LDAP/UDP messages. Slapd marks received CLDAP messages as LDAP_VERSION2.
The client library can generate CLDAP queries if -Protocol 2 is chosen,
otherwise not. LDAPv2 CLDAP cannot query the slapd rootDSE, gets no reply.
if ( LDAP_IS_UDP(ld) ) {
err = ber_write( ber, ld->ld_options.ldo_peer,
sizeof(struct sockaddr), 0);
- if (err == sizeof(struct sockaddr)) {
- char *dn = ld->ld_options.ldo_cldapdn;
- if (!dn) dn = "";
- err = ber_printf( ber, "{isti", /* '}' */
- ++ld->ld_msgid, dn,
- LDAP_REQ_ABANDON, msgid );
- }
+ }
+ if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version ==
+ LDAP_VERSION2) {
+ char *dn = ld->ld_options.ldo_cldapdn;
+ if (!dn) dn = "";
+ err = ber_printf( ber, "{isti", /* '}' */
+ ++ld->ld_msgid, dn,
+ LDAP_REQ_ABANDON, msgid );
} else
#endif
{
return( -2 ); /* continue looking */
}
#ifdef LDAP_CONNECTIONLESS
- if (LDAP_IS_UDP(ld)) {
+ if (LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
char *blank;
ber_scanf(ber, "a{", &blank);
if (blank)
return( rc );
}
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld)) {
+ return( rc );
+ }
+#endif
+
if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {
return( ld->ld_errno ); /* ldap_result sets ld_errno */
}
if ( LDAP_IS_UDP(ld) ) {
err = ber_write( ber, ld->ld_options.ldo_peer,
sizeof(struct sockaddr), 0);
- if (err == sizeof(struct sockaddr)) {
- char *dn = ld->ld_options.ldo_cldapdn;
- if (!dn) dn = "";
- err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn,
- LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
- (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
- (timelimit < 0) ? ld->ld_timelimit : timelimit,
- attrsonly );
- }
+ }
+ if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
+ char *dn = ld->ld_options.ldo_cldapdn;
+ if (!dn) dn = "";
+ err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn,
+ LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+ (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
+ (timelimit < 0) ? ld->ld_timelimit : timelimit,
+ attrsonly );
} else
#endif
{
if ((*ludpp)->lud_port == 0) {
if( strcmp((*ludpp)->lud_scheme, "ldap") == 0 ) {
(*ludpp)->lud_port = LDAP_PORT;
+#ifdef LDAP_CONNECTIONLESS
+ } else if( strcmp((*ludpp)->lud_scheme, "cldap") == 0 ) {
+ (*ludpp)->lud_port = LDAP_PORT;
+#endif
} else if( strcmp((*ludpp)->lud_scheme, "ldaps") == 0 ) {
(*ludpp)->lud_port = LDAPS_PORT;
}
if (tls_udp_option == 2)
{
c->c_is_udp = 1;
- c->c_protocol = LDAP_VERSION2;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
char peername[sizeof("IP=255.255.255.255:65336")];
len = ber_int_sb_read(conn->c_sb, &peeraddr,
sizeof(struct sockaddr));
+ if (len != sizeof(struct sockaddr))
+ return 1;
sprintf( peername, "IP=%s:%d",
inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
(unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
ber_free( ber, 1 );
return -1;
}
-#ifdef LDAP_CONNECTIONLESS
- if (conn->c_is_udp) {
- tag = ber_get_stringa( ber, &cdn );
- }
-#endif
if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
/* log, close and send error */
}
#ifdef LDAP_CONNECTIONLESS
- if (conn->c_is_udp && (tag != LDAP_REQ_ABANDON &&
- tag != LDAP_REQ_SEARCH))
- {
+ if (conn->c_is_udp) {
+ if (tag == LBER_OCTETSTRING) {
+ ber_get_stringa( ber, &cdn );
+ tag = ber_peek_tag(ber, &len);
+ }
+ if (tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
- "connection_input: conn %d invalid req for UDP 0x%lx.\n",
- conn->c_connid, tag ));
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_input: conn %d invalid req for UDP 0x%lx.\n",
+ conn->c_connid, tag ));
#else
- Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
- 0 );
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
+ 0 );
#endif
- ber_free( ber, 1 );
- return 0;
+ ber_free( ber, 1 );
+ return 0;
+ }
}
#endif
if(tag == LDAP_REQ_BIND) {
#ifdef LDAP_CONNECTIONLESS
op->o_peeraddr = peeraddr;
- op->o_dn = cdn;
+ if (cdn) {
+ op->o_dn = cdn;
+ op->o_protocol = LDAP_VERSION2;
+ }
#endif
if ( conn->c_conn_state == SLAP_C_BINDING
|| conn->c_conn_state == SLAP_C_CLOSING )
arg->co_op->o_authmech = conn->c_authmech != NULL
? ch_strdup( conn->c_authmech ) : NULL;
- arg->co_op->o_protocol = conn->c_protocol
+ if (!arg->co_op->o_protocol) {
+ arg->co_op->o_protocol = conn->c_protocol
? conn->c_protocol : LDAP_VERSION3;
+ }
arg->co_op->o_connid = conn->c_connid;
slap_op_add( &conn->c_ops, arg->co_op );
#endif
} else {
#ifdef LDAP_CONNECTIONLESS
- if ( tmp == LDAP_PROTO_UDP )
- l.sl_is_udp = 1;
+ l.sl_is_udp = ( tmp == LDAP_PROTO_UDP );
#endif
if( lud->lud_host == NULL || lud->lud_host[0] == '\0'
|| strcmp(lud->lud_host, "*") == 0 )
ber_free(ber, 1);
return;
}
+ }
+ if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
rc = ber_printf( ber, "{is{t{ess",
msgid, "", tag, err,
matched == NULL ? "" : matched,
rc = ber_printf( ber, "N}N}" );
}
#ifdef LDAP_CONNECTIONLESS
- if( conn->c_is_udp && rc != -1 ) {
+ if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) {
rc = ber_printf( ber, "N}" );
}
#endif
ber_free(ber, 1);
return;
}
+ }
+ if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
rc = ber_printf( ber, "{is{t{s{",
op->o_msgid, "", LDAP_RES_SEARCH_ENTRY, e->e_dn );
} else
rc = ber_printf( ber, /*{{{*/ "}N}N}" );
#ifdef LDAP_CONNECTIONLESS
- if (conn->c_is_udp && rc != -1)
+ if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1)
rc = ber_printf( ber, "}" );
#endif
if ( rc == -1 ) {
Entry *entry = NULL;
if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
+#ifdef LDAP_CONNECTIONLESS
+ /* Ignore LDAPv2 CLDAP DSE queries */
+ if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
+ goto return_results;
+ }
+#endif
/* check restrictions */
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
projects / openldap / commitdiff