf - old;
for (a=baseAVA; a<=newAVA; a++){
if (a->la_attr.bv_val >= old &&
a->la_attr.bv_val <= (old + oidsize))
a->la_attr.bv_val += dif;
}
}
oidptr = oidbuf + oidsize - oidrem;
oidrem += oidsize;
oidsize *= 2;
}
}
} else {
if ( func ) {
newAVA->la_attr = oidname->oid;
} else {
newAVA->la_attr = oidname->name;
}
}
newAVA->la_private = NULL;
newAVA->la_flags = LDAP_AVA_STRING;
tag = ber_get_stringbv( ber, &Val, LBER_BV_NOTERM );
switch(tag) {
case LBER_TAG_UNIVERSAL:
/* This uses 32-bit ISO 10646-1 */
csize = 4; goto to_utf8;
case LBER_TAG_BMP:
/* This uses 16-bit ISO 10646-1 */
csize = 2; goto to_utf8;
case LBER_TAG_TELETEX:
/* This uses 8-bit, assume ISO 8859-1 */
csize = 1;
to_utf8: rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value );
newAVA->la_flags |= LDAP_AVA_NONPRINTABLE;
allocd:
newAVA->la_flags |= LDAP_AVA_FREE_VALUE;
if (rc != LDAP_SUCCESS) goto nomem;
break;
case LBER_TAG_UTF8:
newAVA->la_flags |= LDAP_AVA_NONPRINTABLE;
/* This is already in UTF-8 encoding */
case LBER_TAG_IA5:
case LBER_TAG_PRINTABLE:
/* These are always 7-bit strings */
newAVA->la_value = Val;
break;
case LBER_BITSTRING:
/* X.690 bitString value converted to RFC4517 Bit String */
rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
goto allocd;
default:
/* Not a string type at all */
newAVA->la_flags = 0;
newAVA->la_value = Val;
break;
}
newAVA++;
}
*newRDN++ = NULL;
tag = ber_next_element( ber, &len, dn_end );
}
if ( func ) {
rc = func( newDN, flags, NULL );
if ( rc != LDAP_SUCCESS )
goto nomem;
}
rc = ldap_dn2bv_x( newDN, bv, LDAP_DN_FORMAT_LDAPV3, NULL );
nomem:
for (;baseAVA < newAVA; baseAVA++) {
if (baseAVA->la_flags & LDAP_AVA_FREE_ATTR)
LDAP_FREE( baseAVA->la_attr.bv_val );
if (baseAVA->la_flags & LDAP_AVA_FREE_VALUE)
LDAP_FREE( baseAVA->la_value.bv_val );
}
if ( oidsize != 0 )
LDAP_FREE( oidbuf );
if ( newDN != (LDAPDN)(char *) ptrs )
LDAP_FREE( newDN );
return rc;
}
char *
ldap_friendly_name(
LDAP_CONST char *filename,
/* LDAP_CONST */ char *uname,
LDAPFriendlyMap **map )
{
int i, entries;
FILE *fp;
char *s;
char buf[BUFSIZ];
if ( map == NULL ) {
errno = EINVAL;
return( uname );
}
if ( *map == NULL ) {
if ( (fp = fopen( filename, "r" )) == NULL )
return( uname );
entries = 0;
while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
if ( buf[0] != '#' )
entries++;
}
rewind( fp );
if ( (*map = (LDAPFriendlyMap *) LDAP_MALLOC( (entries + 1) *
sizeof(LDAPFriendlyMap) )) == NULL ) {
fclose( fp );
return( uname );
}
i = 0;
while ( fgets( buf, sizeof(buf), fp ) != NULL && i < entries ) {
if ( buf[0] == '#' )
continue;
if ( (s = strchr( buf, '\n' )) != NULL )
*s = '\0';
if ( (s = strchr( buf, '\t' )) == NULL )
continue;
*s++ = '\0';
if ( *s == '"' ) {
int esc = 0, found = 0;
for ( ++s; *s && !found; s++ ) {
switch ( *s ) {
case '\\':
esc = 1;
break;
case '"':
if ( !esc )
found = 1;
/* FALL */
default:
esc = 0;
break;
}
}
}
(*map)[i].lf_unfriendly = strdup( buf );
(*map)[i].lf_friendly = strdup( s );
i++;
}
fclose( fp );
(*map)[i].lf_unfriendly = NULL;
}
for ( i = 0; (*map)[i].lf_unfriendly != NULL; i++ ) {
if ( strcasecmp( uname, (*map)[i].lf_unfriendly ) == 0 )
return( (*map)[i].lf_friendly );
}
return( uname );
}
