1 /* LIBLDAP url.c -- LDAP URL (RFC 2255) related routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2003 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1996 Regents of the University of Michigan.
17 * All rights reserved.
22 * LDAP URLs look like this:
23 * ldap[is]://host:port[/[dn[?[attributes][?[scope][?[filter][?exts]]]]]]
26 * attributes is a comma separated list
27 * scope is one of these three strings: base one sub (default=base)
28 * filter is an string-represented filter as in RFC 2254
30 * e.g., ldap://host:port/dc=com?o,cn?base?(o=openldap)?extension
32 * We also tolerate URLs that look like: <ldapurl> and <URL:ldapurl>
39 #include <ac/stdlib.h>
41 #include <ac/socket.h>
42 #include <ac/string.h>
48 static const char* skip_url_prefix LDAP_P((
51 const char **scheme ));
53 int ldap_pvt_url_scheme2proto( const char *scheme )
57 if( scheme == NULL ) {
61 if( strcmp("ldap", scheme) == 0 ) {
62 return LDAP_PROTO_TCP;
65 if( strcmp("ldapi", scheme) == 0 ) {
66 return LDAP_PROTO_IPC;
69 if( strcmp("ldaps", scheme) == 0 ) {
70 return LDAP_PROTO_TCP;
72 #ifdef LDAP_CONNECTIONLESS
73 if( strcmp("cldap", scheme) == 0 ) {
74 return LDAP_PROTO_UDP;
82 ldap_pvt_url_scheme2tls( const char *scheme )
86 if( scheme == NULL ) {
90 return strcmp("ldaps", scheme) == 0;
94 ldap_is_ldap_url( LDAP_CONST char *url )
103 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
111 ldap_is_ldaps_url( LDAP_CONST char *url )
120 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
124 return strcmp(scheme, "ldaps") == 0;
128 ldap_is_ldapi_url( LDAP_CONST char *url )
137 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
141 return strcmp(scheme, "ldapi") == 0;
144 #ifdef LDAP_CONNECTIONLESS
146 ldap_is_ldapc_url( LDAP_CONST char *url )
155 if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
159 return strcmp(scheme, "cldap") == 0;
167 const char **scheme )
170 * return non-zero if this looks like a LDAP URL; zero if not
171 * if non-zero returned, *urlp will be moved past "ldap://" part of URL
181 /* skip leading '<' (if any) */
189 /* skip leading "URL:" (if any) */
190 if ( strncasecmp( p, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
191 p += LDAP_URL_URLCOLON_LEN;
194 /* check for "ldap://" prefix */
195 if ( strncasecmp( p, LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
196 /* skip over "ldap://" prefix and return success */
197 p += LDAP_URL_PREFIX_LEN;
202 /* check for "ldaps://" prefix */
203 if ( strncasecmp( p, LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
204 /* skip over "ldaps://" prefix and return success */
205 p += LDAPS_URL_PREFIX_LEN;
210 /* check for "ldapi://" prefix */
211 if ( strncasecmp( p, LDAPI_URL_PREFIX, LDAPI_URL_PREFIX_LEN ) == 0 ) {
212 /* skip over "ldapi://" prefix and return success */
213 p += LDAPI_URL_PREFIX_LEN;
218 #ifdef LDAP_CONNECTIONLESS
219 /* check for "cldap://" prefix */
220 if ( strncasecmp( p, LDAPC_URL_PREFIX, LDAPC_URL_PREFIX_LEN ) == 0 ) {
221 /* skip over "cldap://" prefix and return success */
222 p += LDAPC_URL_PREFIX_LEN;
232 static int str2scope( const char *p )
234 if ( strcasecmp( p, "one" ) == 0 ) {
235 return LDAP_SCOPE_ONELEVEL;
237 } else if ( strcasecmp( p, "onetree" ) == 0 ) {
238 return LDAP_SCOPE_ONELEVEL;
240 } else if ( strcasecmp( p, "base" ) == 0 ) {
241 return LDAP_SCOPE_BASE;
243 } else if ( strcasecmp( p, "sub" ) == 0 ) {
244 return LDAP_SCOPE_SUBTREE;
246 } else if ( strcasecmp( p, "subtree" ) == 0 ) {
247 return LDAP_SCOPE_SUBTREE;
253 static int hex_escape( char *buf, const char *s, int list )
257 static const char hex[] = "0123456789ABCDEF";
259 if( s == NULL ) return 0;
261 for( pos=0,i=0; s[i]; i++ ) {
287 escape = s[i] < 0x20 || 0x1f >= s[i];
292 buf[pos++] = hex[ (s[i] >> 4) & 0x0f ];
293 buf[pos++] = hex[ s[i] & 0x0f ];
303 static int hex_escape_args( char *buf, char **s )
308 if( s == NULL ) return 0;
311 for( i=0; s[i] != NULL; i++ ) {
315 pos += hex_escape( &buf[pos], s[i], 1 );
321 char * ldap_url_desc2str( LDAPURLDesc *u )
328 if( u == NULL ) return NULL;
331 for( i=0; u->lud_exts[i]; i++ ) {
332 len += strlen( u->lud_exts[i] ) + 1;
337 if( u->lud_filter ) {
338 len += strlen( u->lud_filter );
341 if ( len ) len++; /* ? */
343 switch( u->lud_scope ) {
344 case LDAP_SCOPE_ONELEVEL:
345 case LDAP_SCOPE_SUBTREE:
346 case LDAP_SCOPE_BASE:
347 len += sizeof("base");
352 if ( len ) len++; /* ? */
356 for( i=0; u->lud_attrs[i]; i++ ) {
357 len += strlen( u->lud_attrs[i] ) + 1;
360 } else if ( len ) len++; /* ? */
363 len += strlen( u->lud_dn ) + 1;
368 len += sizeof(":65535") - 1;
372 len+=strlen( u->lud_host );
375 len += strlen( u->lud_scheme ) + sizeof("://");
377 /* allocate enough to hex escape everything -- overkill */
378 s = LDAP_MALLOC( 3*len );
380 if( s == NULL ) return NULL;
383 sprintf( s, "%s://%s:%d%n", u->lud_scheme,
384 u->lud_host, u->lud_port, &sofar );
386 sprintf( s, "%s://%s%n", u->lud_scheme,
387 u->lud_host, &sofar );
390 if( sep < 1 ) goto done;
393 sofar += hex_escape( &s[sofar], u->lud_dn, 0 );
395 if( sep < 2 ) goto done;
398 sofar += hex_escape_args( &s[sofar], u->lud_attrs );
400 if( sep < 3 ) goto done;
403 switch( u->lud_scope ) {
404 case LDAP_SCOPE_BASE:
405 strcpy( &s[sofar], "base" );
406 sofar += sizeof("base") - 1;
408 case LDAP_SCOPE_ONELEVEL:
409 strcpy( &s[sofar], "one" );
410 sofar += sizeof("one") - 1;
412 case LDAP_SCOPE_SUBTREE:
413 strcpy( &s[sofar], "sub" );
414 sofar += sizeof("sub") - 1;
418 if( sep < 4 ) goto done;
421 sofar += hex_escape( &s[sofar], u->lud_filter, 0 );
423 if( sep < 5 ) goto done;
426 sofar += hex_escape_args( &s[sofar], u->lud_exts );
434 ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
437 * Pick apart the pieces of an LDAP URL.
443 const char *scheme = NULL;
447 if( url_in == NULL || ludpp == NULL ) {
448 return LDAP_URL_ERR_PARAM;
451 #ifndef LDAP_INT_IN_KERNEL
452 /* Global options may not be created yet
453 * We can't test if the global options are initialized
454 * because a call to LDAP_INT_GLOBAL_OPT() will try to allocate
455 * the options and cause infinite recursion
458 LDAP_LOG ( OPERATION, ENTRY, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
460 Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
464 *ludpp = NULL; /* pessimistic */
466 url_tmp = skip_url_prefix( url_in, &enclosed, &scheme );
468 if ( url_tmp == NULL ) {
469 return LDAP_URL_ERR_BADSCHEME;
474 /* make working copy of the remainder of the URL */
475 url = LDAP_STRDUP( url_tmp );
477 return LDAP_URL_ERR_MEM;
481 p = &url[strlen(url)-1];
485 return LDAP_URL_ERR_BADENCLOSURE;
491 /* allocate return struct */
492 ludp = (LDAPURLDesc *)LDAP_CALLOC( 1, sizeof( LDAPURLDesc ));
494 if ( ludp == NULL ) {
496 return LDAP_URL_ERR_MEM;
499 ludp->lud_next = NULL;
500 ludp->lud_host = NULL;
503 ludp->lud_attrs = NULL;
504 ludp->lud_filter = NULL;
505 ludp->lud_scope = LDAP_SCOPE_DEFAULT;
506 ludp->lud_filter = NULL;
507 ludp->lud_exts = NULL;
509 ludp->lud_scheme = LDAP_STRDUP( scheme );
511 if ( ludp->lud_scheme == NULL ) {
513 ldap_free_urldesc( ludp );
514 return LDAP_URL_ERR_MEM;
517 /* scan forward for '/' that marks end of hostport and begin. of dn */
518 p = strchr( url, '/' );
521 /* terminate hostport; point to start of dn */
525 /* IPv6 syntax with [ip address]:port */
527 r = strchr( url, ']' );
530 ldap_free_urldesc( ludp );
531 return LDAP_URL_ERR_BADURL;
534 q = strchr( r, ':' );
536 q = strchr( url, ':' );
541 ldap_pvt_hex_unescape( q );
545 ldap_free_urldesc( ludp );
546 return LDAP_URL_ERR_BADURL;
549 ludp->lud_port = atoi( q );
552 ldap_pvt_hex_unescape( url );
554 /* If [ip address]:port syntax, url is [ip and we skip the [ */
555 ludp->lud_host = LDAP_STRDUP( url + ( *url == '[' ) );
557 if( ludp->lud_host == NULL ) {
559 ldap_free_urldesc( ludp );
560 return LDAP_URL_ERR_MEM;
564 * Kludge. ldap://111.222.333.444:389??cn=abc,o=company
566 * On early Novell releases, search references/referrals were returned
567 * in this format, i.e., the dn was kind of in the scope position,
568 * but the required slash is missing. The whole thing is illegal syntax,
569 * but we need to account for it. Fortunately it can't be confused with
572 if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) {
574 /* ? immediately followed by question */
579 ldap_pvt_hex_unescape( q );
580 ludp->lud_dn = LDAP_STRDUP( q );
582 ludp->lud_dn = LDAP_STRDUP( "" );
585 if( ludp->lud_dn == NULL ) {
587 ldap_free_urldesc( ludp );
588 return LDAP_URL_ERR_MEM;
596 return LDAP_URL_SUCCESS;
599 /* scan forward for '?' that may marks end of dn */
600 q = strchr( p, '?' );
603 /* terminate dn part */
609 ldap_pvt_hex_unescape( p );
610 ludp->lud_dn = LDAP_STRDUP( p );
612 ludp->lud_dn = LDAP_STRDUP( "" );
615 if( ludp->lud_dn == NULL ) {
617 ldap_free_urldesc( ludp );
618 return LDAP_URL_ERR_MEM;
625 return LDAP_URL_SUCCESS;
628 /* scan forward for '?' that may marks end of attributes */
630 q = strchr( p, '?' );
633 /* terminate attributes part */
638 /* parse attributes */
639 ldap_pvt_hex_unescape( p );
640 ludp->lud_attrs = ldap_str2charray( p, "," );
642 if( ludp->lud_attrs == NULL ) {
644 ldap_free_urldesc( ludp );
645 return LDAP_URL_ERR_BADATTRS;
653 return LDAP_URL_SUCCESS;
656 /* scan forward for '?' that may marks end of scope */
658 q = strchr( p, '?' );
661 /* terminate the scope part */
666 /* parse the scope */
667 ldap_pvt_hex_unescape( p );
668 ludp->lud_scope = str2scope( p );
670 if( ludp->lud_scope == -1 ) {
672 ldap_free_urldesc( ludp );
673 return LDAP_URL_ERR_BADSCOPE;
681 return LDAP_URL_SUCCESS;
684 /* scan forward for '?' that may marks end of filter */
686 q = strchr( p, '?' );
689 /* terminate the filter part */
694 /* parse the filter */
695 ldap_pvt_hex_unescape( p );
700 ldap_free_urldesc( ludp );
701 return LDAP_URL_ERR_BADFILTER;
704 LDAP_FREE( ludp->lud_filter );
705 ludp->lud_filter = LDAP_STRDUP( p );
707 if( ludp->lud_filter == NULL ) {
709 ldap_free_urldesc( ludp );
710 return LDAP_URL_ERR_MEM;
718 return LDAP_URL_SUCCESS;
721 /* scan forward for '?' that may marks end of extensions */
723 q = strchr( p, '?' );
728 ldap_free_urldesc( ludp );
729 return LDAP_URL_ERR_BADURL;
732 /* parse the extensions */
733 ludp->lud_exts = ldap_str2charray( p, "," );
735 if( ludp->lud_exts == NULL ) {
737 ldap_free_urldesc( ludp );
738 return LDAP_URL_ERR_BADEXTS;
741 for( i=0; ludp->lud_exts[i] != NULL; i++ ) {
742 ldap_pvt_hex_unescape( ludp->lud_exts[i] );
744 if( *ludp->lud_exts[i] == '!' ) {
745 /* count the number of critical extensions */
746 ludp->lud_crit_exts++;
751 /* must have 1 or more */
753 ldap_free_urldesc( ludp );
754 return LDAP_URL_ERR_BADEXTS;
760 return LDAP_URL_SUCCESS;
764 ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
766 int rc = ldap_url_parse_ext( url_in, ludpp );
768 if( rc != LDAP_URL_SUCCESS ) {
772 if ((*ludpp)->lud_scope == LDAP_SCOPE_DEFAULT) {
773 (*ludpp)->lud_scope = LDAP_SCOPE_BASE;
776 if ((*ludpp)->lud_host != NULL && *(*ludpp)->lud_host == '\0') {
777 LDAP_FREE( (*ludpp)->lud_host );
778 (*ludpp)->lud_host = NULL;
781 if ((*ludpp)->lud_port == 0) {
782 if( strcmp((*ludpp)->lud_scheme, "ldap") == 0 ) {
783 (*ludpp)->lud_port = LDAP_PORT;
784 #ifdef LDAP_CONNECTIONLESS
785 } else if( strcmp((*ludpp)->lud_scheme, "cldap") == 0 ) {
786 (*ludpp)->lud_port = LDAP_PORT;
788 } else if( strcmp((*ludpp)->lud_scheme, "ldaps") == 0 ) {
789 (*ludpp)->lud_port = LDAPS_PORT;
797 ldap_url_dup ( LDAPURLDesc *ludp )
801 if ( ludp == NULL ) {
805 dest = LDAP_MALLOC( sizeof(LDAPURLDesc) );
810 dest->lud_scheme = NULL;
811 dest->lud_host = NULL;
813 dest->lud_filter = NULL;
814 dest->lud_attrs = NULL;
815 dest->lud_exts = NULL;
816 dest->lud_next = NULL;
818 if ( ludp->lud_scheme != NULL ) {
819 dest->lud_scheme = LDAP_STRDUP( ludp->lud_scheme );
820 if (dest->lud_scheme == NULL) {
821 ldap_free_urldesc(dest);
826 if ( ludp->lud_host != NULL ) {
827 dest->lud_host = LDAP_STRDUP( ludp->lud_host );
828 if (dest->lud_host == NULL) {
829 ldap_free_urldesc(dest);
834 if ( ludp->lud_dn != NULL ) {
835 dest->lud_dn = LDAP_STRDUP( ludp->lud_dn );
836 if (dest->lud_dn == NULL) {
837 ldap_free_urldesc(dest);
842 if ( ludp->lud_filter != NULL ) {
843 dest->lud_filter = LDAP_STRDUP( ludp->lud_filter );
844 if (dest->lud_filter == NULL) {
845 ldap_free_urldesc(dest);
850 if ( ludp->lud_attrs != NULL ) {
851 dest->lud_attrs = ldap_charray_dup( ludp->lud_attrs );
852 if (dest->lud_attrs == NULL) {
853 ldap_free_urldesc(dest);
858 if ( ludp->lud_exts != NULL ) {
859 dest->lud_exts = ldap_charray_dup( ludp->lud_exts );
860 if (dest->lud_exts == NULL) {
861 ldap_free_urldesc(dest);
870 ldap_url_duplist (LDAPURLDesc *ludlist)
872 LDAPURLDesc *dest, *tail, *ludp, *newludp;
876 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
877 newludp = ldap_url_dup(ludp);
878 if (newludp == NULL) {
879 ldap_free_urllist(dest);
885 tail->lud_next = newludp;
892 ldap_url_parselist (LDAPURLDesc **ludlist, const char *url )
894 return ldap_url_parselist_ext( ludlist, url, ", " );
898 ldap_url_parselist_ext (LDAPURLDesc **ludlist, const char *url, const char *sep )
904 assert( ludlist != NULL );
905 assert( url != NULL );
909 urls = ldap_str2charray(url, sep);
911 return LDAP_NO_MEMORY;
913 /* count the URLs... */
914 for (i = 0; urls[i] != NULL; i++) ;
915 /* ...and put them in the "stack" backward */
917 rc = ldap_url_parse( urls[i], &ludp );
919 ldap_charray_free(urls);
920 ldap_free_urllist(*ludlist);
924 ludp->lud_next = *ludlist;
927 ldap_charray_free(urls);
933 LDAPURLDesc **ludlist,
941 assert( ludlist != NULL );
942 assert( hosts != NULL );
946 specs = ldap_str2charray(hosts, ", ");
948 return LDAP_NO_MEMORY;
950 /* count the URLs... */
951 for (i = 0; specs[i] != NULL; i++) /* EMPTY */;
953 /* ...and put them in the "stack" backward */
955 ludp = LDAP_CALLOC( 1, sizeof(LDAPURLDesc) );
957 ldap_charray_free(specs);
958 ldap_free_urllist(*ludlist);
960 return LDAP_NO_MEMORY;
962 ludp->lud_port = port;
963 ludp->lud_host = specs[i];
965 p = strchr(ludp->lud_host, ':');
967 /* more than one :, IPv6 address */
968 if ( strchr(p+1, ':') != NULL ) {
969 /* allow [address] and [address]:port */
970 if ( *ludp->lud_host == '[' ) {
971 p = LDAP_STRDUP(ludp->lud_host+1);
972 /* copied, make sure we free source later */
973 specs[i] = ludp->lud_host;
975 p = strchr( ludp->lud_host, ']' );
977 return LDAP_PARAM_ERROR;
981 return LDAP_PARAM_ERROR;
990 ldap_pvt_hex_unescape(p);
991 ludp->lud_port = atoi(p);
994 ldap_pvt_hex_unescape(ludp->lud_host);
995 ludp->lud_scheme = LDAP_STRDUP("ldap");
996 ludp->lud_next = *ludlist;
1000 /* this should be an array of NULLs now */
1001 /* except entries starting with [ */
1002 ldap_charray_free(specs);
1003 return LDAP_SUCCESS;
1007 ldap_url_list2hosts (LDAPURLDesc *ludlist)
1011 char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
1013 if (ludlist == NULL)
1016 /* figure out how big the string is */
1017 size = 1; /* nul-term */
1018 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1019 size += strlen(ludp->lud_host) + 1; /* host and space */
1020 if (strchr(ludp->lud_host, ':')) /* will add [ ] below */
1022 if (ludp->lud_port != 0)
1023 size += sprintf(buf, ":%d", ludp->lud_port);
1025 s = LDAP_MALLOC(size);
1030 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1031 if (strchr(ludp->lud_host, ':')) {
1032 p += sprintf(p, "[%s]", ludp->lud_host);
1034 strcpy(p, ludp->lud_host);
1035 p += strlen(ludp->lud_host);
1037 if (ludp->lud_port != 0)
1038 p += sprintf(p, ":%d", ludp->lud_port);
1042 p--; /* nuke that extra space */
1049 LDAPURLDesc *ludlist )
1053 char *s, *p, buf[32]; /* big enough to hold a long decimal # (overkill) */
1055 if (ludlist == NULL)
1058 /* figure out how big the string is */
1059 size = 1; /* nul-term */
1060 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1061 size += strlen(ludp->lud_scheme);
1062 if ( ludp->lud_host ) {
1063 size += strlen(ludp->lud_host);
1064 /* will add [ ] below */
1065 if (strchr(ludp->lud_host, ':'))
1068 size += sizeof(":/// ");
1070 if (ludp->lud_port != 0) {
1071 size += sprintf(buf, ":%d", ludp->lud_port);
1075 s = LDAP_MALLOC(size);
1081 for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
1082 p += sprintf(p, "%s://", ludp->lud_scheme);
1083 if ( ludp->lud_host ) {
1084 p += sprintf(p, strchr(ludp->lud_host, ':')
1085 ? "[%s]" : "%s", ludp->lud_host);
1087 if (ludp->lud_port != 0)
1088 p += sprintf(p, ":%d", ludp->lud_port);
1093 p--; /* nuke that extra space */
1099 ldap_free_urllist( LDAPURLDesc *ludlist )
1101 LDAPURLDesc *ludp, *next;
1103 for (ludp = ludlist; ludp != NULL; ludp = next) {
1104 next = ludp->lud_next;
1105 ldap_free_urldesc(ludp);
1110 ldap_free_urldesc( LDAPURLDesc *ludp )
1112 if ( ludp == NULL ) {
1116 if ( ludp->lud_scheme != NULL ) {
1117 LDAP_FREE( ludp->lud_scheme );
1120 if ( ludp->lud_host != NULL ) {
1121 LDAP_FREE( ludp->lud_host );
1124 if ( ludp->lud_dn != NULL ) {
1125 LDAP_FREE( ludp->lud_dn );
1128 if ( ludp->lud_filter != NULL ) {
1129 LDAP_FREE( ludp->lud_filter);
1132 if ( ludp->lud_attrs != NULL ) {
1133 LDAP_VFREE( ludp->lud_attrs );
1136 if ( ludp->lud_exts != NULL ) {
1137 LDAP_VFREE( ludp->lud_exts );
1144 ldap_int_unhex( int c )
1146 return( c >= '0' && c <= '9' ? c - '0'
1147 : c >= 'A' && c <= 'F' ? c - 'A' + 10
1152 ldap_pvt_hex_unescape( char *s )
1155 * Remove URL hex escapes from s... done in place. The basic concept for
1156 * this routine is borrowed from the WWW library HTUnEscape() routine.
1160 for ( p = s; *s != '\0'; ++s ) {
1162 if ( *++s == '\0' ) {
1165 *p = ldap_int_unhex( *s ) << 4;
1166 if ( *++s == '\0' ) {
1169 *p++ += ldap_int_unhex( *s );