ldap.c 28 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #if !defined(CURL_DISABLE_LDAP) && !defined(USE_OPENLDAP)
  24. /*
  25. * Notice that USE_OPENLDAP is only a source code selection switch. When
  26. * libcurl is built with USE_OPENLDAP defined the libcurl source code that
  27. * gets compiled is the code from openldap.c, otherwise the code that gets
  28. * compiled is the code from ldap.c.
  29. *
  30. * When USE_OPENLDAP is defined a recent version of the OpenLDAP library
  31. * might be required for compilation and runtime. In order to use ancient
  32. * OpenLDAP library versions, USE_OPENLDAP shall not be defined.
  33. */
  34. #ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
  35. # include <winldap.h>
  36. # ifndef LDAP_VENDOR_NAME
  37. # error Your Platform SDK is NOT sufficient for LDAP support! \
  38. Update your Platform SDK, or disable LDAP support!
  39. # else
  40. # include <winber.h>
  41. # endif
  42. #else
  43. # define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
  44. # ifdef HAVE_LBER_H
  45. # include <lber.h>
  46. # endif
  47. # include <ldap.h>
  48. # if (defined(HAVE_LDAP_SSL) && defined(HAVE_LDAP_SSL_H))
  49. # include <ldap_ssl.h>
  50. # endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
  51. #endif
  52. #include "urldata.h"
  53. #include <curl/curl.h>
  54. #include "sendf.h"
  55. #include "escape.h"
  56. #include "progress.h"
  57. #include "transfer.h"
  58. #include "strcase.h"
  59. #include "strtok.h"
  60. #include "curl_ldap.h"
  61. #include "curl_multibyte.h"
  62. #include "curl_base64.h"
  63. #include "connect.h"
  64. /* The last 3 #include files should be in this order */
  65. #include "curl_printf.h"
  66. #include "curl_memory.h"
  67. #include "memdebug.h"
  68. #ifndef HAVE_LDAP_URL_PARSE
  69. /* Use our own implementation. */
  70. struct ldap_urldesc {
  71. char *lud_host;
  72. int lud_port;
  73. #if defined(USE_WIN32_LDAP)
  74. TCHAR *lud_dn;
  75. TCHAR **lud_attrs;
  76. #else
  77. char *lud_dn;
  78. char **lud_attrs;
  79. #endif
  80. int lud_scope;
  81. #if defined(USE_WIN32_LDAP)
  82. TCHAR *lud_filter;
  83. #else
  84. char *lud_filter;
  85. #endif
  86. char **lud_exts;
  87. size_t lud_attrs_dups; /* how many were dup'ed, this field is not in the
  88. "real" struct so can only be used in code
  89. without HAVE_LDAP_URL_PARSE defined */
  90. };
  91. #undef LDAPURLDesc
  92. #define LDAPURLDesc struct ldap_urldesc
  93. static int _ldap_url_parse(const struct connectdata *conn,
  94. LDAPURLDesc **ludp);
  95. static void _ldap_free_urldesc(LDAPURLDesc *ludp);
  96. #undef ldap_free_urldesc
  97. #define ldap_free_urldesc _ldap_free_urldesc
  98. #endif
  99. #ifdef DEBUG_LDAP
  100. #define LDAP_TRACE(x) do { \
  101. _ldap_trace("%u: ", __LINE__); \
  102. _ldap_trace x; \
  103. } while(0)
  104. static void _ldap_trace(const char *fmt, ...);
  105. #else
  106. #define LDAP_TRACE(x) Curl_nop_stmt
  107. #endif
  108. #if defined(USE_WIN32_LDAP) && defined(ldap_err2string)
  109. /* Use ansi error strings in UNICODE builds */
  110. #undef ldap_err2string
  111. #define ldap_err2string ldap_err2stringA
  112. #endif
  113. static CURLcode Curl_ldap(struct connectdata *conn, bool *done);
  114. /*
  115. * LDAP protocol handler.
  116. */
  117. const struct Curl_handler Curl_handler_ldap = {
  118. "LDAP", /* scheme */
  119. ZERO_NULL, /* setup_connection */
  120. Curl_ldap, /* do_it */
  121. ZERO_NULL, /* done */
  122. ZERO_NULL, /* do_more */
  123. ZERO_NULL, /* connect_it */
  124. ZERO_NULL, /* connecting */
  125. ZERO_NULL, /* doing */
  126. ZERO_NULL, /* proto_getsock */
  127. ZERO_NULL, /* doing_getsock */
  128. ZERO_NULL, /* domore_getsock */
  129. ZERO_NULL, /* perform_getsock */
  130. ZERO_NULL, /* disconnect */
  131. ZERO_NULL, /* readwrite */
  132. ZERO_NULL, /* connection_check */
  133. PORT_LDAP, /* defport */
  134. CURLPROTO_LDAP, /* protocol */
  135. PROTOPT_NONE /* flags */
  136. };
  137. #ifdef HAVE_LDAP_SSL
  138. /*
  139. * LDAPS protocol handler.
  140. */
  141. const struct Curl_handler Curl_handler_ldaps = {
  142. "LDAPS", /* scheme */
  143. ZERO_NULL, /* setup_connection */
  144. Curl_ldap, /* do_it */
  145. ZERO_NULL, /* done */
  146. ZERO_NULL, /* do_more */
  147. ZERO_NULL, /* connect_it */
  148. ZERO_NULL, /* connecting */
  149. ZERO_NULL, /* doing */
  150. ZERO_NULL, /* proto_getsock */
  151. ZERO_NULL, /* doing_getsock */
  152. ZERO_NULL, /* domore_getsock */
  153. ZERO_NULL, /* perform_getsock */
  154. ZERO_NULL, /* disconnect */
  155. ZERO_NULL, /* readwrite */
  156. ZERO_NULL, /* connection_check */
  157. PORT_LDAPS, /* defport */
  158. CURLPROTO_LDAPS, /* protocol */
  159. PROTOPT_SSL /* flags */
  160. };
  161. #endif
  162. #if defined(USE_WIN32_LDAP)
  163. #if defined(USE_WINDOWS_SSPI)
  164. static int ldap_win_bind_auth(LDAP *server, const char *user,
  165. const char *passwd, unsigned long authflags)
  166. {
  167. ULONG method = 0;
  168. SEC_WINNT_AUTH_IDENTITY cred;
  169. int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
  170. memset(&cred, 0, sizeof(cred));
  171. #if defined(USE_SPNEGO)
  172. if(authflags & CURLAUTH_NEGOTIATE) {
  173. method = LDAP_AUTH_NEGOTIATE;
  174. }
  175. else
  176. #endif
  177. #if defined(USE_NTLM)
  178. if(authflags & CURLAUTH_NTLM) {
  179. method = LDAP_AUTH_NTLM;
  180. }
  181. else
  182. #endif
  183. #if !defined(CURL_DISABLE_CRYPTO_AUTH)
  184. if(authflags & CURLAUTH_DIGEST) {
  185. method = LDAP_AUTH_DIGEST;
  186. }
  187. else
  188. #endif
  189. {
  190. /* required anyway if one of upper preprocessor definitions enabled */
  191. }
  192. if(method && user && passwd) {
  193. rc = Curl_create_sspi_identity(user, passwd, &cred);
  194. if(!rc) {
  195. rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
  196. Curl_sspi_free_identity(&cred);
  197. }
  198. }
  199. else {
  200. /* proceed with current user credentials */
  201. method = LDAP_AUTH_NEGOTIATE;
  202. rc = ldap_bind_s(server, NULL, NULL, method);
  203. }
  204. return rc;
  205. }
  206. #endif /* #if defined(USE_WINDOWS_SSPI) */
  207. static int ldap_win_bind(struct connectdata *conn, LDAP *server,
  208. const char *user, const char *passwd)
  209. {
  210. int rc = LDAP_INVALID_CREDENTIALS;
  211. PTCHAR inuser = NULL;
  212. PTCHAR inpass = NULL;
  213. if(user && passwd && (conn->data->set.httpauth & CURLAUTH_BASIC)) {
  214. inuser = curlx_convert_UTF8_to_tchar((char *) user);
  215. inpass = curlx_convert_UTF8_to_tchar((char *) passwd);
  216. rc = ldap_simple_bind_s(server, inuser, inpass);
  217. curlx_unicodefree(inuser);
  218. curlx_unicodefree(inpass);
  219. }
  220. #if defined(USE_WINDOWS_SSPI)
  221. else {
  222. rc = ldap_win_bind_auth(server, user, passwd, conn->data->set.httpauth);
  223. }
  224. #endif
  225. return rc;
  226. }
  227. #endif /* #if defined(USE_WIN32_LDAP) */
  228. static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
  229. {
  230. CURLcode result = CURLE_OK;
  231. int rc = 0;
  232. LDAP *server = NULL;
  233. LDAPURLDesc *ludp = NULL;
  234. LDAPMessage *ldapmsg = NULL;
  235. LDAPMessage *entryIterator;
  236. int num = 0;
  237. struct Curl_easy *data = conn->data;
  238. int ldap_proto = LDAP_VERSION3;
  239. int ldap_ssl = 0;
  240. char *val_b64 = NULL;
  241. size_t val_b64_sz = 0;
  242. curl_off_t dlsize = 0;
  243. #ifdef LDAP_OPT_NETWORK_TIMEOUT
  244. struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
  245. #endif
  246. #if defined(USE_WIN32_LDAP)
  247. TCHAR *host = NULL;
  248. #else
  249. char *host = NULL;
  250. #endif
  251. char *user = NULL;
  252. char *passwd = NULL;
  253. *done = TRUE; /* unconditionally */
  254. infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n",
  255. LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION);
  256. infof(data, "LDAP local: %s\n", data->change.url);
  257. #ifdef HAVE_LDAP_URL_PARSE
  258. rc = ldap_url_parse(data->change.url, &ludp);
  259. #else
  260. rc = _ldap_url_parse(conn, &ludp);
  261. #endif
  262. if(rc != 0) {
  263. failf(data, "LDAP local: %s", ldap_err2string(rc));
  264. result = CURLE_LDAP_INVALID_URL;
  265. goto quit;
  266. }
  267. /* Get the URL scheme (either ldap or ldaps) */
  268. if(conn->given->flags & PROTOPT_SSL)
  269. ldap_ssl = 1;
  270. infof(data, "LDAP local: trying to establish %s connection\n",
  271. ldap_ssl ? "encrypted" : "cleartext");
  272. #if defined(USE_WIN32_LDAP)
  273. host = curlx_convert_UTF8_to_tchar(conn->host.name);
  274. if(!host) {
  275. result = CURLE_OUT_OF_MEMORY;
  276. goto quit;
  277. }
  278. #else
  279. host = conn->host.name;
  280. #endif
  281. if(conn->bits.user_passwd) {
  282. user = conn->user;
  283. passwd = conn->passwd;
  284. }
  285. #ifdef LDAP_OPT_NETWORK_TIMEOUT
  286. ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
  287. #endif
  288. ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  289. if(ldap_ssl) {
  290. #ifdef HAVE_LDAP_SSL
  291. #ifdef USE_WIN32_LDAP
  292. /* Win32 LDAP SDK doesn't support insecure mode without CA! */
  293. server = ldap_sslinit(host, (int)conn->port, 1);
  294. ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
  295. #else
  296. int ldap_option;
  297. char *ldap_ca = conn->ssl_config.CAfile;
  298. #if defined(CURL_HAS_NOVELL_LDAPSDK)
  299. rc = ldapssl_client_init(NULL, NULL);
  300. if(rc != LDAP_SUCCESS) {
  301. failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
  302. result = CURLE_SSL_CERTPROBLEM;
  303. goto quit;
  304. }
  305. if(conn->ssl_config.verifypeer) {
  306. /* Novell SDK supports DER or BASE64 files. */
  307. int cert_type = LDAPSSL_CERT_FILETYPE_B64;
  308. if((data->set.ssl.cert_type) &&
  309. (strcasecompare(data->set.ssl.cert_type, "DER")))
  310. cert_type = LDAPSSL_CERT_FILETYPE_DER;
  311. if(!ldap_ca) {
  312. failf(data, "LDAP local: ERROR %s CA cert not set!",
  313. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
  314. result = CURLE_SSL_CERTPROBLEM;
  315. goto quit;
  316. }
  317. infof(data, "LDAP local: using %s CA cert '%s'\n",
  318. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
  319. ldap_ca);
  320. rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
  321. if(rc != LDAP_SUCCESS) {
  322. failf(data, "LDAP local: ERROR setting %s CA cert: %s",
  323. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
  324. ldap_err2string(rc));
  325. result = CURLE_SSL_CERTPROBLEM;
  326. goto quit;
  327. }
  328. ldap_option = LDAPSSL_VERIFY_SERVER;
  329. }
  330. else
  331. ldap_option = LDAPSSL_VERIFY_NONE;
  332. rc = ldapssl_set_verify_mode(ldap_option);
  333. if(rc != LDAP_SUCCESS) {
  334. failf(data, "LDAP local: ERROR setting cert verify mode: %s",
  335. ldap_err2string(rc));
  336. result = CURLE_SSL_CERTPROBLEM;
  337. goto quit;
  338. }
  339. server = ldapssl_init(host, (int)conn->port, 1);
  340. if(server == NULL) {
  341. failf(data, "LDAP local: Cannot connect to %s:%ld",
  342. conn->host.dispname, conn->port);
  343. result = CURLE_COULDNT_CONNECT;
  344. goto quit;
  345. }
  346. #elif defined(LDAP_OPT_X_TLS)
  347. if(conn->ssl_config.verifypeer) {
  348. /* OpenLDAP SDK supports BASE64 files. */
  349. if((data->set.ssl.cert_type) &&
  350. (!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
  351. failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
  352. result = CURLE_SSL_CERTPROBLEM;
  353. goto quit;
  354. }
  355. if(!ldap_ca) {
  356. failf(data, "LDAP local: ERROR PEM CA cert not set!");
  357. result = CURLE_SSL_CERTPROBLEM;
  358. goto quit;
  359. }
  360. infof(data, "LDAP local: using PEM CA cert: %s\n", ldap_ca);
  361. rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
  362. if(rc != LDAP_SUCCESS) {
  363. failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
  364. ldap_err2string(rc));
  365. result = CURLE_SSL_CERTPROBLEM;
  366. goto quit;
  367. }
  368. ldap_option = LDAP_OPT_X_TLS_DEMAND;
  369. }
  370. else
  371. ldap_option = LDAP_OPT_X_TLS_NEVER;
  372. rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
  373. if(rc != LDAP_SUCCESS) {
  374. failf(data, "LDAP local: ERROR setting cert verify mode: %s",
  375. ldap_err2string(rc));
  376. result = CURLE_SSL_CERTPROBLEM;
  377. goto quit;
  378. }
  379. server = ldap_init(host, (int)conn->port);
  380. if(server == NULL) {
  381. failf(data, "LDAP local: Cannot connect to %s:%ld",
  382. conn->host.dispname, conn->port);
  383. result = CURLE_COULDNT_CONNECT;
  384. goto quit;
  385. }
  386. ldap_option = LDAP_OPT_X_TLS_HARD;
  387. rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
  388. if(rc != LDAP_SUCCESS) {
  389. failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
  390. ldap_err2string(rc));
  391. result = CURLE_SSL_CERTPROBLEM;
  392. goto quit;
  393. }
  394. /*
  395. rc = ldap_start_tls_s(server, NULL, NULL);
  396. if(rc != LDAP_SUCCESS) {
  397. failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
  398. ldap_err2string(rc));
  399. result = CURLE_SSL_CERTPROBLEM;
  400. goto quit;
  401. }
  402. */
  403. #else
  404. /* we should probably never come up to here since configure
  405. should check in first place if we can support LDAP SSL/TLS */
  406. failf(data, "LDAP local: SSL/TLS not supported with this version "
  407. "of the OpenLDAP toolkit\n");
  408. result = CURLE_SSL_CERTPROBLEM;
  409. goto quit;
  410. #endif
  411. #endif
  412. #endif /* CURL_LDAP_USE_SSL */
  413. }
  414. else {
  415. server = ldap_init(host, (int)conn->port);
  416. if(server == NULL) {
  417. failf(data, "LDAP local: Cannot connect to %s:%ld",
  418. conn->host.dispname, conn->port);
  419. result = CURLE_COULDNT_CONNECT;
  420. goto quit;
  421. }
  422. }
  423. #ifdef USE_WIN32_LDAP
  424. ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  425. #endif
  426. #ifdef USE_WIN32_LDAP
  427. rc = ldap_win_bind(conn, server, user, passwd);
  428. #else
  429. rc = ldap_simple_bind_s(server, user, passwd);
  430. #endif
  431. if(!ldap_ssl && rc != 0) {
  432. ldap_proto = LDAP_VERSION2;
  433. ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  434. #ifdef USE_WIN32_LDAP
  435. rc = ldap_win_bind(conn, server, user, passwd);
  436. #else
  437. rc = ldap_simple_bind_s(server, user, passwd);
  438. #endif
  439. }
  440. if(rc != 0) {
  441. #ifdef USE_WIN32_LDAP
  442. failf(data, "LDAP local: bind via ldap_win_bind %s",
  443. ldap_err2string(rc));
  444. #else
  445. failf(data, "LDAP local: bind via ldap_simple_bind_s %s",
  446. ldap_err2string(rc));
  447. #endif
  448. result = CURLE_LDAP_CANNOT_BIND;
  449. goto quit;
  450. }
  451. rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
  452. ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg);
  453. if(rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
  454. failf(data, "LDAP remote: %s", ldap_err2string(rc));
  455. result = CURLE_LDAP_SEARCH_FAILED;
  456. goto quit;
  457. }
  458. for(num = 0, entryIterator = ldap_first_entry(server, ldapmsg);
  459. entryIterator;
  460. entryIterator = ldap_next_entry(server, entryIterator), num++) {
  461. BerElement *ber = NULL;
  462. #if defined(USE_WIN32_LDAP)
  463. TCHAR *attribute;
  464. #else
  465. char *attribute; /*! suspicious that this isn't 'const' */
  466. #endif
  467. int i;
  468. /* Get the DN and write it to the client */
  469. {
  470. char *name;
  471. size_t name_len;
  472. #if defined(USE_WIN32_LDAP)
  473. TCHAR *dn = ldap_get_dn(server, entryIterator);
  474. name = curlx_convert_tchar_to_UTF8(dn);
  475. if(!name) {
  476. ldap_memfree(dn);
  477. result = CURLE_OUT_OF_MEMORY;
  478. goto quit;
  479. }
  480. #else
  481. char *dn = name = ldap_get_dn(server, entryIterator);
  482. #endif
  483. name_len = strlen(name);
  484. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
  485. if(result) {
  486. #if defined(USE_WIN32_LDAP)
  487. curlx_unicodefree(name);
  488. #endif
  489. ldap_memfree(dn);
  490. goto quit;
  491. }
  492. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *) name,
  493. name_len);
  494. if(result) {
  495. #if defined(USE_WIN32_LDAP)
  496. curlx_unicodefree(name);
  497. #endif
  498. ldap_memfree(dn);
  499. goto quit;
  500. }
  501. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  502. if(result) {
  503. #if defined(USE_WIN32_LDAP)
  504. curlx_unicodefree(name);
  505. #endif
  506. ldap_memfree(dn);
  507. goto quit;
  508. }
  509. dlsize += name_len + 5;
  510. #if defined(USE_WIN32_LDAP)
  511. curlx_unicodefree(name);
  512. #endif
  513. ldap_memfree(dn);
  514. }
  515. /* Get the attributes and write them to the client */
  516. for(attribute = ldap_first_attribute(server, entryIterator, &ber);
  517. attribute;
  518. attribute = ldap_next_attribute(server, entryIterator, ber)) {
  519. BerValue **vals;
  520. size_t attr_len;
  521. #if defined(USE_WIN32_LDAP)
  522. char *attr = curlx_convert_tchar_to_UTF8(attribute);
  523. if(!attr) {
  524. if(ber)
  525. ber_free(ber, 0);
  526. result = CURLE_OUT_OF_MEMORY;
  527. goto quit;
  528. }
  529. #else
  530. char *attr = attribute;
  531. #endif
  532. attr_len = strlen(attr);
  533. vals = ldap_get_values_len(server, entryIterator, attribute);
  534. if(vals != NULL) {
  535. for(i = 0; (vals[i] != NULL); i++) {
  536. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
  537. if(result) {
  538. ldap_value_free_len(vals);
  539. #if defined(USE_WIN32_LDAP)
  540. curlx_unicodefree(attr);
  541. #endif
  542. ldap_memfree(attribute);
  543. if(ber)
  544. ber_free(ber, 0);
  545. goto quit;
  546. }
  547. result = Curl_client_write(conn, CLIENTWRITE_BODY,
  548. (char *) attr, attr_len);
  549. if(result) {
  550. ldap_value_free_len(vals);
  551. #if defined(USE_WIN32_LDAP)
  552. curlx_unicodefree(attr);
  553. #endif
  554. ldap_memfree(attribute);
  555. if(ber)
  556. ber_free(ber, 0);
  557. goto quit;
  558. }
  559. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
  560. if(result) {
  561. ldap_value_free_len(vals);
  562. #if defined(USE_WIN32_LDAP)
  563. curlx_unicodefree(attr);
  564. #endif
  565. ldap_memfree(attribute);
  566. if(ber)
  567. ber_free(ber, 0);
  568. goto quit;
  569. }
  570. dlsize += attr_len + 3;
  571. if((attr_len > 7) &&
  572. (strcmp(";binary", (char *) attr + (attr_len - 7)) == 0)) {
  573. /* Binary attribute, encode to base64. */
  574. result = Curl_base64_encode(data,
  575. vals[i]->bv_val,
  576. vals[i]->bv_len,
  577. &val_b64,
  578. &val_b64_sz);
  579. if(result) {
  580. ldap_value_free_len(vals);
  581. #if defined(USE_WIN32_LDAP)
  582. curlx_unicodefree(attr);
  583. #endif
  584. ldap_memfree(attribute);
  585. if(ber)
  586. ber_free(ber, 0);
  587. goto quit;
  588. }
  589. if(val_b64_sz > 0) {
  590. result = Curl_client_write(conn, CLIENTWRITE_BODY, val_b64,
  591. val_b64_sz);
  592. free(val_b64);
  593. if(result) {
  594. ldap_value_free_len(vals);
  595. #if defined(USE_WIN32_LDAP)
  596. curlx_unicodefree(attr);
  597. #endif
  598. ldap_memfree(attribute);
  599. if(ber)
  600. ber_free(ber, 0);
  601. goto quit;
  602. }
  603. dlsize += val_b64_sz;
  604. }
  605. }
  606. else {
  607. result = Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
  608. vals[i]->bv_len);
  609. if(result) {
  610. ldap_value_free_len(vals);
  611. #if defined(USE_WIN32_LDAP)
  612. curlx_unicodefree(attr);
  613. #endif
  614. ldap_memfree(attribute);
  615. if(ber)
  616. ber_free(ber, 0);
  617. goto quit;
  618. }
  619. dlsize += vals[i]->bv_len;
  620. }
  621. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  622. if(result) {
  623. ldap_value_free_len(vals);
  624. #if defined(USE_WIN32_LDAP)
  625. curlx_unicodefree(attr);
  626. #endif
  627. ldap_memfree(attribute);
  628. if(ber)
  629. ber_free(ber, 0);
  630. goto quit;
  631. }
  632. dlsize++;
  633. }
  634. /* Free memory used to store values */
  635. ldap_value_free_len(vals);
  636. }
  637. /* Free the attribute as we are done with it */
  638. #if defined(USE_WIN32_LDAP)
  639. curlx_unicodefree(attr);
  640. #endif
  641. ldap_memfree(attribute);
  642. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  643. if(result)
  644. goto quit;
  645. dlsize++;
  646. Curl_pgrsSetDownloadCounter(data, dlsize);
  647. }
  648. if(ber)
  649. ber_free(ber, 0);
  650. }
  651. quit:
  652. if(ldapmsg) {
  653. ldap_msgfree(ldapmsg);
  654. LDAP_TRACE(("Received %d entries\n", num));
  655. }
  656. if(rc == LDAP_SIZELIMIT_EXCEEDED)
  657. infof(data, "There are more than %d entries\n", num);
  658. if(ludp)
  659. ldap_free_urldesc(ludp);
  660. if(server)
  661. ldap_unbind_s(server);
  662. #if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
  663. if(ldap_ssl)
  664. ldapssl_client_deinit();
  665. #endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
  666. #if defined(USE_WIN32_LDAP)
  667. curlx_unicodefree(host);
  668. #endif
  669. /* no data to transfer */
  670. Curl_setup_transfer(data, -1, -1, FALSE, -1);
  671. connclose(conn, "LDAP connection always disable re-use");
  672. return result;
  673. }
  674. #ifdef DEBUG_LDAP
  675. static void _ldap_trace(const char *fmt, ...)
  676. {
  677. static int do_trace = -1;
  678. va_list args;
  679. if(do_trace == -1) {
  680. const char *env = getenv("CURL_TRACE");
  681. do_trace = (env && strtol(env, NULL, 10) > 0);
  682. }
  683. if(!do_trace)
  684. return;
  685. va_start(args, fmt);
  686. vfprintf(stderr, fmt, args);
  687. va_end(args);
  688. }
  689. #endif
  690. #ifndef HAVE_LDAP_URL_PARSE
  691. /*
  692. * Return scope-value for a scope-string.
  693. */
  694. static int str2scope(const char *p)
  695. {
  696. if(strcasecompare(p, "one"))
  697. return LDAP_SCOPE_ONELEVEL;
  698. if(strcasecompare(p, "onetree"))
  699. return LDAP_SCOPE_ONELEVEL;
  700. if(strcasecompare(p, "base"))
  701. return LDAP_SCOPE_BASE;
  702. if(strcasecompare(p, "sub"))
  703. return LDAP_SCOPE_SUBTREE;
  704. if(strcasecompare(p, "subtree"))
  705. return LDAP_SCOPE_SUBTREE;
  706. return (-1);
  707. }
  708. /*
  709. * Split 'str' into strings separated by commas.
  710. * Note: out[] points into 'str'.
  711. */
  712. static bool split_str(char *str, char ***out, size_t *count)
  713. {
  714. char **res;
  715. char *lasts;
  716. char *s;
  717. size_t i;
  718. size_t items = 1;
  719. s = strchr(str, ',');
  720. while(s) {
  721. items++;
  722. s = strchr(++s, ',');
  723. }
  724. res = calloc(items, sizeof(char *));
  725. if(!res)
  726. return FALSE;
  727. for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
  728. s = strtok_r(NULL, ",", &lasts), i++)
  729. res[i] = s;
  730. *out = res;
  731. *count = items;
  732. return TRUE;
  733. }
  734. /*
  735. * Break apart the pieces of an LDAP URL.
  736. * Syntax:
  737. * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
  738. *
  739. * <hostname> already known from 'conn->host.name'.
  740. * <port> already known from 'conn->remote_port'.
  741. * extract the rest from 'conn->data->state.path+1'. All fields are optional.
  742. * e.g.
  743. * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
  744. * yields ludp->lud_dn = "".
  745. *
  746. * Defined in RFC4516 section 2.
  747. */
  748. static int _ldap_url_parse2(const struct connectdata *conn, LDAPURLDesc *ludp)
  749. {
  750. int rc = LDAP_SUCCESS;
  751. char *p;
  752. char *path;
  753. char *q = NULL;
  754. char *query = NULL;
  755. size_t i;
  756. if(!conn->data ||
  757. !conn->data->state.up.path ||
  758. conn->data->state.up.path[0] != '/' ||
  759. !strncasecompare("LDAP", conn->data->state.up.scheme, 4))
  760. return LDAP_INVALID_SYNTAX;
  761. ludp->lud_scope = LDAP_SCOPE_BASE;
  762. ludp->lud_port = conn->remote_port;
  763. ludp->lud_host = conn->host.name;
  764. /* Duplicate the path */
  765. p = path = strdup(conn->data->state.up.path + 1);
  766. if(!path)
  767. return LDAP_NO_MEMORY;
  768. /* Duplicate the query if present */
  769. if(conn->data->state.up.query) {
  770. q = query = strdup(conn->data->state.up.query);
  771. if(!query) {
  772. free(path);
  773. return LDAP_NO_MEMORY;
  774. }
  775. }
  776. /* Parse the DN (Distinguished Name) */
  777. if(*p) {
  778. char *dn = p;
  779. char *unescaped;
  780. CURLcode result;
  781. LDAP_TRACE(("DN '%s'\n", dn));
  782. /* Unescape the DN */
  783. result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, FALSE);
  784. if(result) {
  785. rc = LDAP_NO_MEMORY;
  786. goto quit;
  787. }
  788. #if defined(USE_WIN32_LDAP)
  789. /* Convert the unescaped string to a tchar */
  790. ludp->lud_dn = curlx_convert_UTF8_to_tchar(unescaped);
  791. /* Free the unescaped string as we are done with it */
  792. curlx_unicodefree(unescaped);
  793. if(!ludp->lud_dn) {
  794. rc = LDAP_NO_MEMORY;
  795. goto quit;
  796. }
  797. #else
  798. ludp->lud_dn = unescaped;
  799. #endif
  800. }
  801. p = q;
  802. if(!p)
  803. goto quit;
  804. /* Parse the attributes. skip "??" */
  805. q = strchr(p, '?');
  806. if(q)
  807. *q++ = '\0';
  808. if(*p) {
  809. char **attributes;
  810. size_t count = 0;
  811. /* Split the string into an array of attributes */
  812. if(!split_str(p, &attributes, &count)) {
  813. rc = LDAP_NO_MEMORY;
  814. goto quit;
  815. }
  816. /* Allocate our array (+1 for the NULL entry) */
  817. #if defined(USE_WIN32_LDAP)
  818. ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
  819. #else
  820. ludp->lud_attrs = calloc(count + 1, sizeof(char *));
  821. #endif
  822. if(!ludp->lud_attrs) {
  823. free(attributes);
  824. rc = LDAP_NO_MEMORY;
  825. goto quit;
  826. }
  827. for(i = 0; i < count; i++) {
  828. char *unescaped;
  829. CURLcode result;
  830. LDAP_TRACE(("attr[%d] '%s'\n", i, attributes[i]));
  831. /* Unescape the attribute */
  832. result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
  833. FALSE);
  834. if(result) {
  835. free(attributes);
  836. rc = LDAP_NO_MEMORY;
  837. goto quit;
  838. }
  839. #if defined(USE_WIN32_LDAP)
  840. /* Convert the unescaped string to a tchar */
  841. ludp->lud_attrs[i] = curlx_convert_UTF8_to_tchar(unescaped);
  842. /* Free the unescaped string as we are done with it */
  843. curlx_unicodefree(unescaped);
  844. if(!ludp->lud_attrs[i]) {
  845. free(attributes);
  846. rc = LDAP_NO_MEMORY;
  847. goto quit;
  848. }
  849. #else
  850. ludp->lud_attrs[i] = unescaped;
  851. #endif
  852. ludp->lud_attrs_dups++;
  853. }
  854. free(attributes);
  855. }
  856. p = q;
  857. if(!p)
  858. goto quit;
  859. /* Parse the scope. skip "??" */
  860. q = strchr(p, '?');
  861. if(q)
  862. *q++ = '\0';
  863. if(*p) {
  864. ludp->lud_scope = str2scope(p);
  865. if(ludp->lud_scope == -1) {
  866. rc = LDAP_INVALID_SYNTAX;
  867. goto quit;
  868. }
  869. LDAP_TRACE(("scope %d\n", ludp->lud_scope));
  870. }
  871. p = q;
  872. if(!p)
  873. goto quit;
  874. /* Parse the filter */
  875. q = strchr(p, '?');
  876. if(q)
  877. *q++ = '\0';
  878. if(*p) {
  879. char *filter = p;
  880. char *unescaped;
  881. CURLcode result;
  882. LDAP_TRACE(("filter '%s'\n", filter));
  883. /* Unescape the filter */
  884. result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL, FALSE);
  885. if(result) {
  886. rc = LDAP_NO_MEMORY;
  887. goto quit;
  888. }
  889. #if defined(USE_WIN32_LDAP)
  890. /* Convert the unescaped string to a tchar */
  891. ludp->lud_filter = curlx_convert_UTF8_to_tchar(unescaped);
  892. /* Free the unescaped string as we are done with it */
  893. curlx_unicodefree(unescaped);
  894. if(!ludp->lud_filter) {
  895. rc = LDAP_NO_MEMORY;
  896. goto quit;
  897. }
  898. #else
  899. ludp->lud_filter = unescaped;
  900. #endif
  901. }
  902. p = q;
  903. if(p && !*p) {
  904. rc = LDAP_INVALID_SYNTAX;
  905. goto quit;
  906. }
  907. quit:
  908. free(path);
  909. free(query);
  910. return rc;
  911. }
  912. static int _ldap_url_parse(const struct connectdata *conn,
  913. LDAPURLDesc **ludpp)
  914. {
  915. LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
  916. int rc;
  917. *ludpp = NULL;
  918. if(!ludp)
  919. return LDAP_NO_MEMORY;
  920. rc = _ldap_url_parse2(conn, ludp);
  921. if(rc != LDAP_SUCCESS) {
  922. _ldap_free_urldesc(ludp);
  923. ludp = NULL;
  924. }
  925. *ludpp = ludp;
  926. return (rc);
  927. }
  928. static void _ldap_free_urldesc(LDAPURLDesc *ludp)
  929. {
  930. if(!ludp)
  931. return;
  932. free(ludp->lud_dn);
  933. free(ludp->lud_filter);
  934. if(ludp->lud_attrs) {
  935. size_t i;
  936. for(i = 0; i < ludp->lud_attrs_dups; i++)
  937. free(ludp->lud_attrs[i]);
  938. free(ludp->lud_attrs);
  939. }
  940. free(ludp);
  941. }
  942. #endif /* !HAVE_LDAP_URL_PARSE */
  943. #endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */