/*
* Display a list of ber elements.
*
*/
void
ldap_debug_elements(struct ber_element *root, int context, const char *fmt, ...)
{
va_list ap;
static int indent = 0;
long long v;
int d;
char *buf, *visbuf;
size_t len;
u_int i;
int constructed;
struct ber_oid o;
if (verbose < 2 || !debug)
return;
if (fmt != NULL) {
va_start(ap, fmt);
vlog(LOG_DEBUG, fmt, ap);
va_end(ap);
}
/* calculate lengths */
ber_calc_len(root);
switch (root->be_encoding) {
case BER_TYPE_SEQUENCE:
case BER_TYPE_SET:
constructed = root->be_encoding;
break;
default:
constructed = 0;
break;
}
fprintf(stderr, "%*slen %lu ", indent, "", root->be_len);
switch (root->be_class) {
case BER_CLASS_UNIVERSAL:
fprintf(stderr, "class: universal(%u) type: ", root->be_class);
switch (root->be_type) {
case BER_TYPE_EOC:
fprintf(stderr, "end-of-content");
break;
case BER_TYPE_BOOLEAN:
fprintf(stderr, "boolean");
break;
case BER_TYPE_INTEGER:
fprintf(stderr, "integer");
break;
case BER_TYPE_BITSTRING:
fprintf(stderr, "bit-string");
break;
case BER_TYPE_OCTETSTRING:
fprintf(stderr, "octet-string");
break;
case BER_TYPE_NULL:
fprintf(stderr, "null");
break;
case BER_TYPE_OBJECT:
fprintf(stderr, "object");
break;
case BER_TYPE_ENUMERATED:
fprintf(stderr, "enumerated");
break;
case BER_TYPE_SEQUENCE:
fprintf(stderr, "sequence");
break;
case BER_TYPE_SET:
fprintf(stderr, "set");
break;
}
break;
case BER_CLASS_APPLICATION:
fprintf(stderr, "class: application(%u) type: ",
root->be_class);
switch (root->be_type) {
case LDAP_REQ_BIND:
case LDAP_RES_BIND:
fprintf(stderr, "bind");
break;
case LDAP_REQ_UNBIND_30:
fprintf(stderr, "unbind");
break;
case LDAP_REQ_SEARCH:
fprintf(stderr, "search");
break;
case LDAP_RES_SEARCH_ENTRY:
fprintf(stderr, "search entry");
break;
case LDAP_RES_SEARCH_RESULT:
fprintf(stderr, "search result");
break;
case LDAP_REQ_MODIFY:
case LDAP_RES_MODIFY:
fprintf(stderr, "modify");
break;
case LDAP_REQ_ADD:
case LDAP_RES_ADD:
fprintf(stderr, "add");
break;
case LDAP_REQ_DELETE_30:
case LDAP_RES_DELETE:
fprintf(stderr, "delete");
break;
case LDAP_REQ_MODRDN:
case LDAP_RES_MODRDN:
fprintf(stderr, "modrdn");
break;
case LDAP_REQ_COMPARE:
case LDAP_RES_COMPARE:
fprintf(stderr, "compare");
break;
case LDAP_REQ_ABANDON_30:
fprintf(stderr, "abandon");
break;
case LDAP_REQ_EXTENDED:
case LDAP_RES_EXTENDED:
fprintf(stderr, "extended");
break;
}
break;
case BER_CLASS_PRIVATE:
fprintf(stderr, "class: private(%u) type: ", root->be_class);
fprintf(stderr, "encoding (%lu) type: ", root->be_encoding);
break;
case BER_CLASS_CONTEXT:
fprintf(stderr, "class: context(%u) type: ", root->be_class);
switch (context) {
case LDAP_REQ_BIND:
switch(root->be_type) {
case LDAP_AUTH_SIMPLE:
fprintf(stderr, "auth simple");
break;
}
break;
case LDAP_REQ_SEARCH:
switch(root->be_type) {
case LDAP_FILT_AND:
fprintf(stderr, "and");
break;
case LDAP_FILT_OR:
fprintf(stderr, "or");
break;
case LDAP_FILT_NOT:
fprintf(stderr, "not");
break;
case LDAP_FILT_EQ:
fprintf(stderr, "equal");
break;
case LDAP_FILT_SUBS:
fprintf(stderr, "substring");
break;
case LDAP_FILT_GE:
fprintf(stderr, "greater-or-equal");
break;
case LDAP_FILT_LE:
fprintf(stderr, "less-or-equal");
break;
case LDAP_FILT_PRES:
fprintf(stderr, "presence");
break;
case LDAP_FILT_APPR:
fprintf(stderr, "approximate");
break;
}
break;
}
break;
default:
fprintf(stderr, "class: <INVALID>(%u) type: ", root->be_class);
break;
}
fprintf(stderr, "(%lu) encoding %lu ",
root->be_type, root->be_encoding);
if (constructed)
root->be_encoding = constructed;
switch (root->be_encoding) {
case BER_TYPE_BOOLEAN:
if (ber_get_boolean(root, &d) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
fprintf(stderr, "%s(%d)\n", d ? "true" : "false", d);
break;
case BER_TYPE_INTEGER:
if (ber_get_integer(root, &v) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
fprintf(stderr, "value %lld\n", v);
break;
case BER_TYPE_ENUMERATED:
if (ber_get_enumerated(root, &v) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
fprintf(stderr, "value %lld\n", v);
break;
case BER_TYPE_BITSTRING:
if (ber_get_bitstring(root, (void *)&buf, &len) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
fprintf(stderr, "hexdump ");
for (i = 0; i < len; i++)
fprintf(stderr, "%02x", buf[i]);
fprintf(stderr, "\n");
break;
case BER_TYPE_OBJECT:
if (ber_get_oid(root, &o) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
fprintf(stderr, "\n");
break;
case BER_TYPE_OCTETSTRING:
if (ber_get_nstring(root, (void *)&buf, &len) == -1) {
fprintf(stderr, "<INVALID>\n");
break;
}
if ((visbuf = malloc(len * 4 + 1)) != NULL) {
strvisx(visbuf, buf, len, 0);
fprintf(stderr, "string \"%s\"\n", visbuf);
free(visbuf);
}
break;
case BER_TYPE_NULL: /* no payload */
case BER_TYPE_EOC:
case BER_TYPE_SEQUENCE:
case BER_TYPE_SET:
default:
fprintf(stderr, "\n");
break;
}
if (constructed && root->be_sub) {
indent += 2;
ldap_debug_elements(root->be_sub, context, NULL);
indent -= 2;
}
if (root->be_next)
ldap_debug_elements(root->be_next, context, NULL);
}
int probe_main(probe_ctx *ctx, void *mutex)
{
LDAP *ldp;
LDAPMessage *ldpres, *entry;
SEXP_t *se_ldap_behaviors = NULL, *se_relative_dn = NULL;
SEXP_t *se_suffix = NULL, *se_attribute = NULL;
SEXP_t *sa_scope, *sv_op;
SEXP_t *item;
SEXP_t *probe_in;
char *relative_dn = NULL;
char *suffix = NULL, *xattribute = NULL;
char *uri_list, *uri, *uri_save, *attr;
int scope;
char base[2048];
char *attrs[3];
bool a_pattern_match = false, rdn_pattern_match = false;
/* runtime */
#if defined(PROBE_LDAP_MUTEX)
assume_r(mutex != NULL, PROBE_EINIT);
#endif
probe_in = probe_ctx_getobject(ctx);
se_ldap_behaviors = probe_obj_getent(probe_in, "behaviors", 1);
if (se_ldap_behaviors != NULL) {
sa_scope = probe_ent_getattrval(se_ldap_behaviors, "scope");
SEXP_free(se_ldap_behaviors);
if (sa_scope == NULL) {
dE("Atrribute `scope' is missing!");
return (PROBE_ENOATTR);
}
if (!SEXP_stringp(sa_scope)) {
dE("Invalid value type of the `scope' attribute.");
SEXP_free(sa_scope);
return (PROBE_EINVAL);
}
if (SEXP_strcmp(sa_scope, "ONE") == 0)
scope = LDAP_SCOPE_ONELEVEL;
else if (SEXP_strcmp(sa_scope, "BASE") == 0)
scope = LDAP_SCOPE_BASE;
else if (SEXP_strcmp(sa_scope, "SUBTREE") == 0)
scope = LDAP_SCOPE_SUBTREE;
else {
dE("Invalid value of the `scope' attribute.");
SEXP_free(sa_scope);
return (PROBE_EINVAL);
}
SEXP_free(sa_scope);
} else
scope = LDAP_SCOPE_BASE;
#define get_string(dst, se_dst, obj, ent_name) \
do { \
SEXP_t *__sval; \
\
__sval = probe_obj_getentval (obj, ent_name, 1); \
\
if (__sval != NULL) { \
(dst) = SEXP_string_cstr (__sval); \
\
if ((dst) == NULL) { \
SEXP_free(__sval); \
return (PROBE_EINVAL); \
} \
\
(se_dst) = __sval; \
} else { \
return (PROBE_ENOATTR); \
} \
} while (0)
get_string(suffix, se_suffix, probe_in, "suffix");
get_string(relative_dn, se_relative_dn, probe_in, "relative_dn");
get_string(xattribute, se_attribute, probe_in, "attribute");
if ((sv_op = probe_ent_getattrval(se_relative_dn, "operation")) != NULL) {
if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH)
rdn_pattern_match = true;
SEXP_free(sv_op);
}
if ((sv_op = probe_ent_getattrval(se_attribute, "operation")) != NULL) {
if (SEXP_number_geti_32(sv_op) == OVAL_OPERATION_PATTERN_MATCH)
a_pattern_match = true;
SEXP_free(sv_op);
}
/*
* Construct the attribute array for ldap_search_*
*
* nil -> "1.1"
* .* -> "*"
* "foo" -> "foo"
*/
attrs[0] = "objectClass";
if (xattribute == NULL)
attrs[1] = strdup("1.1"); /* no attibutes */
else if (a_pattern_match)
attrs[1] = strdup("*"); /* collect all, we'll filter them afterwards */
else
attrs[1] = xattribute; /* no pattern match, use the string directly */
attrs[2] = NULL;
/*
* Construct `base'
*/
assume_r(((relative_dn ? strlen(relative_dn) : 0) +
( suffix ? strlen(suffix) : 0) + 2) < (sizeof base/sizeof(char)),
PROBE_ERANGE);
if (relative_dn != NULL) {
strcpy(base, relative_dn);
strcat(base, ",");
strcat(base, suffix);
} else
strcpy(base, suffix);
/*
* Get URIs
*/
if (ldap_get_option(NULL, LDAP_OPT_URI, &uri_list) != LDAP_OPT_SUCCESS) {
item = probe_item_creat("ldap57_item", NULL, NULL);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_collect(ctx, item);
dE("ldap_get_option failed");
goto fail0;
}
/*
* Query each URI
*/
for (;;) {
char *entry_dn = NULL;
if ((uri = strtok_r(uri_list, " ,", &uri_save)) == NULL)
break;
ldp = NULL;
if (ldap_initialize(&ldp, uri) != LDAP_SUCCESS)
continue;
if (ldap_search_ext_s(ldp, base, scope, NULL, attrs, 0,
NULL /* serverctrls */,
NULL /* clientctrls */,
NULL /* timeout */,
0, &ldpres) != LDAP_SUCCESS)
{
item = probe_item_creat("ldap57_item", NULL, NULL);
probe_item_setstatus(item, SYSCHAR_STATUS_ERROR);
probe_item_collect(ctx, item);
dE("ldap_search_ext_s failed");
goto fail0;
}
entry = ldap_first_entry(ldp, ldpres);
entry_dn = ldap_get_dn(ldp, entry);
while (entry != NULL) {
BerElement *berelm = NULL;
attr = ldap_first_attribute(ldp, entry, &berelm);
/* XXX: pattern match filter */
while (attr != NULL) {
SEXP_t *se_value = NULL;
ber_tag_t bertag = LBER_DEFAULT;
ber_len_t berlen = 0;
Sockbuf *berbuf = NULL;
SEXP_t se_tmp_mem;
berbuf = ber_sockbuf_alloc();
/*
* Prepare the value (record) entity. Collect only
* primitive (i.e. simple) types.
*/
se_value = probe_ent_creat1("value", NULL, NULL);
probe_ent_setdatatype(se_value, OVAL_DATATYPE_RECORD);
/*
* XXX: does ber_get_next() return LBER_ERROR after the last value?
*/
while ((bertag = ber_get_next(berbuf, &berlen, berelm)) != LBER_ERROR) {
SEXP_t *field = NULL;
oval_datatype_t field_type = OVAL_DATATYPE_UNKNOWN;
switch(bertag & LBER_ENCODING_MASK) {
case LBER_PRIMITIVE:
dI("Found primitive value, bertag = %u", bertag);
break;
case LBER_CONSTRUCTED:
dW("Don't know how to handle LBER_CONSTRUCTED values");
/* FALLTHROUGH */
default:
dW("Skipping attribute value, bertag = %u", bertag);
continue;
}
assume_d(bertag & LBER_PRIMITIVE, NULL);
switch(bertag & LBER_BIG_TAG_MASK) {
case LBER_BOOLEAN:
{ /* LDAPTYPE_BOOLEAN */
ber_int_t val = -1;
if (ber_get_boolean(berelm, &val) == LBER_ERROR) {
dW("ber_get_boolean: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
assume_d(val != -1, NULL);
field = probe_ent_creat1("field", NULL, SEXP_number_newb_r(&se_tmp_mem, (bool)val));
field_type = OVAL_DATATYPE_BOOLEAN;
SEXP_free_r(&se_tmp_mem);
} break;
case LBER_INTEGER:
{ /* LDAPTYPE_INTEGER */
ber_int_t val = -1;
if (ber_get_int(berelm, &val) == LBER_ERROR) {
dW("ber_get_int: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
field = probe_ent_creat1("field", NULL, SEXP_number_newi_r(&se_tmp_mem, (int)val));
field_type = OVAL_DATATYPE_INTEGER;
SEXP_free_r(&se_tmp_mem);
} break;
case LBER_BITSTRING:
/* LDAPTYPE_BIT_STRING */
dW("LBER_BITSTRING: not implemented");
continue;
case LBER_OCTETSTRING:
{ /*
* LDAPTYPE_PRINTABLE_STRING
* LDAPTYPE_NUMERIC_STRING
* LDAPTYPE_DN_STRING
* LDAPTYPE_BINARY (?)
*/
char *val = NULL;
if (ber_get_stringa(berelm, &val) == LBER_ERROR) {
dW("ber_get_stringa: LBER_ERROR");
/* XXX: set error status on field */
continue;
}
assume_d(val != NULL, NULL);
field = probe_ent_creat1("field", NULL, SEXP_string_new_r(&se_tmp_mem, val, strlen(val)));
field_type = OVAL_DATATYPE_STRING;
SEXP_free_r(&se_tmp_mem);
ber_memfree(val);
} break;
case LBER_NULL:
/* XXX: no equivalent LDAPTYPE_? or empty */
dI("LBER_NULL: skipped");
continue;
case LBER_ENUMERATED:
/* XXX: no equivalent LDAPTYPE_? */
dW("Don't know how to handle LBER_ENUMERATED type");
continue;
default:
dW("Unknown attribute value type, bertag = %u", bertag);
continue;
}
if (field != NULL) {
assume_d(field_type != OVAL_DATATYPE_UNKNOWN, NULL);
probe_ent_setdatatype(field, field_type);
probe_ent_attr_add(field, "name", SEXP_string_new_r(&se_tmp_mem, attr, strlen(attr)));
SEXP_list_add(se_value, field);
SEXP_free_r(&se_tmp_mem);
SEXP_free(field);
}
}
ber_sockbuf_free(berbuf);
/*
* Create the item
*/
item = probe_item_create(OVAL_INDEPENDENT_LDAP57, NULL,
"suffix", OVAL_DATATYPE_STRING, suffix,
"relative_dn", OVAL_DATATYPE_STRING, relative_dn, /* XXX: pattern match */
"attribute", OVAL_DATATYPE_STRING, attr,
"object_class", OVAL_DATATYPE_STRING, "",
"ldaptype", OVAL_DATATYPE_STRING, "",
NULL);
SEXP_list_add(item, se_value);
SEXP_free(se_value);
probe_item_collect(ctx, item);
attr = ldap_next_attribute(ldp, entry, berelm);
}
ber_free(berelm, 0);
ldap_memfree(entry_dn);
entry = ldap_next_entry(ldp, entry);
entry_dn = ldap_get_dn(ldp, entry);
}
/*
* Close the LDAP connection and free resources
*/
ldap_unbind_ext_s(ldp, NULL, NULL);
}
ldap_memfree(uri_list);
fail0:
SEXP_free(se_suffix);
SEXP_free(se_relative_dn);
SEXP_free(se_attribute);
free(suffix);
free(relative_dn);
free(attrs[1]); /* attribute */
return (0);
}
