ldap.c 28 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #if !defined(CURL_DISABLE_LDAP) && !defined(USE_OPENLDAP)
  24. /*
  25. * Notice that USE_OPENLDAP is only a source code selection switch. When
  26. * libcurl is built with USE_OPENLDAP defined the libcurl source code that
  27. * gets compiled is the code from openldap.c, otherwise the code that gets
  28. * compiled is the code from ldap.c.
  29. *
  30. * When USE_OPENLDAP is defined a recent version of the OpenLDAP library
  31. * might be required for compilation and runtime. In order to use ancient
  32. * OpenLDAP library versions, USE_OPENLDAP shall not be defined.
  33. */
  34. #ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
  35. # include <winldap.h>
  36. # ifndef LDAP_VENDOR_NAME
  37. # error Your Platform SDK is NOT sufficient for LDAP support! \
  38. Update your Platform SDK, or disable LDAP support!
  39. # else
  40. # include <winber.h>
  41. # endif
  42. #else
  43. # define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
  44. # ifdef HAVE_LBER_H
  45. # include <lber.h>
  46. # endif
  47. # include <ldap.h>
  48. # if (defined(HAVE_LDAP_SSL) && defined(HAVE_LDAP_SSL_H))
  49. # include <ldap_ssl.h>
  50. # endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
  51. #endif
  52. #include "urldata.h"
  53. #include <curl/curl.h>
  54. #include "sendf.h"
  55. #include "escape.h"
  56. #include "progress.h"
  57. #include "transfer.h"
  58. #include "strcase.h"
  59. #include "strtok.h"
  60. #include "curl_ldap.h"
  61. #include "curl_multibyte.h"
  62. #include "curl_base64.h"
  63. #include "connect.h"
  64. /* The last 3 #include files should be in this order */
  65. #include "curl_printf.h"
  66. #include "curl_memory.h"
  67. #include "memdebug.h"
  68. #ifndef HAVE_LDAP_URL_PARSE
  69. /* Use our own implementation. */
  70. struct ldap_urldesc {
  71. char *lud_host;
  72. int lud_port;
  73. #if defined(USE_WIN32_LDAP)
  74. TCHAR *lud_dn;
  75. TCHAR **lud_attrs;
  76. #else
  77. char *lud_dn;
  78. char **lud_attrs;
  79. #endif
  80. int lud_scope;
  81. #if defined(USE_WIN32_LDAP)
  82. TCHAR *lud_filter;
  83. #else
  84. char *lud_filter;
  85. #endif
  86. char **lud_exts;
  87. size_t lud_attrs_dups; /* how many were dup'ed, this field is not in the
  88. "real" struct so can only be used in code
  89. without HAVE_LDAP_URL_PARSE defined */
  90. };
  91. #undef LDAPURLDesc
  92. #define LDAPURLDesc struct ldap_urldesc
  93. static int _ldap_url_parse(const struct connectdata *conn,
  94. LDAPURLDesc **ludp);
  95. static void _ldap_free_urldesc(LDAPURLDesc *ludp);
  96. #undef ldap_free_urldesc
  97. #define ldap_free_urldesc _ldap_free_urldesc
  98. #endif
  99. #ifdef DEBUG_LDAP
  100. #define LDAP_TRACE(x) do { \
  101. _ldap_trace("%u: ", __LINE__); \
  102. _ldap_trace x; \
  103. } while(0)
  104. static void _ldap_trace(const char *fmt, ...);
  105. #else
  106. #define LDAP_TRACE(x) Curl_nop_stmt
  107. #endif
  108. #if defined(USE_WIN32_LDAP) && defined(ldap_err2string)
  109. /* Use ansi error strings in UNICODE builds */
  110. #undef ldap_err2string
  111. #define ldap_err2string ldap_err2stringA
  112. #endif
  113. static CURLcode Curl_ldap(struct connectdata *conn, bool *done);
  114. /*
  115. * LDAP protocol handler.
  116. */
  117. const struct Curl_handler Curl_handler_ldap = {
  118. "LDAP", /* scheme */
  119. ZERO_NULL, /* setup_connection */
  120. Curl_ldap, /* do_it */
  121. ZERO_NULL, /* done */
  122. ZERO_NULL, /* do_more */
  123. ZERO_NULL, /* connect_it */
  124. ZERO_NULL, /* connecting */
  125. ZERO_NULL, /* doing */
  126. ZERO_NULL, /* proto_getsock */
  127. ZERO_NULL, /* doing_getsock */
  128. ZERO_NULL, /* domore_getsock */
  129. ZERO_NULL, /* perform_getsock */
  130. ZERO_NULL, /* disconnect */
  131. ZERO_NULL, /* readwrite */
  132. ZERO_NULL, /* connection_check */
  133. PORT_LDAP, /* defport */
  134. CURLPROTO_LDAP, /* protocol */
  135. PROTOPT_NONE /* flags */
  136. };
  137. #ifdef HAVE_LDAP_SSL
  138. /*
  139. * LDAPS protocol handler.
  140. */
  141. const struct Curl_handler Curl_handler_ldaps = {
  142. "LDAPS", /* scheme */
  143. ZERO_NULL, /* setup_connection */
  144. Curl_ldap, /* do_it */
  145. ZERO_NULL, /* done */
  146. ZERO_NULL, /* do_more */
  147. ZERO_NULL, /* connect_it */
  148. ZERO_NULL, /* connecting */
  149. ZERO_NULL, /* doing */
  150. ZERO_NULL, /* proto_getsock */
  151. ZERO_NULL, /* doing_getsock */
  152. ZERO_NULL, /* domore_getsock */
  153. ZERO_NULL, /* perform_getsock */
  154. ZERO_NULL, /* disconnect */
  155. ZERO_NULL, /* readwrite */
  156. ZERO_NULL, /* connection_check */
  157. PORT_LDAPS, /* defport */
  158. CURLPROTO_LDAPS, /* protocol */
  159. PROTOPT_SSL /* flags */
  160. };
  161. #endif
  162. #if defined(USE_WIN32_LDAP)
  163. #if defined(USE_WINDOWS_SSPI)
  164. static int ldap_win_bind_auth(LDAP *server, const char *user,
  165. const char *passwd, unsigned long authflags)
  166. {
  167. ULONG method = 0;
  168. SEC_WINNT_AUTH_IDENTITY cred;
  169. int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
  170. memset(&cred, 0, sizeof(cred));
  171. #if defined(USE_SPNEGO)
  172. if(authflags & CURLAUTH_NEGOTIATE) {
  173. method = LDAP_AUTH_NEGOTIATE;
  174. }
  175. else
  176. #endif
  177. #if defined(USE_NTLM)
  178. if(authflags & CURLAUTH_NTLM) {
  179. method = LDAP_AUTH_NTLM;
  180. }
  181. else
  182. #endif
  183. #if !defined(CURL_DISABLE_CRYPTO_AUTH)
  184. if(authflags & CURLAUTH_DIGEST) {
  185. method = LDAP_AUTH_DIGEST;
  186. }
  187. else
  188. #endif
  189. {
  190. /* required anyway if one of upper preprocessor definitions enabled */
  191. }
  192. if(method && user && passwd) {
  193. rc = Curl_create_sspi_identity(user, passwd, &cred);
  194. if(!rc) {
  195. rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
  196. Curl_sspi_free_identity(&cred);
  197. }
  198. }
  199. else {
  200. /* proceed with current user credentials */
  201. method = LDAP_AUTH_NEGOTIATE;
  202. rc = ldap_bind_s(server, NULL, NULL, method);
  203. }
  204. return rc;
  205. }
  206. #endif /* #if defined(USE_WINDOWS_SSPI) */
  207. static int ldap_win_bind(struct connectdata *conn, LDAP *server,
  208. const char *user, const char *passwd)
  209. {
  210. int rc = LDAP_INVALID_CREDENTIALS;
  211. PTCHAR inuser = NULL;
  212. PTCHAR inpass = NULL;
  213. if(user && passwd && (conn->data->set.httpauth & CURLAUTH_BASIC)) {
  214. inuser = curlx_convert_UTF8_to_tchar((char *) user);
  215. inpass = curlx_convert_UTF8_to_tchar((char *) passwd);
  216. rc = ldap_simple_bind_s(server, inuser, inpass);
  217. curlx_unicodefree(inuser);
  218. curlx_unicodefree(inpass);
  219. }
  220. #if defined(USE_WINDOWS_SSPI)
  221. else {
  222. rc = ldap_win_bind_auth(server, user, passwd, conn->data->set.httpauth);
  223. }
  224. #endif
  225. return rc;
  226. }
  227. #endif /* #if defined(USE_WIN32_LDAP) */
  228. static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
  229. {
  230. CURLcode result = CURLE_OK;
  231. int rc = 0;
  232. LDAP *server = NULL;
  233. LDAPURLDesc *ludp = NULL;
  234. LDAPMessage *ldapmsg = NULL;
  235. LDAPMessage *entryIterator;
  236. int num = 0;
  237. struct Curl_easy *data = conn->data;
  238. int ldap_proto = LDAP_VERSION3;
  239. int ldap_ssl = 0;
  240. char *val_b64 = NULL;
  241. size_t val_b64_sz = 0;
  242. curl_off_t dlsize = 0;
  243. #ifdef LDAP_OPT_NETWORK_TIMEOUT
  244. struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
  245. #endif
  246. #if defined(USE_WIN32_LDAP)
  247. TCHAR *host = NULL;
  248. #else
  249. char *host = NULL;
  250. #endif
  251. char *user = NULL;
  252. char *passwd = NULL;
  253. *done = TRUE; /* unconditionally */
  254. infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n",
  255. LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION);
  256. infof(data, "LDAP local: %s\n", data->change.url);
  257. #ifdef HAVE_LDAP_URL_PARSE
  258. rc = ldap_url_parse(data->change.url, &ludp);
  259. #else
  260. rc = _ldap_url_parse(conn, &ludp);
  261. #endif
  262. if(rc != 0) {
  263. failf(data, "LDAP local: %s", ldap_err2string(rc));
  264. result = CURLE_LDAP_INVALID_URL;
  265. goto quit;
  266. }
  267. /* Get the URL scheme (either ldap or ldaps) */
  268. if(conn->given->flags & PROTOPT_SSL)
  269. ldap_ssl = 1;
  270. infof(data, "LDAP local: trying to establish %s connection\n",
  271. ldap_ssl ? "encrypted" : "cleartext");
  272. #if defined(USE_WIN32_LDAP)
  273. host = curlx_convert_UTF8_to_tchar(conn->host.name);
  274. if(!host) {
  275. result = CURLE_OUT_OF_MEMORY;
  276. goto quit;
  277. }
  278. #else
  279. host = conn->host.name;
  280. #endif
  281. if(conn->bits.user_passwd) {
  282. user = conn->user;
  283. passwd = conn->passwd;
  284. }
  285. #ifdef LDAP_OPT_NETWORK_TIMEOUT
  286. ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
  287. #endif
  288. ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  289. if(ldap_ssl) {
  290. #ifdef HAVE_LDAP_SSL
  291. #ifdef USE_WIN32_LDAP
  292. /* Win32 LDAP SDK doesn't support insecure mode without CA! */
  293. server = ldap_sslinit(host, (int)conn->port, 1);
  294. ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
  295. #else
  296. int ldap_option;
  297. char *ldap_ca = conn->ssl_config.CAfile;
  298. #if defined(CURL_HAS_NOVELL_LDAPSDK)
  299. rc = ldapssl_client_init(NULL, NULL);
  300. if(rc != LDAP_SUCCESS) {
  301. failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
  302. result = CURLE_SSL_CERTPROBLEM;
  303. goto quit;
  304. }
  305. if(conn->ssl_config.verifypeer) {
  306. /* Novell SDK supports DER or BASE64 files. */
  307. int cert_type = LDAPSSL_CERT_FILETYPE_B64;
  308. if((data->set.ssl.cert_type) &&
  309. (strcasecompare(data->set.ssl.cert_type, "DER")))
  310. cert_type = LDAPSSL_CERT_FILETYPE_DER;
  311. if(!ldap_ca) {
  312. failf(data, "LDAP local: ERROR %s CA cert not set!",
  313. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
  314. result = CURLE_SSL_CERTPROBLEM;
  315. goto quit;
  316. }
  317. infof(data, "LDAP local: using %s CA cert '%s'\n",
  318. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
  319. ldap_ca);
  320. rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
  321. if(rc != LDAP_SUCCESS) {
  322. failf(data, "LDAP local: ERROR setting %s CA cert: %s",
  323. (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
  324. ldap_err2string(rc));
  325. result = CURLE_SSL_CERTPROBLEM;
  326. goto quit;
  327. }
  328. ldap_option = LDAPSSL_VERIFY_SERVER;
  329. }
  330. else
  331. ldap_option = LDAPSSL_VERIFY_NONE;
  332. rc = ldapssl_set_verify_mode(ldap_option);
  333. if(rc != LDAP_SUCCESS) {
  334. failf(data, "LDAP local: ERROR setting cert verify mode: %s",
  335. ldap_err2string(rc));
  336. result = CURLE_SSL_CERTPROBLEM;
  337. goto quit;
  338. }
  339. server = ldapssl_init(host, (int)conn->port, 1);
  340. if(server == NULL) {
  341. failf(data, "LDAP local: Cannot connect to %s:%ld",
  342. conn->host.dispname, conn->port);
  343. result = CURLE_COULDNT_CONNECT;
  344. goto quit;
  345. }
  346. #elif defined(LDAP_OPT_X_TLS)
  347. if(conn->ssl_config.verifypeer) {
  348. /* OpenLDAP SDK supports BASE64 files. */
  349. if((data->set.ssl.cert_type) &&
  350. (!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
  351. failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
  352. result = CURLE_SSL_CERTPROBLEM;
  353. goto quit;
  354. }
  355. if(!ldap_ca) {
  356. failf(data, "LDAP local: ERROR PEM CA cert not set!");
  357. result = CURLE_SSL_CERTPROBLEM;
  358. goto quit;
  359. }
  360. infof(data, "LDAP local: using PEM CA cert: %s\n", ldap_ca);
  361. rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
  362. if(rc != LDAP_SUCCESS) {
  363. failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
  364. ldap_err2string(rc));
  365. result = CURLE_SSL_CERTPROBLEM;
  366. goto quit;
  367. }
  368. ldap_option = LDAP_OPT_X_TLS_DEMAND;
  369. }
  370. else
  371. ldap_option = LDAP_OPT_X_TLS_NEVER;
  372. rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
  373. if(rc != LDAP_SUCCESS) {
  374. failf(data, "LDAP local: ERROR setting cert verify mode: %s",
  375. ldap_err2string(rc));
  376. result = CURLE_SSL_CERTPROBLEM;
  377. goto quit;
  378. }
  379. server = ldap_init(host, (int)conn->port);
  380. if(server == NULL) {
  381. failf(data, "LDAP local: Cannot connect to %s:%ld",
  382. conn->host.dispname, conn->port);
  383. result = CURLE_COULDNT_CONNECT;
  384. goto quit;
  385. }
  386. ldap_option = LDAP_OPT_X_TLS_HARD;
  387. rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
  388. if(rc != LDAP_SUCCESS) {
  389. failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
  390. ldap_err2string(rc));
  391. result = CURLE_SSL_CERTPROBLEM;
  392. goto quit;
  393. }
  394. /*
  395. rc = ldap_start_tls_s(server, NULL, NULL);
  396. if(rc != LDAP_SUCCESS) {
  397. failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
  398. ldap_err2string(rc));
  399. result = CURLE_SSL_CERTPROBLEM;
  400. goto quit;
  401. }
  402. */
  403. #else
  404. /* we should probably never come up to here since configure
  405. should check in first place if we can support LDAP SSL/TLS */
  406. failf(data, "LDAP local: SSL/TLS not supported with this version "
  407. "of the OpenLDAP toolkit\n");
  408. result = CURLE_SSL_CERTPROBLEM;
  409. goto quit;
  410. #endif
  411. #endif
  412. #endif /* CURL_LDAP_USE_SSL */
  413. }
  414. else {
  415. server = ldap_init(host, (int)conn->port);
  416. if(server == NULL) {
  417. failf(data, "LDAP local: Cannot connect to %s:%ld",
  418. conn->host.dispname, conn->port);
  419. result = CURLE_COULDNT_CONNECT;
  420. goto quit;
  421. }
  422. }
  423. #ifdef USE_WIN32_LDAP
  424. ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  425. #endif
  426. #ifdef USE_WIN32_LDAP
  427. rc = ldap_win_bind(conn, server, user, passwd);
  428. #else
  429. rc = ldap_simple_bind_s(server, user, passwd);
  430. #endif
  431. if(!ldap_ssl && rc != 0) {
  432. ldap_proto = LDAP_VERSION2;
  433. ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
  434. #ifdef USE_WIN32_LDAP
  435. rc = ldap_win_bind(conn, server, user, passwd);
  436. #else
  437. rc = ldap_simple_bind_s(server, user, passwd);
  438. #endif
  439. }
  440. if(rc != 0) {
  441. #ifdef USE_WIN32_LDAP
  442. failf(data, "LDAP local: bind via ldap_win_bind %s",
  443. ldap_err2string(rc));
  444. #else
  445. failf(data, "LDAP local: bind via ldap_simple_bind_s %s",
  446. ldap_err2string(rc));
  447. #endif
  448. result = CURLE_LDAP_CANNOT_BIND;
  449. goto quit;
  450. }
  451. rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
  452. ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg);
  453. if(rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
  454. failf(data, "LDAP remote: %s", ldap_err2string(rc));
  455. result = CURLE_LDAP_SEARCH_FAILED;
  456. goto quit;
  457. }
  458. for(num = 0, entryIterator = ldap_first_entry(server, ldapmsg);
  459. entryIterator;
  460. entryIterator = ldap_next_entry(server, entryIterator), num++) {
  461. BerElement *ber = NULL;
  462. #if defined(USE_WIN32_LDAP)
  463. TCHAR *attribute;
  464. #else
  465. char *attribute; /*! suspicious that this isn't 'const' */
  466. #endif
  467. int i;
  468. /* Get the DN and write it to the client */
  469. {
  470. char *name;
  471. size_t name_len;
  472. #if defined(USE_WIN32_LDAP)
  473. TCHAR *dn = ldap_get_dn(server, entryIterator);
  474. name = curlx_convert_tchar_to_UTF8(dn);
  475. if(!name) {
  476. ldap_memfree(dn);
  477. result = CURLE_OUT_OF_MEMORY;
  478. goto quit;
  479. }
  480. #else
  481. char *dn = name = ldap_get_dn(server, entryIterator);
  482. #endif
  483. name_len = strlen(name);
  484. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
  485. if(result) {
  486. #if defined(USE_WIN32_LDAP)
  487. curlx_unicodefree(name);
  488. #endif
  489. ldap_memfree(dn);
  490. goto quit;
  491. }
  492. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *) name,
  493. name_len);
  494. if(result) {
  495. #if defined(USE_WIN32_LDAP)
  496. curlx_unicodefree(name);
  497. #endif
  498. ldap_memfree(dn);
  499. goto quit;
  500. }
  501. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  502. if(result) {
  503. #if defined(USE_WIN32_LDAP)
  504. curlx_unicodefree(name);
  505. #endif
  506. ldap_memfree(dn);
  507. goto quit;
  508. }
  509. dlsize += name_len + 5;
  510. #if defined(USE_WIN32_LDAP)
  511. curlx_unicodefree(name);
  512. #endif
  513. ldap_memfree(dn);
  514. }
  515. /* Get the attributes and write them to the client */
  516. for(attribute = ldap_first_attribute(server, entryIterator, &ber);
  517. attribute;
  518. attribute = ldap_next_attribute(server, entryIterator, ber)) {
  519. BerValue **vals;
  520. size_t attr_len;
  521. #if defined(USE_WIN32_LDAP)
  522. char *attr = curlx_convert_tchar_to_UTF8(attribute);
  523. if(!attr) {
  524. if(ber)
  525. ber_free(ber, 0);
  526. result = CURLE_OUT_OF_MEMORY;
  527. goto quit;
  528. }
  529. #else
  530. char *attr = attribute;
  531. #endif
  532. attr_len = strlen(attr);
  533. vals = ldap_get_values_len(server, entryIterator, attribute);
  534. if(vals != NULL) {
  535. for(i = 0; (vals[i] != NULL); i++) {
  536. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
  537. if(result) {
  538. ldap_value_free_len(vals);
  539. #if defined(USE_WIN32_LDAP)
  540. curlx_unicodefree(attr);
  541. #endif
  542. ldap_memfree(attribute);
  543. if(ber)
  544. ber_free(ber, 0);
  545. goto quit;
  546. }
  547. result = Curl_client_write(conn, CLIENTWRITE_BODY,
  548. (char *) attr, attr_len);
  549. if(result) {
  550. ldap_value_free_len(vals);
  551. #if defined(USE_WIN32_LDAP)
  552. curlx_unicodefree(attr);
  553. #endif
  554. ldap_memfree(attribute);
  555. if(ber)
  556. ber_free(ber, 0);
  557. goto quit;
  558. }
  559. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
  560. if(result) {
  561. ldap_value_free_len(vals);
  562. #if defined(USE_WIN32_LDAP)
  563. curlx_unicodefree(attr);
  564. #endif
  565. ldap_memfree(attribute);
  566. if(ber)
  567. ber_free(ber, 0);
  568. goto quit;
  569. }
  570. dlsize += attr_len + 3;
  571. if((attr_len > 7) &&
  572. (strcmp(";binary", (char *) attr + (attr_len - 7)) == 0)) {
  573. /* Binary attribute, encode to base64. */
  574. result = Curl_base64_encode(data,
  575. vals[i]->bv_val,
  576. vals[i]->bv_len,
  577. &val_b64,
  578. &val_b64_sz);
  579. if(result) {
  580. ldap_value_free_len(vals);
  581. #if defined(USE_WIN32_LDAP)
  582. curlx_unicodefree(attr);
  583. #endif
  584. ldap_memfree(attribute);
  585. if(ber)
  586. ber_free(ber, 0);
  587. goto quit;
  588. }
  589. if(val_b64_sz > 0) {
  590. result = Curl_client_write(conn, CLIENTWRITE_BODY, val_b64,
  591. val_b64_sz);
  592. free(val_b64);
  593. if(result) {
  594. ldap_value_free_len(vals);
  595. #if defined(USE_WIN32_LDAP)
  596. curlx_unicodefree(attr);
  597. #endif
  598. ldap_memfree(attribute);
  599. if(ber)
  600. ber_free(ber, 0);
  601. goto quit;
  602. }
  603. dlsize += val_b64_sz;
  604. }
  605. }
  606. else {
  607. result = Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
  608. vals[i]->bv_len);
  609. if(result) {
  610. ldap_value_free_len(vals);
  611. #if defined(USE_WIN32_LDAP)
  612. curlx_unicodefree(attr);
  613. #endif
  614. ldap_memfree(attribute);
  615. if(ber)
  616. ber_free(ber, 0);
  617. goto quit;
  618. }
  619. dlsize += vals[i]->bv_len;
  620. }
  621. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  622. if(result) {
  623. ldap_value_free_len(vals);
  624. #if defined(USE_WIN32_LDAP)
  625. curlx_unicodefree(attr);
  626. #endif
  627. ldap_memfree(attribute);
  628. if(ber)
  629. ber_free(ber, 0);
  630. goto quit;
  631. }
  632. dlsize++;
  633. }
  634. /* Free memory used to store values */
  635. ldap_value_free_len(vals);
  636. }
  637. /* Free the attribute as we are done with it */
  638. #if defined(USE_WIN32_LDAP)
  639. curlx_unicodefree(attr);
  640. #endif
  641. ldap_memfree(attribute);
  642. result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
  643. if(result)
  644. goto quit;
  645. dlsize++;
  646. Curl_pgrsSetDownloadCounter(data, dlsize);
  647. }
  648. if(ber)
  649. ber_free(ber, 0);
  650. }
  651. quit:
  652. if(ldapmsg) {
  653. ldap_msgfree(ldapmsg);
  654. LDAP_TRACE(("Received %d entries\n", num));
  655. }
  656. if(rc == LDAP_SIZELIMIT_EXCEEDED)
  657. infof(data, "There are more than %d entries\n", num);
  658. if(ludp)
  659. ldap_free_urldesc(ludp);
  660. if(server)
  661. ldap_unbind_s(server);
  662. #if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
  663. if(ldap_ssl)
  664. ldapssl_client_deinit();
  665. #endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
  666. #if defined(USE_WIN32_LDAP)
  667. curlx_unicodefree(host);
  668. #endif
  669. /* no data to transfer */
  670. Curl_setup_transfer(data, -1, -1, FALSE, -1);
  671. connclose(conn, "LDAP connection always disable re-use");
  672. return result;
  673. }
  674. #ifdef DEBUG_LDAP
  675. static void _ldap_trace(const char *fmt, ...)
  676. {
  677. static int do_trace = -1;
  678. va_list args;
  679. if(do_trace == -1) {
  680. const char *env = getenv("CURL_TRACE");
  681. do_trace = (env && strtol(env, NULL, 10) > 0);
  682. }
  683. if(!do_trace)
  684. return;
  685. va_start(args, fmt);
  686. vfprintf(stderr, fmt, args);
  687. va_end(args);
  688. }
  689. #endif
  690. #ifndef HAVE_LDAP_URL_PARSE
  691. /*
  692. * Return scope-value for a scope-string.
  693. */
  694. static int str2scope(const char *p)
  695. {
  696. if(strcasecompare(p, "one"))
  697. return LDAP_SCOPE_ONELEVEL;
  698. if(strcasecompare(p, "onetree"))
  699. return LDAP_SCOPE_ONELEVEL;
  700. if(strcasecompare(p, "base"))
  701. return LDAP_SCOPE_BASE;
  702. if(strcasecompare(p, "sub"))
  703. return LDAP_SCOPE_SUBTREE;
  704. if(strcasecompare(p, "subtree"))
  705. return LDAP_SCOPE_SUBTREE;
  706. return (-1);
  707. }
  708. /*
  709. * Split 'str' into strings separated by commas.
  710. * Note: out[] points into 'str'.
  711. */
  712. static bool split_str(char *str, char ***out, size_t *count)
  713. {
  714. char **res;
  715. char *lasts;
  716. char *s;
  717. size_t i;
  718. size_t items = 1;
  719. s = strchr(str, ',');
  720. while(s) {
  721. items++;
  722. s = strchr(++s, ',');
  723. }
  724. res = calloc(items, sizeof(char *));
  725. if(!res)
  726. return FALSE;
  727. for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
  728. s = strtok_r(NULL, ",", &lasts), i++)
  729. res[i] = s;
  730. *out = res;
  731. *count = items;
  732. return TRUE;
  733. }
  734. /*
  735. * Break apart the pieces of an LDAP URL.
  736. * Syntax:
  737. * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
  738. *
  739. * <hostname> already known from 'conn->host.name'.
  740. * <port> already known from 'conn->remote_port'.
  741. * extract the rest from 'conn->data->state.path+1'. All fields are optional.
  742. * e.g.
  743. * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
  744. * yields ludp->lud_dn = "".
  745. *
  746. * Defined in RFC4516 section 2.
  747. */
  748. static int _ldap_url_parse2(const struct connectdata *conn, LDAPURLDesc *ludp)
  749. {
  750. int rc = LDAP_SUCCESS;
  751. char *p;
  752. char *path;
  753. char *q = NULL;
  754. char *query = NULL;
  755. size_t i;
  756. if(!conn->data ||
  757. !conn->data->state.up.path ||
  758. conn->data->state.up.path[0] != '/' ||
  759. !strncasecompare("LDAP", conn->data->state.up.scheme, 4))
  760. return LDAP_INVALID_SYNTAX;
  761. ludp->lud_scope = LDAP_SCOPE_BASE;
  762. ludp->lud_port = conn->remote_port;
  763. ludp->lud_host = conn->host.name;
  764. /* Duplicate the path */
  765. p = path = strdup(conn->data->state.up.path + 1);
  766. if(!path)
  767. return LDAP_NO_MEMORY;
  768. /* Duplicate the query if present */
  769. if(conn->data->state.up.query) {
  770. q = query = strdup(conn->data->state.up.query);
  771. if(!query) {
  772. free(path);
  773. return LDAP_NO_MEMORY;
  774. }
  775. }
  776. /* Parse the DN (Distinguished Name) */
  777. if(*p) {
  778. char *dn = p;
  779. char *unescaped;
  780. CURLcode result;
  781. LDAP_TRACE(("DN '%s'\n", dn));
  782. /* Unescape the DN */
  783. result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, REJECT_ZERO);
  784. if(result) {
  785. rc = LDAP_NO_MEMORY;
  786. goto quit;
  787. }
  788. #if defined(USE_WIN32_LDAP)
  789. /* Convert the unescaped string to a tchar */
  790. ludp->lud_dn = curlx_convert_UTF8_to_tchar(unescaped);
  791. /* Free the unescaped string as we are done with it */
  792. curlx_unicodefree(unescaped);
  793. if(!ludp->lud_dn) {
  794. rc = LDAP_NO_MEMORY;
  795. goto quit;
  796. }
  797. #else
  798. ludp->lud_dn = unescaped;
  799. #endif
  800. }
  801. p = q;
  802. if(!p)
  803. goto quit;
  804. /* Parse the attributes. skip "??" */
  805. q = strchr(p, '?');
  806. if(q)
  807. *q++ = '\0';
  808. if(*p) {
  809. char **attributes;
  810. size_t count = 0;
  811. /* Split the string into an array of attributes */
  812. if(!split_str(p, &attributes, &count)) {
  813. rc = LDAP_NO_MEMORY;
  814. goto quit;
  815. }
  816. /* Allocate our array (+1 for the NULL entry) */
  817. #if defined(USE_WIN32_LDAP)
  818. ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
  819. #else
  820. ludp->lud_attrs = calloc(count + 1, sizeof(char *));
  821. #endif
  822. if(!ludp->lud_attrs) {
  823. free(attributes);
  824. rc = LDAP_NO_MEMORY;
  825. goto quit;
  826. }
  827. for(i = 0; i < count; i++) {
  828. char *unescaped;
  829. CURLcode result;
  830. LDAP_TRACE(("attr[%d] '%s'\n", i, attributes[i]));
  831. /* Unescape the attribute */
  832. result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
  833. REJECT_ZERO);
  834. if(result) {
  835. free(attributes);
  836. rc = LDAP_NO_MEMORY;
  837. goto quit;
  838. }
  839. #if defined(USE_WIN32_LDAP)
  840. /* Convert the unescaped string to a tchar */
  841. ludp->lud_attrs[i] = curlx_convert_UTF8_to_tchar(unescaped);
  842. /* Free the unescaped string as we are done with it */
  843. curlx_unicodefree(unescaped);
  844. if(!ludp->lud_attrs[i]) {
  845. free(attributes);
  846. rc = LDAP_NO_MEMORY;
  847. goto quit;
  848. }
  849. #else
  850. ludp->lud_attrs[i] = unescaped;
  851. #endif
  852. ludp->lud_attrs_dups++;
  853. }
  854. free(attributes);
  855. }
  856. p = q;
  857. if(!p)
  858. goto quit;
  859. /* Parse the scope. skip "??" */
  860. q = strchr(p, '?');
  861. if(q)
  862. *q++ = '\0';
  863. if(*p) {
  864. ludp->lud_scope = str2scope(p);
  865. if(ludp->lud_scope == -1) {
  866. rc = LDAP_INVALID_SYNTAX;
  867. goto quit;
  868. }
  869. LDAP_TRACE(("scope %d\n", ludp->lud_scope));
  870. }
  871. p = q;
  872. if(!p)
  873. goto quit;
  874. /* Parse the filter */
  875. q = strchr(p, '?');
  876. if(q)
  877. *q++ = '\0';
  878. if(*p) {
  879. char *filter = p;
  880. char *unescaped;
  881. CURLcode result;
  882. LDAP_TRACE(("filter '%s'\n", filter));
  883. /* Unescape the filter */
  884. result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL,
  885. REJECT_ZERO);
  886. if(result) {
  887. rc = LDAP_NO_MEMORY;
  888. goto quit;
  889. }
  890. #if defined(USE_WIN32_LDAP)
  891. /* Convert the unescaped string to a tchar */
  892. ludp->lud_filter = curlx_convert_UTF8_to_tchar(unescaped);
  893. /* Free the unescaped string as we are done with it */
  894. curlx_unicodefree(unescaped);
  895. if(!ludp->lud_filter) {
  896. rc = LDAP_NO_MEMORY;
  897. goto quit;
  898. }
  899. #else
  900. ludp->lud_filter = unescaped;
  901. #endif
  902. }
  903. p = q;
  904. if(p && !*p) {
  905. rc = LDAP_INVALID_SYNTAX;
  906. goto quit;
  907. }
  908. quit:
  909. free(path);
  910. free(query);
  911. return rc;
  912. }
  913. static int _ldap_url_parse(const struct connectdata *conn,
  914. LDAPURLDesc **ludpp)
  915. {
  916. LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
  917. int rc;
  918. *ludpp = NULL;
  919. if(!ludp)
  920. return LDAP_NO_MEMORY;
  921. rc = _ldap_url_parse2(conn, ludp);
  922. if(rc != LDAP_SUCCESS) {
  923. _ldap_free_urldesc(ludp);
  924. ludp = NULL;
  925. }
  926. *ludpp = ludp;
  927. return (rc);
  928. }
  929. static void _ldap_free_urldesc(LDAPURLDesc *ludp)
  930. {
  931. if(!ludp)
  932. return;
  933. free(ludp->lud_dn);
  934. free(ludp->lud_filter);
  935. if(ludp->lud_attrs) {
  936. size_t i;
  937. for(i = 0; i < ludp->lud_attrs_dups; i++)
  938. free(ludp->lud_attrs[i]);
  939. free(ludp->lud_attrs);
  940. }
  941. free(ludp);
  942. }
  943. #endif /* !HAVE_LDAP_URL_PARSE */
  944. #endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */