2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2017 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16 * All rights reserved.
26 #include <ac/stdlib.h>
29 #include <ac/socket.h>
30 #include <ac/string.h>
33 #include <ac/unistd.h>
38 /* Caller must hold the conn_mutex since simultaneous accesses are possible */
39 int ldap_open_defconn( LDAP *ld )
41 ld->ld_defconn = ldap_new_connection( ld,
42 &ld->ld_options.ldo_defludp, 1, 1, NULL, 0, 0 );
44 if( ld->ld_defconn == NULL ) {
45 ld->ld_errno = LDAP_SERVER_DOWN;
49 ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
54 * ldap_connect - Connect to an ldap server.
58 * ldap_initialize( &ld, url );
62 ldap_connect( LDAP *ld )
64 ber_socket_t sd = AC_SOCKET_INVALID;
65 int rc = LDAP_SUCCESS;
67 LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
68 if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
69 rc = ldap_open_defconn( ld );
71 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
77 * ldap_open - initialize and connect to an ldap server. A magic cookie to
78 * be used for future communication is returned on success, NULL on failure.
79 * "host" may be a space-separated list of hosts or IP addresses
83 * ld = ldap_open( hostname, port );
87 ldap_open( LDAP_CONST char *host, int port )
92 Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n",
95 ld = ldap_init( host, port );
100 LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
101 rc = ldap_open_defconn( ld );
102 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
105 ldap_ld_free( ld, 0, NULL, NULL );
109 Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n",
110 ld != NULL ? "succeeded" : "failed", 0, 0 );
118 ldap_create( LDAP **ldp )
121 struct ldapoptions *gopts;
124 /* Get pointer to global option structure */
125 if ( (gopts = LDAP_INT_GLOBAL_OPT()) == NULL) {
126 return LDAP_NO_MEMORY;
129 /* Initialize the global options, if not already done. */
130 if( gopts->ldo_valid != LDAP_INITIALIZED ) {
131 ldap_int_initialize(gopts, NULL);
132 if ( gopts->ldo_valid != LDAP_INITIALIZED )
133 return LDAP_LOCAL_ERROR;
136 Debug( LDAP_DEBUG_TRACE, "ldap_create\n", 0, 0, 0 );
138 if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
139 return( LDAP_NO_MEMORY );
142 if ( (ld->ldc = (struct ldap_common *) LDAP_CALLOC( 1,
143 sizeof(struct ldap_common) )) == NULL ) {
144 LDAP_FREE( (char *)ld );
145 return( LDAP_NO_MEMORY );
147 /* copy the global options */
148 LDAP_MUTEX_LOCK( &gopts->ldo_mutex );
149 AC_MEMCPY(&ld->ld_options, gopts, sizeof(ld->ld_options));
150 #ifdef LDAP_R_COMPILE
151 /* Properly initialize the structs mutex */
152 ldap_pvt_thread_mutex_init( &(ld->ld_ldopts_mutex) );
156 if ( ld->ld_options.ldo_tls_pin_hashalg ) {
157 int len = strlen( gopts->ldo_tls_pin_hashalg );
159 ld->ld_options.ldo_tls_pin_hashalg =
160 LDAP_MALLOC( len + 1 + gopts->ldo_tls_pin.bv_len );
161 if ( !ld->ld_options.ldo_tls_pin_hashalg ) goto nomem;
163 ld->ld_options.ldo_tls_pin.bv_val = ld->ld_options.ldo_tls_pin_hashalg
165 AC_MEMCPY( ld->ld_options.ldo_tls_pin_hashalg, gopts->ldo_tls_pin_hashalg,
166 len + 1 + gopts->ldo_tls_pin.bv_len );
167 } else if ( !BER_BVISEMPTY(&ld->ld_options.ldo_tls_pin) ) {
168 ber_dupbv( &ld->ld_options.ldo_tls_pin, &gopts->ldo_tls_pin );
171 LDAP_MUTEX_UNLOCK( &gopts->ldo_mutex );
173 ld->ld_valid = LDAP_VALID_SESSION;
175 /* but not pointers to malloc'ed items */
176 ld->ld_options.ldo_sctrls = NULL;
177 ld->ld_options.ldo_cctrls = NULL;
178 ld->ld_options.ldo_defludp = NULL;
179 ld->ld_options.ldo_conn_cbs = NULL;
181 #ifdef HAVE_CYRUS_SASL
182 ld->ld_options.ldo_def_sasl_mech = gopts->ldo_def_sasl_mech
183 ? LDAP_STRDUP( gopts->ldo_def_sasl_mech ) : NULL;
184 ld->ld_options.ldo_def_sasl_realm = gopts->ldo_def_sasl_realm
185 ? LDAP_STRDUP( gopts->ldo_def_sasl_realm ) : NULL;
186 ld->ld_options.ldo_def_sasl_authcid = gopts->ldo_def_sasl_authcid
187 ? LDAP_STRDUP( gopts->ldo_def_sasl_authcid ) : NULL;
188 ld->ld_options.ldo_def_sasl_authzid = gopts->ldo_def_sasl_authzid
189 ? LDAP_STRDUP( gopts->ldo_def_sasl_authzid ) : NULL;
193 /* We explicitly inherit the SSL_CTX, don't need the names/paths. Leave
194 * them empty to allow new SSL_CTX's to be created from scratch.
196 memset( &ld->ld_options.ldo_tls_info, 0,
197 sizeof( ld->ld_options.ldo_tls_info ));
198 ld->ld_options.ldo_tls_ctx = NULL;
201 if ( gopts->ldo_defludp ) {
202 ld->ld_options.ldo_defludp = ldap_url_duplist(gopts->ldo_defludp);
204 if ( ld->ld_options.ldo_defludp == NULL ) goto nomem;
207 if (( ld->ld_selectinfo = ldap_new_select_info()) == NULL ) goto nomem;
209 ld->ld_lberoptions = LBER_USE_DER;
211 ld->ld_sb = ber_sockbuf_alloc( );
212 if ( ld->ld_sb == NULL ) goto nomem;
214 #ifdef LDAP_R_COMPILE
215 ldap_pvt_thread_mutex_init( &ld->ld_msgid_mutex );
216 ldap_pvt_thread_mutex_init( &ld->ld_conn_mutex );
217 ldap_pvt_thread_mutex_init( &ld->ld_req_mutex );
218 ldap_pvt_thread_mutex_init( &ld->ld_res_mutex );
219 ldap_pvt_thread_mutex_init( &ld->ld_abandon_mutex );
220 ldap_pvt_thread_mutex_init( &ld->ld_ldcmutex );
222 ld->ld_ldcrefcnt = 1;
227 ldap_free_select_info( ld->ld_selectinfo );
228 ldap_free_urllist( ld->ld_options.ldo_defludp );
229 #ifdef HAVE_CYRUS_SASL
230 LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
231 LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
232 LDAP_FREE( ld->ld_options.ldo_def_sasl_realm );
233 LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
237 /* tls_pin_hashalg and tls_pin share the same buffer */
238 if ( ld->ld_options.ldo_tls_pin_hashalg ) {
239 LDAP_FREE( ld->ld_options.ldo_tls_pin_hashalg );
241 LDAP_FREE( ld->ld_options.ldo_tls_pin.bv_val );
244 LDAP_FREE( (char *)ld );
245 return LDAP_NO_MEMORY;
249 * ldap_init - initialize the LDAP library. A magic cookie to be used for
250 * future communication is returned on success, NULL on failure.
251 * "host" may be a space-separated list of hosts or IP addresses
255 * ld = ldap_init( host, port );
258 ldap_init( LDAP_CONST char *defhost, int defport )
263 rc = ldap_create(&ld);
264 if ( rc != LDAP_SUCCESS )
268 ld->ld_options.ldo_defport = defport;
270 if (defhost != NULL) {
271 rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost);
272 if ( rc != LDAP_SUCCESS ) {
273 ldap_ld_free(ld, 1, NULL, NULL);
283 ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
289 rc = ldap_create(&ld);
290 if ( rc != LDAP_SUCCESS )
294 rc = ldap_set_option(ld, LDAP_OPT_URI, url);
295 if ( rc != LDAP_SUCCESS ) {
296 ldap_ld_free(ld, 1, NULL, NULL);
299 #ifdef LDAP_CONNECTIONLESS
300 if (ldap_is_ldapc_url(url))
313 LDAP_CONST char *url,
320 #ifdef LDAP_CONNECTIONLESS
325 rc = ldap_create( &ld );
326 if( rc != LDAP_SUCCESS )
330 rc = ldap_set_option(ld, LDAP_OPT_URI, url);
331 if ( rc != LDAP_SUCCESS ) {
332 ldap_ld_free(ld, 1, NULL, NULL);
337 LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
338 /* Attach the passed socket as the LDAP's connection */
339 conn = ldap_new_connection( ld, NULL, 1, 0, NULL, 0, 0 );
341 ldap_unbind_ext( ld, NULL, NULL );
342 return( LDAP_NO_MEMORY );
345 conn->lconn_server = ldap_url_dup( ld->ld_options.ldo_defludp );
346 ber_sockbuf_ctrl( conn->lconn_sb, LBER_SB_OPT_SET_FD, &fd );
347 ld->ld_defconn = conn;
348 ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
349 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
354 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
355 LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
357 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
358 LBER_SBIOD_LEVEL_PROVIDER, NULL );
361 #ifdef LDAP_CONNECTIONLESS
364 if( ld->ld_options.ldo_peer )
365 ldap_memfree( ld->ld_options.ldo_peer );
366 ld->ld_options.ldo_peer = ldap_memcalloc( 1, sizeof( struct sockaddr_storage ) );
367 len = sizeof( struct sockaddr_storage );
368 if( getpeername ( fd, ld->ld_options.ldo_peer, &len ) < 0) {
369 ldap_unbind_ext( ld, NULL, NULL );
370 return( AC_SOCKET_ERROR );
373 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
374 LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
376 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
377 LBER_SBIOD_LEVEL_PROVIDER, NULL );
378 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
379 LBER_SBIOD_LEVEL_PROVIDER, NULL );
381 #endif /* LDAP_CONNECTIONLESS */
385 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
386 LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
388 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
389 LBER_SBIOD_LEVEL_PROVIDER, NULL );
393 /* caller must supply sockbuf handlers */
397 ldap_unbind_ext( ld, NULL, NULL );
398 return LDAP_PARAM_ERROR;
402 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
403 INT_MAX, (void *)"ldap_" );
406 /* Add the connection to the *LDAP's select pool */
407 ldap_mark_select_read( ld, conn->lconn_sb );
413 /* Protected by ld_conn_mutex */
415 ldap_int_open_connection(
424 Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );
426 switch ( proto = ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
428 rc = ldap_connect_to_host( ld, conn->lconn_sb,
431 if ( rc == -1 ) return rc;
433 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
434 LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
436 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
437 LBER_SBIOD_LEVEL_PROVIDER, NULL );
441 #ifdef LDAP_CONNECTIONLESS
444 rc = ldap_connect_to_host( ld, conn->lconn_sb,
447 if ( rc == -1 ) return rc;
449 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
450 LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
452 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
453 LBER_SBIOD_LEVEL_PROVIDER, NULL );
455 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
456 LBER_SBIOD_LEVEL_PROVIDER, NULL );
462 /* only IPC mechanism supported is PF_LOCAL (PF_UNIX) */
463 rc = ldap_connect_to_path( ld, conn->lconn_sb,
465 if ( rc == -1 ) return rc;
467 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
468 LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
470 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
471 LBER_SBIOD_LEVEL_PROVIDER, NULL );
474 #endif /* LDAP_PF_LOCAL */
480 conn->lconn_created = time( NULL );
483 ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
484 INT_MAX, (void *)"ldap_" );
487 #ifdef LDAP_CONNECTIONLESS
488 if( proto == LDAP_PROTO_UDP ) return 0;
492 if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
493 strcmp( srv->lud_scheme, "ldaps" ) == 0 ))
495 ++conn->lconn_refcnt; /* avoid premature free */
497 rc = ldap_int_tls_start( ld, conn, srv );
499 --conn->lconn_refcnt;
501 if (rc != LDAP_SUCCESS) {
502 /* process connection callbacks */
504 struct ldapoptions *lo;
508 lo = &ld->ld_options;
509 LDAP_MUTEX_LOCK( &lo->ldo_mutex );
510 if ( lo->ldo_conn_cbs ) {
511 for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) {
513 cb->lc_del( ld, conn->lconn_sb, cb );
516 LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
517 lo = LDAP_INT_GLOBAL_OPT();
518 LDAP_MUTEX_LOCK( &lo->ldo_mutex );
519 if ( lo->ldo_conn_cbs ) {
520 for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) {
522 cb->lc_del( ld, conn->lconn_sb, cb );
525 LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
536 * ldap_open_internal_connection - open connection and set file descriptor
538 * note: ldap_init_fd() may be preferable
542 ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp )
549 rc = ldap_create( &ld );
550 if( rc != LDAP_SUCCESS ) {
555 /* Make it appear that a search request, msgid 0, was sent */
556 lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
558 ldap_unbind_ext( ld, NULL, NULL );
560 return( LDAP_NO_MEMORY );
562 memset(lr, 0, sizeof( LDAPRequest ));
564 lr->lr_status = LDAP_REQST_INPROGRESS;
565 lr->lr_res_errno = LDAP_SUCCESS;
566 /* no mutex lock needed, we just created this ld here */
567 ld->ld_requests = lr;
569 LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
570 /* Attach the passed socket as the *LDAP's connection */
571 c = ldap_new_connection( ld, NULL, 1, 0, NULL, 0, 0 );
573 ldap_unbind_ext( ld, NULL, NULL );
575 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
576 return( LDAP_NO_MEMORY );
578 ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp );
580 ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug,
581 LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" );
583 ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp,
584 LBER_SBIOD_LEVEL_PROVIDER, NULL );
586 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
588 /* Add the connection to the *LDAP's select pool */
589 ldap_mark_select_read( ld, c->lconn_sb );
591 /* Make this connection an LDAP V3 protocol connection */
593 ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &rc );
596 ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
598 return( LDAP_SUCCESS );
602 ldap_dup( LDAP *old )
610 Debug( LDAP_DEBUG_TRACE, "ldap_dup\n", 0, 0, 0 );
612 if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
616 LDAP_MUTEX_LOCK( &old->ld_ldcmutex );
619 LDAP_MUTEX_UNLOCK( &old->ld_ldcmutex );
624 ldap_int_check_async_open( LDAP *ld, ber_socket_t sd )
626 struct timeval tv = { 0 };
629 rc = ldap_int_poll( ld, sd, &tv, 1 );
632 /* now ready to start tls */
633 ld->ld_defconn->lconn_status = LDAP_CONNST_CONNECTED;
637 ld->ld_errno = LDAP_CONNECT_ERROR;
641 /* connect not completed yet */
642 ld->ld_errno = LDAP_X_CONNECTING;
647 if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
648 !strcmp( ld->ld_defconn->lconn_server->lud_scheme, "ldaps" )) {
650 ++ld->ld_defconn->lconn_refcnt; /* avoid premature free */
652 rc = ldap_int_tls_start( ld, ld->ld_defconn, ld->ld_defconn->lconn_server );
654 --ld->ld_defconn->lconn_refcnt;