upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-30 03:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

LDAPv3 referrals changes by Steve Sonntag @ Novell

Browse source
This commit is contained in:
Kurt Zeilenga 2000-05-31 17:34:43 +00:00
parent 58522e3416
commit a26cef7fc8
11 changed files with 509 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
include/ldap.h
View file

@ -548,6 +548,13 @@ ldap_set_option LDAP_P((
int option,
LDAP_CONST void *invalue));
/* V3 REBIND Function Callback Prototype */
typedef int (LDAP_REBIND_PROC) ( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid);
LIBLDAP_F( int )
ldap_set_rebind_proc LDAP_P((
LDAP *ld,
LDAP_REBIND_PROC *ldap_proc));
/*
* in controls.c:

11
libraries/libldap/bind.c
View file

@ -130,14 +130,3 @@ ldap_bind_s(
return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
}
}
void
ldap_set_rebind_proc( LDAP *ld, int (*rebindproc)( LDAP *ld, char **dnp,
char **passwdp, int *authmethodp, int freeit ))
{
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
ld->ld_rebindproc = rebindproc;
}

2
libraries/libldap/cldap.c
View file

@ -162,7 +162,7 @@ cldap_open( LDAP_CONST char *host, int port )
}
if ( ld->ld_cldapaddrs == NULL
|| ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,0 )) == NULL
|| ( ld->ld_defconn = ldap_new_connection( ld, NULL, 1,0,NULL )) == NULL
) {
ldap_ld_free( ld, 0, NULL, NULL );
DO_RETURN( NULL );

24
libraries/libldap/ldap-int.h
View file

@ -119,6 +119,9 @@ struct ldapoptions {
/* LDAPv3 server and client controls */
LDAPControl **ldo_sctrls;
LDAPControl **ldo_cctrls;
/* LDAPV3 rebind callback function
*/
LDAP_REBIND_PROC *ldo_rebindproc;
#ifdef HAVE_TLS
/* tls context */
@ -152,6 +155,8 @@ typedef struct ldap_conn {
Sockbuf *lconn_sb;
int lconn_refcnt;
time_t lconn_lastused; /* time */
int lconn_rebind_inprogress; /* set if rebind in progress */
char ***lconn_rebind_queue; /* used if rebind in progress */
int lconn_status;
#define LDAP_CONNST_NEEDSOCKET 1
#define LDAP_CONNST_CONNECTING 2
@ -169,6 +174,7 @@ typedef struct ldap_conn {
typedef struct ldapreq {
ber_int_t lr_msgid; /* the message id */
int lr_status; /* status of request */
#define LDAP_REQST_COMPLETED 0
#define LDAP_REQST_INPROGRESS 1
#define LDAP_REQST_CHASINGREFS 2
#define LDAP_REQST_NOTCONNECTED 3
@ -204,6 +210,15 @@ typedef struct ldapcache {
#define LDAP_CACHE_OPT_CACHEALLERRS 0x00000002
} LDAPCache;
/*
* structure containing referral request info for rebind procedure
*/
typedef struct ldapreqinfo {
ber_len_t ri_msgid;
int ri_request;
char *ri_url;
} LDAPreqinfo;
/*
* handy macro for checking if handle is connectionless
*/
@ -237,6 +252,7 @@ struct ldap {
#define ld_sctrls ld_options.ldo_sctrls
#define ld_cctrls ld_options.ldo_cctrls
#define ld_rebindproc ld_options.ldo_rebindproc
#define ld_version ld_options.ldo_version
char *ld_host;
@ -272,9 +288,6 @@ struct ldap {
LDAPConn *ld_defconn; /* default connection */
LDAPConn *ld_conns; /* list of server connections */
void *ld_selectinfo; /* platform specifics for select */
int (*ld_rebindproc)( struct ldap *ld, char **dnp,
char **passwdp, int *authmethodp, int freeit );
/* routine to get info needed for re-bind */
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *ld_sasl_context;
#endif /* HAVE_CYRUS_SASL */
@ -409,14 +422,15 @@ LIBLDAP_F (ber_int_t) ldap_send_initial_request( LDAP *ld, ber_tag_t msgtype,
LIBLDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld );
LIBLDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber );
LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, int bind );
LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, int bind );
LIBLDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
LIBLDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind );
LIBLDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid );
LIBLDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr );
LIBLDAP_F (void) ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind );
LIBLDAP_F (void) ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all );
LIBLDAP_F (void) ldap_dump_requests_and_responses( LDAP *ld );
LIBLDAP_F (int) ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp );
LIBLDAP_F (int) ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **referralsp, int *hadrefp );
LIBLDAP_F (int) ldap_append_referral( LDAP *ld, char **referralsp, char *s );
/*

2
libraries/libldap/open.c
View file

@ -25,7 +25,7 @@
int ldap_open_defconn( LDAP *ld )
{
if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,0 )) == NULL )
if (( ld->ld_defconn = ldap_new_connection( ld, ld->ld_options.ldo_defludp, 1,1,NULL )) == NULL )
{
ld->ld_errno = LDAP_SERVER_DOWN;
return -1;

13
libraries/libldap/options.c
View file

@ -16,6 +16,8 @@
#include "ldap-int.h"
#define LDAP_OPT_REBIND_PROC 0x4e814d
static const LDAPAPIFeatureInfo features[] = {
#ifdef LDAP_API_FEATURE_X_OPENLDAP
{ /* OpenLDAP Extensions API Feature */
@ -420,6 +422,11 @@ ldap_set_option(
return LDAP_OPT_ERROR;
}
} return LDAP_OPT_SUCCESS;
/* Only accessed from inside this function by ldap_set_rebind_proc() */
case LDAP_OPT_REBIND_PROC: {
lo->ldo_rebindproc = (LDAP_REBIND_PROC *)invalue;
} return LDAP_OPT_SUCCESS;
}
if(invalue == NULL) {
@ -588,3 +595,9 @@ ldap_set_option(
}
return LDAP_OPT_ERROR;
}
LIBLDAP_F(int)
ldap_set_rebind_proc( LDAP *ld, LDAP_REBIND_PROC *rebind_proc)
{
return( ldap_set_option( ld, LDAP_OPT_REBIND_PROC, (void *)rebind_proc));
}

326
libraries/libldap/request.c
View file

@ -6,6 +6,23 @@
/* Portions
* Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
******************************************************************************
* This notice applies to changes, created by or for Novell, Inc.,
* to preexisting works for which notices appear elsewhere in this file.
*
* Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
*
* THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
* USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
* 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
* HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
* TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
* WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
******************************************************************************
* Modification to OpenLDAP source by Novell, Inc.
* April 2000 sfs Added code to chase V3 referrals
*
* request.c - sending of ldap requests; handling of referrals
*/
@ -36,7 +53,8 @@ static BerElement *re_encode_request LDAP_P((
LDAP *ld,
BerElement *origber,
ber_int_t msgid,
char **dnp ));
char **dnp,
int *type));
BerElement *
@ -132,7 +150,7 @@ ldap_send_initial_request(
}
rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL,
servers, NULL, 0 );
servers, NULL, NULL );
if (servers)
ldap_free_urllist(servers);
return(rc);
@ -148,7 +166,7 @@ ldap_send_server_request(
LDAPRequest *parentreq,
LDAPURLDesc *srvlist,
LDAPConn *lc,
int bind )
LDAPreqinfo *bind )
{
LDAPRequest *lr;
int incparent;
@ -164,7 +182,7 @@ ldap_send_server_request(
} else {
if (( lc = find_connection( ld, srvlist, 1 )) ==
NULL ) {
if ( bind && (parentreq != NULL) ) {
if ( (bind != NULL) && (parentreq != NULL) ) {
/* Remember the bind in the parent */
incparent = 1;
++parentreq->lr_outrefcnt;
@ -255,12 +273,13 @@ ldap_send_server_request(
LDAPConn *
ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb,
int connect, int bind )
int connect, LDAPreqinfo *bind )
{
LDAPConn *lc;
LDAPURLDesc *srv;
Sockbuf *sb;
Debug( LDAP_DEBUG_TRACE, "ldap_new_connection\n", 0, 0, 0 );
/*
* make a new LDAP server connection
* XXX open connection synchronously for now
@ -305,50 +324,58 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb,
* XXX for now, we always do a synchronous bind. This will have
* to change in the long run...
*/
if ( bind ) {
int err, freepasswd, authmethod;
char *binddn, *passwd;
if ( bind != NULL) {
int err = 0;
LDAPConn *savedefconn;
freepasswd = err = 0;
if ( ld->ld_rebindproc == 0 ) {
binddn = passwd = "";
authmethod = LDAP_AUTH_SIMPLE;
} else {
if (( err = (*ld->ld_rebindproc)( ld, &binddn, &passwd,
&authmethod, 0 )) == LDAP_SUCCESS ) {
freepasswd = 1;
/* Set flag to prevent additional referrals from being processed on this
* connection until the bind has completed
*/
lc->lconn_rebind_inprogress = 1;
/* V3 rebind function */
if ( ld->ld_rebindproc != NULL) {
LDAPURLDesc *srvfunc;
if( ( srvfunc = ldap_url_dup( srvlist)) == NULL) {
ld->ld_errno = LDAP_NO_MEMORY;
err = -1;
} else {
ld->ld_errno = err;
savedefconn = ld->ld_defconn;
++lc->lconn_refcnt; /* avoid premature free */
ld->ld_defconn = lc;
Debug( LDAP_DEBUG_TRACE, "Call application rebindproc\n", 0, 0, 0);
err = (*ld->ld_rebindproc)( ld, bind->ri_url, bind->ri_request, bind->ri_msgid);
ld->ld_defconn = savedefconn;
--lc->lconn_refcnt;
if( err != 0) {
err = -1;
ldap_free_connection( ld, lc, 1, 0 );
lc = NULL;
}
ldap_free_urldesc( srvfunc);
}
if ( err == 0 ) {
} else {
savedefconn = ld->ld_defconn;
ld->ld_defconn = lc;
++lc->lconn_refcnt; /* avoid premature free */
ld->ld_defconn = lc;
if ( ldap_bind_s( ld, binddn, passwd, authmethod ) !=
LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "anonymous rebind via ldap_bind_s\n", 0, 0, 0);
if ( ldap_bind_s( ld, "", "", LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) {
err = -1;
}
--lc->lconn_refcnt;
ld->ld_defconn = savedefconn;
}
if ( freepasswd ) {
(*ld->ld_rebindproc)( ld, &binddn, &passwd,
&authmethod, 1 );
}
--lc->lconn_refcnt;
if ( err != 0 ) {
ldap_free_connection( ld, lc, 1, 0 );
lc = NULL;
}
}
if( lc != NULL)
lc->lconn_rebind_inprogress = 0;
}
return( lc );
}
@ -434,6 +461,13 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind )
if ( lc->lconn_sb != &ld->ld_sb ) {
ber_sockbuf_free( lc->lconn_sb );
}
if( lc->lconn_rebind_queue != NULL) {
int i;
for( i = 0; lc->lconn_rebind_queue[i] != NULL; i++) {
free_strarray(lc->lconn_rebind_queue[i]);
}
LDAP_FREE( lc->lconn_rebind_queue);
}
LDAP_FREE( lc );
Debug( LDAP_DEBUG_TRACE, "ldap_free_connection: actually freed\n",
0, 0, 0 );
@ -465,8 +499,24 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ?
"NeedSocket" : ( lc->lconn_status ==
LDAP_CONNST_CONNECTING ) ? "Connecting" : "Connected" );
fprintf( stderr, " last used: %s\n",
fprintf( stderr, " last used: %s",
ldap_pvt_ctime( &lc->lconn_lastused, timebuf ));
if( lc->lconn_rebind_inprogress ) {
fprintf( stderr, " rebind in progress\n");
if( lc->lconn_rebind_queue != NULL) {
int i = 0;
for( ;lc->lconn_rebind_queue[i] != NULL; i++) {
int j = 0;
for( ;lc->lconn_rebind_queue[i][j] != 0; j++) {
fprintf( stderr, " queue %d entry %d - %s\n",
i, j, lc->lconn_rebind_queue[i][j]);
}
}
} else {
fprintf( stderr, " queue is empty\n");
}
}
fprintf(stderr, "\n");
if ( !all ) {
break;
}
@ -486,11 +536,12 @@ ldap_dump_requests_and_responses( LDAP *ld )
}
for ( ; lr != NULL; lr = lr->lr_next ) {
fprintf( stderr, " * msgid %d, origid %d, status %s\n",
lr->lr_msgid, lr->lr_origid, ( lr->lr_status ==
LDAP_REQST_INPROGRESS ) ? "InProgress" :
lr->lr_msgid, lr->lr_origid,
( lr->lr_status == LDAP_REQST_INPROGRESS ) ? "InProgress" :
( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
( lr->lr_status == LDAP_REQST_NOTCONNECTED ) ? "NotConnected" :
"Writing" );
( lr->lr_status == LDAP_REQST_WRITING) ? "Writing" :
( lr->lr_status == LDAP_REQST_COMPLETED ? "Request Completed" : "Invalid Status"));
fprintf( stderr, " outstanding referrals %d, parent count %d\n",
lr->lr_outrefcnt, lr->lr_parentcnt );
}
@ -559,6 +610,197 @@ ldap_free_request( LDAP *ld, LDAPRequest *lr )
LDAP_FREE( lr );
}
/*
* Chase v3 referrals
*
* Parameters:
* (IN) ld = LDAP connection handle
* (IN) lr = LDAP Request structure
* (IN) refs = array of pointers to referral strings that we will chase
* The array will be free'd by this function when no longer needed
* (OUT) errstrp = Place to return a string of referrals which could not be followed
* (OUT) hadrefp = 1 if sucessfully followed referral
*
* Return value - number of referrals followed
*/
LIBLDAP_F(int)
ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, char **errstrp, int *hadrefp )
{
char *unfollowed;
int unfollowedcnt = 0;
LDAPRequest *origreq;
LDAPURLDesc *srv = NULL;
BerElement *ber;
char **refarray = NULL;
LDAPConn *lc;
int rc, count, i, j;
LDAPreqinfo rinfo;
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
*hadrefp = 0;
Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals\n", 0, 0, 0 );
unfollowed = NULL;
rc = count = 0;
/* If no referrals in array, return */
if ( (refs == NULL) || ( (refs)[0] == NULL) ) {
rc = 0;
goto done;
}
/* Check for hop limit exceeded */
if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
Debug( LDAP_DEBUG_ANY,
"more than %d referral hops (dropping)\n", ld->ld_refhoplimit, 0, 0 );
ld->ld_errno = LDAP_REFERRAL_LIMIT_EXCEEDED;
rc = -1;
goto done;
}
/* find original request */
for ( origreq = lr; origreq->lr_parent != NULL; origreq = origreq->lr_parent ) {
;
}
refarray = refs;
refs = NULL;
/* parse out & follow referrals */
for( i=0; refarray[i] != NULL; i++) {
/* Parse the referral URL */
if (( rc = ldap_url_parse( refarray[i], &srv)) != LDAP_SUCCESS) {
ld->ld_errno = rc;
rc = -1;
goto done;
}
/* check connection for re-bind in progress */
if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
if( lc->lconn_rebind_inprogress) {
/* We are already chasing a referral or search reference and a
* bind on that connection is in progress. We must queue
* referrals on that connection, so we don't get a request
* going out before the bind operation completes. This happens
* if two search references come in one behind the other
* for the same server with different contexts.
*/
Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referrals: queue referral \"%s\"\n",
refarray[i], 0, 0);
if( lc->lconn_rebind_queue == NULL ) {
/* Create a referral list */
if( (lc->lconn_rebind_queue = (char ***)LDAP_MALLOC( sizeof(void *) * 2)) == NULL) {
ld->ld_errno = LDAP_NO_MEMORY;
rc = -1;
goto done;
}
lc->lconn_rebind_queue[0] = refarray;
lc->lconn_rebind_queue[1] = NULL;
refarray = NULL;
} else {
/* Count how many referral arrays we already have */
for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
;
}
/* Add the new referral to the list */
if( (lc->lconn_rebind_queue = (char ***)LDAP_REALLOC(
lc->lconn_rebind_queue, sizeof(void *) * (j + 2))) == NULL) {
ld->ld_errno = LDAP_NO_MEMORY;
rc = -1;
goto done;
}
lc->lconn_rebind_queue[j] = refarray;
lc->lconn_rebind_queue[j+1] = NULL;
refarray = NULL;
}
/* We have queued the referral/reference, now just return */
rc = 0;
*hadrefp = 1;
count = 1; /* Pretend we already followed referral */
goto done;
}
}
/* Re-encode the request with the new starting point of the search.
* Note: In the future we also need to replace the filter if one
* was provided with the search reference
*/
if (( ber = re_encode_request( ld, origreq->lr_ber,
++ld->ld_msgid, &srv->lud_dn, &rinfo.ri_request )) == NULL ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
rc = -1;
goto done;
}
Debug( LDAP_DEBUG_TRACE, "ldap_chase_v3referral: msgid %d, url \"%s\"\n",
lr->lr_msgid, refarray[i], 0);
/* Send the new request to the server - may require a bind */
rinfo.ri_msgid = origreq->lr_origid;
rinfo.ri_url = refarray[i];
if ( (rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
origreq, srv, NULL, &rinfo )) < 0 ) {
/* Failure, try next referral in the list */
Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%s)\n",
refarray[i], ldap_err2string( ld->ld_errno ), 0);
unfollowedcnt += ldap_append_referral( ld, &unfollowed, refarray[i]);
ldap_free_urllist(srv);
srv = NULL;
} else {
/* Success, no need to try this referral list further */
rc = 0;
++count;
*hadrefp = 1;
/* check if there is a queue of referrals that came in during bind */
if( lc == NULL) {
if (( lc = find_connection( ld, srv, 1 )) == NULL ) {
ld->ld_errno = LDAP_OPERATIONS_ERROR;
rc = -1;
goto done;
}
}
if( lc->lconn_rebind_queue != NULL) {
/* Release resources of previous list */
free_strarray(refarray);
refarray = NULL;
ldap_free_urllist(srv);
srv = NULL;
/* Pull entries off end of queue so list always null terminated */
for( j = 0; lc->lconn_rebind_queue[j] != NULL; j++) {
;
}
refarray = lc->lconn_rebind_queue[j-1];
lc->lconn_rebind_queue[j-1] = NULL;
/* we pulled off last entry from queue, free queue */
if ( j == 1 ) {
LDAP_FREE( lc->lconn_rebind_queue);
lc->lconn_rebind_queue = NULL;
}
/* restart the loop the with new referral list */
i = -1;
continue;
}
break; /* referral followed, break out of for loop */
}
} /* end for loop */
done:
free_strarray(refarray);
ldap_free_urllist(srv);
LDAP_FREE( *errstrp );
if( rc == 0) {
*errstrp = NULL;
LDAP_FREE( unfollowed );
return count;
} else {
ld->ld_errno = LDAP_REFERRAL;
*errstrp = unfollowed;
return rc;
}
}
/*
* XXX merging of errors in this routine needs to be improved
@ -574,6 +816,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp )
LDAPRequest *origreq;
LDAPURLDesc *srv;
BerElement *ber;
LDAPreqinfo rinfo;
Debug( LDAP_DEBUG_TRACE, "ldap_chase_referrals\n", 0, 0, 0 );
@ -665,7 +908,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp )
}
if (( ber = re_encode_request( ld, origreq->lr_ber,
++ld->ld_msgid, &refdn )) == NULL ) {
++ld->ld_msgid, &refdn, &rinfo.ri_request )) == NULL ) {
return( -1 );
}
@ -698,8 +941,9 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp )
}
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_DNS */
rinfo.ri_msgid = origreq->lr_origid;
if ( srv != NULL && ldap_send_server_request( ld, ber, ld->ld_msgid,
lr, srv, NULL, 1 ) >= 0 ) {
lr, srv, NULL, &rinfo ) >= 0 ) {
++count;
} else {
Debug( LDAP_DEBUG_ANY,
@ -707,6 +951,7 @@ ldap_chase_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, int *hadrefp )
ldap_err2string( ld->ld_errno ), 0, 0 );
rc = ldap_append_referral( ld, &unfollowed, ref );
}
LDAP_FREE( rinfo.ri_url);
if (srv != NULL)
ldap_free_urllist(srv);
@ -756,7 +1001,7 @@ ldap_append_referral( LDAP *ld, char **referralsp, char *s )
static BerElement *
re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp )
re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp, int *type )
{
/*
* XXX this routine knows way too much about how the lber library works!
@ -787,6 +1032,7 @@ re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp )
return( NULL );
}
assert( tag != 0);
if ( tag == LDAP_REQ_BIND ) {
/* bind requests have a version number before the DN & other stuff */
rc = ber_scanf( &tmpber, "{ia" /*}*/, &ver, &orig_dn );
@ -846,6 +1092,7 @@ re_encode_request( LDAP *ld, BerElement *origber, ber_int_t msgid, char **dnp )
}
#endif /* LDAP_DEBUG */
*type = tag; /* return request type */
return( ber );
}
@ -856,6 +1103,9 @@ ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid )
LDAPRequest *lr;
for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
if( lr->lr_status == LDAP_REQST_COMPLETED ) {
continue; /* Skip completed requests */
}
if ( msgid == lr->lr_msgid ) {
break;
}

141
libraries/libldap/result.c
View file

@ -6,6 +6,23 @@
/* Portions
* Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
******************************************************************************
* This notice applies to changes, created by or for Novell, Inc.,
* to preexisting works for which notices appear elsewhere in this file.
*
* Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
*
* THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
* USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
* 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
* HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
* TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
* WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
******************************************************************************
* Modification to OpenLDAP source by Novell, Inc.
* April 2000 sfs Add code to process V3 referrals and search results
*
* result.c - wait for an ldap result
*/
@ -279,10 +296,15 @@ try_read1msg(
ber_tag_t tag;
ber_len_t len;
int foundit = 0;
LDAPRequest *lr;
LDAPRequest *lr, *tmplr;
BerElement tmpber;
int rc, refer_cnt, hadref, simple_request;
ber_int_t lderr;
/*
* v3ref = flag for V3 referral / search reference
* 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application
*/
int v3ref;
assert( ld != NULL );
assert( lc != NULL );
@ -338,6 +360,7 @@ try_read1msg(
/* if it's been abandoned, toss it */
if ( ldap_abandoned( ld, id ) ) {
ber_free( ber, 1 );
Debug( LDAP_DEBUG_ANY, "abandoned\n", 0, 0, 0);
return( -2 ); /* continue looking */
}
@ -356,10 +379,10 @@ try_read1msg(
return( -1 );
}
Debug( LDAP_DEBUG_TRACE, "ldap_read: %s msgid %ld, original id %ld\n",
Debug( LDAP_DEBUG_TRACE, "ldap_read: message type %s msgid %ld, original id %ld\n",
( tag == LDAP_RES_SEARCH_ENTRY ) ? "entry" :
( tag == LDAP_RES_SEARCH_REFERENCE ) ? "reference" : "result",
(long) id, (long) lr->lr_origid );
(long) lr->lr_msgid, (long) lr->lr_origid );
id = lr->lr_origid;
refer_cnt = 0;
@ -367,12 +390,96 @@ try_read1msg(
rc = -2; /* default is to keep looking (no response found) */
lr->lr_res_msgtype = tag;
if ( tag != LDAP_RES_SEARCH_ENTRY ) {
/*
* This code figures out if we are going to chase a
* referral / search reference, or pass it back to the application
*/
v3ref = 0; /* Assume not a V3 search reference or referral */
if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) {
BerElement tmpber = *ber; /* struct copy */
char **refs = NULL;
if( tag == LDAP_RES_SEARCH_REFERENCE) {
/* This is a V3 search reference */
/* Assume we do not chase the reference, but pass it to application */
v3ref = -1;
if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
(lr->lr_parent != NULL) )
{
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
} else {
/* Note: refs arrary is freed by ldap_chase_v3referrals */
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
&lr->lr_res_error, &hadref );
if ( refer_cnt > 0 ) { /* sucessfully chased reference */
/* If haven't got end search, set chasing referrals */
if( lr->lr_status != LDAP_REQST_COMPLETED) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
Debug( LDAP_DEBUG_TRACE,
"read1msg: search ref chased, mark request chasing refs, id = %d\n",
lr->lr_msgid, 0, 0);
}
v3ref = 1; /* We sucessfully chased the reference */
}
}
}
} else {
/* Check for V3 referral */
ber_len_t len;
if ( ber_scanf( &tmpber, "{iaa",/*}*/ &lderr,
&lr->lr_res_matched, &lr->lr_res_error )
!= LBER_ERROR ) {
/* Check if V3 referral */
if( ber_peek_tag( &tmpber, &len) == LDAP_TAG_REFERRAL ) {
/* We have a V3 referral, assume we cannot chase it */
v3ref = -1;
if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
|| (lr->lr_parent != NULL) )
{
v3ref = -1; /* Assume referral not chased and return it to app */
/* Get the referral list */
if( ber_scanf( &tmpber, "v", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral decode error, mark request completed, id = %d\n",
lr->lr_msgid, 0, 0);
} else {
/* Chase the referral
* Note: refs arrary is freed by ldap_chase_v3referrals
*/
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
&lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral chased, mark request completed, id = %d\n",
lr->lr_msgid, 0, 0);
if( refer_cnt > 0) {
v3ref = 1; /* Referral successfully chased */
}
}
}
}
}
}
}
/* All results that just return a status, i.e. don't return data
* go through the following code. This code also chases V2 referrals
* and checks if all referrals have been chased.
*/
if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref > -1) ) {
/* For a v3 search referral/reference, only come here if already chased it */
if ( ld->ld_version >= LDAP_VERSION2 &&
( lr->lr_parent != NULL ||
LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) )
{
tmpber = *ber; /* struct copy */
if ( v3ref == 1 ) {
; /* V3 search reference or V3 referral sucessfully chased */
} else
if ( ber_scanf( &tmpber, "{iaa}", &lderr,
&lr->lr_res_matched, &lr->lr_res_error )
!= LBER_ERROR ) {
@ -380,6 +487,9 @@ try_read1msg(
/* referrals are in error string */
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: V2 referral chased, mark request completed, id = %d\n", lr->lr_msgid, 0, 0);
}
/* save errno, message, and matched string */
@ -408,7 +518,7 @@ Debug( LDAP_DEBUG_TRACE,
if ( refer_cnt < 0 ) {
return( -1 ); /* fatal error */
}
lr->lr_status = LDAP_REQST_CHASINGREFS;
lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
} else {
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
/* request without any referrals */
@ -419,6 +529,9 @@ Debug( LDAP_DEBUG_TRACE,
ber = NULL;
}
lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
Debug( LDAP_DEBUG_TRACE,
"read1msg: mark request completed, id = %d\n", lr->lr_msgid, 0, 0);
while ( lr->lr_parent != NULL ) {
merge_error_info( ld, lr->lr_parent, lr );
@ -428,7 +541,15 @@ Debug( LDAP_DEBUG_TRACE,
}
}
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
/* Check if all requests are finished, lr is now parent */
for(tmplr=lr ; tmplr != NULL; tmplr=tmplr->lr_refnext) {
if( tmplr->lr_status != LDAP_REQST_COMPLETED) {
break;
}
}
/* This is the parent request if the request has referrals */
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL && tmplr == NULL ) {
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_ANY, "request %ld done\n",
@ -479,7 +600,8 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
if ( msgid == LDAP_RES_ANY || id == msgid ) {
if ( all == LDAP_MSG_ONE
|| (new->lm_msgtype != LDAP_RES_SEARCH_RESULT
&& new->lm_msgtype != LDAP_RES_SEARCH_ENTRY) ) {
&& new->lm_msgtype != LDAP_RES_SEARCH_ENTRY
&& new->lm_msgtype != LDAP_RES_SEARCH_REFERENCE) ) {
*result = new;
ld->ld_errno = LDAP_SUCCESS;
return( tag );
@ -518,8 +640,9 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
(long) new->lm_msgid, (long) new->lm_msgtype, 0 );
/* part of a search response - add to end of list of entries */
for ( tmp = l; tmp->lm_chain != NULL &&
tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY;
for ( tmp = l; (tmp->lm_chain != NULL) &&
((tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
(tmp->lm_chain->lm_msgtype == LDAP_RES_SEARCH_REFERENCE));
tmp = tmp->lm_chain )
; /* NULL */
tmp->lm_chain = new;

4
libraries/libldap/search.c
View file

@ -173,6 +173,10 @@ ldap_search_ext_s(
return( ld->ld_errno );
}
if( rc == LDAP_RES_SEARCH_REFERENCE) {
return( ld->ld_errno );
}
return( ldap_result2error( ld, *res, 0 ) );
}

21
libraries/libldap/test.c
View file

@ -229,38 +229,35 @@ get_modlist( char *prompt1, char *prompt2, char *prompt3 )
static int
bind_prompt( LDAP *ld, char **dnp, char **passwdp, int *authmethodp,
int freeit )
bind_prompt( LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid)
{
static char dn[256], passwd[256];
char *dnp;
int authmethod;
if ( !freeit ) {
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
getline( dn, sizeof(dn), stdin,
"re-bind method (0->simple, 1->krbv41, 2->krbv42, 3->krbv41&2)? " );
if (( *authmethodp = atoi( dn )) == 3 ) {
*authmethodp = LDAP_AUTH_KRBV4;
if (( authmethod = atoi( dn )) == 3 ) {
authmethod = LDAP_AUTH_KRBV4;
} else {
*authmethodp |= 0x80;
authmethod |= 0x80;
}
#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
*authmethodp = LDAP_AUTH_SIMPLE;
authmethod = LDAP_AUTH_SIMPLE;
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
getline( dn, sizeof(dn), stdin, "re-bind dn? " );
strcat( dn, dnsuffix );
*dnp = dn;
if ( *authmethodp == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
if ( authmethod == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
getline( passwd, sizeof(passwd), stdin,
"re-bind password? " );
} else {
passwd[0] = '\0';
}
*passwdp = passwd;
}
return( LDAP_SUCCESS );
return ldap_bind_s( ld, dn, passwd, authmethod);
}

36
libraries/libldap/url.c
View file

@ -274,6 +274,36 @@ ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
return LDAP_URL_ERR_MEM;
}
/*
* Kluge. ldap://111.222.333.444:389??cn=abc,o=company
*
* On early Novell releases, search references/referrals were returned
* in this format, i.e., the dn was kind of in the scope position,
* but the required slash is missing. The whole thing is illegal syntax,
* but we need to account for it. Fortunately it can't be confused with
* anything real.
*/
if( (p == NULL) && ((q = strchr( q, '?')) != NULL)) {
q++;
/* ? immediately followed by question */
if( *q == '?') {
q++;
if( *q != '\0' ) {
/* parse dn part */
ldap_pvt_hex_unescape( q );
ludp->lud_dn = LDAP_STRDUP( q );
} else {
ludp->lud_dn = LDAP_STRDUP( "" );
}
if( ludp->lud_dn == NULL ) {
LDAP_FREE( url );
ldap_free_urldesc( ludp );
return LDAP_URL_ERR_MEM;
}
}
}
if( p == NULL ) {
LDAP_FREE( url );
*ludpp = ludp;
@ -721,6 +751,7 @@ ldap_url_search( LDAP *ld, LDAP_CONST char *url, int attrsonly )
int err;
LDAPURLDesc *ludp;
BerElement *ber;
LDAPreqinfo bind;
if ( ldap_url_parse( url, &ludp ) != 0 ) {
ld->ld_errno = LDAP_PARAM_ERROR;
@ -734,11 +765,14 @@ ldap_url_search( LDAP *ld, LDAP_CONST char *url, int attrsonly )
if ( ber == NULL ) {
err = -1;
} else {
bind.ri_request = LDAP_REQ_SEARCH;
bind.ri_msgid = ld->ld_msgid;
bind.ri_url = (char *)url;
err = ldap_send_server_request(
ld, ber, ld->ld_msgid, NULL,
(ludp->lud_host != NULL || ludp->lud_port != 0)
? ludp : NULL,
NULL, 1 );
NULL, &bind );
}
ldap_free_urldesc( ludp );