3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1996 Regents of the University of Michigan.
10 * LIBLDAP url.c -- LDAP URL (RFC 2255) related routines
12 * LDAP URLs look like this:
13 * ldap[is]://host:port[/[dn[?[attributes][?[scope][?[filter][?exts]]]]]]
16 * attributes is a comma separated list
17 * scope is one of these three strings: base one sub (default=base)
18 * filter is an string-represented filter as in RFC 2254
20 * e.g., ldap://host:port/dc=com?o,cn?base?(o=openldap)?extension
22 * We also tolerate URLs that look like: <ldapurl> and <URL:ldapurl>
29 #include <ac/stdlib.h>
31 #include <ac/socket.h>
32 #include <ac/string.h>
38 static const char* skip_url_prefix LDAP_P((
41 const char **scheme ));
43 int ldap_pvt_url_scheme2proto( const char *scheme )
47 if( scheme == NULL ) {
51 if( strcmp("ldap", scheme) == 0 ) {
52 return LDAP_PROTO_TCP;
55 if( strcmp("ldapi", scheme) == 0 ) {
56 return LDAP_PROTO_IPC;
59 if( strcmp("ldaps", scheme) == 0 ) {
60 return LDAP_PROTO_TCP;
62 #ifdef LDAP_CONNECTIONLESS
63 if( strcmp("cldap", scheme) == 0 ) {
64 return LDAP_PROTO_UDP;
72 ldap_pvt_url_scheme2tls( const char *scheme )
76 if( scheme == NULL ) {
80 return strcmp("ldaps", scheme) == 0;
84 ldap_is_ldap_url( LDAP_CONST char *url )
93 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
101 ldap_is_ldaps_url( LDAP_CONST char *url )
110 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
114 return strcmp(scheme, "ldaps") == 0;
118 ldap_is_ldapi_url( LDAP_CONST char *url )
127 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
131 return strcmp(scheme, "ldapi") == 0;
134 #ifdef LDAP_CONNECTIONLESS
136 ldap_is_ldapc_url( LDAP_CONST char *url )
145 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
149 return strcmp(scheme, "cldap") == 0;
157 const char **scheme )
160 * return non-zero if this looks like a LDAP URL; zero if not
161 * if non-zero returned, *urlp will be moved past "ldap://" part of URL
171 /* skip leading '<' (if any) */
179 /* skip leading "URL:" (if any) */
180 if ( strncasecmp( p, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
181 p += LDAP_URL_URLCOLON_LEN;
184 /* check for "ldap://" prefix */
185 if ( strncasecmp( p, LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
186 /* skip over "ldap://" prefix and return success */
187 p += LDAP_URL_PREFIX_LEN;
192 /* check for "ldaps://" prefix */
193 if ( strncasecmp( p, LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
194 /* skip over "ldaps://" prefix and return success */
195 p += LDAPS_URL_PREFIX_LEN;
200 /* check for "ldapi://" prefix */
201 if ( strncasecmp( p, LDAPI_URL_PREFIX, LDAPI_URL_PREFIX_LEN ) == 0 ) {
202 /* skip over "ldapi://" prefix and return success */
203 p += LDAPI_URL_PREFIX_LEN;
208 #ifdef LDAP_CONNECTIONLESS
209 /* check for "cldap://" prefix */
210 if ( strncasecmp( p, LDAPC_URL_PREFIX, LDAPC_URL_PREFIX_LEN ) == 0 ) {
211 /* skip over "cldap://" prefix and return success */
212 p += LDAPC_URL_PREFIX_LEN;
222 static int str2scope( const char *p )
224 if ( strcasecmp( p, "one" ) == 0 ) {
225 return LDAP_SCOPE_ONELEVEL;
227 } else if ( strcasecmp( p, "onetree" ) == 0 ) {
228 return LDAP_SCOPE_ONELEVEL;
230 } else if ( strcasecmp( p, "base" ) == 0 ) {
231 return LDAP_SCOPE_BASE;
233 } else if ( strcasecmp( p, "sub" ) == 0 ) {
234 return LDAP_SCOPE_SUBTREE;
236 } else if ( strcasecmp( p, "subtree" ) == 0 ) {
237 return LDAP_SCOPE_SUBTREE;
243 static int hex_escape( char *buf, const char *s, int list )
247 static const char hex[] = "0123456789ABCDEF";
249 if( s == NULL ) return 0;
251 for( pos=0,i=0; s[i]; i++ ) {
277 escape = s[i] < 0x20 || 0x1f >= s[i];
282 buf[pos++] = hex[ (s[i] >> 4) & 0x0f ];
283 buf[pos++] = hex[ s[i] & 0x0f ];
293 static int hex_escape_args( char *buf, char **s )
298 if( s == NULL ) return 0;
301 for( i=0; s[i] != NULL; i++ ) {
305 pos += hex_escape( &buf[pos], s[i], 1 );
311 char * ldap_url_desc2str( LDAPURLDesc *u )
318 if( u == NULL ) return NULL;
321 for( i=0; u->lud_exts[i]; i++ ) {
322 len += strlen( u->lud_exts[i] ) + 1;
327 if( u->lud_filter ) {
328 len += strlen( u->lud_filter );
331 if ( len ) len++; /* ? */
333 switch( u->lud_scope ) {
334 case LDAP_SCOPE_ONELEVEL:
335 case LDAP_SCOPE_SUBTREE:
336 case LDAP_SCOPE_BASE:
337 len += sizeof("base");
342 if ( len ) len++; /* ? */
346 for( i=0; u->lud_attrs[i]; i++ ) {
347 len += strlen( u->lud_attrs[i] ) + 1;
350 } else if ( len ) len++; /* ? */
353 len += strlen( u->lud_dn ) + 1;
358 len += sizeof(":65535") - 1;
362 len+=strlen( u->lud_host );
365 len += strlen( u->lud_scheme ) + sizeof("://");
367 /* allocate enough to hex escape everything -- overkill */
368 s = LDAP_MALLOC( 3*len );
370 if( s == NULL ) return NULL;
373 sprintf( s, "%s://%s:%d%n", u->lud_scheme,
374 u->lud_host, u->lud_port, &sofar );
376 sprintf( s, "%s://%s%n", u->lud_scheme,
377 u->lud_host, &sofar );
380 if( sep < 1 ) goto done;
383 sofar += hex_escape( &s[sofar], u->lud_dn, 0 );
385 if( sep < 2 ) goto done;
388 sofar += hex_escape_args( &s[sofar], u->lud_attrs );
390 if( sep < 3 ) goto done;
393 switch( u->lud_scope ) {
394 case LDAP_SCOPE_BASE:
395 strcpy( &s[sofar], "base" );
396 sofar += sizeof("base") - 1;
398 case LDAP_SCOPE_ONELEVEL:
399 strcpy( &s[sofar], "one" );
400 sofar += sizeof("one") - 1;
402 case LDAP_SCOPE_SUBTREE:
403 strcpy( &s[sofar], "sub" );
404 sofar += sizeof("sub") - 1;
408 if( sep < 4 ) goto done;
411 sofar += hex_escape( &s[sofar], u->lud_filter, 0 );
413 if( sep < 5 ) goto done;
416 sofar += hex_escape_args( &s[sofar], u->lud_exts );
424 ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
427 * Pick apart the pieces of an LDAP URL.
433 const char *scheme = NULL;
437 if( url_in == NULL || ludpp == NULL ) {
438 return LDAP_URL_ERR_PARAM;
441 #ifndef LDAP_INT_IN_KERNEL
442 /* Global options may not be created yet
443 * We can't test if the global options are initialized
444 * because a call to LDAP_INT_GLOBAL_OPT() will try to allocate
445 * the options and cause infinite recursion
448 LDAP_LOG ( OPERATION, ENTRY, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
450 Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
454 *ludpp = NULL; /* pessimistic */
456 url_tmp = skip_url_prefix( url_in, &enclosed, &scheme );
458 if ( url_tmp == NULL ) {
459 return LDAP_URL_ERR_BADSCHEME;
464 /* make working copy of the remainder of the URL */
465 url = LDAP_STRDUP( url_tmp );
467 return LDAP_URL_ERR_MEM;
471 p = &url[strlen(url)-1];
475 return LDAP_URL_ERR_BADENCLOSURE;
481 /* allocate return struct */
482 ludp = (LDAPURLDesc *)LDAP_CALLOC( 1, sizeof( LDAPURLDesc ));
484 if ( ludp == NULL ) {
486 return LDAP_URL_ERR_MEM;
489 ludp->lud_next = NULL;
490 ludp->lud_host = NULL;
493 ludp->lud_attrs = NULL;
494 ludp->lud_filter = NULL;
495 ludp->lud_scope = LDAP_SCOPE_DEFAULT;
496 ludp->lud_filter = NULL;
497 ludp->lud_exts = NULL;
499 ludp->lud_scheme = LDAP_STRDUP( scheme );
501 if ( ludp->lud_scheme == NULL ) {
503 ldap_free_urldesc( ludp );
504 return LDAP_URL_ERR_MEM;
507 /* scan forward for '/' that marks end of hostport and begin. of dn */
508 p = strchr( url, '/' );
511 /* terminate hostport; point to start of dn */
515 /* IPv6 syntax with [ip address]:port */
517 r = strchr( url, ']' );
520 ldap_free_urldesc( ludp );
521 return LDAP_URL_ERR_BADURL;
524 q = strchr( r, ':' );
526 q = strchr( url, ':' );
531 ldap_pvt_hex_unescape( q );
535 ldap_free_urldesc( ludp );
536 return LDAP_URL_ERR_BADURL;
539 ludp->lud_port = atoi( q );
542 ldap_pvt_hex_unescape( url );
544 /* If [ip address]:port syntax, url is [ip and we skip the [ */
545 ludp->lud_host = LDAP_STRDUP( url + ( *url == '[' ) );
547 if( ludp->lud_host == NULL ) {
549 ldap_free_urldesc( ludp );
550 return LDAP_URL_ERR_MEM;
554 * Kludge. ldap://111.222.333.444:389??cn=abc,o=company
556 * On early Novell releases, search references/referrals were returned
557 * in this format, i.e., the dn was kind of in the scope position,
558 * but the required slash is missing. The whole thing is illegal syntax,
559 * but we need to account for it. Fortunately it can't be confused with
562 if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) {
564 /* ? immediately followed by question */
569 ldap_pvt_hex_unescape( q );
570 ludp->lud_dn = LDAP_STRDUP( q );
572 ludp->lud_dn = LDAP_STRDUP( "" );
575 if( ludp->lud_dn == NULL ) {
577 ldap_free_urldesc( ludp );
578 return LDAP_URL_ERR_MEM;
586 return LDAP_URL_SUCCESS;
589 /* scan forward for '?' that may marks end of dn */
590 q = strchr( p, '?' );
593 /* terminate dn part */
599 ldap_pvt_hex_unescape( p );
600 ludp->lud_dn = LDAP_STRDUP( p );
602 ludp->lud_dn = LDAP_STRDUP( "" );
605 if( ludp->lud_dn == NULL ) {
607 ldap_free_urldesc( ludp );
608 return LDAP_URL_ERR_MEM;
615 return LDAP_URL_SUCCESS;
618 /* scan forward for '?' that may marks end of attributes */
620 q = strchr( p, '?' );
623 /* terminate attributes part */
628 /* parse attributes */
629 ldap_pvt_hex_unescape( p );
630 ludp->lud_attrs = ldap_str2charray( p, "," );
632 if( ludp->lud_attrs == NULL ) {
634 ldap_free_urldesc( ludp );
635 return LDAP_URL_ERR_BADATTRS;
643 return LDAP_URL_SUCCESS;
646 /* scan forward for '?' that may marks end of scope */
648 q = strchr( p, '?' );
651 /* terminate the scope part */
656 /* parse the scope */
657 ldap_pvt_hex_unescape( p );
658 ludp->lud_scope = str2scope( p );
660 if( ludp->lud_scope == -1 ) {
662 ldap_free_urldesc( ludp );
663 return LDAP_URL_ERR_BADSCOPE;
671 return LDAP_URL_SUCCESS;
674 /* scan forward for '?' that may marks end of filter */
676 q = strchr( p, '?' );
679 /* terminate the filter part */
684 /* parse the filter */
685 ldap_pvt_hex_unescape( p );
690 ldap_free_urldesc( ludp );
691 return LDAP_URL_ERR_BADFILTER;
694 LDAP_FREE( ludp->lud_filter );
695 ludp->lud_filter = LDAP_STRDUP( p );
697 if( ludp->lud_filter == NULL ) {
699 ldap_free_urldesc( ludp );
700 return LDAP_URL_ERR_MEM;
708 return LDAP_URL_SUCCESS;
711 /* scan forward for '?' that may marks end of extensions */
713 q = strchr( p, '?' );
718 ldap_free_urldesc( ludp );
719 return LDAP_URL_ERR_BADURL;
722 /* parse the extensions */
723 ludp->lud_exts = ldap_str2charray( p, "," );
725 if( ludp->lud_exts == NULL ) {
727 ldap_free_urldesc( ludp );
728 return LDAP_URL_ERR_BADEXTS;
731 for( i=0; ludp->lud_exts[i] != NULL; i++ ) {
732 ldap_pvt_hex_unescape( ludp->lud_exts[i] );
734 if( *ludp->lud_exts[i] == '!' ) {
735 /* count the number of critical extensions */
736 ludp->lud_crit_exts++;
741 /* must have 1 or more */
743 ldap_free_urldesc( ludp );
744 return LDAP_URL_ERR_BADEXTS;
750 return LDAP_URL_SUCCESS;
754 ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
756 int rc = ldap_url_parse_ext( url_in, ludpp );
758 if( rc != LDAP_URL_SUCCESS ) {
762 if ((*ludpp)->lud_scope == LDAP_SCOPE_DEFAULT) {
763 (*ludpp)->lud_scope = LDAP_SCOPE_BASE;
766 if ((*ludpp)->lud_host != NULL && *(*ludpp)->lud_host == '\0') {
767 LDAP_FREE( (*ludpp)->lud_host );
768 (*ludpp)->lud_host = NULL;
771 if ((*ludpp)->lud_port == 0) {
772 if( strcmp((*ludpp)->lud_scheme, "ldap") == 0 ) {
773 (*ludpp)->lud_port = LDAP_PORT;
774 #ifdef LDAP_CONNECTIONLESS
775 } else if( strcmp((*ludpp)->lud_scheme, "cldap") == 0 ) {
776 (*ludpp)->lud_port = LDAP_PORT;
778 } else if( strcmp((*ludpp)->lud_scheme, "ldaps") == 0 ) {
779 (*ludpp)->lud_port = LDAPS_PORT;
787 ldap_url_dup ( LDAPURLDesc *ludp )
791 if ( ludp == NULL ) {
795 dest = LDAP_MALLOC( sizeof(LDAPURLDesc) );
800 dest->lud_scheme = NULL;
801 dest->lud_host = NULL;
803 dest->lud_filter = NULL;
804 dest->lud_attrs = NULL;
805 dest->lud_exts = NULL;
806 dest->lud_next = NULL;
808 if ( ludp->lud_scheme != NULL ) {
809 dest->lud_scheme = LDAP_STRDUP( ludp->lud_scheme );
810 if (dest->lud_scheme == NULL) {
811 ldap_free_urldesc(dest);
816 if ( ludp->lud_host != NULL ) {
817 dest->lud_host = LDAP_STRDUP( ludp->lud_host );
818 if (dest->lud_host == NULL) {
819 ldap_free_urldesc(dest);
824 if ( ludp->lud_dn != NULL ) {
825 dest->lud_dn = LDAP_STRDUP( ludp->lud_dn );
826 if (dest->lud_dn == NULL) {
827 ldap_free_urldesc(dest);
832 if ( ludp->lud_filter != NULL ) {
833 dest->lud_filter = LDAP_STRDUP( ludp->lud_filter );
834 if (dest->lud_filter == NULL) {
835 ldap_free_urldesc(dest);
840 if ( ludp->lud_attrs != NULL ) {
841 dest->lud_attrs = ldap_charray_dup( ludp->lud_attrs );
842 if (dest->lud_attrs == NULL) {
843 ldap_free_urldesc(dest);
848 if ( ludp->lud_exts != NULL ) {
849 dest->lud_exts = ldap_charray_dup( ludp->lud_exts );
850 if (dest->lud_exts == NULL) {
851 ldap_free_urldesc(dest);
860 ldap_url_duplist (LDAPURLDesc *ludlist)
862 LDAPURLDesc *dest, *tail, *ludp, *newludp;
866 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
867 newludp = ldap_url_dup(ludp);
868 if (newludp == NULL) {
869 ldap_free_urllist(dest);
875 tail->lud_next = newludp;
882 ldap_url_parselist (LDAPURLDesc **ludlist, const char *url )
884 return ldap_url_parselist_ext( ludlist, url, ", " );
888 ldap_url_parselist_ext (LDAPURLDesc **ludlist, const char *url, const char *sep )
894 assert( ludlist != NULL );
895 assert( url != NULL );
899 urls = ldap_str2charray(url, sep);
901 return LDAP_NO_MEMORY;
903 /* count the URLs... */
904 for (i = 0; urls[i] != NULL; i++) ;
905 /* ...and put them in the "stack" backward */
907 rc = ldap_url_parse( urls[i], &ludp );
909 ldap_charray_free(urls);
910 ldap_free_urllist(*ludlist);
914 ludp->lud_next = *ludlist;
917 ldap_charray_free(urls);
923 LDAPURLDesc **ludlist,
931 assert( ludlist != NULL );
932 assert( hosts != NULL );
936 specs = ldap_str2charray(hosts, ", ");
938 return LDAP_NO_MEMORY;
940 /* count the URLs... */
941 for (i = 0; specs[i] != NULL; i++) /* EMPTY */;
943 /* ...and put them in the "stack" backward */
945 ludp = LDAP_CALLOC( 1, sizeof(LDAPURLDesc) );
947 ldap_charray_free(specs);
948 ldap_free_urllist(*ludlist);
950 return LDAP_NO_MEMORY;
952 ludp->lud_port = port;
953 ludp->lud_host = specs[i];
955 p = strchr(ludp->lud_host, ':');
957 /* more than one :, IPv6 address */
958 if ( strchr(p+1, ':') != NULL ) {
959 /* allow [address] and [address]:port */
960 if ( *ludp->lud_host == '[' ) {
961 p = LDAP_STRDUP(ludp->lud_host+1);
962 /* copied, make sure we free source later */
963 specs[i] = ludp->lud_host;
965 p = strchr( ludp->lud_host, ']' );
967 return LDAP_PARAM_ERROR;
971 return LDAP_PARAM_ERROR;
980 ldap_pvt_hex_unescape(p);
981 ludp->lud_port = atoi(p);
984 ldap_pvt_hex_unescape(ludp->lud_host);
985 ludp->lud_scheme = LDAP_STRDUP("ldap");
986 ludp->lud_next = *ludlist;
990 /* this should be an array of NULLs now */
991 /* except entries starting with [ */
992 ldap_charray_free(specs);
997 ldap_url_list2hosts (LDAPURLDesc *ludlist)
1001 char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
1003 if (ludlist == NULL)
1006 /* figure out how big the string is */
1007 size = 1; /* nul-term */
1008 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1009 size += strlen(ludp->lud_host) + 1; /* host and space */
1010 if (strchr(ludp->lud_host, ':')) /* will add [ ] below */
1012 if (ludp->lud_port != 0)
1013 size += sprintf(buf, ":%d", ludp->lud_port);
1015 s = LDAP_MALLOC(size);
1020 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1021 if (strchr(ludp->lud_host, ':')) {
1022 p += sprintf(p, "[%s]", ludp->lud_host);
1024 strcpy(p, ludp->lud_host);
1025 p += strlen(ludp->lud_host);
1027 if (ludp->lud_port != 0)
1028 p += sprintf(p, ":%d", ludp->lud_port);
1032 p--; /* nuke that extra space */
1039 LDAPURLDesc *ludlist )
1043 char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
1045 if (ludlist == NULL)
1048 /* figure out how big the string is */
1049 size = 1; /* nul-term */
1050 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1051 size += strlen(ludp->lud_scheme);
1052 if ( ludp->lud_host ) {
1053 size += strlen(ludp->lud_host);
1054 /* will add [ ] below */
1055 if (strchr(ludp->lud_host, ':'))
1058 size += sizeof(":/// ");
1060 if (ludp->lud_port != 0) {
1061 size += sprintf(buf, ":%d", ludp->lud_port);
1065 s = LDAP_MALLOC(size);
1071 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1072 p += sprintf(p, "%s://", ludp->lud_scheme);
1073 if ( ludp->lud_host ) {
1074 p += sprintf(p, strchr(ludp->lud_host, ':')
1075 ? "[%s]" : "%s", ludp->lud_host);
1077 if (ludp->lud_port != 0)
1078 p += sprintf(p, ":%d", ludp->lud_port);
1083 p--; /* nuke that extra space */
1089 ldap_free_urllist( LDAPURLDesc *ludlist )
1091 LDAPURLDesc *ludp, *next;
1093 for (ludp = ludlist; ludp != NULL; ludp = next) {
1094 next = ludp->lud_next;
1095 ldap_free_urldesc(ludp);
1100 ldap_free_urldesc( LDAPURLDesc *ludp )
1102 if ( ludp == NULL ) {
1106 if ( ludp->lud_scheme != NULL ) {
1107 LDAP_FREE( ludp->lud_scheme );
1110 if ( ludp->lud_host != NULL ) {
1111 LDAP_FREE( ludp->lud_host );
1114 if ( ludp->lud_dn != NULL ) {
1115 LDAP_FREE( ludp->lud_dn );
1118 if ( ludp->lud_filter != NULL ) {
1119 LDAP_FREE( ludp->lud_filter);
1122 if ( ludp->lud_attrs != NULL ) {
1123 LDAP_VFREE( ludp->lud_attrs );
1126 if ( ludp->lud_exts != NULL ) {
1127 LDAP_VFREE( ludp->lud_exts );
1134 ldap_int_unhex( int c )
1136 return( c >= '0' && c <= '9' ? c - '0'
1137 : c >= 'A' && c <= 'F' ? c - 'A' + 10
1142 ldap_pvt_hex_unescape( char *s )
1145 * Remove URL hex escapes from s... done in place. The basic concept for
1146 * this routine is borrowed from the WWW library HTUnEscape() routine.
1150 for ( p = s; *s != '\0'; ++s ) {
1152 if ( *++s == '\0' ) {
1155 *p = ldap_int_unhex( *s ) << 4;
1156 if ( *++s == '\0' ) {
1159 *p++ += ldap_int_unhex( *s );