From a26cef7fc89d8ec84552edf6c07af88844651b47 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 31 May 2000 17:34:43 +0000 Subject: [PATCH] LDAPv3 referrals changes by Steve Sonntag @ Novell --- include/ldap.h | 7 + libraries/libldap/bind.c | 11 -- libraries/libldap/cldap.c | 2 +- libraries/libldap/ldap-int.h | 24 ++- libraries/libldap/open.c | 2 +- libraries/libldap/options.c | 13 ++ libraries/libldap/request.c | 326 +++++++++++++++++++++++++++++++---- libraries/libldap/result.c | 141 ++++++++++++++- libraries/libldap/search.c | 4 + libraries/libldap/test.c | 21 +-- libraries/libldap/url.c | 36 +++- 11 files changed, 509 insertions(+), 78 deletions(-) diff --git a/include/ldap.h b/include/ldap.h index 989cf973bc..fee3e00359 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -548,6 +548,13 @@ ldap_set_option LDAP_P(( int option, LDAP_CONST void *invalue)); +/* V3 REBIND Function Callback Prototype */ +typedef int (LDAP_REBIND_PROC) ( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid); + +LIBLDAP_F( int ) +ldap_set_rebind_proc LDAP_P(( + LDAP *ld, + LDAP_REBIND_PROC *ldap_proc)); /* * in controls.c: diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c index 95de07f0ff..f985b3b0d9 100644 --- a/libraries/libldap/bind.c +++ b/libraries/libldap/bind.c @@ -130,14 +130,3 @@ ldap_bind_s( return( ld->ld_errno = LDAP_AUTH_UNKNOWN ); } } - - -void -ldap_set_rebind_proc( LDAP *ld, int (*rebindproc)( LDAP *ld, char **dnp, - char **passwdp, int *authmethodp, int freeit )) -{ - assert( ld != NULL ); - assert( LDAP_VALID( ld ) ); - - ld->ld_rebindproc = rebindproc; -} diff --git a/libraries/libldap/cldap.c b/libraries/libldap/cldap.c index 0bf0c44b42..0b03b2ad8d 100644 --- a/libraries/libldap/cldap.c +++ b/libraries/libldap/cldap.c @@ -162,7 +162,7 @@ cldap_open( LDAP_CONST char *host, int port ) } if ( ld->ld_cldapaddrs == NULL - || ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,0 )) == NULL + || ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,NULL )) == NULL ) { ldap_ld_free( ld, 0, NULL, NULL ); DO_RETURN( NULL ); diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 8f9ec899c8..df499916be 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -119,6 +119,9 @@ struct ldapoptions { /* LDAPv3 server and client controls */ LDAPControl **ldo_sctrls; LDAPControl **ldo_cctrls; + /* LDAPV3 rebind callback function + */ + LDAP_REBIND_PROC *ldo_rebindproc; #ifdef HAVE_TLS /* tls context */ @@ -152,6 +155,8 @@ typedef struct ldap_conn { Sockbuf *lconn_sb; int lconn_refcnt; time_t lconn_lastused; /* time */ + int lconn_rebind_inprogress; /* set if rebind in progress */ + char ***lconn_rebind_queue; /* used if rebind in progress */ int lconn_status; #define LDAP_CONNST_NEEDSOCKET 1 #define LDAP_CONNST_CONNECTING 2 @@ -169,6 +174,7 @@ typedef struct ldap_conn { typedef struct ldapreq { ber_int_t lr_msgid; /* the message id */ int lr_status; /* status of request */ +#define LDAP_REQST_COMPLETED 0 #define LDAP_REQST_INPROGRESS 1 #define LDAP_REQST_CHASINGREFS 2 #define LDAP_REQST_NOTCONNECTED 3 @@ -204,6 +210,15 @@ typedef struct ldapcache { #define LDAP_CACHE_OPT_CACHEALLERRS 0x00000002 } LDAPCache; +/* + * structure containing referral request info for rebind procedure + */ +typedef struct ldapreqinfo { + ber_len_t ri_msgid; + int ri_request; + char *ri_url; +} LDAPreqinfo; + /* * handy macro for checking if handle is connectionless */ @@ -237,6 +252,7 @@ struct ldap { #define ld_sctrls ld_options.ldo_sctrls #define ld_cctrls ld_options.ldo_cctrls +#define ld_rebindproc ld_options.ldo_rebindproc #define ld_version ld_options.ldo_version char *ld_host; @@ -272,9 +288,6 @@ struct ldap { LDAPConn *ld_defconn; /* default connection */ LDAPConn *ld_conns; /* list of server connections */ void *ld_selectinfo; /* platform specifics for select */ - int (*ld_rebindproc)( struct ldap *ld, char **dnp, - char **passwdp, int *authmethodp, int freeit ); - /* routine to get info needed for re-bind */ #ifdef HAVE_CYRUS_SASL sasl_conn_t *ld_sasl_context; #endif /* HAVE_CYRUS_SASL */ @@ -409,14 +422,15 @@ LIBLDAP_F (ber_int_t) ldap_send_initial_request( LDAP *ld, ber_tag_t msgtype, LIBLDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld ); LIBLDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber ); -LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, int bind ); -LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, int bind ); +LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind ); +LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind ); LIBLDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid ); LIBLDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr ); LIBLDAP_F (void) ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ); LIBLDAP_F (void) ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all ); LIBLDAP_F (void) ldap_dump_requests_and_responses( LDAP *ld ); LIBLDAP_F (int) ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp ); +LIBLDAP_F (int) ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **referralsp, int *hadrefp ); LIBLDAP_F (int) ldap_append_referral( LDAP *ld, char **referralsp, char *s ); /* diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index dc039edfe0..955733482f 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -25,7 +25,7 @@ int ldap_open_defconn( LDAP *ld ) { - if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,0 )) == NULL ) + if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,NULL )) == NULL ) { ld->ld_errno = LDAP_SERVER_DOWN; return -1; diff --git a/libraries/libldap/options.c b/libraries/libldap/options.c index 16376c1b5a..47e77e6247 100644 --- a/libraries/libldap/options.c +++ b/libraries/libldap/options.c @@ -16,6 +16,8 @@ #include "ldap-int.h" +#define LDAP_OPT_REBIND_PROC 0x4e814d + static const LDAPAPIFeatureInfo features[] = { #ifdef LDAP_API_FEATURE_X_OPENLDAP { /* OpenLDAP Extensions API Feature */ @@ -420,6 +422,11 @@ ldap_set_option( return LDAP_OPT_ERROR; } } return LDAP_OPT_SUCCESS; + + /* Only accessed from inside this function by ldap_set_rebind_proc() */ + case LDAP_OPT_REBIND_PROC: { + lo->ldo_rebindproc = (LDAP_REBIND_PROC *)invalue; + } return LDAP_OPT_SUCCESS; } if(invalue == NULL) { @@ -588,3 +595,9 @@ ldap_set_option( } return LDAP_OPT_ERROR; } + +LIBLDAP_F(int) +ldap_set_rebind_proc( LDAP *ld, LDAP_REBIND_PROC *rebind_proc) +{ + return( ldap_set_option( ld, LDAP_OPT_REBIND_PROC, (void *)rebind_proc)); +} diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c index 12d807416d..1f28aa1dab 100644 --- a/libraries/libldap/request.c +++ b/libraries/libldap/request.c @@ -6,6 +6,23 @@ /* Portions * Copyright (c) 1995 Regents of the University of Michigan. * All rights reserved. + ****************************************************************************** + * This notice applies to changes, created by or for Novell, Inc., + * to preexisting works for which notices appear elsewhere in this file. + * + * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved. + * + * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES. + * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION + * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT + * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE + * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS + * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC + * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE + * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. + ****************************************************************************** + * Modification to OpenLDAP source by Novell, Inc. + * April 2000 sfs Added code to chase V3 referrals * * request.c - sending of ldap requests; handling of referrals */ @@ -36,7 +53,8 @@ static BerElement *re_encode_request LDAP_P(( LDAP *ld, BerElement *origber, ber_int_t msgid, - char **dnp )); + char **dnp, + int *type)); BerElement * @@ -132,7 +150,7 @@ ldap_send_initial_request( } rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL, - servers, NULL, 0 ); + servers, NULL, NULL ); if (servers) ldap_free_urllist(servers); return(rc); @@ -148,7 +166,7 @@ ldap_send_server_request( LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, - int bind ) + LDAPreqinfo *bind ) { LDAPRequest *lr; int incparent; @@ -164,7 +182,7 @@ ldap_send_server_request( } else { if (( lc = find_connection( ld, srvlist, 1 )) == NULL ) { - if ( bind && (parentreq != NULL) ) { + if ( (bind != NULL) && (parentreq != NULL) ) { /* Remember the bind in the parent */ incparent = 1; ++parentreq->lr_outrefcnt; @@ -255,12 +273,13 @@ ldap_send_server_request( LDAPConn * ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, - int connect, int bind ) + int connect, LDAPreqinfo *bind ) { LDAPConn *lc; LDAPURLDesc *srv; Sockbuf *sb; + Debug( LDAP_DEBUG_TRACE, "ldap_new_connection\n", 0, 0, 0 ); /* * make a new LDAP server connection * XXX open connection synchronously for now @@ -305,50 +324,58 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, * XXX for now, we always do a synchronous bind. This will have * to change in the long run... */ - if ( bind ) { - int err, freepasswd, authmethod; - char *binddn, *passwd; + if ( bind != NULL) { + int err = 0; LDAPConn *savedefconn; - freepasswd = err = 0; - - if ( ld->ld_rebindproc == 0 ) { - binddn = passwd = ""; - authmethod = LDAP_AUTH_SIMPLE; - } else { - if (( err = (*ld->ld_rebindproc)( ld, &binddn, &passwd, - &authmethod, 0 )) == LDAP_SUCCESS ) { - freepasswd = 1; + /* Set flag to prevent additional referrals from being processed on this + * connection until the bind has completed + */ + lc->lconn_rebind_inprogress = 1; + /* V3 rebind function */ + if ( ld->ld_rebindproc != NULL) { + LDAPURLDesc *srvfunc; + if( ( srvfunc = ldap_url_dup( srvlist)) == NULL) { + ld->ld_errno = LDAP_NO_MEMORY; + err = -1; } else { - ld->ld_errno = err; + savedefconn = ld->ld_defconn; + ++lc->lconn_refcnt; /* avoid premature free */ + ld->ld_defconn = lc; + + Debug( LDAP_DEBUG_TRACE, "Call application rebindproc\n", 0, 0, 0); + err = (*ld->ld_rebindproc)( ld, bind->ri_url, bind->ri_request, bind->ri_msgid); + + ld->ld_defconn = savedefconn; + --lc->lconn_refcnt; + + if( err != 0) { err = -1; + ldap_free_connection( ld, lc, 1, 0 ); + lc = NULL; } + ldap_free_urldesc( srvfunc); } - - - if ( err == 0 ) { + } else { savedefconn = ld->ld_defconn; - ld->ld_defconn = lc; ++lc->lconn_refcnt; /* avoid premature free */ + ld->ld_defconn = lc; - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != - LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_TRACE, "anonymous rebind via ldap_bind_s\n", 0, 0, 0); + if ( ldap_bind_s( ld, "", "", LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) { err = -1; } - --lc->lconn_refcnt; ld->ld_defconn = savedefconn; - } - - if ( freepasswd ) { - (*ld->ld_rebindproc)( ld, &binddn, &passwd, - &authmethod, 1 ); - } + --lc->lconn_refcnt; if ( err != 0 ) { ldap_free_connection( ld, lc, 1, 0 ); lc = NULL; } } + if( lc != NULL) + lc->lconn_rebind_inprogress = 0; + } return( lc ); } @@ -434,6 +461,13 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) if ( lc->lconn_sb != &ld->ld_sb ) { ber_sockbuf_free( lc->lconn_sb ); } + if( lc->lconn_rebind_queue != NULL) { + int i; + for( i = 0; lc->lconn_rebind_queue[i] != NULL; i++) { + free_strarray(lc->lconn_rebind_queue[i]); + } + LDAP_FREE( lc->lconn_rebind_queue); + } LDAP_FREE( lc ); Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: actually freed\n", 0, 0, 0 ); @@ -465,8 +499,24 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all ) ( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ? "NeedSocket" : ( lc->lconn_status == LDAP_CONNST_CONNECTING ) ? "Connecting" : "Connected" ); - fprintf( stderr, " last used: %s\n", + fprintf( stderr, " last used: %s", ldap_pvt_ctime( &lc->lconn_lastused, timebuf )); + if( lc->lconn_rebind_inprogress ) { + fprintf( stderr, " rebind in progress\n"); + if( lc->lconn_rebind_queue != NULL) { + int i = 0; + for( ;lc->lconn_rebind_queue[i] != NULL; i++) { + int j = 0; + for( ;lc->lconn_rebind_queue[i][j] != 0; j++) { + fprintf( stderr, " queue %d entry %d - %s\n", + i, j, lc->lconn_rebind_queue[i][j]); + } + } + } else { + fprintf( stderr, " queue is empty\n"); + } + } + fprintf(stderr, "\n"); if ( !all ) { break; } @@ -486,11 +536,12 @@ ldap_dump_requests_and_responses( LDAP *ld ) } for ( ; lr != NULL; lr = lr->lr_next ) { fprintf( stderr, " * msgid %d, origid %d, status %s\n", - lr->lr_msgid, lr->lr_origid, ( lr->lr_status == - LDAP_REQST_INPROGRESS ) ? "InProgress" : + lr->lr_msgid, lr->lr_origid, + ( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" : ( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" : ( lr->lr_status == LDAP_REQST_NOTCONNECTED ) ? "NotConnected" : - "Writing" ); + ( lr->lr_status == LDAP_REQST_WRITING) ? "Writing" : + ( lr->lr_status == LDAP_REQST_COMPLETED ? "Request Completed" : "Invalid Status")); fprintf( stderr, " outstanding referrals %d, parent count %d\n", lr->lr_outrefcnt, lr->lr_parentcnt ); } @@ -559,6 +610,197 @@ ldap_free_request( LDAP *ld, LDAPRequest *lr ) LDAP_FREE( lr ); } +/* + * Chase v3 referrals + * + * Parameters: + * (IN) ld = LDAP connection handle + * (IN) lr = LDAP Request structure + * (IN) refs = array of pointers to referral strings that we will chase + * The array will be free'd by this function when no longer needed + * (OUT) errstrp = Place to return a string of referrals which could not be followed + * (OUT) hadrefp = 1 if sucessfully followed referral + * + * Return value - number of referrals followed + */ +LIBLDAP_F(int) +ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **errstrp, int *hadrefp ) +{ + char *unfollowed; + int unfollowedcnt = 0; + LDAPRequest *origreq; + LDAPURLDesc *srv = NULL; + BerElement *ber; + char **refarray = NULL; + LDAPConn *lc; + int rc, count, i, j; + LDAPreqinfo rinfo; + + ld->ld_errno = LDAP_SUCCESS; /* optimistic */ + *hadrefp = 0; + + Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 ); + + unfollowed = NULL; + rc = count = 0; + + /* If no referrals in array, return */ + if ( (refs == NULL) || ( (refs)[0] == NULL) ) { + rc = 0; + goto done; + } + + /* Check for hop limit exceeded */ + if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) { + Debug( LDAP_DEBUG_ANY, + "more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 ); + ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED; + rc = -1; + goto done; + } + + /* find original request */ + for ( origreq = lr; origreq->lr_parent != NULL; origreq = origreq->lr_parent ) { + ; + } + + refarray = refs; + refs = NULL; + /* parse out & follow referrals */ + for( i=0; refarray[i] != NULL; i++) { + + /* Parse the referral URL */ + if (( rc = ldap_url_parse( refarray[i], &srv)) != LDAP_SUCCESS) { + ld->ld_errno = rc; + rc = -1; + goto done; + } + + /* check connection for re-bind in progress */ + if (( lc = find_connection( ld, srv, 1 )) != NULL ) { + if( lc->lconn_rebind_inprogress) { + /* We are already chasing a referral or search reference and a + * bind on that connection is in progress. We must queue + * referrals on that connection, so we don't get a request + * going out before the bind operation completes. This happens + * if two search references come in one behind the other + * for the same server with different contexts. + */ + Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals: queue referral \"%s\"\n", + refarray[i], 0, 0); + if( lc->lconn_rebind_queue == NULL ) { + /* Create a referral list */ + if( (lc->lconn_rebind_queue = (char ***)LDAP_MALLOC( sizeof(void *) * 2)) == NULL) { + ld->ld_errno = LDAP_NO_MEMORY; + rc = -1; + goto done; + } + lc->lconn_rebind_queue[0] = refarray; + lc->lconn_rebind_queue[1] = NULL; + refarray = NULL; + } else { + /* Count how many referral arrays we already have */ + for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) { + ; + } + /* Add the new referral to the list */ + if( (lc->lconn_rebind_queue = (char ***)LDAP_REALLOC( + lc->lconn_rebind_queue, sizeof(void *) * (j + 2))) == NULL) { + ld->ld_errno = LDAP_NO_MEMORY; + rc = -1; + goto done; + } + lc->lconn_rebind_queue[j] = refarray; + lc->lconn_rebind_queue[j+1] = NULL; + refarray = NULL; + } + /* We have queued the referral/reference, now just return */ + rc = 0; + *hadrefp = 1; + count = 1; /* Pretend we already followed referral */ + goto done; + } + } + /* Re-encode the request with the new starting point of the search. + * Note: In the future we also need to replace the filter if one + * was provided with the search reference + */ + if (( ber = re_encode_request( ld, origreq->lr_ber, + ++ld->ld_msgid, &srv->lud_dn, &rinfo.ri_request )) == NULL ) { + ld->ld_errno = LDAP_ENCODING_ERROR; + rc = -1; + goto done; + } + + Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referral: msgid %d, url \"%s\"\n", + lr->lr_msgid, refarray[i], 0); + + /* Send the new request to the server - may require a bind */ + rinfo.ri_msgid = origreq->lr_origid; + rinfo.ri_url = refarray[i]; + if ( (rc = ldap_send_server_request( ld, ber, ld->ld_msgid, + origreq, srv, NULL, &rinfo )) < 0 ) { + /* Failure, try next referral in the list */ + Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%s)\n", + refarray[i], ldap_err2string( ld->ld_errno ), 0); + unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i]); + ldap_free_urllist(srv); + srv = NULL; + } else { + /* Success, no need to try this referral list further */ + rc = 0; + ++count; + *hadrefp = 1; + + /* check if there is a queue of referrals that came in during bind */ + if( lc == NULL) { + if (( lc = find_connection( ld, srv, 1 )) == NULL ) { + ld->ld_errno = LDAP_OPERATIONS_ERROR; + rc = -1; + goto done; + } + } + + if( lc->lconn_rebind_queue != NULL) { + /* Release resources of previous list */ + free_strarray(refarray); + refarray = NULL; + ldap_free_urllist(srv); + srv = NULL; + + /* Pull entries off end of queue so list always null terminated */ + for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) { + ; + } + refarray = lc->lconn_rebind_queue[j-1]; + lc->lconn_rebind_queue[j-1] = NULL; + /* we pulled off last entry from queue, free queue */ + if ( j == 1 ) { + LDAP_FREE( lc->lconn_rebind_queue); + lc->lconn_rebind_queue = NULL; + } + /* restart the loop the with new referral list */ + i = -1; + continue; + } + break; /* referral followed, break out of for loop */ + } + } /* end for loop */ +done: + free_strarray(refarray); + ldap_free_urllist(srv); + LDAP_FREE( *errstrp ); + + if( rc == 0) { + *errstrp = NULL; + LDAP_FREE( unfollowed ); + return count; + } else { + ld->ld_errno = LDAP_REFERRAL; + *errstrp = unfollowed; + return rc; + } +} /* * XXX merging of errors in this routine needs to be improved @@ -574,6 +816,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp ) LDAPRequest *origreq; LDAPURLDesc *srv; BerElement *ber; + LDAPreqinfo rinfo; Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 ); @@ -665,7 +908,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp ) } if (( ber = re_encode_request( ld, origreq->lr_ber, - ++ld->ld_msgid, &refdn )) == NULL ) { + ++ld->ld_msgid, &refdn, &rinfo.ri_request )) == NULL ) { return( -1 ); } @@ -698,8 +941,9 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp ) } #endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_DNS */ + rinfo.ri_msgid = origreq->lr_origid; if ( srv != NULL && ldap_send_server_request( ld, ber, ld->ld_msgid, - lr, srv, NULL, 1 ) >= 0 ) { + lr, srv, NULL, &rinfo ) >= 0 ) { ++count; } else { Debug( LDAP_DEBUG_ANY, @@ -707,6 +951,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp ) ldap_err2string( ld->ld_errno ), 0, 0 ); rc = ldap_append_referral( ld, &unfollowed, ref ); } + LDAP_FREE( rinfo.ri_url); if (srv != NULL) ldap_free_urllist(srv); @@ -756,7 +1001,7 @@ ldap_append_referral( LDAP *ld, char **referralsp, char *s ) static BerElement * -re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp ) +re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp, int *type ) { /* * XXX this routine knows way too much about how the lber library works! @@ -787,6 +1032,7 @@ re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp ) return( NULL ); } + assert( tag != 0); if ( tag == LDAP_REQ_BIND ) { /* bind requests have a version number before the DN & other stuff */ rc = ber_scanf( &tmpber, "{ia" /*}*/, &ver, &orig_dn ); @@ -846,6 +1092,7 @@ re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp ) } #endif /* LDAP_DEBUG */ + *type = tag; /* return request type */ return( ber ); } @@ -856,6 +1103,9 @@ ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid ) LDAPRequest *lr; for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) { + if( lr->lr_status == LDAP_REQST_COMPLETED ) { + continue; /* Skip completed requests */ + } if ( msgid == lr->lr_msgid ) { break; } diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index 9a3d04d6ec..155b2cbd70 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -6,6 +6,23 @@ /* Portions * Copyright (c) 1990 Regents of the University of Michigan. * All rights reserved. + ****************************************************************************** + * This notice applies to changes, created by or for Novell, Inc., + * to preexisting works for which notices appear elsewhere in this file. + * + * Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved. + * + * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES. + * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION + * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT + * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE + * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS + * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC + * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE + * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. + ****************************************************************************** + * Modification to OpenLDAP source by Novell, Inc. + * April 2000 sfs Add code to process V3 referrals and search results * * result.c - wait for an ldap result */ @@ -279,10 +296,15 @@ try_read1msg( ber_tag_t tag; ber_len_t len; int foundit = 0; - LDAPRequest *lr; + LDAPRequest *lr, *tmplr; BerElement tmpber; int rc, refer_cnt, hadref, simple_request; ber_int_t lderr; + /* + * v3ref = flag for V3 referral / search reference + * 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application + */ + int v3ref; assert( ld != NULL ); assert( lc != NULL ); @@ -338,6 +360,7 @@ try_read1msg( /* if it's been abandoned, toss it */ if ( ldap_abandoned( ld, id ) ) { ber_free( ber, 1 ); + Debug( LDAP_DEBUG_ANY, "abandoned\n", 0, 0, 0); return( -2 ); /* continue looking */ } @@ -356,10 +379,10 @@ try_read1msg( return( -1 ); } - Debug( LDAP_DEBUG_TRACE, "ldap_read: %s msgid %ld, original id %ld\n", + Debug( LDAP_DEBUG_TRACE, "ldap_read: message type %s msgid %ld, original id %ld\n", ( tag == LDAP_RES_SEARCH_ENTRY ) ? "entry" : ( tag == LDAP_RES_SEARCH_REFERENCE ) ? "reference" : "result", - (long) id, (long) lr->lr_origid ); + (long) lr->lr_msgid, (long) lr->lr_origid ); id = lr->lr_origid; refer_cnt = 0; @@ -367,12 +390,96 @@ try_read1msg( rc = -2; /* default is to keep looking (no response found) */ lr->lr_res_msgtype = tag; - if ( tag != LDAP_RES_SEARCH_ENTRY ) { + /* + * This code figures out if we are going to chase a + * referral / search reference, or pass it back to the application + */ + v3ref = 0; /* Assume not a V3 search reference or referral */ + if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) { + BerElement tmpber = *ber; /* struct copy */ + char **refs = NULL; + + if( tag == LDAP_RES_SEARCH_REFERENCE) { + /* This is a V3 search reference */ + /* Assume we do not chase the reference, but pass it to application */ + v3ref = -1; + if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) || + (lr->lr_parent != NULL) ) + { + /* Get the referral list */ + if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) { + rc = LDAP_DECODING_ERROR; + } else { + /* Note: refs arrary is freed by ldap_chase_v3referrals */ + refer_cnt = ldap_chase_v3referrals( ld, lr, refs, + &lr->lr_res_error, &hadref ); + if ( refer_cnt > 0 ) { /* sucessfully chased reference */ + /* If haven't got end search, set chasing referrals */ + if( lr->lr_status != LDAP_REQST_COMPLETED) { + lr->lr_status = LDAP_REQST_CHASINGREFS; + Debug( LDAP_DEBUG_TRACE, + "read1msg: search ref chased, mark request chasing refs, id = %d\n", + lr->lr_msgid, 0, 0); + } + v3ref = 1; /* We sucessfully chased the reference */ + } + } + } + } else { + /* Check for V3 referral */ + ber_len_t len; + if ( ber_scanf( &tmpber, "{iaa",/*}*/ &lderr, + &lr->lr_res_matched, &lr->lr_res_error ) + != LBER_ERROR ) { + /* Check if V3 referral */ + if( ber_peek_tag( &tmpber, &len) == LDAP_TAG_REFERRAL ) { + /* We have a V3 referral, assume we cannot chase it */ + v3ref = -1; + if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) + || (lr->lr_parent != NULL) ) + { + v3ref = -1; /* Assume referral not chased and return it to app */ + /* Get the referral list */ + if( ber_scanf( &tmpber, "v", &refs) == LBER_ERROR) { + rc = LDAP_DECODING_ERROR; + lr->lr_status = LDAP_REQST_COMPLETED; + Debug( LDAP_DEBUG_TRACE, + "read1msg: referral decode error, mark request completed, id = %d\n", + lr->lr_msgid, 0, 0); + } else { + /* Chase the referral + * Note: refs arrary is freed by ldap_chase_v3referrals + */ + refer_cnt = ldap_chase_v3referrals( ld, lr, refs, + &lr->lr_res_error, &hadref ); + lr->lr_status = LDAP_REQST_COMPLETED; + Debug( LDAP_DEBUG_TRACE, + "read1msg: referral chased, mark request completed, id = %d\n", + lr->lr_msgid, 0, 0); + if( refer_cnt > 0) { + v3ref = 1; /* Referral successfully chased */ + } + } + } + } + } + } + } + + /* All results that just return a status, i.e. don't return data + * go through the following code. This code also chases V2 referrals + * and checks if all referrals have been chased. + */ + if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref > -1) ) { + /* For a v3 search referral/reference, only come here if already chased it */ if ( ld->ld_version >= LDAP_VERSION2 && ( lr->lr_parent != NULL || LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) ) { tmpber = *ber; /* struct copy */ + if ( v3ref == 1 ) { + ; /* V3 search reference or V3 referral sucessfully chased */ + } else if ( ber_scanf( &tmpber, "{iaa}", &lderr, &lr->lr_res_matched, &lr->lr_res_error ) != LBER_ERROR ) { @@ -380,6 +487,9 @@ try_read1msg( /* referrals are in error string */ refer_cnt = ldap_chase_referrals( ld, lr, &lr->lr_res_error, &hadref ); + lr->lr_status = LDAP_REQST_COMPLETED; + Debug( LDAP_DEBUG_TRACE, + "read1msg: V2 referral chased, mark request completed, id = %d\n", lr->lr_msgid, 0, 0); } /* save errno, message, and matched string */ @@ -408,7 +518,7 @@ Debug( LDAP_DEBUG_TRACE, if ( refer_cnt < 0 ) { return( -1 ); /* fatal error */ } - lr->lr_status = LDAP_REQST_CHASINGREFS; + lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */ } else { if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) { /* request without any referrals */ @@ -419,6 +529,9 @@ Debug( LDAP_DEBUG_TRACE, ber = NULL; } + lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */ + Debug( LDAP_DEBUG_TRACE, + "read1msg: mark request completed, id = %d\n", lr->lr_msgid, 0, 0); while ( lr->lr_parent != NULL ) { merge_error_info( ld, lr->lr_parent, lr ); @@ -428,7 +541,15 @@ Debug( LDAP_DEBUG_TRACE, } } - if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) { + /* Check if all requests are finished, lr is now parent */ + for(tmplr=lr ; tmplr != NULL; tmplr=tmplr->lr_refnext) { + if( tmplr->lr_status != LDAP_REQST_COMPLETED) { + break; + } + } + + /* This is the parent request if the request has referrals */ + if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL && tmplr == NULL ) { id = lr->lr_msgid; tag = lr->lr_res_msgtype; Debug( LDAP_DEBUG_ANY, "request %ld done\n", @@ -479,7 +600,8 @@ lr->lr_res_matched ? lr->lr_res_matched : "" ); if ( msgid == LDAP_RES_ANY || id == msgid ) { if ( all == LDAP_MSG_ONE || (new->lm_msgtype != LDAP_RES_SEARCH_RESULT - && new->lm_msgtype != LDAP_RES_SEARCH_ENTRY) ) { + && new->lm_msgtype != LDAP_RES_SEARCH_ENTRY + && new->lm_msgtype != LDAP_RES_SEARCH_REFERENCE) ) { *result = new; ld->ld_errno = LDAP_SUCCESS; return( tag ); @@ -518,8 +640,9 @@ lr->lr_res_matched ? lr->lr_res_matched : "" ); (long) new->lm_msgid, (long) new->lm_msgtype, 0 ); /* part of a search response - add to end of list of entries */ - for ( tmp = l; tmp->lm_chain != NULL && - tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY; + for ( tmp = l; (tmp->lm_chain != NULL) && + ((tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY) || + (tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_REFERENCE)); tmp = tmp->lm_chain ) ; /* NULL */ tmp->lm_chain = new; diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index cb31e0f1bd..4f9984affe 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -173,6 +173,10 @@ ldap_search_ext_s( return( ld->ld_errno ); } + if( rc == LDAP_RES_SEARCH_REFERENCE) { + return( ld->ld_errno ); + } + return( ldap_result2error( ld, *res, 0 ) ); } diff --git a/libraries/libldap/test.c b/libraries/libldap/test.c index 793bed66c6..f32fe6954b 100644 --- a/libraries/libldap/test.c +++ b/libraries/libldap/test.c @@ -229,38 +229,35 @@ get_modlist( char *prompt1, char *prompt2, char *prompt3 ) static int -bind_prompt( LDAP *ld, char **dnp, char **passwdp, int *authmethodp, - int freeit ) +bind_prompt( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid) { static char dn[256], passwd[256]; + char *dnp; + int authmethod; - if ( !freeit ) { #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND getline( dn, sizeof(dn), stdin, "re-bind method (0->simple, 1->krbv41, 2->krbv42, 3->krbv41&2)? " ); - if (( *authmethodp = atoi( dn )) == 3 ) { - *authmethodp = LDAP_AUTH_KRBV4; + if (( authmethod = atoi( dn )) == 3 ) { + authmethod = LDAP_AUTH_KRBV4; } else { - *authmethodp |= 0x80; + authmethod |= 0x80; } #else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */ - *authmethodp = LDAP_AUTH_SIMPLE; + authmethod = LDAP_AUTH_SIMPLE; #endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */ getline( dn, sizeof(dn), stdin, "re-bind dn? " ); strcat( dn, dnsuffix ); - *dnp = dn; - if ( *authmethodp == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) { + if ( authmethod == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) { getline( passwd, sizeof(passwd), stdin, "re-bind password? " ); } else { passwd[0] = '\0'; } - *passwdp = passwd; - } - return( LDAP_SUCCESS ); + return ldap_bind_s( ld, dn, passwd, authmethod); } diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c index bb2cfcdb7d..6098bb8910 100644 --- a/libraries/libldap/url.c +++ b/libraries/libldap/url.c @@ -274,6 +274,36 @@ ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp ) return LDAP_URL_ERR_MEM; } + /* + * Kluge. ldap://111.222.333.444:389??cn=abc,o=company + * + * On early Novell releases, search references/referrals were returned + * in this format, i.e., the dn was kind of in the scope position, + * but the required slash is missing. The whole thing is illegal syntax, + * but we need to account for it. Fortunately it can't be confused with + * anything real. + */ + if( (p == NULL) && ((q = strchr( q, '?')) != NULL)) { + q++; + /* ? immediately followed by question */ + if( *q == '?') { + q++; + if( *q != '\0' ) { + /* parse dn part */ + ldap_pvt_hex_unescape( q ); + ludp->lud_dn = LDAP_STRDUP( q ); + } else { + ludp->lud_dn = LDAP_STRDUP( "" ); + } + + if( ludp->lud_dn == NULL ) { + LDAP_FREE( url ); + ldap_free_urldesc( ludp ); + return LDAP_URL_ERR_MEM; + } + } + } + if( p == NULL ) { LDAP_FREE( url ); *ludpp = ludp; @@ -721,6 +751,7 @@ ldap_url_search( LDAP *ld, LDAP_CONST char *url, int attrsonly ) int err; LDAPURLDesc *ludp; BerElement *ber; + LDAPreqinfo bind; if ( ldap_url_parse( url, &ludp ) != 0 ) { ld->ld_errno = LDAP_PARAM_ERROR; @@ -734,11 +765,14 @@ ldap_url_search( LDAP *ld, LDAP_CONST char *url, int attrsonly ) if ( ber == NULL ) { err = -1; } else { + bind.ri_request = LDAP_REQ_SEARCH; + bind.ri_msgid = ld->ld_msgid; + bind.ri_url = (char *)url; err = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL, (ludp->lud_host != NULL || ludp->lud_port != 0) ? ludp : NULL, - NULL, 1 ); + NULL, &bind ); } ldap_free_urldesc( ludp ); -- 2.39.5