/* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" /* * Copyright (c) 1996 Regents of the University of Michigan. * All rights reserved. * * LIBLDAP url.c -- LDAP URL related routines * * LDAP URLs look like this: * l d a p : / / hostport / dn [ ? attributes [ ? scope [ ? filter [ ? extensions ] ] ] ] * * where: * attributes is a comma separated list * scope is one of these three strings: base one sub (default=base) * filter is an string-represented filter as in RFC 1558 * extensions is a comma separated list of extension * and extension is like this: [ ! ] oid/x-oid [ = value ] * * e.g., ldap://ldap.itd.umich.edu/c=US?o,description?one?o=umich * * We also tolerate URLs that look like: and */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1996 Regents of the University of Michigan.\nAll rights reserved.\n"; #endif #include #include #include #ifdef MACOS #include #include "macos.h" #endif /* MACOS */ #if defined( DOS ) || defined( _WIN32 ) #include #include #include "msdos.h" #endif /* DOS || _WIN32 */ #if !defined(MACOS) && !defined(DOS) && !defined( _WIN32 ) #include #include #include #endif /* !MACOS && !DOS && !_WIN32 */ #include "lber.h" #include "ldap.h" #include "ldap-private.h" #include "ldap-int.h" #ifdef NEEDPROTOS static int skip_url_prefix( char **urlp, int *enclosedp ); static void hex_unescape( char *s ); static int unhex( char c ); #else /* NEEDPROTOS */ static int skip_url_prefix(); static void hex_unescape(); static int unhex(); #endif /* NEEDPROTOS */ int ldap_is_ldap_url( char *url ) { int enclosed; return( url != NULL && skip_url_prefix( &url, &enclosed )); } static int skip_url_prefix( char **urlp, int *enclosedp ) { /* * return non-zero if this looks like a LDAP URL; zero if not * if non-zero returned, *urlp will be moved past "ldap://" part of URL */ if ( *urlp == NULL ) { return( 0 ); } /* skip leading '<' (if any) */ if ( **urlp == '<' ) { *enclosedp = 1; ++*urlp; } else { *enclosedp = 0; } /* skip leading "URL:" (if any) */ if ( strlen( *urlp ) >= LDAP_URL_URLCOLON_LEN && strncasecmp( *urlp, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) { *urlp += LDAP_URL_URLCOLON_LEN; } /* check for missing "ldap://" prefix */ if ( strlen( *urlp ) < LDAP_URL_PREFIX_LEN || strncasecmp( *urlp, LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) != 0 ) { return( 0 ); } /* skip over "ldap://" prefix and return success */ *urlp += LDAP_URL_PREFIX_LEN; return( 1 ); } int ldap_url_extension_parse( char *exts, LDAPURLExt *** lueppp) { /* Pick apart the pieces of an LDAP URL Extensions */ /* No copy of exts is made, LDAPURLExt's points to exts string */ LDAPURLExt ** lues; LDAPURLExt *luep; int i = 0; char *p = exts; char *ptr, *ptr2; *lueppp = NULL; /* Count the number of , in extensions */ while ( (p = strchr (p, ',')) != NULL){ i++; } /* There are at most i+1 extensions */ if ((lues = (LDAPURLExt **)calloc(i+2, sizeof(LDAPURLExt *))) == NULL){ return (LDAP_URL_ERR_MEM); } p = exts; i = 0; while ( p ) { if ((ptr = strchr(p, ',')) != NULL) *ptr++ = '\0'; else ptr = NULL; if ((luep = (LDAPURLExt *)calloc(1, sizeof(LDAPURLExt))) == NULL){ ldap_free_urlexts(lues); return (LDAP_URL_ERR_MEM); } lues[i] = luep; if (*p == '!'){ luep->lue_iscritical = 1; p++; } luep->lue_type = p; if (( ptr2 = strchr(p, '=')) != NULL) { *ptr2++ = '\0'; luep->lue_value = ptr2; hex_unescape(ptr2); } i++; p = ptr; } *lueppp = lues; return( 0 ); } int ldap_url_parse( char *url, LDAPURLDesc **ludpp ) { /* * Pick apart the pieces of an LDAP URL. */ LDAPURLDesc *ludp; char *attrs = NULL; char *p = NULL; char *q = NULL; char *x = NULL; int enclosed, i, nattrs, errcode; Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 262, "ldap_url_parse(%s)\n"), url, 0, 0 ); *ludpp = NULL; /* pessimistic */ if ( !skip_url_prefix( &url, &enclosed )) { return( LDAP_URL_ERR_NOTLDAP ); } /* allocate return struct */ if (( ludp = (LDAPURLDesc *)calloc( 1, sizeof( LDAPURLDesc ))) == NULLLDAPURLDESC ) { return( LDAP_URL_ERR_MEM ); } ludp->lud_port = LDAP_PORT; /* make working copy of the remainder of the URL */ if (( url = strdup( url )) == NULL ) { ldap_free_urldesc( ludp ); return( LDAP_URL_ERR_MEM ); } if ( enclosed && *((p = url + strlen( url ) - 1)) == '>' ) { *p = '\0'; } /* set defaults */ /* LP By default don't set them... Then we can check if they are present or not in URL */ ludp->lud_scope = LDAP_SCOPE_UNKNOWN; ludp->lud_filter = NULL; /* lud_string is the only malloc'd string space we use */ ludp->lud_string = url; /* scan forward for '/' that marks end of hostport and begin. of dn */ if (( ludp->lud_dn = strchr( url, '/' )) != NULL ) { *ludp->lud_dn++ = '\0'; } /* terminate hostport; point to start of dn */ if (( p = strchr( url, ':' )) != NULL ) { *p++ = '\0'; ludp->lud_port = atoi( p ); } if ( *url == '\0' ) { ludp->lud_host = NULL; } else { ludp->lud_host = url; hex_unescape( ludp->lud_host ); } if (ludp->lud_dn != NULL){ /* scan for '?' that marks end of dn and beginning of attributes */ if (( attrs = strchr( ludp->lud_dn, '?' )) != NULL ) { /* terminate dn; point to start of attrs. */ *attrs++ = '\0'; /* scan for '?' that marks end of attrs and begin. of scope */ if (( p = strchr( attrs, '?' )) != NULL ) { /* * terminate attrs; point to start of scope and scan for * '?' that marks end of scope and begin. of filter */ *p++ = '\0'; if (( q = strchr( p, '?' )) != NULL ) { /* terminate scope; point to start of filter */ *q++ = '\0'; if (( x = strchr(q, '?')) != NULL ) { /* terminate filter; point to start of extension */ *x++ = '\0'; if (*x != '\0'){ /* parse extensions */ } } if ( *q != '\0' ) { ludp->lud_filter = q; hex_unescape( ludp->lud_filter ); } } if ( strcasecmp( p, "one" ) == 0 ) { ludp->lud_scope = LDAP_SCOPE_ONELEVEL; } else if ( strcasecmp( p, "base" ) == 0 ) { ludp->lud_scope = LDAP_SCOPE_BASE; } else if ( strcasecmp( p, "sub" ) == 0 ) { ludp->lud_scope = LDAP_SCOPE_SUBTREE; } else if ( *p != '\0' ) { ldap_free_urldesc( ludp ); return( LDAP_URL_ERR_BADSCOPE ); } } } if ( *ludp->lud_dn == '\0' ) { ludp->lud_dn = NULL; } else { hex_unescape( ludp->lud_dn ); } /* * if attrs list was included, turn it into a null-terminated array */ if ( attrs != NULL && *attrs != '\0' ) { for ( nattrs = 1, p = attrs; *p != '\0'; ++p ) { if ( *p == ',' ) { ++nattrs; } } if (( ludp->lud_attrs = (char **)calloc( nattrs + 1, sizeof( char * ))) == NULL ) { ldap_free_urldesc( ludp ); return( LDAP_URL_ERR_MEM ); } for ( i = 0, p = attrs; i < nattrs; ++i ) { ludp->lud_attrs[ i ] = p; if (( p = strchr( p, ',' )) != NULL ) { *p++ ='\0'; } hex_unescape( ludp->lud_attrs[ i ] ); } } if (x != NULL && *x != '\0'){ if (errcode = ldap_url_extension_parse(x, &ludp->lud_extensions)){ ldap_free_urldesc(ludp); return ( errcode ); } } } *ludpp = ludp; return( 0 ); } void ldap_free_urlexts( LDAPURLExt ** lues) { int i; for (i = 0; lues[i] != NULL; i++){ free(lues[i]); } free(lues); } void ldap_free_urldesc( LDAPURLDesc *ludp ) { if ( ludp != NULLLDAPURLDESC ) { if ( ludp->lud_string != NULL ) { free( ludp->lud_string ); } if ( ludp->lud_attrs != NULL ) { free( ludp->lud_attrs ); } if (ludp->lud_extensions != NULL) { ldap_free_urlexts(ludp->lud_extensions); } free( ludp ); } } int ldap_url_search( LDAP *ld, char *url, int attrsonly ) { int err; LDAPURLDesc *ludp; BerElement *ber; LDAPServer *srv = NULL; #ifdef _REENTRANT LOCK_LDAP(ld); #endif if ( ldap_url_parse( url, &ludp ) != 0 ) { ld->ld_errno = LDAP_PARAM_ERROR; #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return( -1 ); } if (( ber = ldap_build_search_req( ld, ludp->lud_dn, ludp->lud_scope == LDAP_SCOPE_UNKNOWN ? LDAP_SCOPE_BASE : ludp->lud_scope, ludp->lud_filter ? ludp->lud_filter : "(objectclass=*)", ludp->lud_attrs, attrsonly, NULL, NULL, -1 )) == NULLBER ) { #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return( -1 ); } err = 0; if ( ludp->lud_host != NULL || ludp->lud_port != 0 ) { if (( srv = (LDAPServer *)calloc( 1, sizeof( LDAPServer ))) == NULL || ( srv->lsrv_host = strdup( ludp->lud_host == NULL ? ld->ld_defhost : ludp->lud_host )) == NULL ) { if ( srv != NULL ) { free( srv ); } ld->ld_errno = LDAP_NO_MEMORY; err = -1; } else { if ( ludp->lud_port == 0 ) { srv->lsrv_port = LDAP_PORT; } else { srv->lsrv_port = ludp->lud_port; } } } if ( err != 0 ) { ber_free( ber, 1 ); } else { err = send_server_request( ld, ber, ld->ld_msgid, NULL, srv, NULL, 1 ); } ldap_free_urldesc( ludp ); #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return( err ); } int ldap_url_search_st( LDAP *ld, char *url, int attrsonly, struct timeval *timeout, LDAPMessage **res ) { int msgid; int retcode = LDAP_SUCCESS; if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) { return( ld->ld_errno ); } if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) { return( ld->ld_errno ); } if ( ld->ld_errno == LDAP_TIMEOUT ) { (void) ldap_abandon( ld, msgid ); ld->ld_errno = LDAP_TIMEOUT; return( ld->ld_errno ); } #ifdef _REENTRANT LOCK_LDAP(ld); #endif retcode = ldap_parse_result(ld, *res, &ld->ld_errno, &ld->ld_matched, &ld->ld_error, &ld->ld_referrals, &ld->ld_ret_ctrls, 0); if (retcode == LDAP_SUCCESS) retcode = ld->ld_errno; #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return (retcode); } int ldap_url_search_s( LDAP *ld, char *url, int attrsonly, LDAPMessage **res ) { int msgid; int retcode = LDAP_SUCCESS; if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) { return( ld->ld_errno ); } if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, res ) == -1 ) { return( ld->ld_errno ); } #ifdef _REENTRANT LOCK_LDAP(ld); #endif retcode = ldap_parse_result(ld, *res, &ld->ld_errno, &ld->ld_matched, &ld->ld_error, &ld->ld_referrals, &ld->ld_ret_ctrls, 0); if (retcode == LDAP_SUCCESS) retcode = ld->ld_errno; #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return (retcode); } static void hex_unescape( char *s ) { /* * Remove URL hex escapes from s... done in place. The basic concept for * this routine is borrowed from the WWW library HTUnEscape() routine. */ char *p; for ( p = s; *s != '\0'; ++s ) { if ( *s == '%' ) { if ( *++s != '\0' ) { *p = unhex( *s ) << 4; } if ( *++s != '\0' ) { *p++ += unhex( *s ); } } else { *p++ = *s; } } *p = '\0'; } static int unhex( char c ) { return( c >= '0' && c <= '9' ? c - '0' : c >= 'A' && c <= 'F' ? c - 'A' + 10 : c - 'a' + 10 ); } /* * Locate the LDAP URL associated with a DNS domain name. * * The supplied DNS domain name is converted into a distinguished * name. The directory entry specified by that distinguished name * is searched for a labeledURI attribute. If successful then the * LDAP URL is returned. If unsuccessful then that entry's parent * is searched and so on until the target distinguished name is * reduced to only two nameparts. * * For example, if 'ny.eng.wiz.com' is the DNS domain then the * following entries are searched until one succeeds: * dc=ny,dc=eng,dc=wiz,dc=com * dc=eng,dc=wiz,dc=com * dc=wiz,dc=com * * If dns_name is NULL then the environment variable LOCALDOMAIN is used. * If attrs is not NULL then it is appended to the URL's attribute list. * If scope is not NULL then it overrides the URL's scope. * If filter is not NULL then it is merged with the URL's filter. * * If an error is encountered then zero is returned, otherwise a string * URL is returned. The caller should free the returned string if it is * non-zero. */ char * ldap_dns_to_url( LDAP *ld, char *dns_name, char *attrs, char *scope, char *filter ) { char *dn; char *url = 0; char *url2 = 0; LDAPURLDesc *urldesc; char *cp; char *cp2; size_t attrs_len = 0; size_t scope_len = 0; size_t filter_len = 0; int nameparts; int no_attrs = 0; int no_scope = 0; if (dns_name == 0) { dns_name = (char *)getenv("LOCALDOMAIN"); } if ((ld == NULL) || ((dn = ldap_dns_to_dn(dns_name, &nameparts)) == NULL)) return (0); if ((url = ldap_dn_to_url(ld, dn, nameparts)) == NULL) { free(dn); return (0); } free(dn); /* merge filter and/or scope and/or attributes with URL */ if (attrs || scope || filter) { if (attrs) attrs_len = strlen(attrs) + 2; /* for comma and NULL */ if (scope) scope_len = strlen(scope) + 1; /* for NULL */ if (filter) filter_len = strlen(filter) + 4; /* for ampersand, parentheses and NULL */ if (ldap_is_ldap_url(url)) { if ((url2 = (char *)malloc(attrs_len + scope_len + filter_len + strlen(url) + 1)) == NULL) { return (0); } cp = url; cp2 = url2; /* copy URL scheme, hostname, port number and DN */ while (*cp && (*cp != '?')) { *cp2++ = *cp++; } /* handle URL attributes */ if (*cp == '?') { /* test first '?' */ *cp2++ = *cp++; /* copy first '?' */ if (*cp == '?') { /* test second '?' */ /* insert supplied attributes */ if (attrs) { while (*attrs) { *cp2++ = *attrs++; } } else { no_attrs = 1; } } else { /* copy URL attributes */ while (*cp && (*cp != '?')) { *cp2++ = *cp++; } /* append supplied attributes */ if (attrs) { *cp2++ = ','; while (*attrs) { *cp2++ = *attrs++; } } } } else { /* append supplied attributes */ if (attrs) { *cp2++ = '?'; while (*attrs) { *cp2++ = *attrs++; } } else { no_attrs = 1; } } /* handle URL scope */ if (*cp == '?') { /* test second '?' */ *cp2++ = *cp++; /* copy second '?' */ if (*cp == '?') { /* test third '?' */ /* insert supplied scope */ if (scope) { while (*scope) { *cp2++ = *scope++; } } else { no_scope = 1; } } else { if (scope) { /* skip over URL scope */ while (*cp && (*cp != '?')) { *cp++; } /* insert supplied scope */ while (*scope) { *cp2++ = *scope++; } } else { /* copy URL scope */ while (*cp && (*cp != '?')) { *cp2++ = *cp++; } } } } else { /* append supplied scope */ if (scope) { if (no_attrs) { *cp2++ = '?'; } *cp2++ = '?'; while (*scope) { *cp2++ = *scope++; } } else { no_scope = 1; } } /* handle URL filter */ if (*cp == '?') { /* test third '?' */ *cp2++ = *cp++; /* copy third '?' */ if (filter) { /* merge URL and supplied filters */ *cp2++ = '('; *cp2++ = '&'; /* copy URL filter */ while (*cp) { *cp2++ = *cp++; } /* append supplied filter */ while (*filter) { *cp2++ = *filter++; } *cp2++ = ')'; } else { /* copy URL filter */ while (*cp) { *cp2++ = *cp++; } } } else { /* append supplied filter */ if (filter) { if (no_scope) { if (no_attrs) { *cp2++ = '?'; } *cp2++ = '?'; } *cp2++ = '?'; while (*filter) { *cp2++ = *filter++; } } } *cp2++ = '\0'; free (url); url = url2; } else { return (0); /* not an LDAP URL */ } } return (url); } /* * Locate the LDAP URL associated with a distinguished name. * * The number of nameparts in the supplied distinguished name must be * provided. The specified directory entry is searched for a labeledURI * attribute. If successful then the LDAP URL is returned. If unsuccessful * then that entry's parent is searched and so on until the target * distinguished name is reduced to only two nameparts. * * For example, if 'l=ny,ou=eng,o=wiz,c=us' is the distinguished name * then the following entries are searched until one succeeds: * l=ny,ou=eng,o=wiz,c=us * ou=eng,o=wiz,c=us * o=wiz,c=us * * If an error is encountered then zero is returned, otherwise a string * URL is returned. The caller should free the returned string if it is * non-zero. */ char * ldap_dn_to_url( LDAP *ld, char *dn, int nameparts ) { char *next_dn = dn; char *url = 0; char *attrs[2] = {"labeledURI", 0}; LDAPMessage *res, *e; char **vals; /* * Search for a URL in the named entry or its parent entry. * Continue until only 2 nameparts remain. */ while (dn && (nameparts > 1) && (! url)) { /* search for the labeledURI attribute */ if (ldap_search_s(ld, dn, LDAP_SCOPE_BASE, "(objectClass=*)", attrs, 0, &res) == LDAP_SUCCESS) { /* locate the first entry returned */ if ((e = ldap_first_entry(ld, res)) != NULL) { /* locate the labeledURI attribute */ if ((vals = ldap_get_values(ld, e, "labeledURI")) != NULL) { /* copy the attribute value */ if ((url = strdup((char *)vals[0])) != NULL) { ldap_value_free(vals); } } } /* free the search results */ ldap_msgfree(res); } if (! url) { /* advance along the DN by one namepart */ if (next_dn = strchr(dn, ',')) { next_dn++; dn = next_dn; nameparts--; } } } return (url); }