upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-02 04:59:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move ldapd into the Attic, quipu tools remain for now.

Browse source
This commit is contained in:
Kurt Zeilenga 2000-06-01 23:00:22 +00:00
parent c23536faa9
commit 45c6324a9d
30 changed files with 673 additions and 7867 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build/top.mk
View file

@ -140,7 +140,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
LDAPD_LIBS = @LDAPD_LIBS@
QUIPU_LIBS = @QUIPU_LIBS@
SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@
SLURPD_LIBS = @SLURPD_LIBS@

1596
configure vendored
View file

File diff suppressed because it is too large Load diff

47
configure.in
View file

@ -124,9 +124,6 @@ OL_ARG_WITH(yielding_select,[ --with-yielding-select with implicitly yielding s
dnl ----------------------------------------------------------------
dnl Server options
dnl ----------------------------------------------------------------
dnl LDAPD OPTIONS
AC_ARG_WITH(xxldapdoptions,[LDAPD (X.500-to-LDAP Gateway) Options:])
OL_ARG_ENABLE(ldapd,[ --enable-ldapd enable building ldapd], no)dnl
dnl ----------------------------------------------------------------
dnl SLAPD OPTIONS
@ -430,11 +427,10 @@ LDBM_LIBS=
LTHREAD_LIBS=
LUTIL_LIBS=
LDAPD_LIBS=
QUIPU_LIBS=
SLAPD_LIBS=
SLURPD_LIBS=
BUILD_LDAPD=no
BUILD_SLAPD=no
BUILD_SLURPD=no
@ -829,39 +825,6 @@ elif test $ol_enable_dns != no ; then
fi
dnl ----------------------------------------------------------------
dnl ISODE tests
ol_link_isode=no
if test $ol_enable_ldapd != no ; then
AC_MSG_WARN([ldapd is not supported and may suffer from bit rot.])
dnl look for ISODE libraries
AC_CHECK_LIB(xtpp, main, [
ol_link_isode=yes
AC_DEFINE(HAVE_XTPP,1, [define if you have -lxttp])
LDAPD_LIBS="$LDAPD_LIBS -lxtpp -lxtdsap -lxtisode -losi"
],:,[-lxtdsap -lxtisode -losi])
AC_CHECK_LIB(dsap, main, [
ol_link_isode=yes
AC_DEFINE(HAVE_DSAP,1, [define if you have -ldsap])
LDAPD_LIBS="$LDAPD_LIBS -ldsap"
],:,[-lisode])
AC_CHECK_LIB(isode, main, [
ol_link_isode=yes
AC_DEFINE(HAVE_ISODE,1, [define if you have -lisode])
LDAPD_LIBS="$LDAPD_LIBS -lisode"
],:)
fi
if test $ol_link_isode != no; then
AC_CHECK_LIB(pp, main, [
AC_DEFINE(HAVE_PP,1, [define if you have -lpp])
LDAPD_LIBS="-lpp $LDAPD_LIBS"
],:)
AC_PATH_PROG(PEPSY, pepsy)
fi
dnl ----------------------------------------------------------------
dnl QUIPU
if test $ol_enable_quipu != no ; then
@ -2364,10 +2327,6 @@ if test "$ol_enable_slurpd" != no -a "$ol_link_threads" != no -a \
BUILD_SLURPD=yes
fi
if test "$ol_link_isode" != no ; then
BUILD_LDAPD=yes
fi
dnl ----------------------------------------------------------------
if test "$LINK_BINS_DYNAMIC" = yes; then
@ -2393,7 +2352,6 @@ AC_SUBST(LIB_LINKAGE)
AC_SUBST(LT_LIB_LINKAGE)
AC_SUBST(DYN_EXT)
AC_SUBST(BUILD_LDAPD)
AC_SUBST(BUILD_SLAPD)
AC_SUBST(BUILD_BDB2)
AC_SUBST(BUILD_DNSSRV)
@ -2417,9 +2375,9 @@ AC_SUBST(BUILD_SLAPD)
AC_SUBST(BUILD_SLURPD)
AC_SUBST(LDAP_LIBS)
AC_SUBST(LDAPD_LIBS)
AC_SUBST(LDIF_LIBS)
AC_SUBST(SLAPD_LIBS)
AC_SUBST(QUIPU_LIBS)
AC_SUBST(SLURPD_LIBS)
AC_SUBST(LDBM_LIBS)
AC_SUBST(LTHREAD_LIBS)
@ -2480,7 +2438,6 @@ libraries/libldif/Makefile:build/top.mk:libraries/libldif/Makefile.in:build/lib.
libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk \
libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk \
servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk \
servers/ldapd/Makefile:build/top.mk:servers/ldapd/Makefile.in:build/srv.mk \
servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk \
servers/slapd/back-bdb2/Makefile:build/top.mk:servers/slapd/back-bdb2/Makefile.in:build/mod.mk \
servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk \

136
doc/man/man8/ldapd.8
View file

@ -1,136 +0,0 @@
.TH LDAPD 8C "19 September 1999" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapd \- LDAP X.500 Protocol Daemon
.SH SYNOPSIS
.B LIBEXECDIR/ldapd [\-d level] [\-l] [\-c dsaname]
.B [\-p port] [\-t timeout] [\-r referraltimeout]
.B [\-I] [\-U]
.I (deprecated)
.SH DESCRIPTION
.LP
.B Ldapd
is the LDAP to X.500 gateway daemon. The LDAP protocol is used to
provide lightweight TCP/IP access to the X.500 Directory. The
.B ldapd
server is typically invoked at boot time, usually out of
.BR /etc/rc.local .
Upon startup,
.B ldapd
normally forks and disassociates itself from the invoking tty, and then
listens on port 389 for TCP connections from LDAP clients.
The server performs the following basic operations for the client:
.TP 14
.B Bind
Bind to the X.500 directory. Currently only simple (clear-text password)
and kerberos version 4 authentication are supported.
.TP
.B Search
Search the X.500 directory for entries that match a given filter.
The scope of the search can be base object, one level, or whole subtree.
Note that the X.500 read and list can be emulated using search.
.TP
.B Modify
Change the attributes and values of an existing X.500 entry.
.TP
.B Modify RDN
Change the Relative Distinguished Name of an X.500 entry.
.TP
.B Add
Add an entry to the X.500 directory.
.TP
.B Remove
Remove an entry from the X.500 directory.
.TP
.B Abandon
Abort an operation in progress.
.LP
See
.BR ldap (3)
for details on client-side access to the ldap server. See
.I RFC 1777: Lightweight Directory Access Protocol
and
.I RFC 1778: The String Representation of
.I Standard Attribute Syntaxes
for details of the protocol supporting the above operations.
.SH OPTIONS
.TP
.BI \-d " level"
Turn on debugging as defined by
.I level.
If this option is specified,
.I ldapd
will not fork or disassociate from the invoking terminal. Some general
operation and status messages are printed for any value of \fIlevel\fP.
\fIlevel\fP is taken as a bit string, with each bit corresponding to a
different kind of debugging information. See <ldap.h> for details.
.TP
.B \-l
Enable logging of various status and errors to the LOG_LOCAL4 facility via
.BR syslog (8).
.TP
.RB \-c " dsaname"
Connect to the named DSA initially. The
.I dsaname
given should be a name found in the local dsaptailor file or an
actual presentation address.
.TP
.BI \-p " port"
Listen on port
.I port
instead of the default port. This is useful for debugging purposes.
.TP
.BI \-t " timeout"
Specify the timeout value after which idle connections from
clients are closed.
.TP
.BI \-r " referraltimeout"
Specify the timeout value after which idle connections to DSAs
are closed.
.TP
.B \-I
Run from
.BR inetd (8)
instead of as a stand-alone daemon.
.TP
.B \-U
Support Connectionless LDAP (CLDAP). In this mode, ldapd listens for
CLDAP search requests only on a UDP port, performs the search, and
returns the result. See
.BR udp (4)
for more information on UDP.
.SH EXAMPLES
To start ldapd and have it fork and detach from the terminal and connect
to the first DSA listed in the dsaptailor file, just type:
.LP
.nf
.ft tt
LIBEXECDIR/ldapd
.ft
.fi
.LP
To connect to an alternate DSA and turn on voluminous debugging which
will be printed on standard error, type:
.LP
.nf
.ft tt
LIBEXECDIR/ldapd -c dsanameoraddr -d 31
.ft
.fi
.LP
where dsanameoraddr is a presentation address or a name that appears
in the local dsaptailor file.
.SH "SEE ALSO"
.BR ldap (3),
.BR udp (4),
.BR slapd (8)
.BR inetd (8)
.LP
Volume 5 of The ISODE Manual
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.

12
include/portable.h.in
View file

@ -618,18 +618,6 @@
/* define if you have res_search() */
#undef HAVE_RES_SEARCH
/* define if you have -lxttp */
#undef HAVE_XTPP
/* define if you have -ldsap */
#undef HAVE_DSAP
/* define if you have -lisode */
#undef HAVE_ISODE
/* define if you have -lpp */
#undef HAVE_PP
/* define if you have HEIMDAL Kerberos */
#undef HAVE_HEIMDAL_KERBEROS

2
servers/Makefile.in
View file

@ -4,5 +4,5 @@
##
## servers Makefile.in for OpenLDAP
SUBDIRS= ldapd slapd slurpd
SUBDIRS= slapd slurpd

52
servers/ldapd/Makefile.in
View file

@ -1,52 +0,0 @@
# $OpenLDAP$
##
## Makefile.in for ldapd
##
PROGRAMS=ldapd
XPROGRAMS=sldapd
XSRCS = version.c
SRCS = main.c request.c bind.c result.c error.c \
search.c util.c compare.c message.c add.c delete.c modrdn.c modify.c \
abandon.c syntax.c association.c kerberos.c certificate.c
OBJS = main.o request.o bind.o result.o error.o \
search.o util.o compare.o message.o add.o delete.o modrdn.o modify.o \
abandon.o syntax.o association.o kerberos.o LDAP_tables.o \
certificate.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
BUILD_OPT = "--enable-ldapd"
BUILD_SRV = @BUILD_LDAPD@
all-local-srv: ldapd
XLIBS= -llber -llutil
XXLIBS= $(LDAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
ldapd: version.o
$(LTLINK) -o $@ $(OBJS) version.o $(LIBS)
sldapd: version.o
$(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS)
version.c: $(OBJS) $(LDAP_LIBLBER_DEPEND)
$(RM) $@
$(MKVERSION) ldapd > $@
request.o: LDAP-types.h
LDAP_tables.c: ldap.py
@if [ ! -z "$(PEPSY)" ]; then \
$(PEPSY) -A ldap.py; \
else \
touch LDAP_tables.c LDAP-types.h; \
fi
LDAP-types.h: LDAP_tables.c
install-local-srv: FORCE
-$(MKDIR) $(DESTDIR)$(libexecdir)
$(LTINSTALL) $(INSTALLFLAGS) -s -m 755 ldapd $(DESTDIR)$(libexecdir)

2
servers/ldapd/README
View file

@ -1,2 +0,0 @@
LDAPD is no longer supported nor actively maintained.
This code may suffer from bitrot.

67
servers/ldapd/abandon.c
View file

@ -1,67 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/abandon.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
int
do_abandon(
struct conn *dsaconn,
BerElement *ber,
int msgid
)
{
int id;
struct ds_abandon_arg aa;
struct DAPindication di;
Debug( LDAP_DEBUG_TRACE, "do_abandon\n", 0, 0 ,0 );
/*
* Parse the abandon request. It looks like this:
* AbandonRequest := MessageID
*/
if ( ber_scanf( ber, "i", &id ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0 ,0 );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_abandin: id %d\n", id, 0 ,0 );
aa.aba_invokeid = id;
Debug( LDAP_DEBUG_TRACE, "DapAbandon...\n", 0, 0 ,0 );
if ( DapAbandon( dsaconn->c_ad, msgid, &aa, &di, ROS_ASYNC )
== NOTOK ) {
Debug( LDAP_DEBUG_ANY, "DapAbandon failed\n", 0, 0 ,0 );
return( 0 );
}
Debug( LDAP_DEBUG_TRACE, "DapAbandon completed\n", 0, 0 ,0 );
return( 0 );
}

128
servers/ldapd/add.c
View file

@ -1,128 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/add.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef LDAP_COMPAT20
#define ADDTAG (ldap_compat == 20 ? OLD_LDAP_RES_ADD : LDAP_RES_ADD)
#else
#define ADDTAG LDAP_RES_ADD
#endif
int
do_add(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
char *dn;
char *type, *last;
struct berval **bvals;
int rc;
unsigned long tag, len;
struct ds_addentry_arg aa;
static CommonArgs common = default_common_args;
Debug( LDAP_DEBUG_TRACE, "do_add\n", 0, 0, 0 );
/*
* Parse the add request. It looks like this:
* AddRequest := [APPLICATION 14] SEQUENCE {
* name DistinguishedName,
* attrs SEQUENCE OF SEQUENCE {
* type AttributeType,
* values SET OF AttributeValue
* }
* }
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_AddEntryArgument_INIT ( &aa );
#endif
#endif
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, ADDTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_add: dn (%s)\n", dn, 0, 0 );
aa.ada_object = ldap_str2dn( dn );
free( dn );
if ( aa.ada_object == NULLDN ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, ADDTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
/* break out once we read them all, or return out on error */
aa.ada_entry = NULLATTR;
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) ) {
Attr_Sequence as;
if ( ber_scanf( ber, "{a{V}}", &type, &bvals ) == LBER_ERROR )
break;
if ( (as = get_as( clientsb, LDAP_RES_ADD, m, type,
bvals )) == NULLATTR )
return( 0 );
aa.ada_entry = as_merge( aa.ada_entry, as );
}
aa.ada_common = common; /* struct copy */
rc = initiate_dap_operation( OP_ADDENTRY, m, &aa );
dn_free( aa.ada_object );
as_free( aa.ada_entry );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, ADDTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
void
add_result(
Sockbuf *sb,
struct msg *m
)
{
send_ldap_msgresult( sb, ADDTAG, m, LDAP_SUCCESS, NULL, "" );
return;
}

286
servers/ldapd/association.c
View file

@ -1,286 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/errno.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
#include <quipu/commonarg.h>
#include <quipu/ds_error.h>
#include <quipu/dap.h> /* get dap_unbind() */
#if ISODEPACKAGE == IC
#include <ll/isoaddrs.h>
#else
#include <isoaddrs.h>
#endif
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_FILIO_H
#include <sys/filio.h>
#endif
#ifdef __hpux
#define FIOGETOWN FIOGSAIOOWN
#endif
struct conn *conns;
struct conn *
conn_dup( struct conn *cn )
{
struct conn *new;
if ( (new = (struct conn *) malloc( sizeof(struct conn) )) == NULL )
return( NULL );
*new = *cn;
new->c_next = NULL;
new->c_time = 0L;
new->c_paddr = psap_cpy( cn->c_paddr );
new->c_dn = strdup( cn->c_dn );
if ( new->c_credlen > 0 ) {
new->c_cred = (char *) malloc( cn->c_credlen );
SAFEMEMCPY( new->c_cred, cn->c_cred, cn->c_credlen );
} else {
new->c_cred = "";
}
new->c_credlen = cn->c_credlen;
new->c_refcnt = 1;
return( new );
}
int
conn_init( void )
{
struct PSAPaddr *addr;
if ( (conns = (struct conn *) malloc( sizeof(struct conn) )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "conn_init: malloc failed\n", 0, 0, 0 );
return( -1 );
}
conns->c_ad = -1;
conns->c_dn = NULL;
conns->c_cred = NULL;
conns->c_credlen = 0;
if ( dsa_address == NULL || (addr = str2paddr( dsa_address ))
== NULLPA ) {
conns->c_paddr = NULLPA;
Debug( LDAP_DEBUG_ANY, "conn_init: bad DSA address (%s)\n",
dsa_address ? dsa_address : "NULL", 0, 0 );
} else {
conns->c_paddr = psap_cpy( addr );
}
conns->c_refcnt = 1; /* this conn is never deleted */
conns->c_next = NULL;
return( 0 );
}
void
conn_free( struct conn *conn )
{
struct timeval tv;
Debug( LDAP_DEBUG_TRACE, "conn_free (%s): refcnt is %d\n",
paddr2str( conn->c_paddr, NULLNA ), conn->c_refcnt, 0 );
if ( --conn->c_refcnt > 0 )
return;
gettimeofday( &tv, (struct timezone *)NULL );
if ( conn->c_time != 0L && (tv.tv_sec - conn->c_time)
< referral_connection_timeout ) {
Debug( LDAP_DEBUG_TRACE, "conn_free: referral conn ttl is %d\n",
referral_connection_timeout - (tv.tv_sec - conn->c_time),
0, 0 );
return;
}
conn_del( conn );
if ( conn->c_paddr )
free( (char *) conn->c_paddr );
if ( conn->c_dn )
free( conn->c_dn );
if ( conn->c_credlen > 0 )
free( conn->c_cred );
free( conn );
}
void
conn_del( struct conn *conn )
{
struct conn *tmp, *prev;
Debug( LDAP_DEBUG_TRACE, "conn_del (%s)\n",
paddr2str( conn->c_paddr, NULLNA ), 0, 0 );
prev = NULL;
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
if ( tmp == conn )
break;
prev = tmp;
}
if ( tmp == NULL ) {
Debug( LDAP_DEBUG_ANY, "conn_del: cannot find conn\n", 0, 0,
0 );
return;
}
if ( prev == NULL ) {
conns = conns->c_next; /* delete head of list */
} else {
prev->c_next = tmp->c_next;
}
}
void
conn_setfds( fd_set *fds )
{
struct conn *tmp;
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
if ( tmp->c_ad != -1 )
FD_SET( tmp->c_ad, fds );
}
}
void
conn_badfds( void )
{
struct conn *tmp;
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
if ( isclosed( tmp->c_ad ) ) {
Debug( LDAP_DEBUG_ANY, "conn_badfds: fd %d is bad\n",
tmp->c_ad, 0, 0 );
tmp->c_ad = -1;
}
}
}
struct conn *
conn_getfd( fd_set *fds )
{
struct conn *tmp;
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
if ( tmp->c_ad != -1 )
if ( FD_ISSET( tmp->c_ad, fds ) )
return( tmp );
}
return( NULL );
}
void
conn_add( struct conn *new )
{
struct timeval tv;
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_CONNS ) {
char *str;
str = paddr2str( new->c_paddr, NULLNA );
Debug( LDAP_DEBUG_CONNS, "conn_add: (%s)\n", str, 0, 0 );
}
#endif
gettimeofday( &tv, (struct timezone *)NULL );
new->c_time = tv.tv_sec;
new->c_next = conns;
new->c_refcnt = 1;
conns = new;
}
static int
psap_cmp( struct PSAPaddr *a, struct PSAPaddr *b )
{
return( bcmp( (char *) a, (char *) b, sizeof(struct PSAPaddr) ) );
}
struct conn *
conn_find( struct conn *c )
{
struct conn *tmp;
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_CONNS ) {
char *str;
str = paddr2str( c->c_paddr, NULLNA );
Debug( LDAP_DEBUG_CONNS, "conn_find: (%s)\n", str, 0, 0 );
}
#endif
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_CONNS ) {
char *str;
str = paddr2str( tmp->c_paddr, NULLNA );
Debug( LDAP_DEBUG_CONNS, "conn_find: compare to (%s)\n",
str, 0, 0 );
}
#endif
if ( psap_cmp( tmp->c_paddr, c->c_paddr ) == 0
&& strcmp( tmp->c_dn, c->c_dn ) == 0
&& tmp->c_credlen == c->c_credlen
&& bcmp( tmp->c_cred, c->c_cred, c->c_credlen ) == 0 ) {
Debug( LDAP_DEBUG_CONNS, "conn_find: found\n", 0,
0, 0 );
return( tmp );
}
}
Debug( LDAP_DEBUG_CONNS, "conn_find: not found\n", 0, 0, 0 );
return( NULL );
}
void
conn_close( void )
{
struct conn *tmp;
for ( tmp = conns; tmp != NULL; tmp = tmp->c_next ) {
if ( tmp->c_ad != -1 )
dap_unbind( tmp->c_ad );
}
}
int
isclosed( int ad )
{
int o;
if ( ioctl( ad, FIOGETOWN, &o ) < 0 )
return( errno == EBADF ? 1 : 0 );
else
return( 0 );
}

270
servers/ldapd/bind.c
View file

@ -1,270 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h> /* get SAFEMEMCPY */
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/bind.h>
#include <quipu/compare.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef LDAP_COMPAT20
#define BINDTAG (ldap_compat == 20 ? OLD_LDAP_RES_BIND : LDAP_RES_BIND)
#else
#define BINDTAG LDAP_RES_BIND
#endif
/*
* do_bind - perform an X.500 bind operation. Since we always respond
* to the request in here, always return 0 to signify the incoming message
* can be discarded.
*/
int
do_bind(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber,
int *bound
)
{
int err;
unsigned long method;
unsigned long len;
char *dn, *pw;
char *matched;
struct PSAPaddr *addr;
Debug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
/*
* Parse the bind request. It looks like this:
* BindRequest ::= SEQUENCE {
* version INTEGER, -- version
* name DistinguishedName, -- dn
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
* krbv42ldap [1] OCTET STRING
* krbv42dsa [1] OCTET STRING
* }
* }
*/
if ( ber_scanf( ber, "{ia", &version, &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, BINDTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "Decoding error" );
return( 0 );
}
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
method = ber_skip_tag( ber, &len );
else
#endif
method = ber_peek_tag( ber, &len );
if ( ber_scanf( ber, "la}", &len, &pw ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf2 failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, BINDTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "Decoding error" );
return( 0 );
}
if ( version != LDAP_VERSION1 && version != LDAP_VERSION2 ) {
Debug( LDAP_DEBUG_ANY, "unknown version %d\n", version, 0, 0 );
send_ldap_msgresult( clientsb, BINDTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "Version not supported" );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_bind: version %d dn (%s) method %lu\n",
version, dn, method );
if ( m->m_conn->c_paddr == NULLPA ) {
char buf[256];
sprintf( buf, "Bad DSA address (%s)", dsa_address ?
dsa_address : "NULL" );
send_ldap_msgresult( clientsb, BINDTAG, m,
LDAP_OPERATIONS_ERROR, NULL, buf );
return( 0 );
}
if ( m->m_conn->c_dn )
free( m->m_conn->c_dn );
if ( m->m_conn->c_cred )
free( m->m_conn->c_cred );
m->m_conn->c_dn = dn;
m->m_conn->c_cred = pw;
m->m_conn->c_credlen = len;
m->m_conn->c_method = method;
err = do_bind_real( m->m_conn, bound, &matched );
send_ldap_msgresult( clientsb, BINDTAG, m, err, matched, "" );
if ( matched != NULL )
free( matched );
return( 0 );
}
int
do_bind_real(
struct conn *dsaconn,
int *bound,
char **matched
)
{
struct ds_bind_arg ba;
struct ds_bind_arg br;
struct ds_bind_error be;
struct DSError dse;
char *dn = dsaconn->c_dn;
int err;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
u_long nonce;
#endif
Debug( LDAP_DEBUG_TRACE, "do_bind_real\n", 0, 0, 0 );
*matched = NULL;
if ( (ba.dba_dn = ldap_str2dn( dn )) == NULLDN && *dn != '\0' ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn (%s) failed\n", dn, 0, 0 );
return( LDAP_INVALID_DN_SYNTAX );
}
switch ( dsaconn->c_method ) {
#ifdef LDAP_COMPAT20
case OLD_LDAP_AUTH_SIMPLE:
#endif
#ifdef LDAP_COMPAT30
case LDAP_AUTH_SIMPLE_30:
#endif
case LDAP_AUTH_SIMPLE: /* x.500 simple authentication */
if ( dsaconn->c_credlen > DBA_MAX_PASSWD_LEN ) {
Debug( LDAP_DEBUG_ANY, "Password too long\n", 0, 0, 0 );
return( LDAP_INAPPROPRIATE_AUTH );
}
if (( ba.dba_passwd_len = dsaconn->c_credlen ) > 0 ) {
SAFEMEMCPY( ba.dba_passwd, dsaconn->c_cred,
ba.dba_passwd_len );
ba.dba_auth_type = DBA_AUTH_SIMPLE;
} else {
ba.dba_auth_type = DBA_AUTH_NONE;
}
ba.dba_version = DBA_VERSION_V1988;
break;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#ifdef LDAP_COMPAT20
case OLD_LDAP_AUTH_KRBV4:
#endif
#ifdef LDAP_COMPAT30
case LDAP_AUTH_KRBV41_30:
#endif
case LDAP_AUTH_KRBV41: /* kerberos authentication to ldap server */
return( kerberosv4_ldap_auth( dsaconn->c_cred,
dsaconn->c_credlen ) );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_AUTH_KRBV42:
#endif
#ifdef LDAP_COMPAT30
case LDAP_AUTH_KRBV42_30:
#endif
case LDAP_AUTH_KRBV42: /* kerberos authentication to x500 dsa */
if ( (err = kerberosv4_bindarg( &ba, ba.dba_dn, dsaconn->c_cred,
dsaconn->c_credlen, &nonce )) != 0 )
return( err );
break;
#endif
default:
return( LDAP_PROTOCOL_ERROR );
break;
}
if ( dsaconn->c_ad != -1 )
dap_unbind( dsaconn->c_ad );
Debug( LDAP_DEBUG_TRACE, "dap_bind to dsa (%s)...\n", paddr2str(
dsaconn->c_paddr, NULLNA ), 0, 0 );
err = dap_bind( &dsaconn->c_ad, &ba, &be, &br, dsaconn->c_paddr );
if ( err != DS_OK && ba.dba_dn != NULLDN && ba.dba_auth_type
== DBA_AUTH_NONE && be.dbe_type == DBE_TYPE_SECURITY ) {
/* if doing a NULL bind, retry with a NULL dn */
Debug( LDAP_DEBUG_TRACE, "retring NULL dap_bind\n", 0, 0, 0 );
dn_free( ba.dba_dn );
ba.dba_dn = NULLDN;
err = dap_bind( &dsaconn->c_ad, &ba, &be, &br,
dsaconn->c_paddr );
}
if ( err != DS_OK ) {
if ( ba.dba_dn != NULLDN )
dn_free( ba.dba_dn );
if ( be.dbe_type == DBE_TYPE_SERVICE ) {
dse.dse_type = DSE_SERVICEERROR;
dse.ERR_SERVICE.DSE_sv_problem = be.dbe_value;
} else if ( be.dbe_type == DBE_TYPE_SECURITY ) {
dse.dse_type = DSE_SECURITYERROR;
dse.ERR_SECURITY.DSE_sc_problem = be.dbe_value;
} else {
dse.dse_type = DSE_REMOTEERROR;
}
err = x500err2ldaperr( &dse, matched );
#ifdef LDAP_DEBUG
if ( ldap_debug )
print_error( &dse ); /* prints and then frees */
else
#endif
ds_error_free( &dse );
dsaconn->c_ad = -1;
return( err );
}
bind_arg_free( &br );
Debug( LDAP_DEBUG_TRACE, "dap_bind successful\n", 0, 0, 0 );
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
/* XXX why doesn't this work??
if ( dsaconn->c_method == LDAP_AUTH_KRBV42 &&
kerberos_check_mutual( &br, nonce ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "Mutual authentication failed\n", 0, 0,
0 );
return( LDAP_INVALID_CREDENTIALS );
}
*/
#endif
*bound = 1;
return( LDAP_SUCCESS );
}

321
servers/ldapd/certificate.c
View file

@ -1,321 +0,0 @@
/* $OpenLDAP$ */
/*
* certificate.c - ldap version of quipu certificate syntax handler
* donated by Eric Rosenquist and BNR
*/
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/ds_search.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
extern sntx_table *get_syntax_table( short int sntx );
extern PE asn2pe( char * );
#include "lber.h"
#include "ldap.h"
#include "common.h"
int
ldap_certif_print( PS ps, struct certificate *parm, int format )
{
Debug( LDAP_DEBUG_TRACE, "ldap_certif_print()\n", 0, 0, 0 );
/*
* An ldap certificate looks like this:
*
* <certificate> ::= <version> '#' <serial> '#' <signature-algorithm-id>
* '#' <issuer> '#' <validity> '#' <subject>
* '#' <public-key-info> '#' <encrypted-sign-value>
* <version> ::= <integervalue>
* <serial> ::= <integervalue>
* <signature-algorithm-id> ::= <algorithm-id>
* <issuer> ::= an encoded Distinguished Name
* <validity> ::= <not-before-time> '#' <not-after-time>
* <not-before-time> ::= <utc-time>
* <not-after-time> ::= <utc-time>
* <algorithm-parameters> ::= <null> | <integervalue> |
* '{ASN}' <hex-string>
* <subject> ::= an encoded Distinguished Name
* <public-key-info> ::= <algorithm-id> '#' <encrypted-sign-value>
* <encrypted-sign-value> ::= <hex-string> | <hex-string> '-' <d>
* <algorithm-id> ::= <oid> '#' <algorithm-parameters>
* <utc-time> ::= an encoded UTCTime value
* <hex-string> ::= <hex-digit> | <hex-digit> <hex-string>
*/
ps_printf(ps, "%d#%d#", parm->version, parm->serial);
ldap_print_algid(ps, &(parm->sig.alg), format);
dn_print_real(ps, parm->issuer, format);
ps_printf(ps, "#");
utcprint(ps, parm->valid.not_before, format);
ps_printf(ps, "#");
utcprint(ps, parm->valid.not_after, format);
ps_printf(ps, "#");
dn_print_real(ps, parm->subject, format);
ps_printf(ps, "#");
ldap_print_algid(ps, &(parm->key.alg), format);
print_encrypted(ps, parm->key.value, parm->key.n_bits, format);
print_encrypted(ps, parm->sig.encrypted, parm->sig.n_bits, format);
}
void
ldap_print_algid( PS ps, struct alg_id *parm, int format )
{
ps_printf(ps, "%s#", oid2name (parm->algorithm, OIDPART));
switch(parm->p_type) {
case ALG_PARM_ABSENT:
if(parm->asn != NULLPE)
pe_print(ps, parm->asn, format);
ps_printf(ps, "#");
break;
case ALG_PARM_NUMERIC:
if (format == READOUT)
ps_printf(ps, "%d#", parm->un.numeric);
else
ps_printf(ps, "%d#", parm->un.numeric);
break;
default:
if (format == READOUT)
{
if ((parm->asn->pe_class == PE_CLASS_UNIV)
&&(parm->asn->pe_form == PE_FORM_PRIM)
&&(parm->asn->pe_id == PE_PRIM_INT))
ps_printf(ps, "%d", prim2num(parm->asn));
else if ((parm->asn->pe_class == PE_CLASS_UNIV)
&&(parm->asn->pe_form == PE_FORM_PRIM)
&&(parm->asn->pe_id == PE_PRIM_NULL))
ps_printf(ps, "NULL");
else
{
vpushquipu (ps);
vunknown(parm->asn);
vpopquipu ();
}
}
else
{
/* This routine will print a {ASN} prefix */
pe_print(ps, parm->asn, format);
}
ps_printf(ps, "#");
}
}
struct certificate *
ldap_str2cert( char *str )
{
struct certificate *result;
char *ptr;
OID oid;
Debug( LDAP_DEBUG_TRACE, "ldap_str2cert(%s)\n", str, 0, 0 );
result = (struct certificate *) calloc(1, sizeof(*result));
/* version */
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("version not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->version = atoi(str);
/* serial number */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("serial number not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->serial = atoi(str);
/* signature algorithm id - oid */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("signature algorithm id not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
oid = name2oid(SkipSpace(str));
if (oid == NULLOID)
{
parse_error("Bad algorithm identifier (SIGNED Value)",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
result->sig.alg.algorithm = oid;
result->alg.algorithm = oid_cpy(oid);
/* signature algorithm id - parameters */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("algorithm id parameters not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
ldap_str2alg(str, &(result->sig.alg));
ldap_str2alg(str, &(result->alg));
/* issuer */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("Issuer not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->issuer = ldap_str2dn(str);
/* validity - not before */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("Start time not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->valid.not_before = strdup(str);
/* validity - not after */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("End time not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->valid.not_after = strdup(str);
/* subject */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("Subject not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
result->subject = ldap_str2dn(str);
/* public key info - algorithm id - oid */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("public key info algid oid not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
oid = name2oid(SkipSpace(str));
if (oid == NULLOID)
{
free((char*)result);
return (struct certificate *) 0;
}
result->key.alg.algorithm = oid;
/* public key info - algorithm id - parameters */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("Parameters not present (SIGNED Value)",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
ldap_str2alg(str, &(result->key.alg));
/* public key info - encrypted sign value */
str = ptr;
ptr = strchr(str, '#');
if (ptr == NULLCP)
{
parse_error("Signature not present",NULLCP);
cert_free(result);
return (struct certificate *) 0;
}
*ptr++ = '\0';
str2encrypted(str, &(result->key.value), &(result->key.n_bits));
/* encrypted sign value */
str = ptr;
str2encrypted(str, &(result->sig.encrypted), &(result->sig.n_bits));
return (result);
}
void
ldap_str2alg( char *str, struct alg_id *alg )
{
if ((str == NULLCP) || (*str == '\0'))
{
alg->asn = NULLPE;
alg->p_type = ALG_PARM_ABSENT;
}
else if (strncmp(str,"{ASN}", 5) == 0)
{
alg->asn = asn2pe((char*)str+5);
alg->p_type = ALG_PARM_UNKNOWN;
}
else if (strncmp(str, "NULL", 4) == 0)
{
alg->asn = asn2pe((char*)"0500");
alg->p_type = ALG_PARM_UNKNOWN;
}
else
{
alg->asn=NULLPE;
alg->p_type = ALG_PARM_NUMERIC;
alg->un.numeric = atoi(str);
}
}
void
certif_init( void )
{
sntx_table *syntax_table;
if ((syntax_table = get_syntax_table(ldap_certif_syntax)) != NULL) {
syntax_table->s_print = (void *) ldap_certif_print;
syntax_table->s_parse = (void *) ldap_str2cert;
} else
fprintf(stderr, "error getting sntx table in certif_init()\n");
}

131
servers/ldapd/common.h
View file

@ -1,131 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#ifndef _LDAPD_COMMON_H
#define _LDAPD_COMMON_H 1
/*
* This structure represents an association to a dsa. There is one of
* these for each association open (a new association is made for each
* new dsa, and for each dn).
*/
struct conn {
int c_ad; /* association descriptor */
char *c_dn; /* the dn this asoc is bound as */
char *c_cred; /* corresponding pw */
long c_credlen;
unsigned long c_method;
struct PSAPaddr *c_paddr; /* the dsa address */
int c_time; /* time this association inited */
int c_refcnt; /* number of ops referencing this ad */
struct conn *c_next;
};
/*
* This structure represents a sequence of LDAPMod elements.
*/
typedef struct LDAPModList {
LDAPMod m;
struct LDAPModList *mod_next;
} LDAPModList;
/*
* This structure represents an outstanding request. There is one of
* these for each client request for which we have not yet received a
* response from a dsa.
*/
struct msg {
int m_msgid; /* the message id */
int m_uniqid; /* unique id for this message */
int m_msgtype; /* the ldap operation type */
LDAPModList *m_mods; /* for modify operations only */
BerElement *m_ber; /* the unparsed ber for the op */
struct conn *m_conn; /* connection structure */
#ifdef LDAP_CONNECTIONLESS
int m_cldap; /* connectionless transport? (CLDAP) */
struct sockaddr m_clientaddr; /* client address (if using CLDAP) */
DN m_searchbase; /* base used in search */
#endif /* LDAP_CONNECTIONLESS */
struct msg *m_next;
};
#define DEFAULT_TIMEOUT 3600 /* idle client connections */
#define DEFAULT_REFERRAL_TIMEOUT 900 /* DSA connections */
#include "proto-ldapd.h"
#include "ldap_log.h"
/* from ISODE */
extern char *dsa_address;
extern char *bound_dn, *bound_pw;
struct PSAPaddr *psap_cpy(struct PSAPaddr *);
/* in association.c */
extern struct conn *conns;
/* in main.c */
#ifdef LDAP_DEBUG
extern int ldap_debug;
#endif
extern int version;
#ifdef LDAP_COMPAT
extern int ldap_compat;
#endif
extern int dosyslog;
extern int do_tcp;
#ifdef LDAP_CONNECTIONLESS
extern int do_udp;
#endif
extern int idletime;
extern int referral_connection_timeout;
extern struct timeval conn_start_tv;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
extern char *krb_ldap_service;
extern char *krb_x500_service;
extern char *krb_x500_instance;
extern char *krb_x500_nonce;
extern char *kerberos_keyfile;
#endif
/* syntax.c */
extern short ldap_photo_syntax;
extern short ldap_jpeg_syntax;
extern short ldap_jpeg_nonfile_syntax;
extern short ldap_audio_syntax;
extern short ldap_dn_syntax;
extern short ldap_postaladdress_syntax;
extern short ldap_acl_syntax;
extern short ldap_mtai_syntax;
extern short ldap_rts_cred_syntax;
extern short ldap_rtl_syntax;
extern short ldap_mailbox_syntax;
extern short ldap_caseignorelist_syntax;
extern short ldap_caseexactstring_syntax;
extern short ldap_certif_syntax;
extern short ldap_iattr_syntax;
extern short ldap_telex_syntax;
extern short ldap_octetstring_syntax;
extern short ldap_deliverymethod_syntax;
extern short ldap_facsimileTelephoneNumber_syntax;
extern short ldap_presentationAddress_syntax;
extern short ldap_teletexTerminalIdentifier_syntax;
extern short ldap_searchGuide_syntax;
extern short ldap_dLSubmitPermission_syntax;
/* Version.c */
extern char Versionstr[];
#endif

134
servers/ldapd/compare.c
View file

@ -1,134 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/compare.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef HAVE_COMPAT20
#define COMPTAG (ldap_compat == 20 ? OLD_LDAP_RES_COMPARE : LDAP_RES_COMPARE)
#else
#define COMPTAG LDAP_RES_COMPARE
#endif
int
do_compare(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
char *dn, *attr, *value;
int rc;
struct ds_compare_arg ca;
AttributeType type;
static CommonArgs common = default_common_args;
Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
/*
* Parse the compare request. It looks like this:
* CompareRequest := [APPLICATION 14] SEQUENCE {
* entry DistinguishedName,
* ava SEQUENCE {
* type AttributeType,
* value AttributeValue
* }
* }
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_CompareArgument_INIT ( &ca );
#endif
#endif
if ( ber_scanf( ber, "{a{aa}}", &dn, &attr, &value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, COMPTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
dn, attr, value );
ca.cma_object = ldap_str2dn( dn );
free( dn );
if ( ca.cma_object == NULLDN ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, COMPTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
type = str2AttrT( attr );
if ( type == NULLAttrT ) {
Debug( LDAP_DEBUG_ANY, "str2AttrT failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, COMPTAG, m,
LDAP_UNDEFINED_TYPE, NULL, attr );
free( attr );
return( 0 );
}
free( attr );
ca.cma_purported.ava_type = type;
ca.cma_purported.ava_value = ldap_str2AttrV( value, type->oa_syntax );
free( value );
if ( ca.cma_purported.ava_value == NULLAttrV ) {
Debug( LDAP_DEBUG_ANY, "str2AttrV failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, COMPTAG, m,
LDAP_INVALID_SYNTAX, NULL, "" );
return( 0 );
}
ca.cma_common = common; /* struct copy */
rc = initiate_dap_operation( OP_COMPARE, m, &ca );
dn_free( ca.cma_object );
AttrV_free( ca.cma_purported.ava_value );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, COMPTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
void
compare_result(
Sockbuf *sb,
struct msg *m,
struct ds_compare_result *cr
)
{
send_ldap_msgresult( sb, COMPTAG, m, cr->cmr_matched ?
LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE, NULL, "" );
return;
}

112
servers/ldapd/delete.c
View file

@ -1,112 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
/* ac/socket.h must precede ISODE #includes or p_type must be #undeffed
* after it is included. (Because ISODE uses p_type as a field name, and
* SunOS 5.5:sys/vtype.h defines it (and ac/socket.h indirectly includes it) */
#include <ac/socket.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/remove.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef HAVE_COMPAT20
#define DELTAG (ldap_compat == 20 ? OLD_LDAP_RES_DELETE : LDAP_RES_DELETE)
#else
#define DELTAG LDAP_RES_DELETE
#endif
/*
* do_delete - Initiate an X.500 remove entry operation. Returns 1 if
* the operation was initiated successfully, and thus a response will be
* coming back from the DSA. Returns 0 if there was trouble and thus no
* DSA response is expected.
*/
int
do_delete(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
char *dn;
int rc;
struct ds_removeentry_arg ra;
static CommonArgs common = default_common_args;
Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
/*
* Parse the delete request. It looks like this:
* DelRequest := DistinguishedName
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_RemoveEntryArgument_INIT( &ra );
#endif
#endif
if ( ber_scanf( ber, "a", &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, DELTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", dn, 0, 0 );
ra.rma_object = ldap_str2dn( dn );
free( dn );
if ( ra.rma_object == NULLDN ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, DELTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
ra.rma_common = common; /* struct copy */
rc = initiate_dap_operation( OP_REMOVEENTRY, m, &ra );
dn_free( ra.rma_object );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, DELTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
void
delete_result(
Sockbuf *sb,
struct msg *m
)
{
send_ldap_msgresult( sb, DELTAG, m, LDAP_SUCCESS, NULL, "" );
return;
}

196
servers/ldapd/error.c
View file

@ -1,196 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <quipu/ds_error.h>
#include <quipu/attrvalue.h>
#include <quipu/name.h>
#include <quipu/commonarg.h>
#include "lber.h"
#include "ldap.h"
#include "ldap_log.h"
#include "common.h" /* get ldap_dn_print() */
void
print_error( struct DSError *e )
{
PS ps;
if ( (ps = ps_alloc( std_open )) == NULLPS ) {
fprintf( stderr, "error in ps_alloc\n" );
return;
}
if ( std_setup( ps, stderr ) == NOTOK ) {
fprintf( stderr, "error in std_setup = %d", ps->ps_errno );
return;
}
ds_error( ps, e );
ps_flush( ps );
ps_free( ps );
}
int
x500err2ldaperr( struct DSError *e, char **matched )
{
int ldaperr = LDAP_OTHER;
static PS ps;
Debug( LDAP_DEBUG_TRACE, "x500err2ldaperr\n", 0, 0, 0 );
*matched = NULL;
switch ( e->dse_type ) {
case DSE_ATTRIBUTEERROR:
#if ISODEPACKAGE == IC || ISODEPACKAGE == XT
switch ( e->ERR_ATTRIBUTE.DSE_at_plist->DSE_at_what ) {
#else
switch ( e->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what ) {
#endif
case DSE_AT_NOSUCHATTRIBUTE:
ldaperr = LDAP_NO_SUCH_ATTRIBUTE;
break;
case DSE_AT_INVALIDATTRIBUTESYNTAX:
ldaperr = LDAP_INVALID_SYNTAX;
break;
case DSE_AT_UNDEFINEDATTRIBUTETYPE:
ldaperr = LDAP_UNDEFINED_TYPE;
break;
case DSE_AT_INAPPROPRIATEMATCHING:
ldaperr = LDAP_INAPPROPRIATE_MATCHING;
break;
case DSE_AT_CONSTRAINTVIOLATION:
ldaperr = LDAP_CONSTRAINT_VIOLATION;
break;
case DSE_AT_TYPEORVALUEEXISTS:
ldaperr = LDAP_TYPE_OR_VALUE_EXISTS;
break;
default:
break;
}
break;
case DSE_NAMEERROR:
switch( e->ERR_NAME.DSE_na_problem ) {
case DSE_NA_NOSUCHOBJECT:
ldaperr = LDAP_NO_SUCH_OBJECT;
break;
case DSE_NA_ALIASPROBLEM:
ldaperr = LDAP_ALIAS_PROBLEM;
break;
case DSE_NA_INVALIDATTRIBUTESYNTAX:
ldaperr = LDAP_INVALID_SYNTAX;
break;
case DSE_NA_ALIASDEREFERENCE:
ldaperr = LDAP_ALIAS_DEREF_PROBLEM;
break;
default:
break;
}
if ( e->ERR_NAME.DSE_na_matched == NULLDN ) {
break;
}
if ( ps == NULL ) {
ps = ps_alloc( str_open );
str_setup( ps, NULLCP, 0, 0 );
}
ldap_dn_print( ps, e->ERR_NAME.DSE_na_matched, NULLDN, EDBOUT );
*ps->ps_ptr = '\0';
*matched = (char *) strdup( ps->ps_base );
ps->ps_ptr = ps->ps_base;
ps->ps_cnt = ps->ps_bufsiz;
break;
case DSE_SERVICEERROR:
switch( e->ERR_SERVICE.DSE_sv_problem ) {
case DSE_SV_BUSY:
ldaperr = LDAP_BUSY;
break;
case DSE_SV_UNAVAILABLE:
ldaperr = LDAP_UNAVAILABLE;
break;
case DSE_SV_UNWILLINGTOPERFORM:
ldaperr = LDAP_UNWILLING_TO_PERFORM;
break;
case DSE_SV_TIMELIMITEXCEEDED:
ldaperr = LDAP_TIMELIMIT_EXCEEDED;
break;
case DSE_SV_ADMINLIMITEXCEEDED:
ldaperr = LDAP_SIZELIMIT_EXCEEDED;
break;
case DSE_SV_LOOPDETECT:
ldaperr = LDAP_LOOP_DETECT;
break;
default:
break;
}
break;
case DSE_SECURITYERROR:
switch( e->ERR_SECURITY.DSE_sc_problem ) {
case DSE_SC_AUTHENTICATION:
ldaperr = LDAP_INAPPROPRIATE_AUTH;
break;
case DSE_SC_INVALIDCREDENTIALS:
ldaperr = LDAP_INVALID_CREDENTIALS;
break;
case DSE_SC_ACCESSRIGHTS:
ldaperr = LDAP_INSUFFICIENT_ACCESS;
break;
default:
break;
}
break;
case DSE_UPDATEERROR:
switch( e->ERR_UPDATE.DSE_up_problem ) {
case DSE_UP_NAMINGVIOLATION:
ldaperr = LDAP_NAMING_VIOLATION;
break;
case DSE_UP_OBJECTCLASSVIOLATION:
ldaperr = LDAP_OBJECT_CLASS_VIOLATION;
break;
case DSE_UP_NOTONNONLEAF:
ldaperr = LDAP_NOT_ALLOWED_ON_NONLEAF;
break;
case DSE_UP_NOTONRDN:
ldaperr = LDAP_NOT_ALLOWED_ON_RDN;
break;
case DSE_UP_ALREADYEXISTS:
ldaperr = LDAP_ALREADY_EXISTS;
break;
case DSE_UP_NOOBJECTCLASSMODS:
ldaperr = LDAP_NO_OBJECT_CLASS_MODS;
break;
default:
break;
}
break;
default:
break;
}
return( ldaperr );
}

142
servers/ldapd/kerberos.c
View file

@ -1,142 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#include <stdio.h>
#include <ac/krb.h>
#include <ac/socket.h>
#include <quipu/bind.h>
#if ISODEPACKAGE == IC
#include <quipu/DAS-types.h>
#else
#include <pepsy/DAS-types.h>
#endif
#include "lber.h"
#include "ldap.h"
#include "common.h"
int
kerberosv4_ldap_auth( char *cred, long len )
{
KTEXT_ST k;
KTEXT ktxt = &k;
char instance[INST_SZ];
int err;
AUTH_DAT ad;
Debug( LDAP_DEBUG_TRACE, "kerberosv4_ldap_auth\n", 0, 0, 0 );
SAFEMEMCPY( ktxt->dat, cred, len );
ktxt->length = len;
strcpy( instance, "*" );
if ( (err = krb_rd_req( ktxt, krb_ldap_service, instance, 0L,
&ad, kerberos_keyfile )) != KSUCCESS ) {
Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
krb_err_txt[err], 0, 0 );
return( LDAP_INVALID_CREDENTIALS );
}
return( LDAP_SUCCESS );
}
int
kerberosv4_bindarg(
struct ds_bind_arg *ba,
DN dn,
char *cred,
long len,
u_long *nonce
)
{
struct type_UNIV_EXTERNAL *e;
struct kerberos_parms kp;
PE pe;
struct timeval tv;
char realm[REALM_SZ];
int err;
Debug( LDAP_DEBUG_TRACE, "kerberosv4_bindarg\n", 0, 0, 0 );
e = (struct type_UNIV_EXTERNAL *) calloc( 1,
sizeof(struct type_UNIV_EXTERNAL) );
e->encoding = (struct choice_UNIV_0 *) calloc( 1,
sizeof(struct choice_UNIV_0) );
ba->dba_external = e;
ba->dba_version = DBA_VERSION_V1988;
ba->dba_auth_type = DBA_AUTH_EXTERNAL;
e->indirect__reference = AUTH_TYPE_KERBEROS_V4;
e->direct__reference = NULLOID;
e->data__value__descriptor = str2qb( "KRBv4 client credentials",
24, 1 );
kp.kp_dn = dn;
kp.kp_version = AUTH_TYPE_KERBEROS_V4;
if ( (err = krb_get_lrealm( realm, 1 )) != KSUCCESS ) {
Debug( LDAP_DEBUG_ANY, "krb_get_lrealm failed (%s)\n",
krb_err_txt[err], 0, 0 );
return( LDAP_OPERATIONS_ERROR );
}
gettimeofday( &tv, NULL );
*nonce = tv.tv_sec;
SAFEMEMCPY( kp.kp_ktxt.dat, cred, len );
kp.kp_ktxt.length = len;
if ( encode_kerberos_parms( &pe, &kp ) == NOTOK ) {
Debug( LDAP_DEBUG_ANY, "kerberos parms encoding failed\n", 0,
0, 0 );
return( LDAP_OPERATIONS_ERROR );
}
e->encoding->offset = choice_UNIV_0_single__ASN1__type;
e->encoding->un.single__ASN1__type = pe;
return( 0 );
}
int
kerberos_check_mutual(
struct ds_bind_arg *res,
u_long nonce
)
{
struct type_UNIV_EXTERNAL *e = res->dba_external;
struct kerberos_parms *kp;
int ret;
Debug( LDAP_DEBUG_TRACE, "kerberos_check_mutual\n", 0, 0, 0 );
if ( decode_kerberos_parms( e->encoding->un.single__ASN1__type, &kp )
== NOTOK )
return( NOTOK );
ret = ((kp->kp_nonce == (nonce + 1)) ? OK : NOTOK );
Debug( LDAP_DEBUG_TRACE, "expecting %d got %d\n", nonce, kp->kp_nonce,
0 );
pe_free( e->encoding->un.single__ASN1__type );
dn_free( kp->kp_dn );
free( (char *) kp );
return( ret );
}
#endif

231
servers/ldapd/ldap.py
View file

@ -1,231 +0,0 @@
LDAP DEFINITIONS IMPLICIT TAGS ::=
PREFIXES encode decode print
BEGIN
LDAPMessage ::=
SEQUENCE {
messageID MessageID,
-- unique id in request,
-- to be echoed in response(s)
protocolOp CHOICE {
searchRequest SearchRequest,
searchResponse SearchResponse,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modifyDNRequest ModifyRDNRequest,
modifyDNResponse ModifyRDNResponse,
compareDNRequest CompareRequest,
compareDNResponse CompareResponse,
bindRequest BindRequest,
bindResponse BindResponse,
abandonRequest AbandonRequest,
unbindRequest UnbindRequest
}
}
BindRequest ::=
[APPLICATION 0] SEQUENCE {
version INTEGER (1 .. 127),
-- current version is 2
name LDAPDN,
-- null name implies an anonymous bind
authentication CHOICE {
simple [0] OCTET STRING,
-- a zero length octet string
-- implies an unauthenticated
-- bind.
krbv42LDAP [1] OCTET STRING,
krbv42DSA [2] OCTET STRING
-- values as returned by
-- krb_mk_req()
-- Other values in later
-- versions of this protocol.
}
}
BindResponse ::= [APPLICATION 1] LDAPResult
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::=
[APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2)
},
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
alwaysDerefAliases (3)
},
sizeLimit INTEGER (0 .. maxInt),
-- value of 0 implies no sizelimit
timeLimit INTEGER (0 .. maxInt),
-- value of 0 implies no timelimit
attrsOnly BOOLEAN,
-- TRUE, if only attributes (without values)
-- to be returned.
filter Filter,
attributes SEQUENCE OF AttributeType
}
SearchResponse ::=
CHOICE {
entry [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes SEQUENCE OF SEQUENCE {
AttributeType,
SET OF
AttributeValue
}
},
resultCode [APPLICATION 5] LDAPResult
}
ModifyRequest ::=
[APPLICATION 6] SEQUENCE {
object LDAPDN,
modifications SEQUENCE OF SEQUENCE {
operation ENUMERATED {
add (0),
delete (1),
replace (2)
},
modification SEQUENCE {
type AttributeType,
values SET OF
AttributeValue
}
}
}
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::=
[APPLICATION 8] SEQUENCE {
entry LDAPDN,
attrs SEQUENCE OF SEQUENCE {
type AttributeType,
values SET OF AttributeValue
}
}
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyRDNRequest ::=
[APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN -- old RDN always deleted
}
ModifyRDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::=
[APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion
}
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
MessageID ::= INTEGER (0 .. maxInt)
LDAPDN ::= OCTET STRING
RelativeLDAPDN ::= OCTET STRING
Filter ::=
CHOICE {
and [0] SET OF Filter,
or [1] SET OF Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeType,
approxMatch [8] AttributeValueAssertion
}
LDAPResult ::=
SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongAuthRequired (8),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
isLeaf (35),
aliasDereferencingProblem (36),
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
other (80)
},
matchedDN LDAPDN,
errorMessage OCTET STRING
}
AttributeType ::= OCTET STRING
-- text name of the attribute, or dotted
-- OID representation
AttributeValue ::= OCTET STRING
AttributeValueAssertion ::=
SEQUENCE {
attributeType AttributeType,
attributeValue AttributeValue
}
SubstringFilter ::=
SEQUENCE {
type AttributeType,
SEQUENCE OF CHOICE {
initial [0] OCTET STRING,
any [1] OCTET STRING,
final [2] OCTET STRING
}
}
maxInt INTEGER ::= 65535
END

726
servers/ldapd/main.c
View file

@ -1,726 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990-1996 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/*
* Some code fragments to run from inetd stolen from the University
* of Minnesota gopher distribution, which had this copyright on it:
*
* Part of the Internet Gopher program, copyright (C) 1991
* University of Minnesota Microcomputer Workstation and Networks Center
*/
#include "portable.h"
#include <stdio.h>
#include <ac/signal.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/syslog.h>
#include <ac/time.h>
#include <ac/unistd.h>
#include <ac/wait.h>
#ifdef LDAP_PROCTITLE
#include <ac/setproctitle.h>
#endif
#include <quipu/commonarg.h>
#include <quipu/ds_error.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#include "lutil.h" /* Get lutil_detach() */
#ifdef HAVE_TCPD
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
static int set_socket( int port, int udp );
static void do_queries( int clientsock, int udp );
static RETSIGTYPE wait4child( int sig );
#ifdef LDAP_CONNECTIONLESS
static int udp_init( int port, int createsocket );
#endif
#ifdef LDAP_DEBUG
int ldap_debug;
#endif
int version;
#ifdef LDAP_COMPAT
int ldap_compat;
#endif
int dosyslog;
int do_tcp = 1;
#ifdef LDAP_CONNECTIONLESS
int do_udp = 0;
#endif
int idletime = DEFAULT_TIMEOUT;
int referral_connection_timeout = DEFAULT_REFERRAL_TIMEOUT;
struct timeval conn_start_tv;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char *krb_ldap_service = "ldapserver";
char *krb_x500_service = "x500dsa";
char *krb_x500_instance;
char *krb_x500_nonce;
char *kerberos_keyfile;
#endif
int dtblsize;
int RunFromInetd = 0;
static void
usage( char *name )
{
fprintf( stderr, "usage: %s [-d debuglvl] [-p port] [-l] [-c dsa] [-r referraltimeout]", name );
#ifdef LDAP_CONNECTIONLESS
fprintf( stderr, " [ -U | -t timeout ]" );
#else
fprintf( stderr, " [ -t timeout ]" );
#endif
fprintf( stderr, " [-I]" );
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
fprintf( stderr, " [-i dsainstance]" );
#endif
fprintf( stderr, "\n" );
}
int
main( int argc, char **argv )
{
int tcps, ns;
#ifdef LDAP_CONNECTIONLESS
int udps;
#endif
int myport = LDAP_PORT;
int no_detach = 0;
int i, pid, socktype;
char *myname;
fd_set readfds;
struct hostent *hp;
struct sockaddr_in from;
socklen_t len;
int dsapargc;
char **dsapargv;
#ifdef LDAP_PROCTITLE
char title[80];
#endif
#ifdef VMS
/* Pick up socket from inetd-type server on VMS */
if ( (ns = socket_from_server( NULL )) > 0 )
RunFromInetd = 1;
#else
/* Socket from inetd is usually 0 */
ns = 0;
#endif
/* for dsap_init */
if ( (dsapargv = (char **) malloc( 4 * sizeof(char *) )) == NULL ) {
perror( "malloc" );
exit( 1 );
}
dsapargv[0] = argv[0];
dsapargv[1] = 0;
dsapargv[2] = 0;
dsapargv[3] = 0;
dsapargc = 1;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
kerberos_keyfile = "";
#endif
/* process command line arguments */
while ( (i = getopt( argc, argv, "d:lp:f:i:c:r:t:IuU" )) != EOF ) {
switch ( i ) {
case 'c': /* specify dsa to contact */
dsapargv[1] = "-call";
dsapargv[2] = strdup( optarg );
dsapargc = 3;
break;
case 'd': /* set debug level and 'do not detach' flag */
no_detach = 1;
#ifdef LDAP_DEBUG
ldap_debug = atoi( optarg );
if ( ldap_debug & LDAP_DEBUG_PACKETS )
ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
#else
if ( atoi( optarg ) != 0 )
fputs( "Not compiled with -DLDAP_DEBUG!\n", stderr );
#endif
break;
case 'l': /* do syslogging */
dosyslog = 1;
break;
case 'p': /* specify port number */
myport = atoi( optarg );
break;
case 'r': /* timeout for referral connections */
referral_connection_timeout = atoi( optarg );
break;
case 't': /* timeout for idle connections */
idletime = atoi( optarg );
break;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case 'f': /* kerberos key file */
kerberos_keyfile = strdup( optarg );
break;
case 'i': /* x500 dsa kerberos instance */
if ( krb_x500_instance != NULL )
free( krb_x500_instance );
krb_x500_instance = strdup( optarg );
break;
#endif
case 'I': /* Run from inetd */
RunFromInetd = 1;
break;
#ifdef LDAP_CONNECTIONLESS
case 'U': /* UDP only (no TCP) */
do_tcp = 0;
do_udp = 1;
break;
#ifdef NOTYET
case 'u': /* allow UDP requests (CLDAP) */
do_udp = 1;
break;
#endif /* NOTYET */
#endif /* LDAP_CONNECTIONLESS */
default:
usage( argv[0] );
exit( 1 );
}
}
if ( optind < argc ) {
usage( argv[ 0 ] );
exit( 1 );
}
#ifdef LDAP_CONNECTIONLESS
if ( do_udp && !do_tcp && idletime != DEFAULT_TIMEOUT ) {
usage( argv[ 0 ] );
exit( 1 );
}
#endif
Debug( LDAP_DEBUG_TRACE, "%s", Versionstr, 0, 0 );
#ifdef HAVE_SYSCONF
dtblsize = sysconf( _SC_OPEN_MAX );
#elif HAVE_GETDTABLESIZE
dtblsize = getdtablesize();
#else
dtblsize = FD_SETSIZE;
#endif
#ifdef FD_SETSIZE
if( dtblsize > FD_SETSIZE ) {
dtblsize = FD_SETSIZE;
}
#endif /* FD_SETSIZE */
#if defined(LDAP_PROCTITLE) && !defined( HAVE_SETPROCTITLE )
/* for setproctitle */
Argv = argv;
Argc = argc;
#endif
if ( (myname = strrchr( argv[0], '/' )) == NULL )
myname = strdup( argv[0] );
else
myname = strdup( myname + 1 );
/*
* detach from the terminal if stderr is redirected or no
* debugging is wanted, and then arrange to reap children
* that have exited
*/
if (!RunFromInetd) {
#ifdef LDAP_PROCTITLE
setproctitle( "initializing" );
#endif
#ifndef VMS
lutil_detach( no_detach, 1 );
#endif
(void) SIGNAL( SIGCHLD, wait4child );
(void) SIGNAL( SIGINT, log_and_exit );
}
/*
* set up syslogging (if desired)
*/
if ( dosyslog ) {
#ifdef LOG_LOCAL4
openlog( myname, OPENLOG_OPTIONS, LOG_LOCAL4 );
#elif LOG_DEBUG
openlog( myname, OPENLOG_OPTIONS );
#endif
}
/*
* load the syntax handlers, oidtables, and initialize some stuff,
* then start listening
*/
(void) quipu_syntaxes();
#ifdef LDAP_USE_PP
(void) pp_quipu_init( argv[0] );
#endif
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
dsa_operation_syntaxes();
#endif
#endif
(void) dsap_init( &dsapargc, &dsapargv );
(void) get_syntaxes();
if (RunFromInetd) {
len = sizeof( socktype );
getsockopt( ns, SOL_SOCKET, SO_TYPE, (char *)&socktype, &len );
if ( socktype == SOCK_DGRAM ) {
#ifdef LDAP_CONNECTIONLESS
Debug( LDAP_DEBUG_ARGS,
"CLDAP request from unknown (%s)\n",
inet_ntoa( from.sin_addr ), 0, 0 );
conn_start_tv.tv_sec = 0;
udp_init( 0, 0 );
do_queries( ns, 1 );
#else /* LDAP_CONNECTIONLESS */
Debug( LDAP_DEBUG_ARGS,
"Compile with -DLDAP_CONNECTIONLESS for UDP support\n",0,0,0 );
#endif /* LDAP_CONNECTIONLESS */
exit( 0 );
}
len = sizeof(from);
if ( getpeername( ns, (struct sockaddr *) &from, &len )
== 0 ) {
hp = gethostbyaddr( (char *) &(from.sin_addr),
sizeof(from.sin_addr), AF_INET );
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
#ifdef LDAP_PROCTITLE
sprintf( title, "%s %d\n", hp == NULL ?
inet_ntoa( from.sin_addr ) : hp->h_name, myport );
setproctitle( title );
#endif
}
gettimeofday( &conn_start_tv, (struct timezone *) NULL );
do_queries( ns, 0 );
exit( 0 );
}
if ( do_tcp )
tcps = set_socket( myport, 0 );
#ifdef LDAP_CONNECTIONLESS
if ( do_udp )
udps = udp_init( myport, 1 );
#endif
/*
* loop, wait for a connection, then fork off a child to handle it
* if we are doing CLDAP as well, handle those requests on the fly
*/
#ifdef LDAP_PROCTITLE
#ifdef LDAP_CONNECTIONLESS
sprintf( title, "listening %s/%s %d", do_tcp ? "tcp" : "",
do_udp ? "udp" : "", myport );
#else
sprintf( title, "listening %s %d", do_tcp ? "tcp" : "", myport );
#endif
setproctitle( title );
#endif
for ( ;; ) {
FD_ZERO( &readfds );
if ( do_tcp )
FD_SET( tcps, &readfds );
#ifdef LDAP_CONNECTIONLESS
if ( do_udp )
FD_SET( udps, &readfds );
#endif
if ( select( dtblsize, &readfds, 0, 0, 0 ) < 1 ) {
#ifdef LDAP_DEBUG
if ( ldap_debug ) perror( "main select" );
#endif
continue;
}
#ifdef LDAP_CONNECTIONLESS
if ( do_udp && FD_ISSET( udps, &readfds ) ) {
do_queries( udps, 1 );
}
#endif
if ( !do_tcp || ! FD_ISSET( tcps, &readfds ) ) {
continue;
}
len = sizeof(from);
if ( (ns = accept( tcps, (struct sockaddr *) &from, &len ))
== -1 ) {
#ifdef LDAP_DEBUG
if ( ldap_debug ) perror( "accept" );
#endif
continue;
}
hp = gethostbyaddr( (char *) &(from.sin_addr),
sizeof(from.sin_addr), AF_INET );
#ifdef HAVE_TCPD
if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), STRING_UNKNOWN) ) {
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_NOTICE, "connection from %s (%s) denied.",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
tcp_close(ns);
continue;
}
#endif /* TCP_WRAPPERS */
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
#ifdef VMS
/* This is for debug on terminal on VMS */
tcp_close( tcps );
#ifdef LDAP_PROCTITLE
setproctitle( hp == NULL ? inet_ntoa( from.sin_addr ) :
hp->h_name );
#endif
gettimeofday( &conn_start_tv, (struct timezone *) NULL );
(void) SIGNAL( SIGPIPE, log_and_exit );
do_queries( ns, 0 );
/* NOT REACHED */
#endif
switch( pid = fork() ) {
case 0: /* child */
tcp_close( tcps );
#ifdef LDAP_PROCTITLE
sprintf( title, "%s (%d)\n", hp == NULL ?
inet_ntoa( from.sin_addr ) : hp->h_name,
myport );
setproctitle( title );
#endif
gettimeofday( &conn_start_tv, (struct timezone *) NULL );
(void) SIGNAL( SIGPIPE, log_and_exit );
do_queries( ns, 0 );
break;
case -1: /* failed */
#ifdef LDAP_DEBUG
if ( ldap_debug ) perror( "fork" );
#endif
tcp_close( ns );
syslog( LOG_ERR, "fork failed %m" );
/* let things cool off */
sleep( 15 );
break;
default: /* parent */
tcp_close( ns );
Debug( LDAP_DEBUG_TRACE, "forked child %d\n", pid, 0,
0 );
break;
}
}
/* NOT REACHED */
}
static void
do_queries(
int clientsock,
int udp /* is this a UDP (CLDAP) request? */
)
{
fd_set readfds;
int rc;
struct timeval timeout;
Sockbuf *sb;
#ifdef LDAP_CONNECTIONLESS
struct sockaddr saddr, faddr;
struct sockaddr *saddrlist[ 1 ];
#endif /* LDAP_CONNECTIONLESS */
Debug( LDAP_DEBUG_TRACE, "do_queries%s\n",
udp ? " udp" : "", 0, 0 );
/*
* Loop, wait for a request from the client or a response from
* a dsa, then handle it. Dsap_ad is always a connection to the
* "default" dsa. Other connections can be made as a result of
* a referral being chased down. These association descriptors
* are kept track of with the message that caused the referral.
* The set_dsa_fds() routine traverses the list of outstanding
* messages, setting the appropriate bits in readfds.
*/
if ( !udp ) {
conn_init();
}
sb = ber_sockbuf_alloc( );
ber_sockbuf_add_io( sb, (udp) ? &ber_sockbuf_io_udp :
&ber_sockbuf_io_tcp, (void *)&clientsock );
timeout.tv_sec = idletime;
timeout.tv_usec = 0;
for ( ;; ) {
struct conn *dsaconn;
FD_ZERO( &readfds );
FD_SET( clientsock, &readfds );
conn_setfds( &readfds );
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_CONNS ) {
int i;
Debug( LDAP_DEBUG_CONNS, "FDLIST:", 0, 0, 0 );
for ( i = 0; i < dtblsize; i++ ) {
if ( FD_ISSET( i, &readfds ) ) {
Debug( LDAP_DEBUG_CONNS, " %d", i, 0,
0);
}
}
Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
}
#endif
/*
* hack - because of lber buffering, there might be stuff
* already waiting for us on the client sock.
*/
if ( ! ber_sockbuf_ctrl( sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
if ( (rc = select( dtblsize, &readfds, 0, 0,
udp ? 0 : &timeout )) < 1 ) {
#ifdef LDAP_DEBUG
if ( ldap_debug ) perror( "do_queries select" );
#endif
if ( rc == 0 )
log_and_exit( 0 ); /* idle timeout */
Debug( LDAP_DEBUG_ANY, "select returns %d!\n",
rc, 0, 0 );
/* client gone away - we can too */
if ( isclosed( clientsock ) )
log_and_exit( 0 );
/*
* check if a dsa conn has gone away -
* mark it bad if so
*/
conn_badfds();
continue;
}
}
if ( ber_sockbuf_ctrl( sb, LBER_SB_OPT_DATA_READY, NULL ) ||
FD_ISSET( clientsock, &readfds ) ) {
client_request( sb, conns, udp );
} else {
if ( (dsaconn = conn_getfd( &readfds )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "No DSA activity!\n",
0, 0, 0 );
continue;
}
dsa_response( dsaconn, sb );
}
}
/* NOT REACHED */
}
static int
set_socket(
int port,
int udp /* UDP port? */
)
{
int s, i;
struct sockaddr_in addr;
if ( (s = socket( AF_INET, udp ? SOCK_DGRAM:SOCK_STREAM, 0 )) == -1 ) {
perror( "socket" );
exit( 1 );
}
#ifdef SO_REUSEADDR
/* set option so clients can't keep us from coming back up */
i = 1;
if ( setsockopt( s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof(i) )
< 0 )
{
perror( "setsockopt" );
exit( 1 );
}
#endif
#ifdef SO_KEEPALIVE
/* enable keep alives */
i = 1;
if ( setsockopt( s, SOL_SOCKET, SO_KEEPALIVE, (void *) &i, sizeof(i) )
< 0 )
{
perror( "setsockopt" );
exit( 1 );
}
#endif
/* bind to a name */
(void)memset( (void *)&addr, '\0', sizeof( addr ));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(INADDR_ANY);
addr.sin_port = htons( port );
if ( bind( s, (struct sockaddr *) &addr, sizeof(addr) ) ) {
perror( "bind" );
exit( 1 );
}
if ( !udp ) {
/* listen for connections */
if ( listen( s, 5 ) == -1 ) {
perror( "listen" );
exit( 1 );
}
}
Debug( LDAP_DEBUG_TRACE, "listening on %s port %d\n",
udp ? "udp" : "tcp", port, 0 );
return( s );
}
static RETSIGTYPE
wait4child( int sig )
{
#ifndef HAVE_WAITPID
WAITSTATUSTYPE status;
#endif
Debug( LDAP_DEBUG_TRACE, "parent: catching child status\n", 0, 0, 0 );
#ifdef HAVE_WAITPID
while( waitpid( (pid_t) -1, (int *) NULL, WAIT_FLAGS ) > 0 )
; /* NULL */
#else
while ( wait4( (pid_t) -1, &status, WAIT_FLAGS, 0 ) > 0 )
; /* NULL */
#endif
(void) SIGNAL( SIGCHLD, wait4child );
}
RETSIGTYPE
log_and_exit( int exitcode )
{
struct timeval tv;
if ( dosyslog ) {
if ( conn_start_tv.tv_sec == 0 ) {
syslog( LOG_INFO, "UDP exit(%d)", exitcode );
} else {
gettimeofday( &tv, (struct timezone *)NULL );
syslog( LOG_INFO, "TCP closed %d seconds, exit(%d)",
tv.tv_sec - conn_start_tv.tv_sec, exitcode );
}
}
exit( exitcode );
}
#ifdef LDAP_CONNECTIONLESS
static int
udp_init(
int port,
int createsocket
)
{
int s, bound;
char *matched;
if ( createsocket )
s = set_socket( port, 1 );
conn_init();
conns->c_dn = strdup("");
conns->c_cred = strdup("");
conns->c_credlen = 0;
conns->c_method = LDAP_AUTH_SIMPLE;
if ( dsa_address == NULL || (conns->c_paddr = str2paddr( dsa_address ))
== NULLPA ) {
fprintf(stderr, "Bad DSA address (%s)\n", dsa_address ?
dsa_address : "NULL" );
exit( 1 );
} else {
conns->c_paddr = psap_cpy(conns->c_paddr);
}
if ( do_bind_real(conns, &bound, &matched) != LDAP_SUCCESS) {
fprintf(stderr, "Cannot bind to directory\n");
exit( 1 );
}
if ( matched != NULL )
free( matched );
return( createsocket ? s : 0 );
}
#endif

176
servers/ldapd/message.c
View file

@ -1,176 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <quipu/commonarg.h>
#include <quipu/ds_error.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
static struct msg *messages;
struct msg *add_msg(
int msgid,
int msgtype,
BerElement *ber,
struct conn *dsaconn,
int udp,
struct sockaddr *clientaddr
)
{
struct msg *new;
static int uniqid = 0;
/* make a new message */
if ( (new = (struct msg *) malloc( sizeof(struct msg) )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "addmsg: malloc failed\n", 0, 0, 0 );
return( NULL );
}
new->m_msgid = msgid;
new->m_uniqid = ++uniqid;
new->m_msgtype = msgtype;
new->m_ber = ber;
new->m_mods = NULL;
new->m_conn = dsaconn;
new->m_conn->c_refcnt++;
new->m_next = NULL;
#ifdef LDAP_CONNECTIONLESS
new->m_cldap = udp;
new->m_searchbase = NULLDN;
if ( udp ) {
new->m_clientaddr = *clientaddr;
Debug( LDAP_DEBUG_TRACE, "udp message from %s port %d\n",
inet_ntoa( ((struct sockaddr_in *)clientaddr)->sin_addr ),
((struct sockaddr_in *)clientaddr)->sin_port, 0 );
}
#endif
/* add it to the front of the queue */
new->m_next = messages;
messages = new;
return( new );
}
struct msg *get_msg( int uniqid )
{
struct msg *tmp;
for ( tmp = messages; tmp != NULL; tmp = tmp->m_next ) {
if ( tmp->m_uniqid == uniqid )
return( tmp );
}
return( NULL );
}
int
del_msg( struct msg *m )
{
struct msg *cur, *prev;
prev = NULL;
for ( cur = messages; cur != NULL; cur = cur->m_next ) {
if ( cur == m )
break;
prev = cur;
}
if ( cur == NULL ) {
Debug( LDAP_DEBUG_ANY, "delmsg: cannot find msg %lx\n",
(unsigned long) m, 0, 0 );
return( -1 );
}
if ( prev == NULL ) {
messages = cur->m_next;
} else {
prev->m_next = cur->m_next;
}
conn_free( cur->m_conn );
modlist_free( cur->m_mods );
ber_free( cur->m_ber, 1 );
#ifdef LDAP_CONNECTIONLESS
if ( cur->m_searchbase != NULLDN ) {
dn_free( cur->m_searchbase );
}
#endif /* LDAP_CONNECTIONLESS */
free( (char *) cur );
return( 0 );
}
/*
* send_msg - Send a messge in response to every outstanding request on
* a given connection. This is used, for example, when an association to
* a dsa fails. It deletes messages to which it responds.
*/
void
send_msg(
struct conn *conn,
Sockbuf *clientsb,
int err,
char *str
)
{
struct msg *tmp, *next;
next = NULL;
for ( tmp = messages; tmp != NULL; tmp = next ) {
next = tmp->m_next;
if ( tmp->m_conn == conn ) {
send_ldap_msgresult( clientsb, tmp->m_msgtype, tmp,
err, NULL, str );
}
del_msg( tmp );
}
}
#ifdef LDAP_CONNECTIONLESS
struct msg *
get_cldap_msg(
int msgid,
int msgtype,
struct sockaddr *fromaddr
)
{
struct msg *tmp;
for ( tmp = messages; tmp != NULL; tmp = tmp->m_next ) {
if ( tmp->m_cldap && tmp->m_msgid == msgid &&
tmp->m_msgtype == msgtype &&
((struct sockaddr_in *)&tmp->m_clientaddr)->sin_port ==
((struct sockaddr_in *)fromaddr)->sin_port &&
((struct sockaddr_in *)&tmp->m_clientaddr)->sin_addr
== ((struct sockaddr_in *)fromaddr)->sin_addr ) {
break;
}
}
return( tmp );
}
#endif /* LDAP_CONNECTIONLESS */

637
servers/ldapd/modify.c
View file

@ -1,637 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h> /* get SAFEMEMCPY */
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/modify.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
extern IFP merge_acl;
#include "lber.h"
#include "ldap.h"
#include "common.h"
static CommonArgs common = default_common_args;
static int replace_mod( struct entrymod *, Attr_Sequence, Attr_Sequence );
#ifdef LDAP_COMPAT20
#define MODTAG (ldap_compat == 20 ? OLD_LDAP_RES_MODIFY : LDAP_RES_MODIFY)
#else
#define MODTAG LDAP_RES_MODIFY
#endif
int
do_modify(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
char *dn;
char *last;
int rc;
unsigned long tag, len;
LDAPModList *mods, *modtail;
struct ds_read_arg ra;
Debug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
/*
* Parse the modify request. It looks like this:
* ModifyRequest := [APPLICATION 6] SEQUENCE {
* name DistinguishedName,
* mods SEQUENCE OF SEQUENCE {
* operation ENUMERATED {
* add (0),
* delete (1),
* replace (2)
* },
* modification SEQUENCE {
* type AttributeType,
* values SET OF AttributeValue
* }
* }
* }
* We then have to initiate a read of the entry to be modified.
* The actual modification is done by do_modify2(), after the
* read completes.
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_ReadArgument_INIT( &ra );
#endif
#endif
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 );
ra.rda_object = ldap_str2dn( dn );
free( dn );
if ( ra.rda_object == NULLDN ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
ra.rda_eis.eis_allattributes = TRUE;
ra.rda_eis.eis_infotypes = EIS_ATTRIBUTESANDVALUES;
ra.rda_eis.eis_select = NULLATTR;
/* collect modifications & save for later */
mods = modtail = NULL;
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) ) {
LDAPModList *tmp;
if ( (tmp = (LDAPModList *) calloc( 1, sizeof(LDAPModList) ))
== NULL ) {
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "Malloc error" );
return( 0 );
}
if ( ber_scanf( ber, "{i{a[V]}}", &tmp->m.mod_op,
&tmp->m.mod_type, &tmp->m.mod_bvalues ) == LBER_ERROR ) {
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
if ( mods == NULL ) {
mods = tmp;
} else {
modtail->mod_next = tmp;
}
modtail = tmp;
}
m->m_mods = mods;
ra.rda_common = common; /* struct copy */
rc = initiate_dap_operation( OP_READ, m, &ra );
dn_free( ra.rda_object );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, MODTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
int
do_modify2(
Sockbuf *clientsb,
struct msg *m,
struct ds_read_result *rr
)
{
struct ds_modifyentry_arg ma;
struct entrymod *changetail = NULLMOD;
int rc;
LDAPModList *mods;
Debug( LDAP_DEBUG_TRACE, "do_modify2\n", 0, 0, 0 );
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_ModifyEntryArgument_INIT( &ma );
#endif
#endif
ma.mea_changes = NULLMOD;
for ( mods = m->m_mods; mods != NULL; mods = mods->mod_next ) {
struct entrymod *em;
Attr_Sequence as, new;
if ( (em = (struct entrymod *) calloc( 1,
sizeof(struct entrymod) )) == NULLMOD ) {
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "Malloc error" );
return( 0 );
}
em->em_next = NULLMOD;
if ( (new = get_as( clientsb, MODTAG, m,
mods->m.mod_type, mods->m.mod_bvalues )) == NULLATTR )
return( 0 );
em->em_what = new;
for ( as = rr->rdr_entry.ent_attr; as != NULLATTR;
as = as->attr_link ) {
if ( AttrT_cmp( new->attr_type, as->attr_type ) == 0 )
break;
}
if ( new->attr_value == NULLAV &&
mods->m.mod_op != LDAP_MOD_DELETE ) {
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_INVALID_SYNTAX, NULL, "No values specified" );
return( 0 );
}
switch ( mods->m.mod_op ) {
case LDAP_MOD_ADD:
Debug( LDAP_DEBUG_ARGS, "ADD:\n", 0, 0, 0 );
if ( as == NULLATTR ) {
Debug( LDAP_DEBUG_ARGS, "\tattribute\n", 0, 0,
0 );
em->em_type = EM_ADDATTRIBUTE;
} else {
Debug( LDAP_DEBUG_ARGS, "\tvalues\n", 0, 0, 0 );
em->em_type = EM_ADDVALUES;
}
break;
case LDAP_MOD_DELETE:
Debug( LDAP_DEBUG_ARGS, "DELETE:\n", 0, 0, 0 );
if ( as == NULLATTR ) {
Debug( LDAP_DEBUG_ARGS,
"\tno existing attribute\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODTAG,
m, LDAP_NO_SUCH_ATTRIBUTE, NULL, "" );
ems_free( em );
return( 0 );
} else {
if ( new->attr_value == NULLAV ) {
Debug( LDAP_DEBUG_ARGS, "\tattribute\n",
0, 0, 0 );
em->em_type = EM_REMOVEATTRIBUTE;
} else {
if ( avs_cmp( new->attr_value,
as->attr_value ) == 0 ) {
Debug( LDAP_DEBUG_ARGS,
"\tattribute\n", 0, 0, 0 );
em->em_type =
EM_REMOVEATTRIBUTE;
} else {
Debug( LDAP_DEBUG_ARGS,
"\tvalues\n", 0, 0, 0 );
em->em_type = EM_REMOVEVALUES;
}
}
}
break;
case LDAP_MOD_REPLACE:
Debug( LDAP_DEBUG_ARGS, "REPLACE:\n", 0, 0, 0 );
if ( as == NULLATTR ) {
Debug( LDAP_DEBUG_ARGS, "\tattribute\n", 0, 0,
0 );
em->em_type = EM_ADDATTRIBUTE;
} else {
if ( replace_mod( em, as, new ) < 0 ) {
return( 0 );
}
}
break;
default:
Debug( LDAP_DEBUG_ARGS, "UNKNOWN MOD:\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
break;
}
if ( em->em_what == NULL ) { /* ignore this mod */
free( em );
} else {
if ( ma.mea_changes == NULLMOD ) {
ma.mea_changes = em;
} else {
changetail->em_next = em;
}
changetail = em->em_next == NULLMOD ? em : em->em_next;
}
}
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
struct entrymod *e;
Attr_Sequence as;
AV_Sequence val;
PS ps;
ps = ps_alloc( std_open );
std_setup( ps, stderr );
fprintf( stderr, "Modify changes are:\n");
for (e = ma.mea_changes; e; e = e->em_next) {
switch (e->em_type) {
case EM_ADDATTRIBUTE:
fprintf( stderr, "\tADD ATTRIBUTE\n");
break;
case EM_REMOVEATTRIBUTE:
fprintf( stderr, "\tREMOVE ATTRIBUTE\n");
break;
case EM_ADDVALUES:
fprintf( stderr, "\tADD VALUES\n");
break;
case EM_REMOVEVALUES:
fprintf( stderr, "\tREMOVE VALUES\n");
break;
default:
fprintf( stderr, "\tUNKNOWN\n");
break;
}
as = e->em_what;
fprintf( stderr, "\t\ttype (" );
AttrT_print( ps, as->attr_type, EDBOUT );
fprintf( stderr, ")" );
if ( e->em_type == EM_REMOVEATTRIBUTE ) {
fprintf( stderr, "\n" );
continue;
}
fprintf( stderr, " values" );
for (val = as->attr_value; val; val = val->avseq_next) {
ps_print( ps, " (" );
AttrV_print( ps, &val->avseq_av, EDBOUT );
ps_print( ps, ")" );
}
fprintf( stderr, "\n" );
}
ps_free( ps );
}
#endif
if ( ma.mea_changes == NULLMOD ) { /* nothing to do */
send_ldap_msgresult( clientsb, MODTAG, m,
LDAP_SUCCESS, NULL, "" );
return( 0 );
}
ma.mea_object = rr->rdr_entry.ent_dn;
ma.mea_common = common; /* struct copy */
rc = initiate_dap_operation( OP_MODIFYENTRY, m, &ma );
ems_free( ma.mea_changes );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, MODTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
Attr_Sequence
get_as(
Sockbuf *clientsb,
unsigned long op,
struct msg *m,
char *type,
struct berval **bvals
)
{
Attr_Sequence as;
int i;
short syntax;
Debug( LDAP_DEBUG_TRACE, "get_as\n", 0, 0, 0 );
if ( (as = as_comp_new( NULLAttrT, NULLAV, NULLACL_INFO ))
== NULLATTR ) {
send_ldap_msgresult( clientsb, op, m,
LDAP_OPERATIONS_ERROR, NULL, "Malloc error" );
return( NULLATTR );
}
as->attr_link = NULLATTR;
as->attr_value = NULLAV;
as->attr_acl = NULLACL_INFO;
if ( (as->attr_type = str2AttrT( type )) == NULLAttrT ) {
send_ldap_msgresult( clientsb, op, m, LDAP_UNDEFINED_TYPE,
NULL, type );
return( NULLATTR );
}
if ( bvals == NULL )
return( as );
syntax = as->attr_type->oa_syntax;
for ( i = 0; bvals[i] != NULL; i++ ) {
AttributeValue av;
int t61str, ncomp;
char *sval, *s, *news, *n;
if ( syntax == ldap_jpeg_syntax ||
syntax == ldap_jpeg_nonfile_syntax ||
syntax == ldap_octetstring_syntax ||
syntax == ldap_audio_syntax ) {
if (( av = bv_octet2AttrV( bvals[i] )) == NULLAttrV ) {
send_ldap_msgresult( clientsb, op, m,
LDAP_INVALID_SYNTAX, NULL, type );
as_free( as );
return( NULLATTR );
}
} else if ( syntax == ldap_photo_syntax ) {
if (( av = bv_asn2AttrV( bvals[i] )) == NULLAttrV ) {
send_ldap_msgresult( clientsb, op, m,
LDAP_INVALID_SYNTAX, NULL, type );
as_free( as );
return( NULLATTR );
}
} else {
if (( sval = malloc( bvals[i]->bv_len + 1 )) == NULL ) {
send_ldap_msgresult( clientsb, op, m,
LDAP_OPERATIONS_ERROR, NULL,
"Malloc error" );
return( NULLATTR );
}
SAFEMEMCPY( sval, bvals[i]->bv_val, bvals[i]->bv_len );
sval[ bvals[i]->bv_len ] = '\0';
/* dang quipu - there's no need for this! */
if ( syntax == ldap_postaladdress_syntax ) {
t61str = 0;
ncomp = 1;
for ( s = sval; *s; s++ ) {
if ( *s == '$' ) {
ncomp++;
continue;
}
#define ist61(c) (!isascii(c) || !isalnum(c) \
&& c != 047 && c != '(' && c != ')' \
&& c != '+' && c != '-' && c != '.' && c != ',' \
&& c != '/' && c != ':' && c != '=' && c != '?' \
&& c != ' ')
if ( ist61( *s ) )
t61str = 1;
}
#define T61MARK "{T.61}"
#define T61MARKLEN 6
if ( t61str ) {
news = malloc( strlen(sval) +
ncomp * T61MARKLEN + 1 );
strcpy( news, T61MARK );
for ( n = news + T61MARKLEN, s = sval;
*s; n++, s++ ) {
*n = *s;
if ( *s == '$' ) {
strcpy( ++n, T61MARK );
n += T61MARKLEN - 1;
}
}
*n = '\0';
free( sval );
sval = news;
}
av = str_at2AttrV( sval, as->attr_type );
} else if ( syntax == ldap_dn_syntax ) {
av = ldap_strdn2AttrV( sval );
} else if ( i != 0 && syntax == ldap_acl_syntax ) {
(void) (*merge_acl)( as->attr_value, sval );
free( sval );
continue;
} else {
av = ldap_str_at2AttrV( sval, as->attr_type );
}
if ( av == NULLAttrV ) {
send_ldap_msgresult( clientsb, op, m,
LDAP_INVALID_SYNTAX, NULL, sval );
free( sval );
as_free( as );
return( NULLATTR );
}
free( sval );
}
as->attr_value = avs_merge( as->attr_value,
avs_comp_new( av ) );
}
return( as );
}
void
modify_result( Sockbuf *sb, struct msg *m )
{
send_ldap_msgresult( sb, MODTAG, m, LDAP_SUCCESS, NULL, "" );
return;
}
void
modlist_free( LDAPModList *mods )
{
LDAPModList *next;
for ( ; mods != NULL; mods = next ) {
free( mods->m.mod_type );
if ( mods->m.mod_bvalues != NULL )
ber_bvecfree( mods->m.mod_bvalues );
next = mods->mod_next;
free( mods );
}
}
/*
* called when mod is replace to optimize by only deleting old values
* that are not in the new set and by only adding what isn't in old set
*/
static int
replace_mod(
struct entrymod *rem,
Attr_Sequence oas,
Attr_Sequence nas
)
{
AV_Sequence oavs, navs, davs, prev_navs, tmp;
#ifdef LDAP_DEBUG
PS ps;
ps = ps_alloc( std_open );
std_setup( ps, stderr );
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, "replace_mod(" );
AttrT_print( ps, oas->attr_type, EDBOUT );
ps_print( ps, ")\n" );
}
#endif
davs = NULL;
for ( oavs = oas->attr_value; oavs != NULL; oavs = oavs->avseq_next ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, "old value " );
AttrV_print( ps, &oavs->avseq_av, EDBOUT );
ps_print( ps, "\n" );
}
#endif
prev_navs = NULL;
for ( navs = nas->attr_value; navs != NULL;
prev_navs = navs, navs = navs->avseq_next ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, "\tnew value " );
AttrV_print( ps, &navs->avseq_av, EDBOUT );
ps_print( ps, "\n" );
}
#endif
if ( AttrV_cmp( &oavs->avseq_av, &navs->avseq_av)
== 0) {
break;
}
}
if ( navs == NULL ) { /* value to delete */
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, "value to delete " );
AttrV_print( ps, &oavs->avseq_av, EDBOUT );
ps_print( ps, "\n" );
}
#endif
if ( davs == NULL ) {
davs = avs_comp_cpy( oavs );
} else {
tmp = avs_comp_cpy( oavs );
tmp->avseq_next = davs;
davs = tmp;
}
} else { /* value to keep */
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, "value to leave alone " );
AttrV_print( ps, &oavs->avseq_av, EDBOUT );
ps_print( ps, "\n" );
}
#endif
if ( prev_navs == NULL ) {
nas->attr_value = navs->avseq_next;
} else {
prev_navs->avseq_next = navs->avseq_next;
}
avs_comp_free( navs );
}
}
if ( davs == NULL && nas->attr_value == NULL ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
ps_print( ps, " nothing to do" );
}
#endif
rem->em_what = NULL;
} else {
/* Must add new values before removing old values.
* Otherwise, removing all existing values causes the
* attribute to be removed such that subsequent add values
* fail.
*/
if ( nas->attr_value != NULL ) { /* add new values */
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
AttrT_print( ps, nas->attr_type, EDBOUT );
ps_print( ps, ": some to add\n" );
}
#endif
rem->em_type = EM_ADDVALUES;
rem->em_what = nas;
rem->em_next = NULLMOD;
}
if ( davs != NULL ) { /* delete old values */
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
AttrT_print( ps, nas->attr_type, EDBOUT );
ps_print( ps, ": some to delete\n" );
}
#endif
if ( nas->attr_value != NULL ) {
rem->em_next = (struct entrymod *) calloc( 1,
sizeof(struct entrymod) );
rem = rem->em_next;
}
rem->em_type = EM_REMOVEVALUES;
rem->em_what = as_comp_new( NULLAttrT, NULLAV,
NULLACL_INFO );
rem->em_what->attr_type = AttrT_cpy( nas->attr_type );
rem->em_what->attr_value = davs;
}
}
return( 0 );
}

121
servers/ldapd/modrdn.c
View file

@ -1,121 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/modifyrdn.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef LDAP_COMPAT20
#define MODRDNTAG (ldap_compat == 20 ? OLD_LDAP_RES_MODRDN : LDAP_RES_MODRDN)
#else
#define MODRDNTAG LDAP_RES_MODRDN
#endif
int
do_modrdn(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
char *dn, *newrdn;
int rc, deleteoldrdn;
struct ds_modifyrdn_arg ma;
static CommonArgs common = default_common_args;
Debug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
/*
* Parse the modrdn request. It looks like this:
* ModifyRDNRequest := SEQUENCE {
* entry DistinguishedName,
* newrdn RelativeDistinguishedName
* }
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_ModifyDnArgument_INIT( &ma );
#endif
#endif
if ( ber_scanf( ber, "{aa", &dn, &newrdn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODRDNTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
deleteoldrdn = 1;
if ( ber_scanf( ber, "b", &deleteoldrdn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "found old modrdn\n", 0, 0, 0 );
}
Debug( LDAP_DEBUG_ARGS,
"do_modrdn: dn (%s) newrdn (%s) deleteoldrdn (%d)\n", dn, newrdn,
deleteoldrdn );
ma.mra_object = ldap_str2dn( dn );
free( dn );
if ( ma.mra_object == NULLDN ) {
Debug( LDAP_DEBUG_ANY, "ldap_str2dn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODRDNTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
ma.mra_newrdn = ldap_str2rdn( newrdn );
free( newrdn );
if ( ma.mra_newrdn == NULLRDN ) {
Debug( LDAP_DEBUG_ANY, "str2rdn failed\n", 0, 0, 0 );
send_ldap_msgresult( clientsb, MODRDNTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "Bad RDN" );
return( 0 );
}
ma.deleterdn = (deleteoldrdn ? 1 : 0);
ma.mra_common = common; /* struct copy */
rc = initiate_dap_operation( OP_MODIFYRDN, m, &ma );
dn_free( ma.mra_object );
rdn_free( ma.mra_newrdn );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, MODRDNTAG, m, rc, NULL, "" );
return( 0 );
}
return( 1 );
}
void
modrdn_result( Sockbuf *sb, struct msg *m )
{
send_ldap_msgresult( sb, MODRDNTAG, m, LDAP_SUCCESS, NULL, "" );
return;
}

182
servers/ldapd/proto-ldapd.h
View file

@ -1,182 +0,0 @@
/* $OpenLDAP$ */
#ifndef _PROTO_LDAPD_H
#define _PROTO_LDAPD_H
#include <ldap_cdefs.h>
/*
* abandon.c
*/
int do_abandon LDAP_P(( struct conn *dsaconn, BerElement *ber, int msgid ));
/*
* add.c
*/
int do_add LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
void add_result LDAP_P(( Sockbuf *sb, struct msg *m ));
/*
* association.c
*/
struct conn *conn_dup LDAP_P(( struct conn *cn ));
int conn_init LDAP_P(( void ));
void conn_free LDAP_P(( struct conn *conn ));
void conn_del LDAP_P(( struct conn *conn ));
void conn_setfds LDAP_P(( fd_set *fds ));
void conn_badfds LDAP_P(( void ));
struct conn *conn_getfd LDAP_P(( fd_set *fds ));
void conn_add LDAP_P(( struct conn *new ));
struct conn *conn_find LDAP_P(( struct conn *c ));
void conn_close LDAP_P(( void ));
int isclosed LDAP_P(( int ad ));
/*
* bind.c
*/
int do_bind LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber, int *bound ));
int do_bind_real LDAP_P(( struct conn *dsaconn, int *bound, char **matched ));
/*
* certificate.c
*/
int ldap_certif_print LDAP_P(( PS ps, struct certificate *parm, int format ));
void ldap_print_algid LDAP_P(( PS ps, struct alg_id *parm, int format ));
struct certificate *ldap_str2cert LDAP_P(( char *str ));
void ldap_str2alg LDAP_P(( char *str, struct alg_id *alg ));
void certif_init LDAP_P(( void ));
/*
* compare.c
*/
struct ds_compare_result;
int do_compare LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
void compare_result LDAP_P(( Sockbuf *sb, struct msg *m,
struct ds_compare_result *cr ));
/*
* delete.c
*/
int do_delete LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
void delete_result LDAP_P(( Sockbuf *sb, struct msg *m ));
/*
* error.c
*/
void print_error LDAP_P(( struct DSError *e ));
int x500err2ldaperr LDAP_P(( struct DSError *e, char **matched ));
/*
* kerberos.c
*/
struct ds_bind_arg;
int kerberosv4_ldap_auth LDAP_P(( char *cred, long len ));
int kerberosv4_bindarg LDAP_P(( struct ds_bind_arg *ba, DN dn, char *cred,
long len, u_long *nonce ));
int kerberos_check_mutual LDAP_P(( struct ds_bind_arg *res, u_long nonce ));
/*
* main.c
*/
RETSIGTYPE log_and_exit LDAP_P(( int exitcode )) LDAP_GCCATTR((noreturn));
/*
* message.c
*/
struct msg *add_msg LDAP_P(( int msgid, int msgtype, BerElement *ber,
struct conn *dsaconn, int udp, struct sockaddr *clientaddr ));
struct msg *get_msg LDAP_P(( int uniqid ));
int del_msg LDAP_P(( struct msg *m ));
void send_msg LDAP_P(( struct conn *conn, Sockbuf *clientsb, int err, char *str ));
struct msg * get_cldap_msg LDAP_P(( int msgid, int msgtype, struct sockaddr *fromaddr ));
/*
* modify.c
*/
struct ds_read_result;
int do_modify LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
int do_modify2 LDAP_P((Sockbuf *sb, struct msg *m, struct ds_read_result *rr));
Attr_Sequence get_as LDAP_P(( Sockbuf *clientsb, unsigned long op, struct msg *m,
char *type, struct berval **bvals ));
void modify_result LDAP_P(( Sockbuf *sb, struct msg *m ));
void modlist_free LDAP_P(( LDAPModList *mods ));
/*
* modrdn.c
*/
int do_modrdn LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
void modrdn_result LDAP_P((Sockbuf *sb, struct msg *m));
/*
* request.c
*/
void client_request LDAP_P(( Sockbuf *clientsb, struct conn *dsaconn, int udp ));
int do_request LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber,
int *bound ));
int initiate_dap_operation LDAP_P(( int op, struct msg *m, void *arg ));
#ifdef LDAP_DEBUG
int trace_ber LDAP_P(( int tag, int len, char *ber,
FILE *trace_file, int prepend, int read_pdu ));
#endif
/*
* result.c
*/
void dsa_response LDAP_P(( struct conn *dsaconn, Sockbuf *clientsb ));
int send_ldap_msgresult LDAP_P(( Sockbuf *sb, unsigned long tag, struct msg *m,
int err, char *matched, char *text ));
int send_ldap_result LDAP_P(( Sockbuf *sb, unsigned long tag, int msgid, int err,
char *matched, char *text ));
/*
* search.c
*/
struct ds_search_result;
int do_search LDAP_P(( Sockbuf *clientsb, struct msg *m, BerElement *ber ));
void search_result LDAP_P(( Sockbuf *sb, struct msg *m,
struct ds_search_result *sr ));
/*
* syntax.c
*/
void get_syntaxes LDAP_P(( void ));
int dn_print_real LDAP_P(( PS ps, DN dn, int format));
void ldap_dn_print LDAP_P(( PS ps, DN dn, DN base, int format));
int encode_dn LDAP_P(( BerElement *ber, DN dn, DN base));
int encode_attrs LDAP_P(( BerElement *ber, Attr_Sequence as ));
AttributeValue bv_octet2AttrV LDAP_P(( struct berval *bv ));
AttributeValue bv_asn2AttrV LDAP_P(( struct berval *bv ));
AttributeValue ldap_strdn2AttrV LDAP_P(( char *dnstr ));
DN ldap_str2dn LDAP_P(( char *str ));
RDN ldap_str2rdn LDAP_P(( char *rdnstr ));
AttributeValue ldap_str_at2AttrV LDAP_P(( char *str, AttributeType type ));
AttributeValue ldap_str2AttrV LDAP_P(( char *value, short syntax ));
/*
* util.c
*/
void bprint LDAP_P(( char *data, int len ));
void charlist_free LDAP_P(( char **cl ));
int get_ava LDAP_P(( BerElement *ber, AVA *tava ));
int chase_referral LDAP_P(( Sockbuf *clientsb, struct msg *m, struct DSError *err,
char **matched ));
#endif /* _proto_ldapd */

514
servers/ldapd/request.c
View file

@ -1,514 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/signal.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/syslog.h>
#include <ac/time.h>
#include <ac/wait.h>
#include <quipu/commonarg.h>
#include <quipu/ds_error.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
#ifdef PEPSY_DUMP
#ifndef DEBUG
#define DEBUG
#endif
#include "LDAP-types.h"
#if ISODEPACKAGE == IC
#include <compat/logger.h>
#else
#include <logger.h>
#endif
#endif
/*
* client_request - called by do_queries() when there is activity on the
* client socket. It expects to be able to get an LDAP message from the
* client socket, parses the first couple of fields, and then calls
* do_request() to handle the request. If do_request() (or something
* called by it) returns a response to the client (e.g., in the case of
* an error), then client_request() is done. If the request is not
* responded to (and needs a response), it is added to the queue of
* outstanding requests. It will be responded to later via dsa_response(),
* once the DSA operation completes.
*/
void
client_request(
Sockbuf *clientsb,
struct conn *dsaconn,
int udp
)
{
unsigned long tag;
unsigned long len;
long msgid;
BerElement ber, *copyofber;
struct msg *m;
static int bound;
#ifdef LDAP_CONNECTIONLESS
struct sockaddr_in *sai;
#endif
Debug( LDAP_DEBUG_TRACE, "client_request%s\n",
udp ? " udp" : "", 0, 0 );
/*
* Get the ldap message, which is a sequence of message id
* and then the actual request choice.
*/
ber_init_w_nullc( &ber, 0 );
if ( (tag = ber_get_next( clientsb, &len, &ber )) == LBER_DEFAULT ) {
Debug( LDAP_DEBUG_ANY, "ber_get_next failed\n", 0, 0, 0 );
log_and_exit( 1 );
}
#ifdef LDAP_CONNECTIONLESS
if ( udp && dosyslog ) {
ber_sockbuf_ctrl( clientsb, LBER_SB_OPT_UDP_GET_SRC,
(void *)&sai );
syslog( LOG_INFO, "UDP request from unknown (%s)",
inet_ntoa( sai->sin_addr ) );
}
#endif
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_BER )
trace_ber( tag, len, ber.ber_buf, stderr, 1, 1 );
#endif
#ifdef LDAP_COMPAT
/*
* This tag should be a normal SEQUENCE tag. In release 2.0 this
* tag is 0x10. In the new stuff this is 0x30. To distinguish
* between 3.0 and the "correct" stuff, we look for an extra
* sequence tag after the bind tag.
*/
Debug( LDAP_DEBUG_ANY, "bound %d\n", bound, 0, 0 );
if ( bound == 0 ) {
/* check for 2.0 */
if ( tag == OLD_LDAP_TAG_MESSAGE ) {
Debug( LDAP_DEBUG_ANY, "version 2.0 detected\n", 0,
0, 0 );
if ( dosyslog ) {
syslog( LOG_INFO, "old version 2.0 detected" );
}
ldap_compat = 20;
/* check for 3.0 */
} else {
BerElement tber;
unsigned long tlen;
unsigned long ttag;
tber = ber; /* struct copy */
/* msgid */
ttag = ber_skip_tag( &tber, &tlen );
tber.ber_ptr += tlen;
/* bind sequence header */
ttag = ber_skip_tag( &tber, &tlen );
ttag = ber_peek_tag( &tber, &tlen );
Debug( LDAP_DEBUG_ANY, "checking for 3.0 tag 0x%lx\n",
ttag, 0, 0 );
if ( ttag == LBER_SEQUENCE ) {
Debug( LDAP_DEBUG_ANY, "version 3.0 detected\n",
0, 0, 0 );
if ( dosyslog ) {
syslog( LOG_INFO,
"old version 3.0 detected" );
}
ldap_compat = 30;
}
}
}
#endif
if ( ber_get_int( &ber, &msgid ) != LDAP_TAG_MSGID ) {
send_ldap_result( clientsb, LBER_DEFAULT, msgid,
LDAP_PROTOCOL_ERROR, NULL, "Not an LDAP message" );
free( ber.ber_buf );
return;
}
#ifdef LDAP_CONNECTIONLESS
if ( udp ) {
char *logdn = NULL;
ber_get_stringa( &ber, &logdn );
if ( logdn != NULL ) {
if ( dosyslog ) {
syslog( LOG_INFO, "UDP requestor: %s", logdn );
}
Debug( LDAP_DEBUG_ANY, "UDP requestor: %s\n", logdn, 0, 0 );
free( logdn );
}
}
#endif /* LDAP_CONNECTIONLESS */
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
tag = ber_skip_tag( &ber, &len );
else
#endif
tag = ber_peek_tag( &ber, &len );
if ( !udp && bound == 0 && tag != LDAP_REQ_BIND
#ifdef LDAP_COMPAT20
&& tag != OLD_LDAP_REQ_BIND
#endif
) {
send_ldap_result( clientsb, tag, msgid, LDAP_OPERATIONS_ERROR,
NULL, "Bind operation must come first" );
free( ber.ber_buf );
return;
}
#ifdef LDAP_CONNECTIONLESS
if (udp && tag != LDAP_REQ_SEARCH && tag != LDAP_REQ_ABANDON ) {
send_ldap_result( clientsb, tag, msgid, LDAP_OPERATIONS_ERROR,
NULL, "Only search is supported over UDP/CLDAP" );
free( ber.ber_buf );
return;
}
ber_sockbuf_ctrl( clientsb, LBER_SB_OPT_UDP_GET_SRC, (void *)&sai );
if ( get_cldap_msg( msgid, tag,
(struct sockaddr *)sai ) != NULL ) {
/*
* duplicate request: toss this one
*/
Debug( LDAP_DEBUG_TRACE,
"client_request tossing dup request id %ld from %s\n",
msgid, inet_ntoa( sai->sin_addr ), 0 );
free( ber.ber_buf );
return;
}
#endif
copyofber = ber_dup( &ber );
m = add_msg( msgid, tag, copyofber, dsaconn, udp,
#ifdef LDAP_CONNECTIONLESS
(struct sockaddr *)sai );
#else
NULL );
#endif
/*
* Call the appropriate routine to handle the request. If it
* returns a nonzero result, the message requires a response, and
* so it's left in the queue of outstanding requests, otherwise
* it's deleted.
*/
if ( do_request( clientsb, m, &ber, &bound ) == 0 ) {
del_msg( m );
}
return;
}
/*
* do_request - called when a client makes a request, or when a referral
* error is returned. In the latter case, a connection is made to the
* referred to DSA, and do_request() is called to retry the operation over
* that connection. In the former case, do_request() is called to try
* the operation over the default association.
*/
int
do_request(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber,
int *bound
)
{
int resp_required = 0;
Debug( LDAP_DEBUG_TRACE, "do_request\n", 0, 0, 0 );
switch ( m->m_msgtype ) {
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_BIND:
#endif
case LDAP_REQ_BIND:
resp_required = do_bind( clientsb, m, ber, bound );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_UNBIND:
#endif
#ifdef LDAP_COMPAT30
case LDAP_REQ_UNBIND_30:
#endif
case LDAP_REQ_UNBIND:
conn_close();
log_and_exit( 0 );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_ADD:
#endif
case LDAP_REQ_ADD:
resp_required = do_add( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_DELETE:
#endif
#ifdef LDAP_COMPAT30
case LDAP_REQ_DELETE_30:
#endif
case LDAP_REQ_DELETE:
resp_required = do_delete( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_MODRDN:
#endif
case LDAP_REQ_MODRDN:
resp_required = do_modrdn( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_MODIFY:
#endif
case LDAP_REQ_MODIFY:
resp_required = do_modify( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_COMPARE:
#endif
case LDAP_REQ_COMPARE:
resp_required = do_compare( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_SEARCH:
#endif
case LDAP_REQ_SEARCH:
resp_required = do_search( clientsb, m, ber );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_ABANDON:
#endif
#ifdef LDAP_COMPAT30
case LDAP_REQ_ABANDON_30:
#endif
case LDAP_REQ_ABANDON:
resp_required = do_abandon( m->m_conn, ber, m->m_uniqid );
break;
default:
Debug( LDAP_DEBUG_ANY, "unknown operation %d\n", m->m_msgtype,
0, 0 );
send_ldap_msgresult( clientsb, m->m_msgtype, m,
LDAP_PROTOCOL_ERROR, NULL, "Unknown request type" );
break;
}
return( resp_required );
}
/*
* initiate_dap_operation - initiate a dap operation, rebinding and retrying
* the request if necessary. If the request is successfully initiated, 0 is
* returned. Otherwise, an indication of the error is returned.
*/
int
initiate_dap_operation(
int op,
struct msg *m,
void *arg
)
{
char *matched;
int i, rc, bound = 0;
struct DAPindication di;
Debug( LDAP_DEBUG_TRACE, "initiate_dap_operation\n", 0, 0, 0 );
if ( m->m_conn->c_ad == -1 && do_bind_real( m->m_conn, &bound,
&matched ) != LDAP_SUCCESS )
return( LDAP_UNAVAILABLE );
for ( i = 0; i < 2; i++ ) {
switch ( op ) {
case OP_COMPARE:
rc = DapCompare( m->m_conn->c_ad, m->m_uniqid,
(struct ds_compare_arg *) arg, &di, ROS_ASYNC );
break;
case OP_SEARCH:
rc = DapSearch( m->m_conn->c_ad, m->m_uniqid,
(struct ds_search_arg *) arg, &di, ROS_ASYNC );
break;
case OP_ADDENTRY:
rc = DapAddEntry( m->m_conn->c_ad, m->m_uniqid,
(struct ds_addentry_arg *) arg, &di, ROS_ASYNC );
break;
case OP_REMOVEENTRY:
rc = DapRemoveEntry( m->m_conn->c_ad, m->m_uniqid,
(struct ds_removeentry_arg *) arg, &di, ROS_ASYNC );
break;
case OP_MODIFYENTRY:
rc = DapModifyEntry( m->m_conn->c_ad, m->m_uniqid,
(struct ds_modifyentry_arg *) arg, &di, ROS_ASYNC );
break;
case OP_READ:
rc = DapRead( m->m_conn->c_ad, m->m_uniqid,
(struct ds_read_arg *) arg, &di, ROS_ASYNC );
break;
case OP_MODIFYRDN:
rc = DapModifyRDN( m->m_conn->c_ad, m->m_uniqid,
(struct ds_modifyrdn_arg *) arg, &di, ROS_ASYNC );
break;
default:
break;
}
Debug( LDAP_DEBUG_TRACE, "operation initiated %d\n", rc, 0,
0 );
if ( rc == OK )
return( 0 );
/*
* the operation was not invoked - try rebinding, then
* try it again.
*/
(void) dap_unbind( m->m_conn->c_ad );
if ( do_bind_real( m->m_conn, &bound, &matched )
!= LDAP_SUCCESS )
break;
}
m->m_conn->c_ad = -1;
return( LDAP_UNAVAILABLE ); /* DSA was unreachable */
}
#ifdef LDAP_DEBUG
int
trace_ber(
int tag,
int len,
char *ber,
FILE *trace_file,
int prepend,
int read_pdu /* If non-zero, PDU was read from client. 0 == PDU is being written */
)
{
unsigned char *buf;
PS input_ps = NULLPS;
PE pe;
int result = -1;
Debug( LDAP_DEBUG_TRACE, "trace_ber(tag=%#x, ber=%#lx, len=%d)\n", tag,
(unsigned long) ber, len );
if ( (buf = (unsigned char *) malloc( len + 6 )) == NULL ) {
fprintf( trace_file, "Unable to allocate memory\n" );
} else {
if ( prepend ) {
buf[0] = tag;
buf[1] = 0x84;
buf[2] = len >> 24;
buf[3] = len >> 16;
buf[4] = len >> 8;
buf[5] = len;
SAFEMEMCPY( buf + 6, ber, len );
} else {
SAFEMEMCPY( buf, ber, len );
}
if ( (input_ps = ps_alloc( str_open )) == NULLPS )
fprintf( trace_file, "ps_alloc failed\n" );
else if ( str_setup( input_ps, (char *)buf, len + 6, 1 ) != OK )
fprintf( trace_file, "str_setup\n" );
else if ( (pe = ps2pe( input_ps )) == NULLPE ) {
fprintf(trace_file, "ps2pe: %s\n",
ps_error( input_ps->ps_errno ) );
ber_bprint( (char *) buf, len + 6 );
} else {
#ifdef PEPSY_DUMP
int failed = 0;
static LLog log = {
"-", NULLCP, NULLCP, LLOG_PDUS,
LLOG_NONE, -1, 0, NOTOK
};
struct type_LDAP_LDAPMessage *ldap_msg = NULL;
if ( decode_LDAP_LDAPMessage(pe, 1, 0, NULL, &ldap_msg)
== -1 ) {
failed = 1;
fprintf( trace_file,
"Error decoding LDAPMessage:\n [%s]\n",
PY_pepy );
fprintf( trace_file, "Here is the PDU:\n" );
vsetfp( trace_file, NULL );
vunknown( pe );
}
if (log.ll_events & LLOG_PDUS) {
pvpdu (&log, print_LDAP_LDAPMessage_P, pe,
failed ?
"<Bad LDAPMessage>" : "<LDAPMessage>",
read_pdu);
}
/*
PLOGP(&log, LDAP_LDAPMessage, pe, failed ? "<Bad LDAPMessage>" : "<LDAPMessage>", read_pdu);
*/
if (ldap_msg)
free_LDAP_LDAPMessage(ldap_msg);
#else
vsetfp( trace_file, NULL );
vunknown( pe );
#endif
pe_free( pe );
result = 0;
}
free( buf );
}
if ( input_ps )
ps_free( input_ps );
return( result );
}
#endif

371
servers/ldapd/result.c
View file

@ -1,371 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/syslog.h>
#include <quipu/dsap.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
/*
* dsa_response - called by do_queries() when there is activity on one of
* the DSA associations. It is passed the association descriptor on which
* the activity occurred, and the client socket. It figures out what kind
* of activity it was (e.g., result of a previously initiated operation,
* error return, etc), and calls the appropriate routine to send a response
* to the client, or to continue the operation in some cases (e.g., modify),
* or to chase a referral and retry an operation.
*
* If the client is actually given a response, dsa_response() removes the
* corresponding request from the queue of outstanding requests. If the
* activity was an error referral, a connection is made to the referred to
* DSA (if possible), and do_request() is called to retry the request.
*/
void
dsa_response(
struct conn *dsaconn,
Sockbuf *clientsb
)
{
struct DAPindication di;
struct DSResult *dr;
struct DSError *de;
struct DAPpreject *dp;
struct DAPabort *da;
struct msg *m = NULL;
BerElement *bercopy;
char *matched;
int incr, delete, rc, ldaperr;
Debug( LDAP_DEBUG_TRACE, "dsa_response on ad %d\n", dsaconn->c_ad, 0,
0 );
di.di_type = -1;
if ( (rc = DapInitWaitRequest( dsaconn->c_ad, OK, &di )) == DONE ) {
Debug( LDAP_DEBUG_ANY, "DapInitWaitRequest: DONE\n", 0, 0, 0 );
return;
}
Debug( LDAP_DEBUG_ARGS, "DapInitWaitRequest: result %d type %d\n", rc,
di.di_type, 0 );
delete = 1;
switch ( di.di_type ) {
case DI_RESULT:
dr = &di.di_result.dr_res;
if ( (m = get_msg( di.di_result.dr_id )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "DI_RESULT: can't find msg %d\n",
di.di_result.dr_id, 0, 0 );
return;
}
Debug( LDAP_DEBUG_ARGS, "DI_RESULT: type %d\n",
dr->result_type, 0, 0 );
switch ( dr->result_type ) {
case OP_COMPARE:
compare_result( clientsb, m, &dr->res_cm );
break;
case OP_SEARCH:
search_result( clientsb, m, &dr->res_sr );
break;
case OP_ADDENTRY:
add_result( clientsb, m );
break;
case OP_REMOVEENTRY:
delete_result( clientsb, m );
break;
case OP_MODIFYENTRY:
modify_result( clientsb, m );
break;
case OP_READ:
if ( do_modify2( clientsb, m, &dr->res_rd ) != 0 )
delete = 0;
break;
case OP_MODIFYRDN:
modrdn_result( clientsb, m );
break;
default:
break;
}
ds_res_free( dr );
break;
case DI_ERROR:
de = &di.di_error.de_err;
if ( (m = get_msg( di.di_error.de_id )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "DI_ERROR: can't find msg %d\n",
di.di_error.de_id, 0, 0 );
return;
}
if ( m->m_msgtype == LDAP_REQ_SEARCH
#ifdef LDAP_COMPAT20
|| m->m_msgtype == OLD_LDAP_REQ_SEARCH
#endif
)
incr = 2;
else if ( m->m_msgtype == LDAP_REQ_DELETE )
incr = (LDAP_RES_DELETE - LDAP_REQ_DELETE);
else
incr = 1;
Debug( LDAP_DEBUG_ARGS, "DI_ERROR\n", 0, 0, 0 );
/*
* chase down referrals, retry operation there. only do
* this for modify-like operations, since we assume the
* dsa should have been able to chase anything else that
* wasn't really down.
*/
if ( de->dse_type == DSE_REFERRAL ) {
int bound, rc;
switch ( m->m_msgtype ) {
#ifdef LDAP_COMPAT20
case OLD_LDAP_REQ_ADD:
case OLD_LDAP_REQ_MODIFY:
case OLD_LDAP_REQ_MODRDN:
case OLD_LDAP_REQ_DELETE:
case OLD_LDAP_REQ_COMPARE:
case OLD_LDAP_REQ_SEARCH:
#endif
#ifdef LDAP_COMPAT30
case LDAP_REQ_DELETE_30:
#endif
case LDAP_REQ_ADD:
case LDAP_REQ_MODIFY:
case LDAP_REQ_MODRDN:
case LDAP_REQ_DELETE:
case LDAP_REQ_COMPARE:
case LDAP_REQ_SEARCH:
/* chase down the referral */
if ( (rc = chase_referral( clientsb, m, de,
&matched )) != LDAP_SUCCESS ) {
send_ldap_msgresult( clientsb,
m->m_msgtype + incr, m, rc,
matched, "Can't chase referral" );
free( matched );
break;
}
/* now retry the operation */
bercopy = ber_dup( m->m_ber );
if ( do_request( clientsb, m, bercopy, &bound )
== 0 ) {
del_msg( m );
}
ber_free( bercopy, 0 );
return;
break;
default:
send_ldap_msgresult( clientsb, m->m_msgtype +
incr, m, LDAP_UNAVAILABLE, NULL, "" );
break;
}
break;
} else if ( de->dse_type == DSE_ABANDONED ) {
return;
}
/* not a referral - convert the error and return to client */
ldaperr = x500err2ldaperr( de, &matched );
#ifdef LDAP_DEBUG
if ( ldap_debug )
print_error( de ); /* prints, then calls free */
else
#endif
ds_error_free( de );
send_ldap_msgresult( clientsb, m->m_msgtype + incr, m,
ldaperr, matched, "" );
free( matched );
break;
case DI_PREJECT:
dp = &di.di_preject;
if ( (m = get_msg( dp->dp_id )) == NULL ) {
Debug(LDAP_DEBUG_ANY, "DI_PREJECT: can't find msg %d\n",
dp->dp_id, 0, 0 );
return;
}
Debug( LDAP_DEBUG_ARGS, "DI_PREJECT src %d rson %d inf (%s)\n",
dp->dp_source, dp->dp_reason, dp->dp_cc ? dp->dp_data
: "" );
send_ldap_msgresult( clientsb, m->m_msgtype, m,
LDAP_UNAVAILABLE, NULL, "Got PREJECT from X.500" );
dsaconn->c_ad = -1;
break;
case DI_ABORT:
da = &di.di_abort;
Debug( LDAP_DEBUG_ARGS, "DI_ABORT src %d rson %d inf (%s)\n",
da->da_source, da->da_reason, da->da_cc ? da->da_data
: "" );
/* assume this always means more stuff coming... */
if ( da->da_reason == DA_ROS )
return;
/* moby hack - but how else do you tell the difference? */
if ( isclosed( dsaconn->c_ad ) ) {
send_msg( dsaconn, clientsb, LDAP_UNAVAILABLE,
"Got ABORT from X.500" );
return;
}
/* notify outstanding requests of the failure */
send_msg( dsaconn, clientsb, LDAP_OPERATIONS_ERROR,
"Got unknown ABORT from X.500" );
dsaconn->c_ad = -1;
return;
break;
default:
Debug( LDAP_DEBUG_ANY, "unknown result type %d\n", di.di_type,
0, 0 );
dsaconn->c_ad = -1; /* better safe... */
return;
break;
}
if ( delete && m != NULL )
del_msg( m );
}
int
send_ldap_msgresult(
Sockbuf *sb,
unsigned long tag,
struct msg *m,
int err,
char *matched,
char *text
)
{
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_UDP_SET_DST,
(void *)&m->m_clientaddr );
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&m->m_clientaddr)->sin_addr ),
((struct sockaddr_in *)&m->m_clientaddr)->sin_port, 0 );
}
#endif
return( send_ldap_result( sb, tag, m->m_msgid, err, matched, text ) );
}
int
send_ldap_result(
Sockbuf *sb,
unsigned long tag,
int msgid,
int err,
char *matched,
char *text
)
{
BerElement *ber;
int rc;
#ifdef LDAP_CONNECTIONLESS
int cldap;
cldap = ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, &ber_sockbuf_io_udp );
#endif
Debug( LDAP_DEBUG_TRACE, "send_ldap_result\n", 0, 0, 0 );
if ( tag == LBER_DEFAULT )
#ifdef LDAP_COMPAT20
tag = ldap_compat == 20 ? OLD_LBER_SEQUENCE : LBER_SEQUENCE;
#else
tag = LBER_SEQUENCE;
#endif
if ( (ber = der_alloc()) == NULL ) {
Debug( LDAP_DEBUG_ANY, "der_alloc failed\n", 0, 0, 0 );
return( -1 );
}
if ( version != 1 ) {
#ifdef LDAP_COMPAT20
if ( ldap_compat == 20 ) {
rc = ber_printf( ber, "t{it{tess}}", OLD_LBER_SEQUENCE,
msgid, tag, LBER_INTEGER, err,
matched ? matched : "", text );
} else
#endif
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 ) {
rc = ber_printf( ber, "{it{{ess}}}", msgid, tag, err,
matched ? matched : "", text );
} else
#endif
#ifdef LDAP_CONNECTIONLESS
if ( cldap ) {
rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
err, matched ? matched : "", text );
} else
#endif
rc = ber_printf( ber, "{it{ess}}", msgid, tag, err, matched ?
matched : "", text );
} else {
/* version 1 always uses the broken stuff */
rc = ber_printf( ber, "t{it{is}}", OLD_LBER_SEQUENCE, msgid,
tag, err, text );
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
return( -1 );
}
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_BER )
trace_ber( 0, ber->ber_ptr - ber->ber_buf, ber->ber_buf,
stderr, 0, 0 );
#endif
if ( ber_flush( sb, ber, 1 ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "ber_flush failed\n", 0, 0, 0 );
return( -1 );
}
return( 0 );
}

715
servers/ldapd/search.c
View file

@ -1,715 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <quipu/commonarg.h>
#include <quipu/attrvalue.h>
#include <quipu/ds_error.h>
#include <quipu/ds_search.h>
#include <quipu/dap2.h>
#include <quipu/dua.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
static int get_filter( BerElement *ber, Filter *filt );
static int get_filter_list( BerElement *ber, Filter f );
static int get_substring_filter( BerElement *ber, Filter f );
#ifdef LDAP_COMPAT
#define SEARCHRESTAG (ldap_compat == 20 ? OLD_LDAP_RES_SEARCH_RESULT : LDAP_RES_SEARCH_RESULT)
#else
#define SEARCHRESTAG LDAP_RES_SEARCH_RESULT
#endif
int
do_search(
Sockbuf *clientsb,
struct msg *m,
BerElement *ber
)
{
int rc, err;
int deref, attrsonly;
int sizelimit, timelimit;
char *base;
char **attrs;
struct ds_search_arg sa;
static CommonArgs common = default_common_args;
Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
/*
* Parse the search request. It looks like this:
* SearchRequest := [APPLICATION 3] SEQUENCE {
* baseObject DistinguishedName,
* scope ENUMERATED {
* baseObject (0),
* singleLevel (1),
* wholeSubtree (2)
* },
* derefAliases ENUMERATED {
* neverDerefaliases (0),
* derefInSearching (1),
* derefFindingBaseObj (2),
* alwaysDerefAliases (3)
* },
* sizelimit INTEGER (0 .. 65535),
* timelimit INTEGER (0 .. 65535),
* attrsOnly BOOLEAN,
* filter Filter,
* attributes SEQUENCE OF AttributeType
* }
*/
#if ISODEPACKAGE == IC
#if ICRELEASE > 2
DAS_SearchArgument_INIT( &sa );
#endif
#endif
if ( ber_scanf( ber, "{aiiiib", &base, &sa.sra_subset, &deref,
&sizelimit, &timelimit, &attrsonly ) == LBER_ERROR ) {
send_ldap_msgresult( clientsb, SEARCHRESTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
sa.sra_baseobject = ldap_str2dn( base );
if ( sa.sra_baseobject == NULLDN && *base != '\0' ) {
free( base );
send_ldap_msgresult( clientsb, SEARCHRESTAG, m,
LDAP_INVALID_DN_SYNTAX, NULL, "" );
return( 0 );
}
free( base );
sa.sra_common = common; /* struct copy */
sa.sra_searchaliases = (deref == LDAP_DEREF_SEARCHING ||
deref == LDAP_DEREF_ALWAYS);
if ( deref == LDAP_DEREF_NEVER || deref == LDAP_DEREF_SEARCHING )
sa.sra_common.ca_servicecontrol.svc_options |=
SVC_OPT_DONTDEREFERENCEALIAS;
sa.sra_common.ca_servicecontrol.svc_sizelimit = (sizelimit == 0 ?
SVC_NOSIZELIMIT : sizelimit);
sa.sra_common.ca_servicecontrol.svc_timelimit = (timelimit == 0 ?
SVC_NOTIMELIMIT : timelimit);
sa.sra_eis.eis_infotypes = (attrsonly ? EIS_ATTRIBUTETYPESONLY :
EIS_ATTRIBUTESANDVALUES);
/* search filter */
if ( (err = get_filter( ber, &sa.sra_filter )) != 0 ) {
send_ldap_msgresult( clientsb, SEARCHRESTAG, m,
err, NULL, "Bad search filter" );
return( 0 );
}
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
PS ps;
ps = ps_alloc( std_open );
std_setup( ps, stderr );
ps_print( ps, "Filter: " );
fi_print( ps, sa.sra_filter, EDBOUT );
ps_print( ps, "\n" );
ps_free( ps );
}
#endif
/* attrs to return */
attrs = NULL;
if ( ber_scanf( ber, "{v}}", &attrs ) == LBER_ERROR ) {
send_ldap_msgresult( clientsb, SEARCHRESTAG, m,
LDAP_PROTOCOL_ERROR, NULL, "" );
return( 0 );
}
sa.sra_eis.eis_select = NULLATTR;
if ( attrs == NULL ) {
sa.sra_eis.eis_allattributes = 1;
} else {
Attr_Sequence as;
int i;
sa.sra_eis.eis_allattributes = 0;
for ( i = 0; attrs[i] != NULL; i++ ) {
AttributeType type;
if ( (type = AttrT_new( attrs[i] )) == NULLAttrT ) {
Debug( LDAP_DEBUG_TRACE, "unknown attr (%s)\n",
attrs[i], 0, 0 );
continue;
}
as = as_comp_alloc();
as->attr_type = type;
as->attr_acl = NULLACL_INFO;
as->attr_link = NULLATTR;
as->attr_value = NULLAV;
sa.sra_eis.eis_select = as_merge( as,
sa.sra_eis.eis_select );
}
/* complain only if we know about none of the attrs */
if ( sa.sra_eis.eis_select == NULLATTR ) {
send_ldap_msgresult( clientsb, SEARCHRESTAG,
m, LDAP_UNDEFINED_TYPE, NULL, attrs[0] );
charlist_free( attrs );
return( 0 );
}
charlist_free( attrs );
}
rc = initiate_dap_operation( OP_SEARCH, m, &sa );
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap )
m->m_searchbase = sa.sra_baseobject;
else
#endif /* LDAP_CONNECTIONLESS */
dn_free( sa.sra_baseobject );
filter_free( sa.sra_filter );
as_free( sa.sra_eis.eis_select );
if ( rc != 0 ) {
send_ldap_msgresult( clientsb, SEARCHRESTAG, m,
rc, NULL, "" );
return( 0 );
}
return( 1 );
}
static int
get_filter( BerElement *ber, Filter *filt )
{
unsigned long tag, len;
int err;
char typestr[64];
Filter f;
Debug( LDAP_DEBUG_TRACE, "get_filter\n", 0, 0, 0 );
/*
* A filter looks like this coming in:
* Filter ::= CHOICE {
* and [0] SET OF Filter,
* or [1] SET OF Filter,
* not [2] Filter,
* equalityMatch [3] AttributeValueAssertion,
* substrings [4] SubstringFilter,
* greaterOrEqual [5] AttributeValueAssertion,
* lessOrEqual [6] AttributeValueAssertion,
* present [7] AttributeType,,
* approxMatch [8] AttributeValueAssertion
* }
*
* SubstringFilter ::= SEQUENCE {
* type AttributeType,
* SEQUENCE OF CHOICE {
* initial [0] IA5String,
* any [1] IA5String,
* final [2] IA5String
* }
* }
*/
f = filter_alloc();
*filt = f;
f->flt_next = NULLFILTER;
err = 0;
switch (tag = ber_peek_tag( ber, &len )) {
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_EQUALITY:
#endif
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_ARGS, "EQUALITY\n", 0, 0, 0 );
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_EQUALITY;
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
if ( (err = get_ava( ber, &f->FUITEM.UNAVA )) != 0 ) {
free( f );
return( err );
}
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_SUBSTRINGS:
#endif
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_ARGS, "SUBSTRINGS\n", 0, 0, 0 );
err = get_substring_filter( ber, f );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_GE:
#endif
case LDAP_FILTER_GE:
Debug( LDAP_DEBUG_ARGS, "GE\n", 0, 0, 0 );
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_GREATEROREQUAL;
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
if ( (err = get_ava( ber, &f->FUITEM.UNAVA )) != 0 ) {
free( f );
return( err );
}
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_LE:
#endif
case LDAP_FILTER_LE:
Debug( LDAP_DEBUG_ARGS, "LE\n", 0, 0, 0 );
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_LESSOREQUAL;
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
if ( (err = get_ava( ber, &f->FUITEM.UNAVA )) != 0 ) {
free( f );
return( err );
}
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_PRESENT:
#endif
#ifdef LDAP_COMPAT30
case LDAP_FILTER_PRESENT_30:
#endif
case LDAP_FILTER_PRESENT:
Debug( LDAP_DEBUG_ARGS, "PRESENT\n", 0, 0, 0 );
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_PRESENT;
len = sizeof(typestr);
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
if ( ber_scanf( ber, "s", typestr, &len ) == LBER_ERROR )
return( LDAP_PROTOCOL_ERROR );
if ( (f->FUITEM.UNTYPE = str2AttrT( typestr )) == NULLAttrT )
return( LDAP_UNDEFINED_TYPE );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_APPROX:
#endif
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_ARGS, "APPROX\n", 0, 0, 0 );
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_APPROX;
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
if ( (err = get_ava( ber, &f->FUITEM.UNAVA )) != 0 ) {
free( f );
return( err );
}
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_AND:
#endif
case LDAP_FILTER_AND:
Debug( LDAP_DEBUG_ARGS, "AND\n", 0, 0, 0 );
f->flt_type = FILTER_AND;
err = get_filter_list( ber, f );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_OR:
#endif
case LDAP_FILTER_OR:
Debug( LDAP_DEBUG_ARGS, "OR\n", 0, 0, 0 );
f->flt_type = FILTER_OR;
err = get_filter_list( ber, f );
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_FILTER_NOT:
#endif
case LDAP_FILTER_NOT:
Debug( LDAP_DEBUG_ARGS, "NOT\n", 0, 0, 0 );
f->flt_type = FILTER_NOT;
(void) ber_skip_tag( ber, &len );
err = get_filter( ber, &f->FUFILT );
break;
default:
Debug( LDAP_DEBUG_ANY, "unknown filter type %lu\n", tag, 0, 0 );
free( f );
return( LDAP_PROTOCOL_ERROR );
break;
}
Debug( LDAP_DEBUG_TRACE, "end get_filter\n", 0, 0, 0 );
return( err );
}
static int
get_filter_list( BerElement *ber, Filter f )
{
Filter new, tail;
int err;
unsigned long tag, len;
char *last;
Debug( LDAP_DEBUG_TRACE, "get_filter_list\n", 0, 0, 0 );
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
f->FUFILT = tail = NULLFILTER;
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) ) {
if ( (err = get_filter( ber, &new )) != 0 )
return( err );
if ( f->FUFILT == NULLFILTER ) {
f->FUFILT = new;
} else {
tail->flt_next = new;
}
tail = new;
}
Debug( LDAP_DEBUG_TRACE, "end get_filter_list\n", 0, 0, 0 );
return( 0 );
}
static int
get_substring_filter( BerElement *ber, Filter f )
{
unsigned long tag, len;
char typestr[64];
AttributeType type;
char *valstr, *last;
AttributeValue value;
Debug( LDAP_DEBUG_TRACE, "get_substring_filter\n", 0, 0, 0 );
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 )
(void) ber_skip_tag( ber, &len );
#endif
f->flt_type = FILTER_ITEM;
f->FUITEM.fi_type = FILTERITEM_SUBSTRINGS;
len = sizeof(typestr);
if ( ber_scanf( ber, "{s", typestr, &len ) == LBER_ERROR ) {
return( LDAP_PROTOCOL_ERROR );
}
if ( (type = str2AttrT( typestr )) == NULLAttrT ) {
return( LDAP_UNDEFINED_TYPE );
}
f->FUITEM.UNSUB.fi_sub_type = type;
f->FUITEM.UNSUB.fi_sub_initial = NULLAV;
f->FUITEM.UNSUB.fi_sub_any = NULLAV;
f->FUITEM.UNSUB.fi_sub_final = NULLAV;
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) ) {
AV_Sequence avs, any_end;
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 ) {
if ( ber_scanf( ber, "{a}", &valstr ) == LBER_ERROR ) {
return( LDAP_PROTOCOL_ERROR );
}
} else
#endif
if ( ber_scanf( ber, "a", &valstr ) == LBER_ERROR ) {
return( LDAP_PROTOCOL_ERROR );
}
value = ldap_str2AttrV( valstr, type->oa_syntax );
free( valstr );
if ( value == NULLAttrV ) {
return( LDAP_INVALID_SYNTAX );
}
if ( (avs = avs_comp_new( value )) == NULLAV )
return( LDAP_OPERATIONS_ERROR );
switch ( tag ) {
#ifdef LDAP_COMPAT20
case OLD_LDAP_SUBSTRING_INITIAL:
#endif
#ifdef LDAP_COMPAT30
case LDAP_SUBSTRING_INITIAL_30:
#endif
case LDAP_SUBSTRING_INITIAL:
Debug( LDAP_DEBUG_ARGS, " INITIAL\n", 0, 0, 0 );
if ( f->FUITEM.UNSUB.fi_sub_initial != NULLAV
&& f->FUITEM.UNSUB.fi_sub_initial->avseq_next
!= NULLAV ) {
return( LDAP_PROTOCOL_ERROR );
}
f->FUITEM.UNSUB.fi_sub_initial = avs;
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_SUBSTRING_ANY:
#endif
#ifdef LDAP_COMPAT30
case LDAP_SUBSTRING_ANY_30:
#endif
case LDAP_SUBSTRING_ANY:
Debug( LDAP_DEBUG_ARGS, " ANY\n", 0, 0, 0 );
if (f->FUITEM.UNSUB.fi_sub_any != NULLAV) {
any_end->avseq_next = avs;
} else {
f->FUITEM.UNSUB.fi_sub_any = avs;
}
any_end = avs;
break;
#ifdef LDAP_COMPAT20
case OLD_LDAP_SUBSTRING_FINAL:
#endif
#ifdef LDAP_COMPAT30
case LDAP_SUBSTRING_FINAL_30:
#endif
case LDAP_SUBSTRING_FINAL:
Debug( LDAP_DEBUG_ARGS, " FINAL\n", 0, 0, 0 );
if ( f->FUITEM.UNSUB.fi_sub_final != NULLAV
&& f->FUITEM.UNSUB.fi_sub_final->avseq_next
!= NULLAV ) {
return( LDAP_PROTOCOL_ERROR );
}
f->FUITEM.UNSUB.fi_sub_final = avs;
break;
default:
Debug( LDAP_DEBUG_ARGS, " unknown type\n", tag, 0, 0 );
return( LDAP_PROTOCOL_ERROR );
}
}
Debug( LDAP_DEBUG_TRACE, "end get_substring_filter\n", 0, 0, 0 );
return( 0 );
}
void
search_result(
Sockbuf *sb,
struct msg *m,
struct ds_search_result *sr
)
{
EntryInfo *e;
BerElement *ber;
int rc;
Debug( LDAP_DEBUG_TRACE, "search_result\n", 0, 0, 0 );
ber = NULL;
if ( ! sr->srr_correlated ) {
Debug( LDAP_DEBUG_ARGS, "correlating results\n", 0, 0, 0 );
correlate_search_results( sr );
}
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap ) {
if ((ber = der_alloc()) == NULL ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "der_alloc" );
return;
}
if ( ber_printf( ber, "t{is{", LBER_SEQUENCE, m->m_msgid,
"" ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf" );
return;
}
}
#endif
for ( e = sr->CSR_entries; e != NULLENTRYINFO; e = e->ent_next ) {
Debug( LDAP_DEBUG_ARGS, "\tentry:\n", 0, 0, 0 );
#ifdef LDAP_CONNECTIONLESS
if ( !m->m_cldap )
#endif /* LDAP_CONNECTIONLESS */
if ( (ber = der_alloc()) == NULL ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "der_alloc" );
return;
}
#ifdef LDAP_COMPAT20
if ( version == 1 ) {
if ( ber_printf( ber, "t{it{", OLD_LBER_SEQUENCE,
m->m_msgid, OLD_LDAP_RES_SEARCH_ENTRY ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf" );
return;
}
} else
#endif
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 ) {
if ( ber_printf( ber, "{it{{", m->m_msgid,
LDAP_RES_SEARCH_ENTRY ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf" );
return;
}
} else
#endif
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap )
rc = ber_printf( ber, "t{", LDAP_RES_SEARCH_ENTRY );
else
#endif /* LDAP_CONNECTIONLESS */
rc = ber_printf( ber, "{it{", m->m_msgid,
LDAP_RES_SEARCH_ENTRY );
if ( rc == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf" );
return;
}
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap )
rc = encode_dn( ber, e->ent_dn, m->m_searchbase );
#endif /* LDAP_CONNECTIONLESS */
else
rc = encode_dn( ber, e->ent_dn, NULLDN );
if ( rc == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "encode_dn" );
return;
}
if ( encode_attrs( ber, e->ent_attr ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "encode_attrs" );
return;
}
#ifdef LDAP_COMPAT20
if ( version == 1 ) {
if ( ber_printf( ber, "}}" ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL,
"ber_printf 2" );
return;
}
} else
#endif
#ifdef LDAP_COMPAT30
if ( ldap_compat == 30 ) {
if ( ber_printf( ber, "}}}" ) == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL,
"ber_printf 2" );
return;
}
} else
#endif
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap )
rc = ber_printf( ber, "}" );
else
#endif /* LDAP_CONNECTIONLESS */
rc = ber_printf( ber, "}}" );
if ( rc == -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf 2" );
return;
}
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_BER )
trace_ber( 0, ber->ber_ptr - ber->ber_buf,
ber->ber_buf, stderr, 0, 0 );
#endif
#ifdef LDAP_CONNECTIONLESS
if ( !m->m_cldap )
#endif
(void) ber_flush( sb, ber, 1 );
}
switch ( sr->CSR_limitproblem ) {
case LSR_NOLIMITPROBLEM:
rc = LDAP_SUCCESS;
break;
case LSR_TIMELIMITEXCEEDED:
rc = LDAP_TIMELIMIT_EXCEEDED;
break;
case LSR_SIZELIMITEXCEEDED:
case LSR_ADMINSIZEEXCEEDED:
rc = LDAP_SIZELIMIT_EXCEEDED;
break;
}
Debug( LDAP_DEBUG_ARGS, "\tresult:\n", 0, 0, 0 );
#ifdef LDAP_CONNECTIONLESS
if ( m->m_cldap ) {
if ( ber_printf( ber, "t{ess}}}", SEARCHRESTAG, rc, "", "" )
== -1 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_OPERATIONS_ERROR, NULL, "ber_printf" );
return;
}
ber_sockbuf_ctrl( sb, LBER_SB_OPT_UDP_SET_DST,
(void *)&m->m_clientaddr );
if ( ber_flush( sb, ber, 1 ) != 0 ) {
send_ldap_msgresult( sb, SEARCHRESTAG, m,
LDAP_RESULTS_TOO_LARGE, NULL, "ber_flush" );
}
} else
#endif
send_ldap_msgresult( sb, SEARCHRESTAG, m, rc, NULL, "" );
return;
}

1039
servers/ldapd/syntax.c
View file

File diff suppressed because it is too large Load diff

190
servers/ldapd/util.c
View file

@ -1,190 +0,0 @@
/* $OpenLDAP$ */
/*
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/errno.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <sys/ioctl.h>
#include <quipu/commonarg.h>
#include <quipu/ds_error.h>
#include "lber.h"
#include "ldap.h"
#include "common.h"
/*
* Print arbitrary stuff, for debugging.
*/
#define BPLEN 48
void
bprint( char *data, int len )
{
static const char hexdig[] = "0123456789abcdef";
char out[ BPLEN ];
int i = 0;
(void) memset( out, 0, BPLEN );
for ( ;; ) {
if ( len < 1 ) {
printf( "\t%s\n", ( i == 0 ) ? "(end)" : out );
break;
}
if ( isgraph( (unsigned char)*data )) {
out[ i ] = ' ';
out[ i+1 ] = *data;
} else {
out[ i ] = hexdig[ ( (unsigned char)*data & 0xf0 ) >> 4 ];
out[ i+1 ] = hexdig[ (unsigned char)*data & 0x0f ];
}
i += 2;
len--;
data++;
if ( i > BPLEN - 2 ) {
printf( "\t%s\n", out );
(void) memset( out, 0, BPLEN );
i = 0;
continue;
}
out[ i++ ] = ' ';
}
}
void
charlist_free( char **cl )
{
int i;
if ( cl == NULL )
return;
for ( i = 0; cl[i] != NULL; i++ )
free( cl[i] );
free( (char *) cl );
}
int
get_ava( BerElement *ber, AVA *tava )
{
char *type, *value;
Debug( LDAP_DEBUG_TRACE, "get_ava\n", 0, 0, 0 );
/*
* An AVA looks like this:
* AttributeValueAsertion ::= SEQUENCE {
* attributeType AttributeType,
* attributeValue AttributeValue
* }
*/
if ( ber_scanf( ber, "{aa}", &type, &value ) == LBER_ERROR )
return( LDAP_PROTOCOL_ERROR );
if ( (tava->ava_type = str2AttrT( type )) == NULLAttrT ) {
free( type );
free( value );
return( LDAP_UNDEFINED_TYPE );
}
if ( (tava->ava_value = ldap_str2AttrV( value,
tava->ava_type->oa_syntax )) == NULLAttrV ) {
free( type );
free( value );
return( LDAP_INVALID_SYNTAX );
}
free( type );
free( value );
return( 0 );
}
int
chase_referral(
Sockbuf *clientsb,
struct msg *m,
struct DSError *err,
char **matched
)
{
ContinuationRef cr;
struct access_point *ap;
int rc, bound;
struct conn *save, *dup, *found;
Debug( LDAP_DEBUG_TRACE, "chase_referral\n", 0, 0, 0 );
save = m->m_conn;
dup = conn_dup( m->m_conn );
m->m_conn = dup;
m->m_conn->c_ad = -1;
/* for each dsa candidate */
rc = LDAP_OTHER;
for ( cr = err->ERR_REFERRAL.DSE_ref_candidates;
cr != NULLCONTINUATIONREF; cr = cr->cr_next ) {
/* for each access point listed for the dsa */
for ( ap = cr->cr_accesspoints; ap != NULLACCESSPOINT;
ap = ap->ap_next ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
char *str;
str = paddr2str( ap->ap_address, NULLNA );
fprintf( stderr, "Referring to (%s)...\n",
str );
}
#endif
if ( m->m_conn->c_paddr )
free( (char *) m->m_conn->c_paddr );
m->m_conn->c_paddr = psap_cpy( ap->ap_address );
if ( (found = conn_find( m->m_conn )) != NULL ) {
conn_free( m->m_conn );
m->m_conn = found;
m->m_conn->c_refcnt++;
conn_free( save );
return( LDAP_SUCCESS );
}
rc = do_bind_real( m->m_conn, &bound, matched );
if ( rc == LDAP_SUCCESS ) {
conn_free( save );
conn_add( m->m_conn );
return( LDAP_SUCCESS );
}
}
}
/* so the conn can be found and freed later */
conn_free( m->m_conn );
m->m_conn = save;
return( rc );
}

2
servers/slapd/tools/Makefile.in
View file

@ -28,7 +28,7 @@ XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS) $(SLAPD_MODULES)
XLIBS = -lavl -lldif -lldbm -llutil -lldap_r -llber
XXLIBS = $(LDAPD_LIBS) $(SLAPD_LIBS) \
XXLIBS = $(QUIPU_LIBS) $(SLAPD_LIBS) \
$(LDBM_LIBS) $(SECURITY_LIBS) \
$(LDIF_LIBS) $(LUTIL_LIBS)
XXXLIBS = $(LTHREAD_LIBS) $(MODULES_LIBS)