ldap.c@ 98326

Last change on this file since 98326 was 98326, checked in by vboxsync, 2 years ago
curl-7.87.0: Applied and adjusted our curl changes to 7.83.1. bugref:10356
Property svn:eol-style set to `native`
File size: 28.6 KB

Line
1	/***************************************************************************
2	* _ _ ____ _
3	* Project ___\| \| \| \| _ \\| \|
4	* / __\| \| \| \| \|_) \| \|
5	* \| (__\| \|_\| \| _ <\| \|___
6	* \___\|\___/\|_\| \_\_____\|
7	*
8	* Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
9	*
10	* This software is licensed as described in the file COPYING, which
11	* you should have received as part of this distribution. The terms
12	* are also available at https://curl.se/docs/copyright.html.
13	*
14	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15	* copies of the Software, and permit persons to whom the Software is
16	* furnished to do so, under the terms of the COPYING file.
17	*
18	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19	* KIND, either express or implied.
20	*
21	* SPDX-License-Identifier: curl
22	*
23	***************************************************************************/
24
25	#include "curl_setup.h"
26
27	#if !defined(CURL_DISABLE_LDAP) && !defined(USE_OPENLDAP)
28
29	/*
30	* Notice that USE_OPENLDAP is only a source code selection switch. When
31	* libcurl is built with USE_OPENLDAP defined the libcurl source code that
32	* gets compiled is the code from openldap.c, otherwise the code that gets
33	* compiled is the code from ldap.c.
34	*
35	* When USE_OPENLDAP is defined a recent version of the OpenLDAP library
36	* might be required for compilation and runtime. In order to use ancient
37	* OpenLDAP library versions, USE_OPENLDAP shall not be defined.
38	*/
39
40	/* Wincrypt must be included before anything that could include OpenSSL. */
41	#if defined(USE_WIN32_CRYPTO)
42	#include <wincrypt.h>
43	/* Undefine wincrypt conflicting symbols for BoringSSL. */
44	#undef X509_NAME
45	#undef X509_EXTENSIONS
46	#undef PKCS7_ISSUER_AND_SERIAL
47	#undef PKCS7_SIGNER_INFO
48	#undef OCSP_REQUEST
49	#undef OCSP_RESPONSE
50	#endif
51
52	#ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
53	# include <winldap.h>
54	# ifndef LDAP_VENDOR_NAME
55	# error Your Platform SDK is NOT sufficient for LDAP support! \
56	Update your Platform SDK, or disable LDAP support!
57	# else
58	# include <winber.h>
59	# endif
60	#else
61	# define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
62	# ifdef HAVE_LBER_H
63	# include <lber.h>
64	# endif
65	# include <ldap.h>
66	# if (defined(HAVE_LDAP_SSL) && defined(HAVE_LDAP_SSL_H))
67	# include <ldap_ssl.h>
68	# endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
69	#endif
70
71	#include "urldata.h"
72	#include <curl/curl.h>
73	#include "sendf.h"
74	#include "escape.h"
75	#include "progress.h"
76	#include "transfer.h"
77	#include "strcase.h"
78	#include "strtok.h"
79	#include "curl_ldap.h"
80	#include "curl_multibyte.h"
81	#include "curl_base64.h"
82	#include "connect.h"
83	/* The last 3 #include files should be in this order */
84	#include "curl_printf.h"
85	#include "curl_memory.h"
86	#include "memdebug.h"
87
88	#ifndef HAVE_LDAP_URL_PARSE
89
90	/* Use our own implementation. */
91
92	struct ldap_urldesc {
93	char *lud_host;
94	int lud_port;
95	#if defined(USE_WIN32_LDAP)
96	TCHAR *lud_dn;
97	TCHAR **lud_attrs;
98	#else
99	char *lud_dn;
100	char **lud_attrs;
101	#endif
102	int lud_scope;
103	#if defined(USE_WIN32_LDAP)
104	TCHAR *lud_filter;
105	#else
106	char *lud_filter;
107	#endif
108	char **lud_exts;
109	size_t lud_attrs_dups; /* how many were dup'ed, this field is not in the
110	"real" struct so can only be used in code
111	without HAVE_LDAP_URL_PARSE defined */
112	};
113
114	#undef LDAPURLDesc
115	#define LDAPURLDesc struct ldap_urldesc
116
117	static int _ldap_url_parse(struct Curl_easy *data,
118	const struct connectdata *conn,
119	LDAPURLDesc **ludp);
120	static void _ldap_free_urldesc(LDAPURLDesc *ludp);
121
122	#undef ldap_free_urldesc
123	#define ldap_free_urldesc _ldap_free_urldesc
124	#endif
125
126	#ifdef DEBUG_LDAP
127	#define LDAP_TRACE(x) do { \
128	_ldap_trace("%u: ", __LINE__); \
129	_ldap_trace x; \
130	} while(0)
131
132	static void _ldap_trace(const char *fmt, ...);
133	#else
134	#define LDAP_TRACE(x) Curl_nop_stmt
135	#endif
136
137	#if defined(USE_WIN32_LDAP) && defined(ldap_err2string)
138	/* Use ansi error strings in UNICODE builds */
139	#undef ldap_err2string
140	#define ldap_err2string ldap_err2stringA
141	#endif
142
143
144	static CURLcode ldap_do(struct Curl_easy data, bool done);
145
146	/*
147	* LDAP protocol handler.
148	*/
149
150	const struct Curl_handler Curl_handler_ldap = {
151	"LDAP", /* scheme */
152	ZERO_NULL, /* setup_connection */
153	ldap_do, /* do_it */
154	ZERO_NULL, /* done */
155	ZERO_NULL, /* do_more */
156	ZERO_NULL, /* connect_it */
157	ZERO_NULL, /* connecting */
158	ZERO_NULL, /* doing */
159	ZERO_NULL, /* proto_getsock */
160	ZERO_NULL, /* doing_getsock */
161	ZERO_NULL, /* domore_getsock */
162	ZERO_NULL, /* perform_getsock */
163	ZERO_NULL, /* disconnect */
164	ZERO_NULL, /* readwrite */
165	ZERO_NULL, /* connection_check */
166	ZERO_NULL, /* attach connection */
167	PORT_LDAP, /* defport */
168	CURLPROTO_LDAP, /* protocol */
169	CURLPROTO_LDAP, /* family */
170	PROTOPT_NONE /* flags */
171	};
172
173	#ifdef HAVE_LDAP_SSL
174	/*
175	* LDAPS protocol handler.
176	*/
177
178	const struct Curl_handler Curl_handler_ldaps = {
179	"LDAPS", /* scheme */
180	ZERO_NULL, /* setup_connection */
181	ldap_do, /* do_it */
182	ZERO_NULL, /* done */
183	ZERO_NULL, /* do_more */
184	ZERO_NULL, /* connect_it */
185	ZERO_NULL, /* connecting */
186	ZERO_NULL, /* doing */
187	ZERO_NULL, /* proto_getsock */
188	ZERO_NULL, /* doing_getsock */
189	ZERO_NULL, /* domore_getsock */
190	ZERO_NULL, /* perform_getsock */
191	ZERO_NULL, /* disconnect */
192	ZERO_NULL, /* readwrite */
193	ZERO_NULL, /* connection_check */
194	ZERO_NULL, /* attach connection */
195	PORT_LDAPS, /* defport */
196	CURLPROTO_LDAPS, /* protocol */
197	CURLPROTO_LDAP, /* family */
198	PROTOPT_SSL /* flags */
199	};
200	#endif
201
202	#if defined(USE_WIN32_LDAP)
203
204	#if defined(USE_WINDOWS_SSPI)
205	static int ldap_win_bind_auth(LDAP server, const char user,
206	const char *passwd, unsigned long authflags)
207	{
208	ULONG method = 0;
209	SEC_WINNT_AUTH_IDENTITY cred;
210	int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
211
212	memset(&cred, 0, sizeof(cred));
213
214	#if defined(USE_SPNEGO)
215	if(authflags & CURLAUTH_NEGOTIATE) {
216	method = LDAP_AUTH_NEGOTIATE;
217	}
218	else
219	#endif
220	#if defined(USE_NTLM)
221	if(authflags & CURLAUTH_NTLM) {
222	method = LDAP_AUTH_NTLM;
223	}
224	else
225	#endif
226	#if !defined(CURL_DISABLE_CRYPTO_AUTH)
227	if(authflags & CURLAUTH_DIGEST) {
228	method = LDAP_AUTH_DIGEST;
229	}
230	else
231	#endif
232	{
233	/* required anyway if one of upper preprocessor definitions enabled */
234	}
235
236	if(method && user && passwd) {
237	rc = Curl_create_sspi_identity(user, passwd, &cred);
238	if(!rc) {
239	rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
240	Curl_sspi_free_identity(&cred);
241	}
242	}
243	else {
244	/* proceed with current user credentials */
245	method = LDAP_AUTH_NEGOTIATE;
246	rc = ldap_bind_s(server, NULL, NULL, method);
247	}
248	return rc;
249	}
250	#endif /* #if defined(USE_WINDOWS_SSPI) */
251
252	static int ldap_win_bind(struct Curl_easy data, LDAP server,
253	const char user, const char passwd)
254	{
255	int rc = LDAP_INVALID_CREDENTIALS;
256
257	PTCHAR inuser = NULL;
258	PTCHAR inpass = NULL;
259
260	if(user && passwd && (data->set.httpauth & CURLAUTH_BASIC)) {
261	inuser = curlx_convert_UTF8_to_tchar((char *) user);
262	inpass = curlx_convert_UTF8_to_tchar((char *) passwd);
263
264	rc = ldap_simple_bind_s(server, inuser, inpass);
265
266	curlx_unicodefree(inuser);
267	curlx_unicodefree(inpass);
268	}
269	#if defined(USE_WINDOWS_SSPI)
270	else {
271	rc = ldap_win_bind_auth(server, user, passwd, data->set.httpauth);
272	}
273	#endif
274
275	return rc;
276	}
277	#endif /* #if defined(USE_WIN32_LDAP) */
278
279	#if defined(USE_WIN32_LDAP)
280	#define FREE_ON_WINLDAP(x) curlx_unicodefree(x)
281	#else
282	#define FREE_ON_WINLDAP(x)
283	#endif
284
285
286	static CURLcode ldap_do(struct Curl_easy data, bool done)
287	{
288	CURLcode result = CURLE_OK;
289	int rc = 0;
290	LDAP *server = NULL;
291	LDAPURLDesc *ludp = NULL;
292	LDAPMessage *ldapmsg = NULL;
293	LDAPMessage *entryIterator;
294	int num = 0;
295	struct connectdata *conn = data->conn;
296	int ldap_proto = LDAP_VERSION3;
297	int ldap_ssl = 0;
298	char *val_b64 = NULL;
299	size_t val_b64_sz = 0;
300	curl_off_t dlsize = 0;
301	#ifdef LDAP_OPT_NETWORK_TIMEOUT
302	struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
303	#endif
304	#if defined(USE_WIN32_LDAP)
305	TCHAR *host = NULL;
306	#else
307	char *host = NULL;
308	#endif
309	char *user = NULL;
310	char *passwd = NULL;
311
312	done = TRUE; / unconditionally */
313	infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d",
314	LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION);
315	infof(data, "LDAP local: %s", data->state.url);
316
317	#ifdef HAVE_LDAP_URL_PARSE
318	rc = ldap_url_parse(data->state.url, &ludp);
319	#else
320	rc = _ldap_url_parse(data, conn, &ludp);
321	#endif
322	if(rc) {
323	failf(data, "Bad LDAP URL: %s", ldap_err2string(rc));
324	result = CURLE_URL_MALFORMAT;
325	goto quit;
326	}
327
328	/* Get the URL scheme (either ldap or ldaps) */
329	if(conn->given->flags & PROTOPT_SSL)
330	ldap_ssl = 1;
331	infof(data, "LDAP local: trying to establish %s connection",
332	ldap_ssl ? "encrypted" : "cleartext");
333
334	#if defined(USE_WIN32_LDAP)
335	host = curlx_convert_UTF8_to_tchar(conn->host.name);
336	if(!host) {
337	result = CURLE_OUT_OF_MEMORY;
338
339	goto quit;
340	}
341	#else
342	host = conn->host.name;
343	#endif
344
345	if(data->state.aptr.user) {
346	user = conn->user;
347	passwd = conn->passwd;
348	}
349
350	#ifdef LDAP_OPT_NETWORK_TIMEOUT
351	ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
352	#endif
353	ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
354
355	if(ldap_ssl) {
356	#ifdef HAVE_LDAP_SSL
357	#ifdef USE_WIN32_LDAP
358	/* Win32 LDAP SDK doesn't support insecure mode without CA! */
359	server = ldap_sslinit(host, conn->port, 1);
360	ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
361	#else
362	int ldap_option;
363	char *ldap_ca = conn->ssl_config.CAfile;
364	#if defined(CURL_HAS_NOVELL_LDAPSDK)
365	rc = ldapssl_client_init(NULL, NULL);
366	if(rc != LDAP_SUCCESS) {
367	failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
368	result = CURLE_SSL_CERTPROBLEM;
369	goto quit;
370	}
371	if(conn->ssl_config.verifypeer) {
372	/* Novell SDK supports DER or BASE64 files. */
373	int cert_type = LDAPSSL_CERT_FILETYPE_B64;
374	if((data->set.ssl.cert_type) &&
375	(strcasecompare(data->set.ssl.cert_type, "DER")))
376	cert_type = LDAPSSL_CERT_FILETYPE_DER;
377	if(!ldap_ca) {
378	failf(data, "LDAP local: ERROR %s CA cert not set",
379	(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
380	result = CURLE_SSL_CERTPROBLEM;
381	goto quit;
382	}
383	infof(data, "LDAP local: using %s CA cert '%s'",
384	(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
385	ldap_ca);
386	rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
387	if(rc != LDAP_SUCCESS) {
388	failf(data, "LDAP local: ERROR setting %s CA cert: %s",
389	(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
390	ldap_err2string(rc));
391	result = CURLE_SSL_CERTPROBLEM;
392	goto quit;
393	}
394	ldap_option = LDAPSSL_VERIFY_SERVER;
395	}
396	else
397	ldap_option = LDAPSSL_VERIFY_NONE;
398	rc = ldapssl_set_verify_mode(ldap_option);
399	if(rc != LDAP_SUCCESS) {
400	failf(data, "LDAP local: ERROR setting cert verify mode: %s",
401	ldap_err2string(rc));
402	result = CURLE_SSL_CERTPROBLEM;
403	goto quit;
404	}
405	server = ldapssl_init(host, conn->port, 1);
406	if(!server) {
407	failf(data, "LDAP local: Cannot connect to %s:%u",
408	conn->host.dispname, conn->port);
409	result = CURLE_COULDNT_CONNECT;
410	goto quit;
411	}
412	#elif defined(LDAP_OPT_X_TLS)
413	if(conn->ssl_config.verifypeer) {
414	/* OpenLDAP SDK supports BASE64 files. */
415	if((data->set.ssl.cert_type) &&
416	(!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
417	failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type");
418	result = CURLE_SSL_CERTPROBLEM;
419	goto quit;
420	}
421	if(!ldap_ca) {
422	failf(data, "LDAP local: ERROR PEM CA cert not set");
423	result = CURLE_SSL_CERTPROBLEM;
424	goto quit;
425	}
426	infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca);
427	rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
428	if(rc != LDAP_SUCCESS) {
429	failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
430	ldap_err2string(rc));
431	result = CURLE_SSL_CERTPROBLEM;
432	goto quit;
433	}
434	ldap_option = LDAP_OPT_X_TLS_DEMAND;
435	}
436	else
437	ldap_option = LDAP_OPT_X_TLS_NEVER;
438
439	rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
440	if(rc != LDAP_SUCCESS) {
441	failf(data, "LDAP local: ERROR setting cert verify mode: %s",
442	ldap_err2string(rc));
443	result = CURLE_SSL_CERTPROBLEM;
444	goto quit;
445	}
446	server = ldap_init(host, conn->port);
447	if(!server) {
448	failf(data, "LDAP local: Cannot connect to %s:%u",
449	conn->host.dispname, conn->port);
450	result = CURLE_COULDNT_CONNECT;
451	goto quit;
452	}
453	ldap_option = LDAP_OPT_X_TLS_HARD;
454	rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
455	if(rc != LDAP_SUCCESS) {
456	failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
457	ldap_err2string(rc));
458	result = CURLE_SSL_CERTPROBLEM;
459	goto quit;
460	}
461	/*
462	rc = ldap_start_tls_s(server, NULL, NULL);
463	if(rc != LDAP_SUCCESS) {
464	failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
465	ldap_err2string(rc));
466	result = CURLE_SSL_CERTPROBLEM;
467	goto quit;
468	}
469	*/
470	#else
471	/* we should probably never come up to here since configure
472	should check in first place if we can support LDAP SSL/TLS */
473	failf(data, "LDAP local: SSL/TLS not supported with this version "
474	"of the OpenLDAP toolkit\n");
475	result = CURLE_SSL_CERTPROBLEM;
476	goto quit;
477	#endif
478	#endif
479	#endif /* CURL_LDAP_USE_SSL */
480	}
481	else if(data->set.use_ssl > CURLUSESSL_TRY) {
482	failf(data, "LDAP local: explicit TLS not supported");
483	result = CURLE_NOT_BUILT_IN;
484	goto quit;
485	}
486	else {
487	server = ldap_init(host, conn->port);
488	if(!server) {
489	failf(data, "LDAP local: Cannot connect to %s:%u",
490	conn->host.dispname, conn->port);
491	result = CURLE_COULDNT_CONNECT;
492	goto quit;
493	}
494	}
495	#ifdef USE_WIN32_LDAP
496	ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
497	rc = ldap_win_bind(data, server, user, passwd);
498	#else
499	rc = ldap_simple_bind_s(server, user, passwd);
500	#endif
501	if(!ldap_ssl && rc) {
502	ldap_proto = LDAP_VERSION2;
503	ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
504	#ifdef USE_WIN32_LDAP
505	rc = ldap_win_bind(data, server, user, passwd);
506	#else
507	rc = ldap_simple_bind_s(server, user, passwd);
508	#endif
509	}
510	if(rc) {
511	#ifdef USE_WIN32_LDAP
512	failf(data, "LDAP local: bind via ldap_win_bind %s",
513	ldap_err2string(rc));
514	#else
515	failf(data, "LDAP local: bind via ldap_simple_bind_s %s",
516	ldap_err2string(rc));
517	#endif
518	result = CURLE_LDAP_CANNOT_BIND;
519	goto quit;
520	}
521
522	rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
523	ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg);
524
525	if(rc && rc != LDAP_SIZELIMIT_EXCEEDED) {
526	failf(data, "LDAP remote: %s", ldap_err2string(rc));
527	result = CURLE_LDAP_SEARCH_FAILED;
528	goto quit;
529	}
530
531	for(num = 0, entryIterator = ldap_first_entry(server, ldapmsg);
532	entryIterator;
533	entryIterator = ldap_next_entry(server, entryIterator), num++) {
534	BerElement *ber = NULL;
535	#if defined(USE_WIN32_LDAP)
536	TCHAR *attribute;
537	#else
538	char *attribute;
539	#endif
540	int i;
541
542	/* Get the DN and write it to the client */
543	{
544	char *name;
545	size_t name_len;
546	#if defined(USE_WIN32_LDAP)
547	TCHAR *dn = ldap_get_dn(server, entryIterator);
548	name = curlx_convert_tchar_to_UTF8(dn);
549	if(!name) {
550	ldap_memfree(dn);
551
552	result = CURLE_OUT_OF_MEMORY;
553
554	goto quit;
555	}
556	#else
557	char *dn = name = ldap_get_dn(server, entryIterator);
558	#endif
559	name_len = strlen(name);
560
561	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"DN: ", 4);
562	if(result) {
563	FREE_ON_WINLDAP(name);
564	ldap_memfree(dn);
565	goto quit;
566	}
567
568	result = Curl_client_write(data, CLIENTWRITE_BODY, name, name_len);
569	if(result) {
570	FREE_ON_WINLDAP(name);
571	ldap_memfree(dn);
572	goto quit;
573	}
574
575	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
576	if(result) {
577	FREE_ON_WINLDAP(name);
578	ldap_memfree(dn);
579
580	goto quit;
581	}
582
583	dlsize += name_len + 5;
584
585	FREE_ON_WINLDAP(name);
586	ldap_memfree(dn);
587	}
588
589	/* Get the attributes and write them to the client */
590	for(attribute = ldap_first_attribute(server, entryIterator, &ber);
591	attribute;
592	attribute = ldap_next_attribute(server, entryIterator, ber)) {
593	BerValue **vals;
594	size_t attr_len;
595	#if defined(USE_WIN32_LDAP)
596	char *attr = curlx_convert_tchar_to_UTF8(attribute);
597	if(!attr) {
598	if(ber)
599	ber_free(ber, 0);
600
601	result = CURLE_OUT_OF_MEMORY;
602
603	goto quit;
604	}
605	#else
606	char *attr = attribute;
607	#endif
608	attr_len = strlen(attr);
609
610	vals = ldap_get_values_len(server, entryIterator, attribute);
611	if(vals) {
612	for(i = 0; (vals[i] != NULL); i++) {
613	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\t", 1);
614	if(result) {
615	ldap_value_free_len(vals);
616	FREE_ON_WINLDAP(attr);
617	ldap_memfree(attribute);
618	if(ber)
619	ber_free(ber, 0);
620
621	goto quit;
622	}
623
624	result = Curl_client_write(data, CLIENTWRITE_BODY, attr, attr_len);
625	if(result) {
626	ldap_value_free_len(vals);
627	FREE_ON_WINLDAP(attr);
628	ldap_memfree(attribute);
629	if(ber)
630	ber_free(ber, 0);
631
632	goto quit;
633	}
634
635	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)": ", 2);
636	if(result) {
637	ldap_value_free_len(vals);
638	FREE_ON_WINLDAP(attr);
639	ldap_memfree(attribute);
640	if(ber)
641	ber_free(ber, 0);
642
643	goto quit;
644	}
645
646	dlsize += attr_len + 3;
647
648	if((attr_len > 7) &&
649	(strcmp(";binary", attr + (attr_len - 7)) == 0)) {
650	/* Binary attribute, encode to base64. */
651	result = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len,
652	&val_b64, &val_b64_sz);
653	if(result) {
654	ldap_value_free_len(vals);
655	FREE_ON_WINLDAP(attr);
656	ldap_memfree(attribute);
657	if(ber)
658	ber_free(ber, 0);
659
660	goto quit;
661	}
662
663	if(val_b64_sz > 0) {
664	result = Curl_client_write(data, CLIENTWRITE_BODY, val_b64,
665	val_b64_sz);
666	free(val_b64);
667	if(result) {
668	ldap_value_free_len(vals);
669	FREE_ON_WINLDAP(attr);
670	ldap_memfree(attribute);
671	if(ber)
672	ber_free(ber, 0);
673
674	goto quit;
675	}
676
677	dlsize += val_b64_sz;
678	}
679	}
680	else {
681	result = Curl_client_write(data, CLIENTWRITE_BODY, vals[i]->bv_val,
682	vals[i]->bv_len);
683	if(result) {
684	ldap_value_free_len(vals);
685	FREE_ON_WINLDAP(attr);
686	ldap_memfree(attribute);
687	if(ber)
688	ber_free(ber, 0);
689
690	goto quit;
691	}
692
693	dlsize += vals[i]->bv_len;
694	}
695
696	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
697	if(result) {
698	ldap_value_free_len(vals);
699	FREE_ON_WINLDAP(attr);
700	ldap_memfree(attribute);
701	if(ber)
702	ber_free(ber, 0);
703
704	goto quit;
705	}
706
707	dlsize++;
708	}
709
710	/* Free memory used to store values */
711	ldap_value_free_len(vals);
712	}
713
714	/* Free the attribute as we are done with it */
715	FREE_ON_WINLDAP(attr);
716	ldap_memfree(attribute);
717
718	result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
719	if(result)
720	goto quit;
721	dlsize++;
722	Curl_pgrsSetDownloadCounter(data, dlsize);
723	}
724
725	if(ber)
726	ber_free(ber, 0);
727	}
728
729	quit:
730	if(ldapmsg) {
731	ldap_msgfree(ldapmsg);
732	LDAP_TRACE(("Received %d entries\n", num));
733	}
734	if(rc == LDAP_SIZELIMIT_EXCEEDED)
735	infof(data, "There are more than %d entries", num);
736	if(ludp)
737	ldap_free_urldesc(ludp);
738	if(server)
739	ldap_unbind_s(server);
740	#if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
741	if(ldap_ssl)
742	ldapssl_client_deinit();
743	#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
744
745	FREE_ON_WINLDAP(host);
746
747	/* no data to transfer */
748	Curl_setup_transfer(data, -1, -1, FALSE, -1);
749	connclose(conn, "LDAP connection always disable re-use");
750
751	return result;
752	}
753
754	#ifdef DEBUG_LDAP
755	static void _ldap_trace(const char *fmt, ...)
756	{
757	static int do_trace = -1;
758	va_list args;
759
760	if(do_trace == -1) {
761	const char *env = getenv("CURL_TRACE");
762	do_trace = (env && strtol(env, NULL, 10) > 0);
763	}
764	if(!do_trace)
765	return;
766
767	va_start(args, fmt);
768	vfprintf(stderr, fmt, args);
769	va_end(args);
770	}
771	#endif
772
773	#ifndef HAVE_LDAP_URL_PARSE
774
775	/*
776	* Return scope-value for a scope-string.
777	*/
778	static int str2scope(const char *p)
779	{
780	if(strcasecompare(p, "one"))
781	return LDAP_SCOPE_ONELEVEL;
782	if(strcasecompare(p, "onetree"))
783	return LDAP_SCOPE_ONELEVEL;
784	if(strcasecompare(p, "base"))
785	return LDAP_SCOPE_BASE;
786	if(strcasecompare(p, "sub"))
787	return LDAP_SCOPE_SUBTREE;
788	if(strcasecompare(p, "subtree"))
789	return LDAP_SCOPE_SUBTREE;
790	return (-1);
791	}
792
793	/*
794	* Split 'str' into strings separated by commas.
795	* Note: out[] points into 'str'.
796	*/
797	static bool split_str(char str, char *out, size_t count)
798	{
799	char **res;
800	char *lasts;
801	char *s;
802	size_t i;
803	size_t items = 1;
804
805	s = strchr(str, ',');
806	while(s) {
807	items++;
808	s = strchr(++s, ',');
809	}
810
811	res = calloc(items, sizeof(char *));
812	if(!res)
813	return FALSE;
814
815	for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
816	s = strtok_r(NULL, ",", &lasts), i++)
817	res[i] = s;
818
819	*out = res;
820	*count = items;
821
822	return TRUE;
823	}
824
825	/*
826	* Break apart the pieces of an LDAP URL.
827	* Syntax:
828	* ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
829	*
830	* <hostname> already known from 'conn->host.name'.
831	* <port> already known from 'conn->remote_port'.
832	* extract the rest from 'data->state.path+1'. All fields are optional.
833	* e.g.
834	* ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
835	* yields ludp->lud_dn = "".
836	*
837	* Defined in RFC4516 section 2.
838	*/
839	static int _ldap_url_parse2(struct Curl_easy *data,
840	const struct connectdata conn, LDAPURLDesc ludp)
841	{
842	int rc = LDAP_SUCCESS;
843	char *p;
844	char *path;
845	char *q = NULL;
846	char *query = NULL;
847	size_t i;
848
849	if(!data \|\|
850	!data->state.up.path \|\|
851	data->state.up.path[0] != '/' \|\|
852	!strncasecompare("LDAP", data->state.up.scheme, 4))
853	return LDAP_INVALID_SYNTAX;
854
855	ludp->lud_scope = LDAP_SCOPE_BASE;
856	ludp->lud_port = conn->remote_port;
857	ludp->lud_host = conn->host.name;
858
859	/* Duplicate the path */
860	p = path = strdup(data->state.up.path + 1);
861	if(!path)
862	return LDAP_NO_MEMORY;
863
864	/* Duplicate the query if present */
865	if(data->state.up.query) {
866	q = query = strdup(data->state.up.query);
867	if(!query) {
868	free(path);
869	return LDAP_NO_MEMORY;
870	}
871	}
872
873	/* Parse the DN (Distinguished Name) */
874	if(*p) {
875	char *dn = p;
876	char *unescaped;
877	CURLcode result;
878
879	LDAP_TRACE(("DN '%s'\n", dn));
880
881	/* Unescape the DN */
882	result = Curl_urldecode(dn, 0, &unescaped, NULL, REJECT_ZERO);
883	if(result) {
884	rc = LDAP_NO_MEMORY;
885
886	goto quit;
887	}
888
889	#if defined(USE_WIN32_LDAP)
890	/* Convert the unescaped string to a tchar */
891	ludp->lud_dn = curlx_convert_UTF8_to_tchar(unescaped);
892
893	/* Free the unescaped string as we are done with it */
894	free(unescaped);
895
896	if(!ludp->lud_dn) {
897	rc = LDAP_NO_MEMORY;
898
899	goto quit;
900	}
901	#else
902	ludp->lud_dn = unescaped;
903	#endif
904	}
905
906	p = q;
907	if(!p)
908	goto quit;
909
910	/* Parse the attributes. skip "??" */
911	q = strchr(p, '?');
912	if(q)
913	*q++ = '\0';
914
915	if(*p) {
916	char **attributes;
917	size_t count = 0;
918
919	/* Split the string into an array of attributes */
920	if(!split_str(p, &attributes, &count)) {
921	rc = LDAP_NO_MEMORY;
922
923	goto quit;
924	}
925
926	/* Allocate our array (+1 for the NULL entry) */
927	#if defined(USE_WIN32_LDAP)
928	ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
929	#else
930	ludp->lud_attrs = calloc(count + 1, sizeof(char *));
931	#endif
932	if(!ludp->lud_attrs) {
933	free(attributes);
934
935	rc = LDAP_NO_MEMORY;
936
937	goto quit;
938	}
939
940	for(i = 0; i < count; i++) {
941	char *unescaped;
942	CURLcode result;
943
944	LDAP_TRACE(("attr[%zu] '%s'\n", i, attributes[i]));
945
946	/* Unescape the attribute */
947	result = Curl_urldecode(attributes[i], 0, &unescaped, NULL,
948	REJECT_ZERO);
949	if(result) {
950	free(attributes);
951
952	rc = LDAP_NO_MEMORY;
953
954	goto quit;
955	}
956
957	#if defined(USE_WIN32_LDAP)
958	/* Convert the unescaped string to a tchar */
959	ludp->lud_attrs[i] = curlx_convert_UTF8_to_tchar(unescaped);
960
961	/* Free the unescaped string as we are done with it */
962	free(unescaped);
963
964	if(!ludp->lud_attrs[i]) {
965	free(attributes);
966
967	rc = LDAP_NO_MEMORY;
968
969	goto quit;
970	}
971	#else
972	ludp->lud_attrs[i] = unescaped;
973	#endif
974
975	ludp->lud_attrs_dups++;
976	}
977
978	free(attributes);
979	}
980
981	p = q;
982	if(!p)
983	goto quit;
984
985	/* Parse the scope. skip "??" */
986	q = strchr(p, '?');
987	if(q)
988	*q++ = '\0';
989
990	if(*p) {
991	ludp->lud_scope = str2scope(p);
992	if(ludp->lud_scope == -1) {
993	rc = LDAP_INVALID_SYNTAX;
994
995	goto quit;
996	}
997	LDAP_TRACE(("scope %d\n", ludp->lud_scope));
998	}
999
1000	p = q;
1001	if(!p)
1002	goto quit;
1003
1004	/* Parse the filter */
1005	q = strchr(p, '?');
1006	if(q)
1007	*q++ = '\0';
1008
1009	if(*p) {
1010	char *filter = p;
1011	char *unescaped;
1012	CURLcode result;
1013
1014	LDAP_TRACE(("filter '%s'\n", filter));
1015
1016	/* Unescape the filter */
1017	result = Curl_urldecode(filter, 0, &unescaped, NULL, REJECT_ZERO);
1018	if(result) {
1019	rc = LDAP_NO_MEMORY;
1020
1021	goto quit;
1022	}
1023
1024	#if defined(USE_WIN32_LDAP)
1025	/* Convert the unescaped string to a tchar */
1026	ludp->lud_filter = curlx_convert_UTF8_to_tchar(unescaped);
1027
1028	/* Free the unescaped string as we are done with it */
1029	free(unescaped);
1030
1031	if(!ludp->lud_filter) {
1032	rc = LDAP_NO_MEMORY;
1033
1034	goto quit;
1035	}
1036	#else
1037	ludp->lud_filter = unescaped;
1038	#endif
1039	}
1040
1041	p = q;
1042	if(p && !*p) {
1043	rc = LDAP_INVALID_SYNTAX;
1044
1045	goto quit;
1046	}
1047
1048	quit:
1049	free(path);
1050	free(query);
1051
1052	return rc;
1053	}
1054
1055	static int _ldap_url_parse(struct Curl_easy *data,
1056	const struct connectdata *conn,
1057	LDAPURLDesc **ludpp)
1058	{
1059	LDAPURLDesc ludp = calloc(1, sizeof(ludp));
1060	int rc;
1061
1062	*ludpp = NULL;
1063	if(!ludp)
1064	return LDAP_NO_MEMORY;
1065
1066	rc = _ldap_url_parse2(data, conn, ludp);
1067	if(rc != LDAP_SUCCESS) {
1068	_ldap_free_urldesc(ludp);
1069	ludp = NULL;
1070	}
1071	*ludpp = ludp;
1072	return (rc);
1073	}
1074
1075	static void _ldap_free_urldesc(LDAPURLDesc *ludp)
1076	{
1077	if(!ludp)
1078	return;
1079
1080	#if defined(USE_WIN32_LDAP)
1081	curlx_unicodefree(ludp->lud_dn);
1082	curlx_unicodefree(ludp->lud_filter);
1083	#else
1084	free(ludp->lud_dn);
1085	free(ludp->lud_filter);
1086	#endif
1087
1088	if(ludp->lud_attrs) {
1089	size_t i;
1090	for(i = 0; i < ludp->lud_attrs_dups; i++) {
1091	#if defined(USE_WIN32_LDAP)
1092	curlx_unicodefree(ludp->lud_attrs[i]);
1093	#else
1094	free(ludp->lud_attrs[i]);
1095	#endif
1096	}
1097	free(ludp->lud_attrs);
1098	}
1099
1100	free(ludp);
1101	}
1102	#endif /* !HAVE_LDAP_URL_PARSE */
1103	#endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/curl-7.87.0/lib/ldap.c@ 98326

Download in other formats: