/*
* Return the first host and port in hostlist (setting *hostp and *portp).
* Return value is an LDAP API error code (LDAP_SUCCESS if all goes well).
* Note that a NULL or zero-length hostlist causes the host "127.0.0.1" to
* be returned.
*/
int LDAP_CALL
ldap_x_hostlist_first( const char *hostlist, int defport, char **hostp,
int *portp, struct ldap_x_hostlist_status **statusp )
{
if ( NULL == hostp || NULL == portp || NULL == statusp ) {
return( LDAP_PARAM_ERROR );
}
if ( NULL == hostlist || *hostlist == '\0' ) {
*hostp = nsldapi_strdup( "127.0.0.1" );
if ( NULL == *hostp ) {
return( LDAP_NO_MEMORY );
}
*portp = defport;
*statusp = NULL;
return( LDAP_SUCCESS );
}
*statusp = NSLDAPI_CALLOC( 1, sizeof( struct ldap_x_hostlist_status ));
if ( NULL == *statusp ) {
return( LDAP_NO_MEMORY );
}
(*statusp)->lhs_hostlist = nsldapi_strdup( hostlist );
if ( NULL == (*statusp)->lhs_hostlist ) {
return( LDAP_NO_MEMORY );
}
(*statusp)->lhs_nexthost = (*statusp)->lhs_hostlist;
(*statusp)->lhs_defport = defport;
return( ldap_x_hostlist_next( hostp, portp, *statusp ));
}
static int break_into_words(char *str, char *delims, char ***wordsp) {
char *word, **words;
int count;
char *lasts;
if ((words = (char **)NSLDAPI_CALLOC(1, sizeof(char *))) == NULL) {
return (-1);
}
count = 0;
words[count] = NULL;
word = ldap_utf8strtok_r(str, delims, &lasts);
while (word != NULL) {
if ((words = (char **)NSLDAPI_REALLOC(
words, (count + 2) * sizeof(char *))) == NULL) {
return (-1);
}
words[count] = word;
words[++count] = NULL;
word = ldap_utf8strtok_r(NULL, delims, &lasts);
}
*wordsp = words;
return (count);
}
/* returns 0 if connection opened and -1 if an error occurs */
int
nsldapi_open_ldap_defconn( LDAP *ld )
{
LDAPServer *srv;
if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer ))) ==
NULL || ( ld->ld_defhost != NULL && ( srv->lsrv_host =
nsldapi_strdup( ld->ld_defhost )) == NULL )) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
srv->lsrv_port = ld->ld_defport;
#ifdef LDAP_SSLIO_HOOKS
if (( ld->ld_options & LDAP_BITOPT_SSL ) != 0 ) {
srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
}
#endif
if (( ld->ld_defconn = nsldapi_new_connection( ld, &srv, 1, 1, 0 ))
== NULL ) {
if ( ld->ld_defhost != NULL ) {
NSLDAPI_FREE( srv->lsrv_host );
}
NSLDAPI_FREE( (char *)srv );
return( -1 );
}
++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
return( 0 );
}
/*
* returns an LDAP error code
*
* XXXmcs: this function used to have #ifdef LDAP_DNS code in it but I
* removed it when I improved the parsing (we don't define LDAP_DNS
* here at Netscape).
*/
static int
chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq,
char *refurl, char *desc, int *unknownp )
{
int rc, tmprc, secure, msgid;
LDAPServer *srv;
BerElement *ber;
LDAPURLDesc *ludp;
*unknownp = 0;
ludp = NULLLDAPURLDESC;
if ( nsldapi_url_parse( refurl, &ludp, 0 ) != 0 ) {
LDAPDebug( LDAP_DEBUG_TRACE,
"ignoring unknown %s <%s>\n", desc, refurl, 0 );
*unknownp = 1;
rc = LDAP_SUCCESS;
goto cleanup_and_return;
}
secure = (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 );
/* XXXmcs: can't tell if secure is supported by connect callback */
if ( secure && ld->ld_extconnect_fn == NULL ) {
LDAPDebug( LDAP_DEBUG_TRACE,
"ignoring LDAPS %s <%s>\n", desc, refurl, 0 );
*unknownp = 1;
rc = LDAP_SUCCESS;
goto cleanup_and_return;
}
LDAPDebug( LDAP_DEBUG_TRACE, "chasing LDAP%s %s: <%s>\n",
secure ? "S" : "", desc, refurl );
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
msgid = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
if (( tmprc = re_encode_request( ld, origreq->lr_ber, msgid,
ludp, &ber )) != LDAP_SUCCESS ) {
rc = tmprc;
goto cleanup_and_return;
}
if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
== NULL ) {
ber_free( ber, 1 );
rc = LDAP_NO_MEMORY;
goto cleanup_and_return;
}
if (ludp->lud_host == NULL && ld->ld_defhost == NULL) {
srv->lsrv_host = NULL;
} else {
if (ludp->lud_host == NULL) {
srv->lsrv_host =
nsldapi_strdup( origreq->lr_conn->lconn_server->lsrv_host );
LDAPDebug(LDAP_DEBUG_TRACE,
"chase_one_referral: using hostname '%s' from original "
"request on new request\n",
srv->lsrv_host, 0, 0);
} else {
srv->lsrv_host = nsldapi_strdup(ludp->lud_host);
LDAPDebug(LDAP_DEBUG_TRACE,
"chase_one_referral: using hostname '%s' as specified "
"on new request\n",
srv->lsrv_host, 0, 0);
}
if (srv->lsrv_host == NULL) {
NSLDAPI_FREE((char *)srv);
ber_free(ber, 1);
rc = LDAP_NO_MEMORY;
goto cleanup_and_return;
}
}
/*
* According to our reading of RFCs 2255 and 1738, the
* following algorithm applies:
* - no hostport (no host, no port) provided in LDAP URL, use those
* of previous request
* - no port but a host, use default LDAP port
* - else use given hostport
*/
if (ludp->lud_port == 0 && ludp->lud_host == NULL) {
srv->lsrv_port = origreq->lr_conn->lconn_server->lsrv_port;
LDAPDebug(LDAP_DEBUG_TRACE,
"chase_one_referral: using port (%d) from original "
"request on new request\n",
srv->lsrv_port, 0, 0);
} else if (ludp->lud_port == 0 && ludp->lud_host != NULL) {
srv->lsrv_port = (secure) ? LDAPS_PORT : LDAP_PORT;
LDAPDebug(LDAP_DEBUG_TRACE,
"chase_one_referral: using default port (%d) \n",
srv->lsrv_port, 0, 0);
} else {
srv->lsrv_port = ludp->lud_port;
LDAPDebug(LDAP_DEBUG_TRACE,
"chase_one_referral: using port (%d) as specified on "
"new request\n",
srv->lsrv_port, 0, 0);
}
if ( secure ) {
srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
}
if ( nsldapi_send_server_request( ld, ber, msgid,
lr, srv, NULL, NULL, 1 ) < 0 ) {
rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
LDAPDebug( LDAP_DEBUG_ANY, "Unable to chase %s %s (%s)\n",
desc, refurl, ldap_err2string( rc ));
} else {
rc = LDAP_SUCCESS;
}
cleanup_and_return:
if ( ludp != NULLLDAPURLDESC ) {
ldap_free_urldesc( ludp );
}
return( rc );
}
LDAPConn *
nsldapi_new_connection( LDAP *ld, LDAPServer **srvlistp, int use_ldsb,
int connect, int bind )
{
int rc;
LDAPConn *lc;
LDAPServer *prevsrv, *srv;
Sockbuf *sb = NULL;
/*
* make a new LDAP server connection
*/
if (( lc = (LDAPConn *)NSLDAPI_CALLOC( 1, sizeof( LDAPConn ))) == NULL
|| ( !use_ldsb && ( sb = ber_sockbuf_alloc()) == NULL )) {
if ( lc != NULL ) {
NSLDAPI_FREE( (char *)lc );
}
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( NULL );
}
LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
if ( !use_ldsb ) {
/*
* we have allocated a new sockbuf
* set I/O routines to match those in default LDAP sockbuf
*/
IFP sb_fn;
struct lber_x_ext_io_fns extiofns;
extiofns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE;
if ( ber_sockbuf_get_option( ld->ld_sbp,
LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns ) == 0 ) {
ber_sockbuf_set_option( sb,
LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns );
}
if ( ber_sockbuf_get_option( ld->ld_sbp,
LBER_SOCKBUF_OPT_READ_FN, (void *)&sb_fn ) == 0
&& sb_fn != NULL ) {
ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_READ_FN,
(void *)sb_fn );
}
if ( ber_sockbuf_get_option( ld->ld_sbp,
LBER_SOCKBUF_OPT_WRITE_FN, (void *)&sb_fn ) == 0
&& sb_fn != NULL ) {
ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_WRITE_FN,
(void *)sb_fn );
}
}
lc->lconn_sb = ( use_ldsb ) ? ld->ld_sbp : sb;
lc->lconn_version = ld->ld_version; /* inherited */
LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
if ( connect ) {
prevsrv = NULL;
/*
* save the return code for later
*/
for ( srv = *srvlistp; srv != NULL; srv = srv->lsrv_next ) {
rc = nsldapi_connect_to_host( ld, lc->lconn_sb,
srv->lsrv_host, srv->lsrv_port,
( srv->lsrv_options & LDAP_SRV_OPT_SECURE ) != 0,
&lc->lconn_krbinstance );
if (rc != -1) {
break;
}
prevsrv = srv;
}
if ( srv == NULL ) {
if ( !use_ldsb ) {
NSLDAPI_FREE( (char *)lc->lconn_sb );
}
NSLDAPI_FREE( (char *)lc );
/* nsldapi_open_ldap_connection has already set ld_errno */
return( NULL );
}
if ( prevsrv == NULL ) {
*srvlistp = srv->lsrv_next;
} else {
prevsrv->lsrv_next = srv->lsrv_next;
}
lc->lconn_server = srv;
}
if (ld->ld_options & LDAP_BITOPT_ASYNC && rc == -2)
{
lc->lconn_status = LDAP_CONNST_CONNECTING;
}
else {
lc->lconn_status = LDAP_CONNST_CONNECTED;
}
lc->lconn_next = ld->ld_conns;
ld->ld_conns = lc;
/*
* XXX for now, we always do a synchronous bind. This will have
* to change in the long run...
*/
if ( bind ) {
int err, lderr, freepasswd, authmethod;
char *binddn, *passwd;
LDAPConn *savedefconn;
freepasswd = err = 0;
if ( ld->ld_rebind_fn == NULL ) {
binddn = passwd = "";
authmethod = LDAP_AUTH_SIMPLE;
} else {
if (( lderr = (*ld->ld_rebind_fn)( ld, &binddn, &passwd,
&authmethod, 0, ld->ld_rebind_arg ))
== LDAP_SUCCESS ) {
freepasswd = 1;
} else {
LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
err = -1;
}
}
if ( err == 0 ) {
savedefconn = ld->ld_defconn;
ld->ld_defconn = lc;
++lc->lconn_refcnt; /* avoid premature free */
/*
* when binding, we will back down as low as LDAPv2
* if we get back "protocol error" from bind attempts
*/
for ( ;; ) {
/* LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); */
if (( lderr = ldap_bind_s( ld, binddn, passwd,
authmethod )) == LDAP_SUCCESS ) {
/* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
break;
}
/* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
if ( lc->lconn_version <= LDAP_VERSION2
|| lderr != LDAP_PROTOCOL_ERROR ) {
err = -1;
break;
}
--lc->lconn_version; /* try lower version */
}
--lc->lconn_refcnt;
ld->ld_defconn = savedefconn;
}
if ( freepasswd ) {
(*ld->ld_rebind_fn)( ld, &binddn, &passwd,
&authmethod, 1, ld->ld_rebind_arg );
}
if ( err != 0 ) {
nsldapi_free_connection( ld, lc, NULL, NULL, 1, 0 );
lc = NULL;
}
}
return( lc );
}
/* returns the message id of the request or -1 if an error occurs */
int
nsldapi_send_server_request(
LDAP *ld, /* session handle */
BerElement *ber, /* message to send */
int msgid, /* ID of message to send */
LDAPRequest *parentreq, /* non-NULL for referred requests */
LDAPServer *srvlist, /* servers to connect to (NULL for default) */
LDAPConn *lc, /* connection to use (NULL for default) */
char *bindreqdn, /* non-NULL for bind requests */
int bind /* perform a bind after opening new conn.? */
)
{
LDAPRequest *lr;
int err;
int incparent; /* did we bump parent's ref count? */
LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_server_request\n", 0, 0, 0 );
incparent = 0;
LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
if ( lc == NULL ) {
if ( srvlist == NULL ) {
if ( ld->ld_defconn == NULL ) {
LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
if ( bindreqdn == NULL && ( ld->ld_options
& LDAP_BITOPT_RECONNECT ) != 0 ) {
LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN,
NULL, NULL );
ber_free( ber, 1 );
LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
return( -1 );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
if ( nsldapi_open_ldap_defconn( ld ) < 0 ) {
ber_free( ber, 1 );
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
return( -1 );
}
}
lc = ld->ld_defconn;
} else {
if (( lc = find_connection( ld, srvlist, 1 )) ==
NULL ) {
if ( bind && (parentreq != NULL) ) {
/* Remember the bind in the parent */
incparent = 1;
++parentreq->lr_outrefcnt;
}
lc = nsldapi_new_connection( ld, &srvlist, 0,
1, bind );
}
free_servers( srvlist );
}
}
/*
* the logic here is:
* if
* 1. no connections exists,
* or
* 2. if the connection is either not in the connected
* or connecting state in an async io model
* or
* 3. the connection is notin a connected state with normal (non async io)
*/
if ( lc == NULL
|| ( (ld->ld_options & LDAP_BITOPT_ASYNC
&& lc->lconn_status != LDAP_CONNST_CONNECTING
&& lc->lconn_status != LDAP_CONNST_CONNECTED)
|| (!(ld->ld_options & LDAP_BITOPT_ASYNC )
&& lc->lconn_status != LDAP_CONNST_CONNECTED) ) ) {
ber_free( ber, 1 );
if ( lc != NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
}
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
return( -1 );
}
use_connection( ld, lc );
if (( lr = (LDAPRequest *)NSLDAPI_CALLOC( 1, sizeof( LDAPRequest ))) ==
NULL || ( bindreqdn != NULL && ( bindreqdn =
nsldapi_strdup( bindreqdn )) == NULL )) {
if ( lr != NULL ) {
NSLDAPI_FREE( lr );
}
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
return( -1 );
}
lr->lr_binddn = bindreqdn;
lr->lr_msgid = msgid;
lr->lr_status = LDAP_REQST_INPROGRESS;
lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */
lr->lr_ber = ber;
lr->lr_conn = lc;
if ( parentreq != NULL ) { /* sub-request */
if ( !incparent ) {
/* Increment if we didn't do it before the bind */
++parentreq->lr_outrefcnt;
}
lr->lr_origid = parentreq->lr_origid;
lr->lr_parentcnt = parentreq->lr_parentcnt + 1;
lr->lr_parent = parentreq;
if ( parentreq->lr_child != NULL ) {
lr->lr_sibling = parentreq->lr_child;
}
parentreq->lr_child = lr;
} else { /* original request */
lr->lr_origid = lr->lr_msgid;
}
LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK );
if (( lr->lr_next = ld->ld_requests ) != NULL ) {
lr->lr_next->lr_prev = lr;
}
ld->ld_requests = lr;
lr->lr_prev = NULL;
if (( err = nsldapi_ber_flush( ld, lc->lconn_sb, ber, 0, 1 )) != 0 ) {
/* need to continue write later */
if (ld->ld_options & LDAP_BITOPT_ASYNC && err == -2 ) {
lr->lr_status = LDAP_REQST_WRITING;
nsldapi_iostatus_interest_write( ld, lc->lconn_sb );
} else {
LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
nsldapi_free_request( ld, lr, 0 );
nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
return( -1 );
}
} else {
if ( parentreq == NULL ) {
ber->ber_end = ber->ber_ptr;
ber->ber_ptr = ber->ber_buf;
}
/* sent -- waiting for a response */
if (ld->ld_options & LDAP_BITOPT_ASYNC) {
lc->lconn_status = LDAP_CONNST_CONNECTED;
}
nsldapi_iostatus_interest_read( ld, lc->lconn_sb );
}
LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
LDAP_SET_LDERRNO( ld, LDAP_SUCCESS, NULL, NULL );
return( msgid );
}
static LDAPServer *
dn2servers( LDAP *ld, char *dn ) /* dn can also be a domain.... */
{
char *p, *domain, *host, *server_dn, **dxs;
int i, port;
LDAPServer *srvlist, *prevsrv, *srv;
if (( domain = strrchr( dn, '@' )) != NULL ) {
++domain;
} else {
domain = dn;
}
if (( dxs = nsldapi_getdxbyname( domain )) == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( NULL );
}
srvlist = NULL;
for ( i = 0; dxs[ i ] != NULL; ++i ) {
port = LDAP_PORT;
server_dn = NULL;
if ( strchr( dxs[ i ], ':' ) == NULL ) {
host = dxs[ i ];
} else if ( strlen( dxs[ i ] ) >= 7 &&
strncmp( dxs[ i ], "ldap://", 7 ) == 0 ) {
host = dxs[ i ] + 7;
if (( p = strchr( host, ':' )) == NULL ) {
p = host;
} else {
*p++ = '\0';
port = atoi( p );
}
if (( p = strchr( p, '/' )) != NULL ) {
server_dn = ++p;
if ( *server_dn == '\0' ) {
server_dn = NULL;
}
}
} else {
host = NULL;
}
if ( host != NULL ) { /* found a server we can use */
if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1,
sizeof( LDAPServer ))) == NULL ) {
free_servers( srvlist );
srvlist = NULL;
break; /* exit loop & return */
}
/* add to end of list of servers */
if ( srvlist == NULL ) {
srvlist = srv;
} else {
prevsrv->lsrv_next = srv;
}
prevsrv = srv;
/* copy in info. */
if (( srv->lsrv_host = nsldapi_strdup( host )) == NULL
|| ( server_dn != NULL && ( srv->lsrv_dn =
nsldapi_strdup( server_dn )) == NULL )) {
free_servers( srvlist );
srvlist = NULL;
break; /* exit loop & return */
}
srv->lsrv_port = port;
}
}
ldap_value_free( dxs );
if ( srvlist == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
}
return( srvlist );
}
LDAP_CALL
ldap_init( const char *defhost, int defport )
{
LDAP *ld;
if ( !nsldapi_initialized ) {
nsldapi_initialize_defaults();
}
if ( defport < 0 || defport > LDAP_PORT_MAX ) {
LDAPDebug( LDAP_DEBUG_ANY,
"ldap_init: port %d is invalid (port numbers must range from 1 to %d)\n",
defport, LDAP_PORT_MAX, 0 );
#if !defined( macintosh ) && !defined( DOS )
errno = EINVAL;
#endif
return( NULL );
}
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_init\n", 0, 0, 0 );
if ( (ld = (LDAP*)NSLDAPI_MALLOC( sizeof(struct ldap) )) == NULL ) {
return( NULL );
}
/* copy defaults */
SAFEMEMCPY( ld, &nsldapi_ld_defaults, sizeof( struct ldap ));
if ( nsldapi_ld_defaults.ld_io_fns_ptr != NULL ) {
if (( ld->ld_io_fns_ptr = (struct ldap_io_fns *)NSLDAPI_MALLOC(
sizeof( struct ldap_io_fns ))) == NULL ) {
NSLDAPI_FREE( (char *)ld );
return( NULL );
}
/* struct copy */
*(ld->ld_io_fns_ptr) = *(nsldapi_ld_defaults.ld_io_fns_ptr);
}
/* call the new handle I/O callback if one is defined */
if ( ld->ld_extnewhandle_fn != NULL ) {
/*
* We always pass the session extended I/O argument to
* the new handle callback.
*/
if ( ld->ld_extnewhandle_fn( ld, ld->ld_ext_session_arg )
!= LDAP_SUCCESS ) {
NSLDAPI_FREE( (char*)ld );
return( NULL );
}
}
/* allocate session-specific resources */
if (( ld->ld_sbp = ber_sockbuf_alloc()) == NULL ||
( defhost != NULL &&
( ld->ld_defhost = nsldapi_strdup( defhost )) == NULL ) ||
((ld->ld_mutex = (void **) NSLDAPI_CALLOC( LDAP_MAX_LOCK, sizeof(void *))) == NULL )) {
if ( ld->ld_sbp != NULL ) {
ber_sockbuf_free( ld->ld_sbp );
}
if( ld->ld_mutex != NULL ) {
NSLDAPI_FREE( ld->ld_mutex );
}
NSLDAPI_FREE( (char*)ld );
return( NULL );
}
/* install Sockbuf I/O functions if set in LDAP * */
if ( ld->ld_extread_fn != NULL || ld->ld_extwrite_fn != NULL ) {
struct lber_x_ext_io_fns lberiofns;
memset( &lberiofns, 0, sizeof( lberiofns ));
lberiofns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE;
lberiofns.lbextiofn_read = ld->ld_extread_fn;
lberiofns.lbextiofn_write = ld->ld_extwrite_fn;
lberiofns.lbextiofn_writev = ld->ld_extwritev_fn;
lberiofns.lbextiofn_socket_arg = NULL;
ber_sockbuf_set_option( ld->ld_sbp, LBER_SOCKBUF_OPT_EXT_IO_FNS,
(void *)&lberiofns );
}
#ifdef _SOLARIS_SDK
/* Install the functions for IPv6 support */
/* code sequencing is critical from here to nsldapi_mutex_alloc_all */
if ( prldap_install_thread_functions( ld, 1 ) != 0 ||
prldap_install_io_functions( ld, 1 ) != 0 ||
prldap_install_dns_functions( ld ) != 0 ) {
/* go through ld and free resources */
ldap_unbind( ld );
ld = NULL;
return( NULL );
}
#else
/* allocate mutexes */
nsldapi_mutex_alloc_all( ld );
#endif
/* set default port */
ld->ld_defport = ( defport == 0 ) ? LDAP_PORT : defport;
return( ld );
}
static int
nsldapi_get_sasl_mechs ( LDAP *ld, char **pmech )
{
char *attr[] = { "supportedSASLMechanisms", NULL };
char **values, **v, *mech, *m;
LDAPMessage *res, *e;
struct timeval timeout;
int slen, rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
timeout.tv_sec = SEARCH_TIMEOUT_SECS;
timeout.tv_usec = 0;
rc = ldap_search_st( ld, "", LDAP_SCOPE_BASE,
"objectclass=*", attr, 0, &timeout, &res );
if ( rc != LDAP_SUCCESS ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
e = ldap_first_entry( ld, res );
if ( e == NULL ) {
ldap_msgfree( res );
if ( ld->ld_errno == LDAP_SUCCESS ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_SUCH_OBJECT, NULL, NULL );
}
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
values = ldap_get_values( ld, e, "supportedSASLMechanisms" );
if ( values == NULL ) {
ldap_msgfree( res );
LDAP_SET_LDERRNO( ld, LDAP_NO_SUCH_ATTRIBUTE, NULL, NULL );
return( LDAP_NO_SUCH_ATTRIBUTE );
}
slen = 0;
for(v = values; *v != NULL; v++ ) {
slen += strlen(*v) + 1;
}
if ( (mech = NSLDAPI_CALLOC(1, slen)) == NULL) {
ldap_value_free( values );
ldap_msgfree( res );
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
m = mech;
for(v = values; *v; v++) {
if (v != values) {
*m++ = ' ';
}
slen = strlen(*v);
strncpy(m, *v, slen);
m += slen;
}
*m = '\0';
ldap_value_free( values );
ldap_msgfree( res );
*pmech = mech;
return( LDAP_SUCCESS );
}
LDAPFiltDesc *LDAP_CALL ldap_init_getfilter_buf(char *buf, long buflen) {
LDAPFiltDesc *lfdp;
LDAPFiltList *flp, *nextflp;
LDAPFiltInfo *fip, *nextfip;
char *errmsg, *tag, **tok;
int tokcnt, i;
if ((buf == NULL) || (buflen < 0) ||
(lfdp = (LDAPFiltDesc *)NSLDAPI_CALLOC(1, sizeof(LDAPFiltDesc))) ==
NULL) {
return (NULL);
}
flp = nextflp = NULL;
fip = NULL;
tag = NULL;
while (buflen > 0 &&
(tokcnt = nsldapi_next_line_tokens(&buf, &buflen, &tok)) > 0) {
switch (tokcnt) {
case 1: /* tag line */
if (tag != NULL) {
NSLDAPI_FREE(tag);
}
tag = tok[0];
NSLDAPI_FREE(tok);
break;
case 4:
case 5: /* start of filter info. list */
if ((nextflp = (LDAPFiltList *)NSLDAPI_CALLOC(
1, sizeof(LDAPFiltList))) == NULL) {
ldap_getfilter_free(lfdp);
return (NULL);
}
nextflp->lfl_tag = nsldapi_strdup(tag);
nextflp->lfl_pattern = tok[0];
if ((errmsg = re_comp(nextflp->lfl_pattern)) != NULL) {
char msg[512];
ldap_getfilter_free(lfdp);
snprintf(msg, sizeof(msg), "bad regular expression \"%s\" - %s\n",
nextflp->lfl_pattern, errmsg);
ber_err_print(msg);
nsldapi_free_strarray(tok);
return (NULL);
}
nextflp->lfl_delims = tok[1];
nextflp->lfl_ilist = NULL;
nextflp->lfl_next = NULL;
if (flp == NULL) { /* first one */
lfdp->lfd_filtlist = nextflp;
} else {
flp->lfl_next = nextflp;
}
flp = nextflp;
fip = NULL;
for (i = 2; i < 5; ++i) {
tok[i - 2] = tok[i];
}
/* fall through */
case 2:
case 3: /* filter, desc, and optional search scope */
if (nextflp != NULL) { /* add to info list */
if ((nextfip = (LDAPFiltInfo *)NSLDAPI_CALLOC(
1, sizeof(LDAPFiltInfo))) == NULL) {
ldap_getfilter_free(lfdp);
nsldapi_free_strarray(tok);
return (NULL);
}
if (fip == NULL) { /* first one */
nextflp->lfl_ilist = nextfip;
} else {
fip->lfi_next = nextfip;
}
fip = nextfip;
nextfip->lfi_next = NULL;
nextfip->lfi_filter = tok[0];
nextfip->lfi_desc = tok[1];
if (tok[2] != NULL) {
if (strcasecmp(tok[2], "subtree") == 0) {
nextfip->lfi_scope = LDAP_SCOPE_SUBTREE;
} else if (strcasecmp(tok[2], "onelevel") == 0) {
nextfip->lfi_scope = LDAP_SCOPE_ONELEVEL;
} else if (strcasecmp(tok[2], "base") == 0) {
nextfip->lfi_scope = LDAP_SCOPE_BASE;
} else {
nsldapi_free_strarray(tok);
ldap_getfilter_free(lfdp);
return (NULL);
}
NSLDAPI_FREE(tok[2]);
tok[2] = NULL;
} else {
nextfip->lfi_scope = LDAP_SCOPE_SUBTREE; /* default */
}
nextfip->lfi_isexact =
(strchr(tok[0], '*') == NULL && strchr(tok[0], '~') == NULL);
NSLDAPI_FREE(tok);
}
break;
default:
nsldapi_free_strarray(tok);
ldap_getfilter_free(lfdp);
return (NULL);
}
}
if (tag != NULL) {
NSLDAPI_FREE(tag);
}
return (lfdp);
}
int
LDAP_CALL
ldap_url_search( LDAP *ld, const char *url, int attrsonly )
{
int err, msgid;
LDAPURLDesc *ludp;
BerElement *ber;
LDAPServer *srv;
char *host;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( -1 ); /* punt */
}
if ( ldap_url_parse( url, &ludp ) != 0 ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( -1 );
}
LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
msgid = ++ld->ld_msgid;
LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
if ( nsldapi_build_search_req( ld, ludp->lud_dn, ludp->lud_scope,
ludp->lud_filter, ludp->lud_attrs, attrsonly, NULL, NULL,
-1, -1, msgid, &ber ) != LDAP_SUCCESS ) {
return( -1 );
}
err = 0;
if ( ludp->lud_host == NULL ) {
host = ld->ld_defhost;
} else {
host = ludp->lud_host;
}
if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
== NULL || ( host != NULL &&
( srv->lsrv_host = nsldapi_strdup( host )) == NULL )) {
if ( srv != NULL ) {
NSLDAPI_FREE( srv );
}
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
err = -1;
} else {
if ( ludp->lud_port == 0 ) {
if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) == 0 ) {
srv->lsrv_port = LDAP_PORT;
} else {
srv->lsrv_port = LDAPS_PORT;
}
} else {
srv->lsrv_port = ludp->lud_port;
}
}
if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ) {
srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
}
if ( err != 0 ) {
ber_free( ber, 1 );
} else {
err = nsldapi_send_server_request( ld, ber, msgid, NULL, srv,
NULL, NULL, 1 );
}
ldap_free_urldesc( ludp );
return( err );
}
/*
* like ldap_url_parse() with a few exceptions:
* 1) if dn_required is zero, a missing DN does not generate an error
* (we just leave the lud_dn field NULL)
* 2) no defaults are set for lud_scope and lud_filter (they are set to -1
* and NULL respectively if no SCOPE or FILTER are present in the URL).
* 3) when there is a zero-length DN in a URL we do not set lud_dn to NULL.
*
* note that LDAPv3 URL extensions are ignored unless they are marked
* critical, in which case an LDAP_URL_UNRECOGNIZED_CRITICAL_EXTENSION error
* is returned.
*/
int
nsldapi_url_parse( const char *url, LDAPURLDesc **ludpp, int dn_required )
{
LDAPURLDesc *ludp;
char *urlcopy, *attrs, *scope, *extensions = NULL, *p, *q;
int enclosed, secure, i, nattrs, at_start;
LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_url_parse(%s)\n", url, 0, 0 );
if ( url == NULL || ludpp == NULL ) {
return( LDAP_URL_ERR_PARAM );
}
*ludpp = NULL; /* pessimistic */
if ( !skip_url_prefix( &url, &enclosed, &secure )) {
return( LDAP_URL_ERR_NOTLDAP );
}
/* allocate return struct */
if (( ludp = (LDAPURLDesc *)NSLDAPI_CALLOC( 1, sizeof( LDAPURLDesc )))
== NULLLDAPURLDESC ) {
return( LDAP_URL_ERR_MEM );
}
if ( secure ) {
ludp->lud_options |= LDAP_URL_OPT_SECURE;
}
/* make working copy of the remainder of the URL */
if (( urlcopy = nsldapi_strdup( url )) == NULL ) {
ldap_free_urldesc( ludp );
return( LDAP_URL_ERR_MEM );
}
if ( enclosed && *((p = urlcopy + strlen( urlcopy ) - 1)) == '>' ) {
*p = '\0';
}
/* initialize scope and filter */
ludp->lud_scope = -1;
ludp->lud_filter = NULL;
/* lud_string is the only malloc'd string space we use */
ludp->lud_string = urlcopy;
/* scan forward for '/' that marks end of hostport and begin. of dn */
if (( ludp->lud_dn = strchr( urlcopy, '/' )) == NULL ) {
if ( dn_required ) {
ldap_free_urldesc( ludp );
return( LDAP_URL_ERR_NODN );
}
} else {
/* terminate hostport; point to start of dn */
*ludp->lud_dn++ = '\0';
}
if ( *urlcopy == '\0' ) {
ludp->lud_host = NULL;
} else {
ludp->lud_host = urlcopy;
nsldapi_hex_unescape( ludp->lud_host );
/*
* Locate and strip off optional port number (:#) in host
* portion of URL.
*
* If more than one space-separated host is listed, we only
* look for a port number within the right-most one since
* ldap_init() will handle host parameters that look like
* host:port anyway.
*/
if (( p = strrchr( ludp->lud_host, ' ' )) == NULL ) {
p = ludp->lud_host;
} else {
++p;
}
if ( *p == '[' && ( q = strchr( p, ']' )) != NULL ) {
/* square brackets present -- skip past them */
p = q++;
}
if (( p = strchr( p, ':' )) != NULL ) {
*p++ = '\0';
ludp->lud_port = atoi( p );
if ( *ludp->lud_host == '\0' ) {
ludp->lud_host = NULL; /* no hostname */
}
}
}
/* scan for '?' that marks end of dn and beginning of attributes */
attrs = NULL;
if ( ludp->lud_dn != NULL &&
( attrs = strchr( ludp->lud_dn, '?' )) != NULL ) {
/* terminate dn; point to start of attrs. */
*attrs++ = '\0';
/* scan for '?' that marks end of attrs and begin. of scope */
if (( p = strchr( attrs, '?' )) != NULL ) {
/*
* terminate attrs; point to start of scope and scan for
* '?' that marks end of scope and begin. of filter
*/
*p++ = '\0';
scope = p;
if (( p = strchr( scope, '?' )) != NULL ) {
/* terminate scope; point to start of filter */
*p++ = '\0';
if ( *p != '\0' ) {
ludp->lud_filter = p;
/*
* scan for the '?' that marks the end
* of the filter and the start of any
* extensions
*/
if (( p = strchr( ludp->lud_filter, '?' ))
!= NULL ) {
*p++ = '\0'; /* term. filter */
extensions = p;
}
if ( *ludp->lud_filter == '\0' ) {
ludp->lud_filter = NULL;
} else {
nsldapi_hex_unescape( ludp->lud_filter );
}
}
}
if ( strcasecmp( scope, "one" ) == 0 ) {
ludp->lud_scope = LDAP_SCOPE_ONELEVEL;
} else if ( strcasecmp( scope, "base" ) == 0 ) {
ludp->lud_scope = LDAP_SCOPE_BASE;
} else if ( strcasecmp( scope, "sub" ) == 0 ) {
ludp->lud_scope = LDAP_SCOPE_SUBTREE;
} else if ( *scope != '\0' ) {
ldap_free_urldesc( ludp );
return( LDAP_URL_ERR_BADSCOPE );
}
}
}
if ( ludp->lud_dn != NULL ) {
nsldapi_hex_unescape( ludp->lud_dn );
}
/*
* if attrs list was included, turn it into a null-terminated array
*/
if ( attrs != NULL && *attrs != '\0' ) {
nsldapi_hex_unescape( attrs );
for ( nattrs = 1, p = attrs; *p != '\0'; ++p ) {
if ( *p == ',' ) {
++nattrs;
}
}
if (( ludp->lud_attrs = (char **)NSLDAPI_CALLOC( nattrs + 1,
sizeof( char * ))) == NULL ) {
ldap_free_urldesc( ludp );
return( LDAP_URL_ERR_MEM );
}
for ( i = 0, p = attrs; i < nattrs; ++i ) {
ludp->lud_attrs[ i ] = p;
if (( p = strchr( p, ',' )) != NULL ) {
*p++ ='\0';
}
nsldapi_hex_unescape( ludp->lud_attrs[ i ] );
}
}
/* if extensions list was included, check for critical ones */
if ( extensions != NULL && *extensions != '\0' ) {
/* Note: at present, we do not recognize ANY extensions */
at_start = 1;
for ( p = extensions; *p != '\0'; ++p ) {
if ( at_start ) {
if ( *p == '!' ) { /* critical extension */
ldap_free_urldesc( ludp );
return( LDAP_URL_UNRECOGNIZED_CRITICAL_EXTENSION );
}
at_start = 0;
} else if ( *p == ',' ) {
at_start = 1;
}
}
}
*ludpp = ludp;
return( 0 );
}
/*
* Pull controls out of "ber" (if any present) and return them in "controlsp."
* Returns an LDAP error code.
*/
int
nsldapi_get_controls( BerElement *ber, LDAPControl ***controlsp )
{
LDAPControl *newctrl;
ber_tag_t tag;
ber_len_t len;
int rc, maxcontrols, curcontrols;
char *last;
/*
* Each LDAPMessage can have a set of controls appended
* to it. Controls are used to extend the functionality
* of an LDAP operation (e.g., add an attribute size limit
* to the search operation). These controls look like this:
*
* Controls ::= SEQUENCE OF Control
*
* Control ::= SEQUENCE {
* controlType LDAPOID,
* criticality BOOLEAN DEFAULT FALSE,
* controlValue OCTET STRING
* }
*/
LDAPDebug( LDAP_DEBUG_TRACE, "=> nsldapi_get_controls\n", 0, 0, 0 );
*controlsp = NULL;
/*
* check to see if controls were included
*/
if ( ber_get_option( ber, LBER_OPT_REMAINING_BYTES, &len ) != 0 ) {
return( LDAP_DECODING_ERROR ); /* unexpected error */
}
if ( len == 0 ) {
LDAPDebug( LDAP_DEBUG_TRACE,
"<= nsldapi_get_controls no controls\n", 0, 0, 0 );
return( LDAP_SUCCESS ); /* no controls */
}
if (( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
if ( tag == LBER_ERROR ) {
LDAPDebug( LDAP_DEBUG_TRACE,
"<= nsldapi_get_controls LDAP_PROTOCOL_ERROR\n",
0, 0, 0 );
return( LDAP_DECODING_ERROR ); /* decoding error */
}
/*
* We found something other than controls. This should never
* happen in LDAPv3, but we don't treat this is a hard error --
* we just ignore the extra stuff.
*/
LDAPDebug( LDAP_DEBUG_TRACE,
"<= nsldapi_get_controls ignoring unrecognized data in message (tag 0x%x)\n",
tag, 0, 0 );
return( LDAP_SUCCESS );
}
maxcontrols = curcontrols = 0;
for ( tag = ber_first_element( ber, &len, &last );
tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
tag = ber_next_element( ber, &len, last ) ) {
if ( curcontrols >= maxcontrols - 1 ) {
#define CONTROL_GRABSIZE 5
maxcontrols += CONTROL_GRABSIZE;
*controlsp = (struct ldapcontrol **)NSLDAPI_REALLOC(
(char *)*controlsp, maxcontrols *
sizeof(struct ldapcontrol *) );
if ( *controlsp == NULL ) {
rc = LDAP_NO_MEMORY;
goto free_and_return;
}
}
if (( newctrl = (struct ldapcontrol *)NSLDAPI_CALLOC( 1,
sizeof(LDAPControl))) == NULL ) {
rc = LDAP_NO_MEMORY;
goto free_and_return;
}
(*controlsp)[curcontrols++] = newctrl;
(*controlsp)[curcontrols] = NULL;
if ( ber_scanf( ber, "{a", &newctrl->ldctl_oid )
== LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
goto free_and_return;
}
/* the criticality is optional */
if ( ber_peek_tag( ber, &len ) == LBER_BOOLEAN ) {
int aint;
if ( ber_scanf( ber, "b", &aint ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
goto free_and_return;
}
newctrl->ldctl_iscritical = (char)aint; /* XXX lossy cast */
} else {
/* absent is synonomous with FALSE */
newctrl->ldctl_iscritical = 0;
}
/* the control value is optional */
if ( ber_peek_tag( ber, &len ) == LBER_OCTETSTRING ) {
if ( ber_scanf( ber, "o", &newctrl->ldctl_value )
== LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
goto free_and_return;
}
} else {
(newctrl->ldctl_value).bv_val = NULL;
(newctrl->ldctl_value).bv_len = 0;
}
}
if ( tag == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
goto free_and_return;
}
LDAPDebug( LDAP_DEBUG_TRACE,
"<= nsldapi_get_controls found %d controls\n", curcontrols, 0, 0 );
return( LDAP_SUCCESS );
free_and_return:;
ldap_controls_free( *controlsp );
*controlsp = NULL;
LDAPDebug( LDAP_DEBUG_TRACE,
"<= nsldapi_get_controls error 0x%x\n", rc, 0, 0 );
return( rc );
}
static int
read_next_tmpl( char **bufp, long *blenp, struct ldap_disptmpl **tmplp,
int dtversion )
{
int i, j, tokcnt, samerow, adsource;
char **toks, *itemopts;
struct ldap_disptmpl *tmpl = NULL;
struct ldap_oclist *ocp = NULL, *prevocp = NULL;
struct ldap_adddeflist *adp = NULL, *prevadp = NULL;
struct ldap_tmplitem *rowp = NULL, *ip = NULL, *previp = NULL;
/*
* template name comes first
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
return( tokcnt == 0 ? 0 : LDAP_TMPL_ERR_SYNTAX );
}
if (( tmpl = (struct ldap_disptmpl *)NSLDAPI_CALLOC( 1,
sizeof( struct ldap_disptmpl ))) == NULL ) {
ldap_free_strarray( toks );
return( LDAP_TMPL_ERR_MEM );
}
tmpl->dt_name = toks[ 0 ];
NSLDAPI_FREE( (char *)toks );
/*
* template plural name comes next
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
tmpl->dt_pluralname = toks[ 0 ];
NSLDAPI_FREE( (char *)toks );
/*
* template icon name is next
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
tmpl->dt_iconname = toks[ 0 ];
NSLDAPI_FREE( (char *)toks );
/*
* template options come next
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) < 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
for ( i = 0; toks[ i ] != NULL; ++i ) {
for ( j = 0; tmploptions[ j ] != NULL; ++j ) {
if ( strcasecmp( toks[ i ], tmploptions[ j ] ) == 0 ) {
tmpl->dt_options |= tmploptvals[ j ];
}
}
}
ldap_free_strarray( toks );
/*
* object class list is next
*/
while (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) > 0 ) {
if (( ocp = (struct ldap_oclist *)NSLDAPI_CALLOC( 1,
sizeof( struct ldap_oclist ))) == NULL ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_MEM );
}
ocp->oc_objclasses = toks;
if ( tmpl->dt_oclist == NULL ) {
tmpl->dt_oclist = ocp;
} else {
prevocp->oc_next = ocp;
}
prevocp = ocp;
}
if ( tokcnt < 0 ) {
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
/*
* read name of attribute to authenticate as
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
if ( toks[ 0 ][ 0 ] != '\0' ) {
tmpl->dt_authattrname = toks[ 0 ];
} else {
NSLDAPI_FREE( toks[ 0 ] );
}
NSLDAPI_FREE( (char *)toks );
/*
* read default attribute to use for RDN
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
tmpl->dt_defrdnattrname = toks[ 0 ];
NSLDAPI_FREE( (char *)toks );
/*
* read default location for new entries
*/
if (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) != 1 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
if ( toks[ 0 ][ 0 ] != '\0' ) {
tmpl->dt_defaddlocation = toks[ 0 ];
} else {
NSLDAPI_FREE( toks[ 0 ] );
}
NSLDAPI_FREE( (char *)toks );
/*
* read list of rules used to define default values for new entries
*/
while (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) > 0 ) {
if ( strcasecmp( ADDEF_CONSTANT, toks[ 0 ] ) == 0 ) {
adsource = LDAP_ADSRC_CONSTANTVALUE;
} else if ( strcasecmp( ADDEF_ADDERSDN, toks[ 0 ] ) == 0 ) {
adsource = LDAP_ADSRC_ADDERSDN;
} else {
adsource = 0;
}
if ( adsource == 0 || tokcnt < 2 ||
( adsource == LDAP_ADSRC_CONSTANTVALUE && tokcnt != 3 ) ||
( adsource == LDAP_ADSRC_ADDERSDN && tokcnt != 2 )) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
if (( adp = (struct ldap_adddeflist *)NSLDAPI_CALLOC( 1,
sizeof( struct ldap_adddeflist ))) == NULL ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_MEM );
}
adp->ad_source = adsource;
adp->ad_attrname = toks[ 1 ];
if ( adsource == LDAP_ADSRC_CONSTANTVALUE ) {
adp->ad_value = toks[ 2 ];
}
NSLDAPI_FREE( toks[ 0 ] );
NSLDAPI_FREE( (char *)toks );
if ( tmpl->dt_adddeflist == NULL ) {
tmpl->dt_adddeflist = adp;
} else {
prevadp->ad_next = adp;
}
prevadp = adp;
}
/*
* item list is next
*/
samerow = 0;
while (( tokcnt = ldap_next_line_tokens( bufp, blenp, &toks )) > 0 ) {
if ( strcasecmp( toks[ 0 ], "item" ) == 0 ) {
if ( tokcnt < 4 ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
if (( ip = (struct ldap_tmplitem *)NSLDAPI_CALLOC( 1,
sizeof( struct ldap_tmplitem ))) == NULL ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_MEM );
}
/*
* find syntaxid from config file string
*/
while (( itemopts = strrchr( toks[ 1 ], ',' )) != NULL ) {
*itemopts++ = '\0';
for ( i = 0; itemoptions[ i ] != NULL; ++i ) {
if ( strcasecmp( itemopts, itemoptions[ i ] ) == 0 ) {
break;
}
}
if ( itemoptions[ i ] == NULL ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
ip->ti_options |= itemoptvals[ i ];
}
for ( i = 0; itemtypes[ i ] != NULL; ++i ) {
if ( strcasecmp( toks[ 1 ], itemtypes[ i ] ) == 0 ) {
break;
}
}
if ( itemtypes[ i ] == NULL ) {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
NSLDAPI_FREE( toks[ 0 ] );
NSLDAPI_FREE( toks[ 1 ] );
ip->ti_syntaxid = itemsynids[ i ];
ip->ti_label = toks[ 2 ];
if ( toks[ 3 ][ 0 ] == '\0' ) {
ip->ti_attrname = NULL;
NSLDAPI_FREE( toks[ 3 ] );
} else {
ip->ti_attrname = toks[ 3 ];
}
if ( toks[ 4 ] != NULL ) { /* extra args. */
for ( i = 0; toks[ i + 4 ] != NULL; ++i ) {
;
}
if (( ip->ti_args = (char **)NSLDAPI_CALLOC( i + 1,
sizeof( char * ))) == NULL ) {
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_MEM );
}
for ( i = 0; toks[ i + 4 ] != NULL; ++i ) {
ip->ti_args[ i ] = toks[ i + 4 ];
}
}
NSLDAPI_FREE( (char *)toks );
if ( tmpl->dt_items == NULL ) {
tmpl->dt_items = rowp = ip;
} else if ( samerow ) {
previp->ti_next_in_row = ip;
} else {
rowp->ti_next_in_col = ip;
rowp = ip;
}
previp = ip;
samerow = 0;
} else if ( strcasecmp( toks[ 0 ], "samerow" ) == 0 ) {
ldap_free_strarray( toks );
samerow = 1;
} else {
ldap_free_strarray( toks );
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
}
if ( tokcnt < 0 ) {
free_disptmpl( tmpl );
return( LDAP_TMPL_ERR_SYNTAX );
}
*tmplp = tmpl;
return( 0 );
}
