/*
* ldap_sasl_bind - authenticate to the ldap server. The dn, mechanism,
* and credentials of the entry to which to bind are supplied. An LDAP
* error code is returned and if LDAP_SUCCESS is returned *msgidp is set
* to the id of the request initiated.
*
* Example:
* struct berval creds;
* LDAPControl **ctrls;
* int err, msgid;
* ... fill in creds with credentials ...
* ... fill in ctrls with server controls ...
* err = ldap_sasl_bind( ld, "cn=manager, o=university of michigan, c=us",
* "mechanismname", &creds, ctrls, NULL, &msgid );
*/
int
LDAP_CALL
ldap_sasl_bind(
LDAP *ld,
const char *dn,
const char *mechanism,
const struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
int *msgidp
)
{
BerElement *ber;
int rc, simple, msgid, ldapversion;
/*
* The ldapv3 bind request looks like this:
* BindRequest ::= SEQUENCE {
* version INTEGER,
* name DistinguishedName, -- who
* authentication CHOICE {
* simple [0] OCTET STRING, -- passwd
* sasl [3] SaslCredentials -- v3 only
* }
* }
* SaslCredentials ::= SEQUENCE {
* mechanism LDAPString,
* credentials OCTET STRING
* }
* all wrapped up in an LDAPMessage sequence.
*/
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
if ( msgidp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
simple = ( mechanism == LDAP_SASL_SIMPLE );
ldapversion = NSLDAPI_LDAP_VERSION( ld );
/* only ldapv3 or higher can do sasl binds */
if ( !simple && ldapversion < LDAP_VERSION3 ) {
LDAP_SET_LDERRNO( ld, LDAP_NOT_SUPPORTED, NULL, NULL );
return( LDAP_NOT_SUPPORTED );
}
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
msgid = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
if ( dn == NULL )
dn = "";
if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
if ( (rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn,
cred, LDAP_AUTH_SASL )) != 0 ) {
*msgidp = rc;
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
return( LDAP_SUCCESS );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
}
/* create a message to send */
if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
!= LDAP_SUCCESS ) {
return( rc );
}
/* fill it in */
if ( simple ) { /* simple bind; works in LDAPv2 or v3 */
struct berval tmpcred;
if ( cred == NULL ) {
tmpcred.bv_val = "";
tmpcred.bv_len = 0;
cred = &tmpcred;
}
rc = ber_printf( ber, "{it{isto}", msgid, LDAP_REQ_BIND,
ldapversion, dn, LDAP_AUTH_SIMPLE, cred->bv_val,
(int)cred->bv_len /* XXX lossy cast */ );
} else { /* SASL bind; requires LDAPv3 or better */
if ( cred == NULL ) {
rc = ber_printf( ber, "{it{ist{s}}", msgid,
LDAP_REQ_BIND, ldapversion, dn, LDAP_AUTH_SASL,
mechanism );
} else {
rc = ber_printf( ber, "{it{ist{so}}", msgid,
LDAP_REQ_BIND, ldapversion, dn, LDAP_AUTH_SASL,
mechanism, cred->bv_val,
(int)cred->bv_len /* XXX lossy cast */ );
}
}
if ( rc == -1 ) {
LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_ENCODING_ERROR );
}
if ( (rc = nsldapi_put_controls( ld, serverctrls, 1, ber ))
!= LDAP_SUCCESS ) {
ber_free( ber, 1 );
return( rc );
}
/* send the message */
rc = nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
(char *)dn, ber );
*msgidp = rc;
return( rc < 0 ? LDAP_GET_LDERRNO( ld, NULL, NULL ) : LDAP_SUCCESS );
}
int
LDAP_CALL
ldap_extended_operation(
LDAP *ld,
const char *exoid,
const struct berval *exdata,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
int *msgidp
)
{
BerElement *ber;
int rc, msgid;
/*
* the ldapv3 extended operation request looks like this:
*
* ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
* requestName LDAPOID,
* requestValue OCTET STRING
* }
*
* all wrapped up in an LDAPMessage sequence.
*/
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_extended_operation\n", 0, 0, 0 );
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
/* only ldapv3 or higher can do extended operations */
if ( NSLDAPI_LDAP_VERSION( ld ) < LDAP_VERSION3 ) {
rc = LDAP_NOT_SUPPORTED;
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
if ( msgidp == NULL || exoid == NULL || *exoid == '\0' ) {
rc = LDAP_PARAM_ERROR;
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
msgid = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
#if 0
if ( ld->ld_cache_on && ld->ld_cache_extendedop != NULL ) {
LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
if ( (rc = (ld->ld_cache_extendedop)( ld, msgid,
LDAP_REQ_EXTENDED, exoid, cred )) != 0 ) {
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
return( rc );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
}
#endif
/* create a message to send */
if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
!= LDAP_SUCCESS ) {
return( rc );
}
/* fill it in */
if ( ber_printf( ber, "{it{tsto}", msgid, LDAP_REQ_EXTENDED,
LDAP_TAG_EXOP_REQ_OID, exoid, LDAP_TAG_EXOP_REQ_VALUE,
exdata->bv_val, (int)exdata->bv_len /* XXX lossy cast */ ) == -1 ) {
rc = LDAP_ENCODING_ERROR;
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
ber_free( ber, 1 );
return( rc );
}
if (( rc = nsldapi_put_controls( ld, serverctrls, 1, ber ))
!= LDAP_SUCCESS ) {
ber_free( ber, 1 );
return( rc );
}
/* send the message */
rc = nsldapi_send_initial_request( ld, msgid, LDAP_REQ_EXTENDED, NULL,
ber );
*msgidp = rc;
return( rc < 0 ? LDAP_GET_LDERRNO( ld, NULL, NULL ) : LDAP_SUCCESS );
}
static int
simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
int unlock_permitted )
{
BerElement *ber;
int rc, msgid;
/*
* The bind request looks like this:
* BindRequest ::= SEQUENCE {
* version INTEGER,
* name DistinguishedName, -- who
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
* }
* }
* all wrapped up in an LDAPMessage sequence.
*/
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
msgid = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
if ( dn == NULL )
dn = "";
if ( passwd == NULL )
passwd = "";
if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
struct berval bv;
bv.bv_val = (char *)passwd;
bv.bv_len = strlen( passwd );
/* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */
LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv,
LDAP_AUTH_SIMPLE );
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
/* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */
if ( rc != 0 ) {
return( rc );
}
}
/* create a message to send */
if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
!= LDAP_SUCCESS ) {
return( -1 );
}
/* fill it in */
if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND,
NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( -1 );
}
if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) {
ber_free( ber, 1 );
return( -1 );
}
/* send the message */
return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
(char *)dn, ber ));
}
int
LDAP_CALL
ldap_modify_ext( LDAP *ld, const char *dn, LDAPMod **mods,
LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp )
{
BerElement *ber;
int i, rc, lderr;
/*
* A modify request looks like this:
* ModifyRequet ::= SEQUENCE {
* object DistinguishedName,
* modifications SEQUENCE OF SEQUENCE {
* operation ENUMERATED {
* add (0),
* delete (1),
* replace (2)
* },
* modification SEQUENCE {
* type AttributeType,
* values SET OF AttributeValue
* }
* }
* }
*/
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_modify_ext\n", 0, 0, 0 );
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( !NSLDAPI_VALID_LDAPMESSAGE_POINTER( msgidp ))
{
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
if ( !NSLDAPI_VALID_NONEMPTY_LDAPMOD_ARRAY( mods )) {
lderr = LDAP_PARAM_ERROR;
LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
return( lderr );
}
if ( dn == NULL ) {
dn = "";
}
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
*msgidp = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
/* see if we should add to the cache */
if ( ld->ld_cache_on && ld->ld_cache_modify != NULL ) {
LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
if ( (rc = (ld->ld_cache_modify)( ld, *msgidp, LDAP_REQ_MODIFY,
dn, mods )) != 0 ) {
*msgidp = rc;
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
return( LDAP_SUCCESS );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
}
/* create a message to send */
if (( lderr = nsldapi_alloc_ber_with_options( ld, &ber ))
!= LDAP_SUCCESS ) {
return( lderr );
}
if ( ber_printf( ber, "{it{s{", *msgidp, LDAP_REQ_MODIFY, dn )
== -1 ) {
lderr = LDAP_ENCODING_ERROR;
LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
ber_free( ber, 1 );
return( lderr );
}
/* for each modification to be performed... */
for ( i = 0; mods[i] != NULL; i++ ) {
if (( mods[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
rc = ber_printf( ber, "{e{s[V]}}",
mods[i]->mod_op & ~LDAP_MOD_BVALUES,
mods[i]->mod_type, mods[i]->mod_bvalues );
} else {
rc = ber_printf( ber, "{e{s[v]}}", mods[i]->mod_op,
mods[i]->mod_type, mods[i]->mod_values );
}
if ( rc == -1 ) {
lderr = LDAP_ENCODING_ERROR;
LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
ber_free( ber, 1 );
return( lderr );
}
}
if ( ber_printf( ber, "}}" ) == -1 ) {
lderr = LDAP_ENCODING_ERROR;
LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
ber_free( ber, 1 );
return( lderr );
}
if (( lderr = nsldapi_put_controls( ld, serverctrls, 1, ber ))
!= LDAP_SUCCESS ) {
ber_free( ber, 1 );
return( lderr );
}
/* send the message */
rc = nsldapi_send_initial_request( ld, *msgidp, LDAP_REQ_MODIFY,
(char *)dn, ber );
*msgidp = rc;
return( rc < 0 ? LDAP_GET_LDERRNO( ld, NULL, NULL ) : LDAP_SUCCESS );
}
/*
* Like ldap_search_ext() except an integer timelimit is passed instead of
* using the overloaded struct timeval *timeoutp.
*/
static int
nsldapi_search(
LDAP *ld,
const char *base,
int scope,
const char *filter,
char **attrs,
int attrsonly,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
int timelimit, /* -1 means use ld->ld_timelimit */
int sizelimit, /* -1 means use ld->ld_sizelimit */
int *msgidp
)
{
BerElement *ber;
int rc, rc_key;
unsigned long key; /* XXXmcs: memcache */
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( base == NULL ) {
base = "";
}
if ( filter == NULL ) {
filter = "(objectclass=*)";
}
if ( msgidp == NULL || ( scope != LDAP_SCOPE_BASE
&& scope != LDAP_SCOPE_ONELEVEL && scope != LDAP_SCOPE_SUBTREE )
|| ( sizelimit < -1 )) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
*msgidp = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
/*
* XXXmcs: should use cache function pointers to hook in memcache
*/
if ( ld->ld_memcache == NULL ) {
rc_key = LDAP_NOT_SUPPORTED;
} else if (( rc_key = ldap_memcache_createkey( ld, base, scope, filter,
attrs, attrsonly, serverctrls, clientctrls, &key)) == LDAP_SUCCESS
&& ldap_memcache_result( ld, *msgidp, key ) == LDAP_SUCCESS ) {
return LDAP_SUCCESS;
}
/* check the cache */
if ( ld->ld_cache_on && ld->ld_cache_search != NULL ) {
LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
if ( (rc = (ld->ld_cache_search)( ld, *msgidp, LDAP_REQ_SEARCH,
base, scope, filter, attrs, attrsonly )) != 0 ) {
*msgidp = rc;
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
return( LDAP_SUCCESS );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
}
/* caching off or did not find it in the cache - check the net */
if (( rc = nsldapi_build_search_req( ld, base, scope, filter, attrs,
attrsonly, serverctrls, clientctrls, timelimit, sizelimit,
*msgidp, &ber )) != LDAP_SUCCESS ) {
return( rc );
}
/* send the message */
rc = nsldapi_send_initial_request( ld, *msgidp, LDAP_REQ_SEARCH,
(char *) base, ber );
/*
* XXXmcs: should use cache function pointers to hook in memcache
*/
if ( (rc_key == LDAP_SUCCESS) && (rc >= 0) ) {
ldap_memcache_new( ld, rc, key, base );
}
*msgidp = rc;
return( rc < 0 ? LDAP_GET_LDERRNO( ld, NULL, NULL ) : LDAP_SUCCESS );
}
