1 /* ldap-parse-uri.c - Parse an LDAP URI.
2 * Copyright (C) 2015 g10 Code GmbH
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <https://www.gnu.org/licenses/>.
22 #include <gpg-error.h>
24 #ifdef HAVE_W32_SYSTEM
25 # include "ldap-url.h"
30 #include "../common/util.h"
33 /* Returns 1 if the string is an LDAP URL. */
35 ldap_uri_p (const char *url)
40 if (http_parse_uri (&puri, url, 1))
43 result = !!puri->is_ldap;
45 http_release_parsed_uri (puri);
51 /* Parse a URI and put the result into *purip. On success the
52 caller must use http_release_parsed_uri() to releases the resources.
54 uri->path is the base DN (or NULL for the default).
55 uri->auth is the bindname (or NULL for none).
56 The uri->query variable "password" is the password.
58 Note: any specified scope, any attributes, any filter and any
59 unknown extensions are simply ignored. */
61 ldap_parse_uri (parsed_uri_t *purip, const char *uri)
63 gpg_err_code_t err = 0;
64 parsed_uri_t puri = NULL;
67 LDAPURLDesc *lud = NULL;
72 char *bindname = NULL;
73 char *password = NULL;
74 char *gpg_ntds = NULL;
81 result = ldap_url_parse (uri, &lud);
84 log_error ("Unable to parse LDAP uri '%s'\n", uri);
85 err = GPG_ERR_GENERAL;
89 scheme = lud->lud_scheme;
93 for (s = lud->lud_exts; s && *s; s ++)
95 if (strncmp (*s, "bindname=", 9) == 0)
98 log_error ("bindname given multiple times in URL '%s', ignoring.\n",
103 else if (strncmp (*s, "password=", 9) == 0)
106 log_error ("password given multiple times in URL '%s', ignoring.\n",
111 else if (!ascii_strncasecmp (*s, "gpgNtds=", 8)
112 || !strncmp (*s, "1.3.6.1.4.1.11591.2.5.1=", 24))
115 log_error ("gpgNtds given multiple times in URL '%s', ignoring.\n",
118 gpg_ntds = *s + (**s == 'g'? 8 : 24);
121 log_error ("Unhandled extension (%s) in URL '%s', ignoring.",
127 #define add(s) do { if (s) len += strlen (s) + 1; } while (0)
135 puri = xtrycalloc (1, sizeof *puri + len);
138 err = gpg_err_code_from_syserror ();
142 buffer = puri->buffer;
144 #define copy(to, s) \
150 buffer = stpcpy (buffer, s) + 1; \
155 copy (puri->scheme, scheme);
156 /* Make sure the scheme is lower case. */
157 ascii_strlwr (puri->scheme);
159 copy (puri->host, host);
160 copy (puri->path, dn);
161 copy (puri->auth, bindname);
165 puri->query = calloc (sizeof (*puri->query), 1);
168 err = gpg_err_code_from_syserror ();
171 puri->query->name = "password";
172 copy (puri->query->value, password);
173 puri->query->valuelen = strlen (password) + 1;
176 puri->use_tls = !strcmp (puri->scheme, "ldaps");
177 puri->port = lud->lud_port;
179 /* On Windows detect whether this is ldap:// or ldaps:// to indicate
180 * that authentication via AD and the current user is requested.
181 * This is shortform of adding "gpgNtDs=1" as extension parameter to
183 puri->ad_current = 0;
184 if (gpg_ntds && atoi (gpg_ntds) == 1)
185 puri->ad_current = 1;
186 #ifdef HAVE_W32_SYSTEM
187 else if ((!puri->host || !*puri->host)
188 && (!puri->path || !*puri->path)
189 && (!puri->auth || !*puri->auth)
192 puri->ad_current = 1;
197 ldap_free_urldesc (lud);
202 http_release_parsed_uri (puri);
207 return gpg_err_make (default_errsource, err);
210 /* The following characters need to be escaped to be part of an LDAP
211 filter: *, (, ), \, NUL and /. Note: we don't handle NUL, since a
212 NUL can't be part of a C string.
214 This function always allocates a new string on success. It is the
215 caller's responsibility to free it.
218 ldap_escape_filter (const char *filter)
220 int l = strcspn (filter, "*()\\/");
221 if (l == strlen (filter))
222 /* Nothing to escape. */
223 return xstrdup (filter);
226 /* In the worst case we need to escape every letter. */
227 char *escaped = xmalloc (1 + 3 * strlen (filter));
229 /* Indices into filter and escaped. */
233 for (filter_i = 0; filter_i < strlen (filter); filter_i ++)
235 switch (filter[filter_i])
242 snprintf (&escaped[escaped_i], 4, "%%%02x",
243 ((const unsigned char *)filter)[filter_i]);
248 escaped[escaped_i ++] = filter[filter_i];
252 /* NUL terminate it. */
253 escaped[escaped_i] = 0;
255 /* We could shrink escaped to be just escaped_i bytes, but the
256 result will probably be freed very quickly anyways. */