int option,
LDAP_CONST void *invalue));
+/* V3 REBIND Function Callback Prototype */
+typedef int (LDAP_REBIND_PROC) ( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid);
+
+LIBLDAP_F( int )
+ldap_set_rebind_proc LDAP_P((
+ LDAP *ld,
+ LDAP_REBIND_PROC *ldap_proc));
/*
* in controls.c:
return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
}
}
-
-
-void
-ldap_set_rebind_proc( LDAP *ld, int (*rebindproc)( LDAP *ld, char **dnp,
- char **passwdp, int *authmethodp, int freeit ))
-{
- assert( ld != NULL );
- assert( LDAP_VALID( ld ) );
-
- ld->ld_rebindproc = rebindproc;
-}
}
if ( ld->ld_cldapaddrs == NULL
- || ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,0 )) == NULL
+ || ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,NULL )) == NULL
) {
ldap_ld_free( ld, 0, NULL, NULL );
DO_RETURN( NULL );
/* LDAPv3 server and client controls */
LDAPControl **ldo_sctrls;
LDAPControl **ldo_cctrls;
+ /* LDAPV3 rebind callback function
+ */
+ LDAP_REBIND_PROC *ldo_rebindproc;
#ifdef HAVE_TLS
/* tls context */
Sockbuf *lconn_sb;
int lconn_refcnt;
time_t lconn_lastused; /* time */
+ int lconn_rebind_inprogress; /* set if rebind in progress */
+ char ***lconn_rebind_queue; /* used if rebind in progress */
int lconn_status;
#define LDAP_CONNST_NEEDSOCKET 1
#define LDAP_CONNST_CONNECTING 2
typedef struct ldapreq {
ber_int_t lr_msgid; /* the message id */
int lr_status; /* status of request */
+#define LDAP_REQST_COMPLETED 0
#define LDAP_REQST_INPROGRESS 1
#define LDAP_REQST_CHASINGREFS 2
#define LDAP_REQST_NOTCONNECTED 3
#define LDAP_CACHE_OPT_CACHEALLERRS 0x00000002
} LDAPCache;
+/*
+ * structure containing referral request info for rebind procedure
+ */
+typedef struct ldapreqinfo {
+ ber_len_t ri_msgid;
+ int ri_request;
+ char *ri_url;
+} LDAPreqinfo;
+
/*
* handy macro for checking if handle is connectionless
*/
#define ld_sctrls ld_options.ldo_sctrls
#define ld_cctrls ld_options.ldo_cctrls
+#define ld_rebindproc ld_options.ldo_rebindproc
#define ld_version ld_options.ldo_version
char *ld_host;
LDAPConn *ld_defconn; /* default connection */
LDAPConn *ld_conns; /* list of server connections */
void *ld_selectinfo; /* platform specifics for select */
- int (*ld_rebindproc)( struct ldap *ld, char **dnp,
- char **passwdp, int *authmethodp, int freeit );
- /* routine to get info needed for re-bind */
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *ld_sasl_context;
#endif /* HAVE_CYRUS_SASL */
LIBLDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld );
LIBLDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber );
-LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, int bind );
-LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, int bind );
+LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
+LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind );
LIBLDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid );
LIBLDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr );
LIBLDAP_F (void) ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind );
LIBLDAP_F (void) ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all );
LIBLDAP_F (void) ldap_dump_requests_and_responses( LDAP *ld );
LIBLDAP_F (int) ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp );
+LIBLDAP_F (int) ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **referralsp, int *hadrefp );
LIBLDAP_F (int) ldap_append_referral( LDAP *ld, char **referralsp, char *s );
/*
int ldap_open_defconn( LDAP *ld )
{
- if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,0 )) == NULL )
+ if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,NULL )) == NULL )
{
ld->ld_errno = LDAP_SERVER_DOWN;
return -1;
#include "ldap-int.h"
+#define LDAP_OPT_REBIND_PROC 0x4e814d
+
static const LDAPAPIFeatureInfo features[] = {
#ifdef LDAP_API_FEATURE_X_OPENLDAP
{ /* OpenLDAP Extensions API Feature */
return LDAP_OPT_ERROR;
}
} return LDAP_OPT_SUCCESS;
+
+ /* Only accessed from inside this function by ldap_set_rebind_proc() */
+ case LDAP_OPT_REBIND_PROC: {
+ lo->ldo_rebindproc = (LDAP_REBIND_PROC *)invalue;
+ } return LDAP_OPT_SUCCESS;
}
if(invalue == NULL) {
}
return LDAP_OPT_ERROR;
}
+
+LIBLDAP_F(int)
+ldap_set_rebind_proc( LDAP *ld, LDAP_REBIND_PROC *rebind_proc)
+{
+ return( ldap_set_option( ld, LDAP_OPT_REBIND_PROC, (void *)rebind_proc));
+}
/* Portions
* Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
+ ******************************************************************************
+ * This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ ******************************************************************************
+ * Modification to OpenLDAP source by Novell, Inc.
+ * April 2000 sfs Added code to chase V3 referrals
*
* request.c - sending of ldap requests; handling of referrals
*/
LDAP *ld,
BerElement *origber,
ber_int_t msgid,
- char **dnp ));
+ char **dnp,
+ int *type));
BerElement *
}
rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL,
- servers, NULL, 0 );
+ servers, NULL, NULL );
if (servers)
ldap_free_urllist(servers);
return(rc);
LDAPRequest *parentreq,
LDAPURLDesc *srvlist,
LDAPConn *lc,
- int bind )
+ LDAPreqinfo *bind )
{
LDAPRequest *lr;
int incparent;
} else {
if (( lc = find_connection( ld, srvlist, 1 )) ==
NULL ) {
- if ( bind && (parentreq != NULL) ) {
+ if ( (bind != NULL) && (parentreq != NULL) ) {
/* Remember the bind in the parent */
incparent = 1;
++parentreq->lr_outrefcnt;
LDAPConn *
ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb,
- int connect, int bind )
+ int connect, LDAPreqinfo *bind )
{
LDAPConn *lc;
LDAPURLDesc *srv;
Sockbuf *sb;
+ Debug( LDAP_DEBUG_TRACE, "ldap_new_connection\n", 0, 0, 0 );
/*
* make a new LDAP server connection
* XXX open connection synchronously for now
* XXX for now, we always do a synchronous bind. This will have
* to change in the long run...
*/
- if ( bind ) {
- int err, freepasswd, authmethod;
- char *binddn, *passwd;
+ if ( bind != NULL) {
+ int err = 0;
LDAPConn *savedefconn;
- freepasswd = err = 0;
-
- if ( ld->ld_rebindproc == 0 ) {
- binddn = passwd = "";
- authmethod = LDAP_AUTH_SIMPLE;
- } else {
- if (( err = (*ld->ld_rebindproc)( ld, &binddn, &passwd,
- &authmethod, 0 )) == LDAP_SUCCESS ) {
- freepasswd = 1;
+ /* Set flag to prevent additional referrals from being processed on this
+ * connection until the bind has completed
+ */
+ lc->lconn_rebind_inprogress = 1;
+ /* V3 rebind function */
+ if ( ld->ld_rebindproc != NULL) {
+ LDAPURLDesc *srvfunc;
+ if( ( srvfunc = ldap_url_dup( srvlist)) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ err = -1;
} else {
- ld->ld_errno = err;
+ savedefconn = ld->ld_defconn;
+ ++lc->lconn_refcnt; /* avoid premature free */
+ ld->ld_defconn = lc;
+
+ Debug( LDAP_DEBUG_TRACE, "Call application rebindproc\n", 0, 0, 0);
+ err = (*ld->ld_rebindproc)( ld, bind->ri_url, bind->ri_request, bind->ri_msgid);
+
+ ld->ld_defconn = savedefconn;
+ --lc->lconn_refcnt;
+
+ if( err != 0) {
err = -1;
+ ldap_free_connection( ld, lc, 1, 0 );
+ lc = NULL;
}
+ ldap_free_urldesc( srvfunc);
}
-
-
- if ( err == 0 ) {
+ } else {
savedefconn = ld->ld_defconn;
- ld->ld_defconn = lc;
++lc->lconn_refcnt; /* avoid premature free */
+ ld->ld_defconn = lc;
- if ( ldap_bind_s( ld, binddn, passwd, authmethod ) !=
- LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "anonymous rebind via ldap_bind_s\n", 0, 0, 0);
+ if ( ldap_bind_s( ld, "", "", LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) {
err = -1;
}
- --lc->lconn_refcnt;
ld->ld_defconn = savedefconn;
- }
-
- if ( freepasswd ) {
- (*ld->ld_rebindproc)( ld, &binddn, &passwd,
- &authmethod, 1 );
- }
+ --lc->lconn_refcnt;
if ( err != 0 ) {
ldap_free_connection( ld, lc, 1, 0 );
lc = NULL;
}
}
+ if( lc != NULL)
+ lc->lconn_rebind_inprogress = 0;
+ }
return( lc );
}
if ( lc->lconn_sb != &ld->ld_sb ) {
ber_sockbuf_free( lc->lconn_sb );
}
+ if( lc->lconn_rebind_queue != NULL) {
+ int i;
+ for( i = 0; lc->lconn_rebind_queue[i] != NULL; i++) {
+ free_strarray(lc->lconn_rebind_queue[i]);
+ }
+ LDAP_FREE( lc->lconn_rebind_queue);
+ }
LDAP_FREE( lc );
Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: actually freed\n",
0, 0, 0 );
( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ?
"NeedSocket" : ( lc->lconn_status ==
LDAP_CONNST_CONNECTING ) ? "Connecting" : "Connected" );
- fprintf( stderr, " last used: %s\n",
+ fprintf( stderr, " last used: %s",
ldap_pvt_ctime( &lc->lconn_lastused, timebuf ));
+ if( lc->lconn_rebind_inprogress ) {
+ fprintf( stderr, " rebind in progress\n");
+ if( lc->lconn_rebind_queue != NULL) {
+ int i = 0;
+ for( ;lc->lconn_rebind_queue[i] != NULL; i++) {
+ int j = 0;
+ for( ;lc->lconn_rebind_queue[i][j] != 0; j++) {
+ fprintf( stderr, " queue %d entry %d - %s\n",
+ i, j, lc->lconn_rebind_queue[i][j]);
+ }
+ }
+ } else {
+ fprintf( stderr, " queue is empty\n");
+ }
+ }
+ fprintf(stderr, "\n");
if ( !all ) {
break;
}
}
for ( ; lr != NULL; lr = lr->lr_next ) {
fprintf( stderr, " * msgid %d, origid %d, status %s\n",
- lr->lr_msgid, lr->lr_origid, ( lr->lr_status ==
- LDAP_REQST_INPROGRESS ) ? "InProgress" :
+ lr->lr_msgid, lr->lr_origid,
+ ( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" :
( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
( lr->lr_status == LDAP_REQST_NOTCONNECTED ) ? "NotConnected" :
- "Writing" );
+ ( lr->lr_status == LDAP_REQST_WRITING) ? "Writing" :
+ ( lr->lr_status == LDAP_REQST_COMPLETED ? "Request Completed" : "Invalid Status"));
fprintf( stderr, " outstanding referrals %d, parent count %d\n",
lr->lr_outrefcnt, lr->lr_parentcnt );
}
LDAP_FREE( lr );
}
+/*
+ * Chase v3 referrals
+ *
+ * Parameters:
+ * (IN) ld = LDAP connection handle
+ * (IN) lr = LDAP Request structure
+ * (IN) refs = array of pointers to referral strings that we will chase
+ * The array will be free'd by this function when no longer needed
+ * (OUT) errstrp = Place to return a string of referrals which could not be followed
+ * (OUT) hadrefp = 1 if sucessfully followed referral
+ *
+ * Return value - number of referrals followed
+ */
+LIBLDAP_F(int)
+ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **errstrp, int *hadrefp )
+{
+ char *unfollowed;
+ int unfollowedcnt = 0;
+ LDAPRequest *origreq;
+ LDAPURLDesc *srv = NULL;
+ BerElement *ber;
+ char **refarray = NULL;
+ LDAPConn *lc;
+ int rc, count, i, j;
+ LDAPreqinfo rinfo;
+
+ ld->ld_errno = LDAP_SUCCESS; /* optimistic */
+ *hadrefp = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 );
+
+ unfollowed = NULL;
+ rc = count = 0;
+
+ /* If no referrals in array, return */
+ if ( (refs == NULL) || ( (refs)[0] == NULL) ) {
+ rc = 0;
+ goto done;
+ }
+
+ /* Check for hop limit exceeded */
+ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
+ Debug( LDAP_DEBUG_ANY,
+ "more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 );
+ ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED;
+ rc = -1;
+ goto done;
+ }
+
+ /* find original request */
+ for ( origreq = lr; origreq->lr_parent != NULL; origreq = origreq->lr_parent ) {
+ ;
+ }
+
+ refarray = refs;
+ refs = NULL;
+ /* parse out & follow referrals */
+ for( i=0; refarray[i] != NULL; i++) {
+
+ /* Parse the referral URL */
+ if (( rc = ldap_url_parse( refarray[i], &srv)) != LDAP_SUCCESS) {
+ ld->ld_errno = rc;
+ rc = -1;
+ goto done;
+ }
+
+ /* check connection for re-bind in progress */
+ if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
+ if( lc->lconn_rebind_inprogress) {
+ /* We are already chasing a referral or search reference and a
+ * bind on that connection is in progress. We must queue
+ * referrals on that connection, so we don't get a request
+ * going out before the bind operation completes. This happens
+ * if two search references come in one behind the other
+ * for the same server with different contexts.
+ */
+ Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals: queue referral \"%s\"\n",
+ refarray[i], 0, 0);
+ if( lc->lconn_rebind_queue == NULL ) {
+ /* Create a referral list */
+ if( (lc->lconn_rebind_queue = (char ***)LDAP_MALLOC( sizeof(void *) * 2)) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ rc = -1;
+ goto done;
+ }
+ lc->lconn_rebind_queue[0] = refarray;
+ lc->lconn_rebind_queue[1] = NULL;
+ refarray = NULL;
+ } else {
+ /* Count how many referral arrays we already have */
+ for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
+ ;
+ }
+ /* Add the new referral to the list */
+ if( (lc->lconn_rebind_queue = (char ***)LDAP_REALLOC(
+ lc->lconn_rebind_queue, sizeof(void *) * (j + 2))) == NULL) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ rc = -1;
+ goto done;
+ }
+ lc->lconn_rebind_queue[j] = refarray;
+ lc->lconn_rebind_queue[j+1] = NULL;
+ refarray = NULL;
+ }
+ /* We have queued the referral/reference, now just return */
+ rc = 0;
+ *hadrefp = 1;
+ count = 1; /* Pretend we already followed referral */
+ goto done;
+ }
+ }
+ /* Re-encode the request with the new starting point of the search.
+ * Note: In the future we also need to replace the filter if one
+ * was provided with the search reference
+ */
+ if (( ber = re_encode_request( ld, origreq->lr_ber,
+ ++ld->ld_msgid, &srv->lud_dn, &rinfo.ri_request )) == NULL ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ rc = -1;
+ goto done;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referral: msgid %d, url \"%s\"\n",
+ lr->lr_msgid, refarray[i], 0);
+
+ /* Send the new request to the server - may require a bind */
+ rinfo.ri_msgid = origreq->lr_origid;
+ rinfo.ri_url = refarray[i];
+ if ( (rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
+ origreq, srv, NULL, &rinfo )) < 0 ) {
+ /* Failure, try next referral in the list */
+ Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%s)\n",
+ refarray[i], ldap_err2string( ld->ld_errno ), 0);
+ unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i]);
+ ldap_free_urllist(srv);
+ srv = NULL;
+ } else {
+ /* Success, no need to try this referral list further */
+ rc = 0;
+ ++count;
+ *hadrefp = 1;
+
+ /* check if there is a queue of referrals that came in during bind */
+ if( lc == NULL) {
+ if (( lc = find_connection( ld, srv, 1 )) == NULL ) {
+ ld->ld_errno = LDAP_OPERATIONS_ERROR;
+ rc = -1;
+ goto done;
+ }
+ }
+
+ if( lc->lconn_rebind_queue != NULL) {
+ /* Release resources of previous list */
+ free_strarray(refarray);
+ refarray = NULL;
+ ldap_free_urllist(srv);
+ srv = NULL;
+
+ /* Pull entries off end of queue so list always null terminated */
+ for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
+ ;
+ }
+ refarray = lc->lconn_rebind_queue[j-1];
+ lc->lconn_rebind_queue[j-1] = NULL;
+ /* we pulled off last entry from queue, free queue */
+ if ( j == 1 ) {
+ LDAP_FREE( lc->lconn_rebind_queue);
+ lc->lconn_rebind_queue = NULL;
+ }
+ /* restart the loop the with new referral list */
+ i = -1;
+ continue;
+ }
+ break; /* referral followed, break out of for loop */
+ }
+ } /* end for loop */
+done:
+ free_strarray(refarray);
+ ldap_free_urllist(srv);
+ LDAP_FREE( *errstrp );
+
+ if( rc == 0) {
+ *errstrp = NULL;
+ LDAP_FREE( unfollowed );
+ return count;
+ } else {
+ ld->ld_errno = LDAP_REFERRAL;
+ *errstrp = unfollowed;
+ return rc;
+ }
+}
/*
* XXX merging of errors in this routine needs to be improved
LDAPRequest *origreq;
LDAPURLDesc *srv;
BerElement *ber;
+ LDAPreqinfo rinfo;
Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 );
}
if (( ber = re_encode_request( ld, origreq->lr_ber,
- ++ld->ld_msgid, &refdn )) == NULL ) {
+ ++ld->ld_msgid, &refdn, &rinfo.ri_request )) == NULL ) {
return( -1 );
}
}
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_DNS */
+ rinfo.ri_msgid = origreq->lr_origid;
if ( srv != NULL && ldap_send_server_request( ld, ber, ld->ld_msgid,
- lr, srv, NULL, 1 ) >= 0 ) {
+ lr, srv, NULL, &rinfo ) >= 0 ) {
++count;
} else {
Debug( LDAP_DEBUG_ANY,
ldap_err2string( ld->ld_errno ), 0, 0 );
rc = ldap_append_referral( ld, &unfollowed, ref );
}
+ LDAP_FREE( rinfo.ri_url);
if (srv != NULL)
ldap_free_urllist(srv);
static BerElement *
-re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp )
+re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp, int *type )
{
/*
* XXX this routine knows way too much about how the lber library works!
return( NULL );
}
+ assert( tag != 0);
if ( tag == LDAP_REQ_BIND ) {
/* bind requests have a version number before the DN & other stuff */
rc = ber_scanf( &tmpber, "{ia" /*}*/, &ver, &orig_dn );
}
#endif /* LDAP_DEBUG */
+ *type = tag; /* return request type */
return( ber );
}
LDAPRequest *lr;
for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if( lr->lr_status == LDAP_REQST_COMPLETED ) {
+ continue; /* Skip completed requests */
+ }
if ( msgid == lr->lr_msgid ) {
break;
}
/* Portions
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
+ ******************************************************************************
+ * This notice applies to changes, created by or for Novell, Inc.,
+ * to preexisting works for which notices appear elsewhere in this file.
+ *
+ * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ ******************************************************************************
+ * Modification to OpenLDAP source by Novell, Inc.
+ * April 2000 sfs Add code to process V3 referrals and search results
*
* result.c - wait for an ldap result
*/
ber_tag_t tag;
ber_len_t len;
int foundit = 0;
- LDAPRequest *lr;
+ LDAPRequest *lr, *tmplr;
BerElement tmpber;
int rc, refer_cnt, hadref, simple_request;
ber_int_t lderr;
+ /*
+ * v3ref = flag for V3 referral / search reference
+ * 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application
+ */
+ int v3ref;
assert( ld != NULL );
assert( lc != NULL );
/* if it's been abandoned, toss it */
if ( ldap_abandoned( ld, id ) ) {
ber_free( ber, 1 );
+ Debug( LDAP_DEBUG_ANY, "abandoned\n", 0, 0, 0);
return( -2 ); /* continue looking */
}
return( -1 );
}
- Debug( LDAP_DEBUG_TRACE, "ldap_read: %s msgid %ld, original id %ld\n",
+ Debug( LDAP_DEBUG_TRACE, "ldap_read: message type %s msgid %ld, original id %ld\n",
( tag == LDAP_RES_SEARCH_ENTRY ) ? "entry" :
( tag == LDAP_RES_SEARCH_REFERENCE ) ? "reference" : "result",
- (long) id, (long) lr->lr_origid );
+ (long) lr->lr_msgid, (long) lr->lr_origid );
id = lr->lr_origid;
refer_cnt = 0;
rc = -2; /* default is to keep looking (no response found) */
lr->lr_res_msgtype = tag;
- if ( tag != LDAP_RES_SEARCH_ENTRY ) {
+ /*
+ * This code figures out if we are going to chase a
+ * referral / search reference, or pass it back to the application
+ */
+ v3ref = 0; /* Assume not a V3 search reference or referral */
+ if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) {
+ BerElement tmpber = *ber; /* struct copy */
+ char **refs = NULL;
+
+ if( tag == LDAP_RES_SEARCH_REFERENCE) {
+ /* This is a V3 search reference */
+ /* Assume we do not chase the reference, but pass it to application */
+ v3ref = -1;
+ if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
+ (lr->lr_parent != NULL) )
+ {
+ /* Get the referral list */
+ if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
+ rc = LDAP_DECODING_ERROR;
+ } else {
+ /* Note: refs arrary is freed by ldap_chase_v3referrals */
+ refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
+ &lr->lr_res_error, &hadref );
+ if ( refer_cnt > 0 ) { /* sucessfully chased reference */
+ /* If haven't got end search, set chasing referrals */
+ if( lr->lr_status != LDAP_REQST_COMPLETED) {
+ lr->lr_status = LDAP_REQST_CHASINGREFS;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: search ref chased, mark request chasing refs, id = %d\n",
+ lr->lr_msgid, 0, 0);
+ }
+ v3ref = 1; /* We sucessfully chased the reference */
+ }
+ }
+ }
+ } else {
+ /* Check for V3 referral */
+ ber_len_t len;
+ if ( ber_scanf( &tmpber, "{iaa",/*}*/ &lderr,
+ &lr->lr_res_matched, &lr->lr_res_error )
+ != LBER_ERROR ) {
+ /* Check if V3 referral */
+ if( ber_peek_tag( &tmpber, &len) == LDAP_TAG_REFERRAL ) {
+ /* We have a V3 referral, assume we cannot chase it */
+ v3ref = -1;
+ if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
+ || (lr->lr_parent != NULL) )
+ {
+ v3ref = -1; /* Assume referral not chased and return it to app */
+ /* Get the referral list */
+ if( ber_scanf( &tmpber, "v", &refs) == LBER_ERROR) {
+ rc = LDAP_DECODING_ERROR;
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: referral decode error, mark request completed, id = %d\n",
+ lr->lr_msgid, 0, 0);
+ } else {
+ /* Chase the referral
+ * Note: refs arrary is freed by ldap_chase_v3referrals
+ */
+ refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
+ &lr->lr_res_error, &hadref );
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: referral chased, mark request completed, id = %d\n",
+ lr->lr_msgid, 0, 0);
+ if( refer_cnt > 0) {
+ v3ref = 1; /* Referral successfully chased */
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /* All results that just return a status, i.e. don't return data
+ * go through the following code. This code also chases V2 referrals
+ * and checks if all referrals have been chased.
+ */
+ if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref > -1) ) {
+ /* For a v3 search referral/reference, only come here if already chased it */
if ( ld->ld_version >= LDAP_VERSION2 &&
( lr->lr_parent != NULL ||
LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) )
{
tmpber = *ber; /* struct copy */
+ if ( v3ref == 1 ) {
+ ; /* V3 search reference or V3 referral sucessfully chased */
+ } else
if ( ber_scanf( &tmpber, "{iaa}", &lderr,
&lr->lr_res_matched, &lr->lr_res_error )
!= LBER_ERROR ) {
/* referrals are in error string */
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, &hadref );
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: V2 referral chased, mark request completed, id = %d\n", lr->lr_msgid, 0, 0);
}
/* save errno, message, and matched string */
if ( refer_cnt < 0 ) {
return( -1 ); /* fatal error */
}
- lr->lr_status = LDAP_REQST_CHASINGREFS;
+ lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
} else {
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
/* request without any referrals */
ber = NULL;
}
+ lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: mark request completed, id = %d\n", lr->lr_msgid, 0, 0);
while ( lr->lr_parent != NULL ) {
merge_error_info( ld, lr->lr_parent, lr );
}
}
- if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
+ /* Check if all requests are finished, lr is now parent */
+ for(tmplr=lr ; tmplr != NULL; tmplr=tmplr->lr_refnext) {
+ if( tmplr->lr_status != LDAP_REQST_COMPLETED) {
+ break;
+ }
+ }
+
+ /* This is the parent request if the request has referrals */
+ if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL && tmplr == NULL ) {
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_ANY, "request %ld done\n",
if ( msgid == LDAP_RES_ANY || id == msgid ) {
if ( all == LDAP_MSG_ONE
|| (new->lm_msgtype != LDAP_RES_SEARCH_RESULT
- && new->lm_msgtype != LDAP_RES_SEARCH_ENTRY) ) {
+ && new->lm_msgtype != LDAP_RES_SEARCH_ENTRY
+ && new->lm_msgtype != LDAP_RES_SEARCH_REFERENCE) ) {
*result = new;
ld->ld_errno = LDAP_SUCCESS;
return( tag );
(long) new->lm_msgid, (long) new->lm_msgtype, 0 );
/* part of a search response - add to end of list of entries */
- for ( tmp = l; tmp->lm_chain != NULL &&
- tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY;
+ for ( tmp = l; (tmp->lm_chain != NULL) &&
+ ((tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
+ (tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_REFERENCE));
tmp = tmp->lm_chain )
; /* NULL */
tmp->lm_chain = new;
return( ld->ld_errno );
}
+ if( rc == LDAP_RES_SEARCH_REFERENCE) {
+ return( ld->ld_errno );
+ }
+
return( ldap_result2error( ld, *res, 0 ) );
}
static int
-bind_prompt( LDAP *ld, char **dnp, char **passwdp, int *authmethodp,
- int freeit )
+bind_prompt( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid)
{
static char dn[256], passwd[256];
+ char *dnp;
+ int authmethod;
- if ( !freeit ) {
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
getline( dn, sizeof(dn), stdin,
"re-bind method (0->simple, 1->krbv41, 2->krbv42, 3->krbv41&2)? " );
- if (( *authmethodp = atoi( dn )) == 3 ) {
- *authmethodp = LDAP_AUTH_KRBV4;
+ if (( authmethod = atoi( dn )) == 3 ) {
+ authmethod = LDAP_AUTH_KRBV4;
} else {
- *authmethodp |= 0x80;
+ authmethod |= 0x80;
}
#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
- *authmethodp = LDAP_AUTH_SIMPLE;
+ authmethod = LDAP_AUTH_SIMPLE;
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
getline( dn, sizeof(dn), stdin, "re-bind dn? " );
strcat( dn, dnsuffix );
- *dnp = dn;
- if ( *authmethodp == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
+ if ( authmethod == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
getline( passwd, sizeof(passwd), stdin,
"re-bind password? " );
} else {
passwd[0] = '\0';
}
- *passwdp = passwd;
- }
- return( LDAP_SUCCESS );
+ return ldap_bind_s( ld, dn, passwd, authmethod);
}
return LDAP_URL_ERR_MEM;
}
+ /*
+ * Kluge. ldap://111.222.333.444:389??cn=abc,o=company
+ *
+ * On early Novell releases, search references/referrals were returned
+ * in this format, i.e., the dn was kind of in the scope position,
+ * but the required slash is missing. The whole thing is illegal syntax,
+ * but we need to account for it. Fortunately it can't be confused with
+ * anything real.
+ */
+ if( (p == NULL) && ((q = strchr( q, '?')) != NULL)) {
+ q++;
+ /* ? immediately followed by question */
+ if( *q == '?') {
+ q++;
+ if( *q != '\0' ) {
+ /* parse dn part */
+ ldap_pvt_hex_unescape( q );
+ ludp->lud_dn = LDAP_STRDUP( q );
+ } else {
+ ludp->lud_dn = LDAP_STRDUP( "" );
+ }
+
+ if( ludp->lud_dn == NULL ) {
+ LDAP_FREE( url );
+ ldap_free_urldesc( ludp );
+ return LDAP_URL_ERR_MEM;
+ }
+ }
+ }
+
if( p == NULL ) {
LDAP_FREE( url );
*ludpp = ludp;
int err;
LDAPURLDesc *ludp;
BerElement *ber;
+ LDAPreqinfo bind;
if ( ldap_url_parse( url, &ludp ) != 0 ) {
ld->ld_errno = LDAP_PARAM_ERROR;
if ( ber == NULL ) {
err = -1;
} else {
+ bind.ri_request = LDAP_REQ_SEARCH;
+ bind.ri_msgid = ld->ld_msgid;
+ bind.ri_url = (char *)url;
err = ldap_send_server_request(
ld, ber, ld->ld_msgid, NULL,
(ludp->lud_host != NULL || ludp->lud_port != 0)
? ludp : NULL,
- NULL, 1 );
+ NULL, &bind );
}
ldap_free_urldesc( ludp );
projects / openldap / commitdiff