1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
22 ***************************************************************************/
26 #ifndef CURL_DISABLE_LDAP
27 /* -- WIN32 approved -- */
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
36 #ifdef HAVE_SYS_STAT_H
57 #include <curl/curl.h>
67 #define _MPRINTF_REPLACE /* use our functions only */
68 #include <curl/mprintf.h>
72 /* WLdap32.dll functions are *not* stdcall. Must call these via __cdecl
73 * pointers in case libcurl was compiled as fastcall (cl -Gr). Watcom
74 * uses fastcall by default.
76 #if !defined(WIN32) && !defined(__cdecl)
80 #ifndef LDAP_SIZELIMIT_EXCEEDED
81 #define LDAP_SIZELIMIT_EXCEEDED 4
84 #define LDAP_VERSION2 2
87 #define LDAP_VERSION3 3
89 #ifndef LDAP_OPT_PROTOCOL_VERSION
90 #define LDAP_OPT_PROTOCOL_VERSION 0x0011
93 #define DLOPEN_MODE RTLD_LAZY /*! assume all dlopen() implementations have
96 #if defined(RTLD_LAZY_GLOBAL) /* It turns out some systems use this: */
98 # define DLOPEN_MODE RTLD_LAZY_GLOBAL
99 #elif defined(RTLD_GLOBAL)
101 # define DLOPEN_MODE (RTLD_LAZY | RTLD_GLOBAL)
104 #define DYNA_GET_FUNCTION(type, fnc) do { \
105 (fnc) = (type)DynaGetFunction(#fnc); \
107 return CURLE_FUNCTION_NOT_FOUND; \
110 /*! CygWin etc. configure could set these, but we don't want it.
111 * Must use WLdap32.dll code.
118 typedef void * (*dynafunc)(void *input);
120 /***********************************************************************
122 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL) || defined(WIN32)
123 static void *libldap = NULL;
124 #if defined(DL_LBER_FILE)
125 static void *liblber = NULL;
130 unsigned long bv_len;
134 static int DynaOpen(const char **mod_name)
136 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
137 if (libldap == NULL) {
139 * libldap.so can normally resolve its dependency on liblber.so
140 * automatically, but in broken installation it does not so
141 * handle it here by opening liblber.so as global.
144 *mod_name = DL_LBER_FILE;
145 liblber = dlopen(*mod_name, DLOPEN_MODE);
150 /* Assume loading libldap.so will fail if loading of liblber.so failed
152 *mod_name = DL_LDAP_FILE;
153 libldap = dlopen(*mod_name, RTLD_LAZY);
155 return (libldap != NULL);
158 *mod_name = DL_LDAP_FILE;
160 libldap = (void*)LoadLibrary(*mod_name);
161 return (libldap != NULL);
169 static void DynaClose(void)
171 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
184 FreeLibrary ((HMODULE)libldap);
190 static dynafunc DynaGetFunction(const char *name)
192 dynafunc func = (void *(*)(void *))NULL;
194 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
196 /* This typecast magic below was brought by Joe Halpin. In ISO C, you
197 * cannot typecast a data pointer to a function pointer, but that's
198 * exactly what we need to do here to avoid compiler warnings on picky
200 *(void**) (&func) = dlsym(libldap, name);
204 func = (dynafunc)GetProcAddress((HINSTANCE)libldap, name);
212 /***********************************************************************
214 typedef struct ldap_url_desc {
215 struct ldap_url_desc *lud_next;
228 static int _ldap_url_parse (const struct connectdata *conn,
230 static void _ldap_free_urldesc (LDAPURLDesc *ludp);
232 static void (*ldap_free_urldesc)(LDAPURLDesc *) = _ldap_free_urldesc;
236 #define LDAP_TRACE(x) do { \
237 _ldap_trace ("%u: ", __LINE__); \
241 static void _ldap_trace (const char *fmt, ...);
243 #define LDAP_TRACE(x) ((void)0)
247 CURLcode Curl_ldap(struct connectdata *conn, bool *done)
249 CURLcode status = CURLE_OK;
252 int (*ldap_url_parse)(char *, LDAPURLDesc **);
253 void (*ldap_free_urldesc)(void *);
255 void *(__cdecl *ldap_init)(char *, int);
256 int (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
257 int (__cdecl *ldap_unbind_s)(void *);
258 int (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
260 void *(__cdecl *ldap_first_entry)(void *, void *);
261 void *(__cdecl *ldap_next_entry)(void *, void *);
262 char *(__cdecl *ldap_err2string)(int);
263 char *(__cdecl *ldap_get_dn)(void *, void *);
264 char *(__cdecl *ldap_first_attribute)(void *, void *, void **);
265 char *(__cdecl *ldap_next_attribute)(void *, void *, void *);
266 void **(__cdecl *ldap_get_values_len)(void *, void *, const char *);
267 void (__cdecl *ldap_value_free_len)(void **);
268 void (__cdecl *ldap_memfree)(void *);
269 void (__cdecl *ber_free)(void *, int);
270 int (__cdecl *ldap_set_option)(void *, int, void *);
273 LDAPURLDesc *ludp = NULL;
274 const char *mod_name;
276 void *entryIterator; /*! type should be 'LDAPMessage *' */
278 struct SessionHandle *data=conn->data;
283 *done = TRUE; /* unconditionally */
284 infof(data, "LDAP local: %s\n", data->change.url);
286 if (!DynaOpen(&mod_name)) {
287 failf(data, "The %s LDAP library/libraries couldn't be opened", mod_name);
288 return CURLE_LIBRARY_NOT_FOUND;
291 /* The types are needed because ANSI C distinguishes between
292 * pointer-to-object (data) and pointer-to-function.
294 DYNA_GET_FUNCTION(void *(__cdecl *)(char *, int), ldap_init);
295 DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, char *),
297 DYNA_GET_FUNCTION(int (__cdecl *)(void *), ldap_unbind_s);
299 DYNA_GET_FUNCTION(int (*)(char *, LDAPURLDesc **), ldap_url_parse);
300 DYNA_GET_FUNCTION(void (*)(void *), ldap_free_urldesc);
302 DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, int, char *, char **, int,
303 void **), ldap_search_s);
304 DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_first_entry);
305 DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_next_entry);
306 DYNA_GET_FUNCTION(char *(__cdecl *)(int), ldap_err2string);
307 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *), ldap_get_dn);
308 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void **),
309 ldap_first_attribute);
310 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void *),
311 ldap_next_attribute);
312 DYNA_GET_FUNCTION(void **(__cdecl *)(void *, void *, const char *),
313 ldap_get_values_len);
314 DYNA_GET_FUNCTION(void (__cdecl *)(void **), ldap_value_free_len);
315 DYNA_GET_FUNCTION(void (__cdecl *)(void *), ldap_memfree);
316 DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free);
317 DYNA_GET_FUNCTION(int (__cdecl *)(void *, int, void *), ldap_set_option);
319 server = (*ldap_init)(conn->host.name, (int)conn->port);
320 if (server == NULL) {
321 failf(data, "LDAP local: Cannot connect to %s:%d",
322 conn->host.name, conn->port);
323 status = CURLE_COULDNT_CONNECT;
327 ldap_proto = LDAP_VERSION3;
328 (*ldap_set_option)(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
329 rc = (*ldap_simple_bind_s)(server,
330 conn->bits.user_passwd ? conn->user : NULL,
331 conn->bits.user_passwd ? conn->passwd : NULL);
333 ldap_proto = LDAP_VERSION2;
334 (*ldap_set_option)(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
335 rc = (*ldap_simple_bind_s)(server,
336 conn->bits.user_passwd ? conn->user : NULL,
337 conn->bits.user_passwd ? conn->passwd : NULL);
340 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
341 status = CURLE_LDAP_CANNOT_BIND;
346 rc = _ldap_url_parse(conn, &ludp);
348 rc = (*ldap_url_parse)(data->change.url, &ludp);
352 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
353 status = CURLE_LDAP_INVALID_URL;
357 rc = (*ldap_search_s)(server, ludp->lud_dn, ludp->lud_scope,
358 ludp->lud_filter, ludp->lud_attrs, 0, &result);
360 if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
361 failf(data, "LDAP remote: %s", (*ldap_err2string)(rc));
362 status = CURLE_LDAP_SEARCH_FAILED;
366 for(num = 0, entryIterator = (*ldap_first_entry)(server, result);
368 entryIterator = (*ldap_next_entry)(server, entryIterator), num++)
370 void *ber = NULL; /*! is really 'BerElement **' */
371 void *attribute; /*! suspicious that this isn't 'const' */
372 char *dn = (*ldap_get_dn)(server, entryIterator);
375 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
376 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)dn, 0);
377 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
379 for (attribute = (*ldap_first_attribute)(server, entryIterator, &ber);
381 attribute = (*ldap_next_attribute)(server, entryIterator, ber))
383 struct bv **vals = (struct bv **)
384 (*ldap_get_values_len)(server, entryIterator, attribute);
388 for (i = 0; (vals[i] != NULL); i++)
390 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
391 Curl_client_write(conn, CLIENTWRITE_BODY, (char *) attribute, 0);
392 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
393 if ((strlen(attribute) > 7) &&
396 (strlen((char *)attribute) - 7)) == 0)) {
397 /* Binary attribute, encode to base64. */
398 val_b64_sz = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len,
400 if (val_b64_sz > 0) {
401 Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
405 Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
407 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
410 /* Free memory used to store values */
411 (*ldap_value_free_len)((void **)vals);
413 Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
415 (*ldap_memfree)(attribute);
423 LDAP_TRACE (("Received %d entries\n", num));
424 if (rc == LDAP_SIZELIMIT_EXCEEDED)
425 infof(data, "There are more than %d entries\n", num);
427 (*ldap_free_urldesc)(ludp);
429 (*ldap_unbind_s)(server);
433 /* no data to transfer */
434 Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
435 conn->bits.close = TRUE;
441 static void _ldap_trace (const char *fmt, ...)
443 static int do_trace = -1;
446 if (do_trace == -1) {
447 const char *env = getenv("CURL_TRACE");
448 do_trace = (env && atoi(env) > 0);
453 va_start (args, fmt);
454 vfprintf (stderr, fmt, args);
461 * Return scope-value for a scope-string.
463 static int str2scope (const char *p)
465 if (!stricmp(p, "one"))
466 return LDAP_SCOPE_ONELEVEL;
467 if (!stricmp(p, "onetree"))
468 return LDAP_SCOPE_ONELEVEL;
469 if (!stricmp(p, "base"))
470 return LDAP_SCOPE_BASE;
471 if (!stricmp(p, "sub"))
472 return LDAP_SCOPE_SUBTREE;
473 if (!stricmp( p, "subtree"))
474 return LDAP_SCOPE_SUBTREE;
479 * Split 'str' into strings separated by commas.
480 * Note: res[] points into 'str'.
482 static char **split_str (char *str)
484 char **res, *lasts, *s;
487 for (i = 2, s = strchr(str,','); s; i++)
490 res = calloc(i, sizeof(char*));
494 for (i = 0, s = strtok_r(str, ",", &lasts); s;
495 s = strtok_r(NULL, ",", &lasts), i++)
501 * Unescape the LDAP-URL components
503 static bool unescape_elements (void *data, LDAPURLDesc *ludp)
507 if (ludp->lud_filter) {
508 ludp->lud_filter = curl_easy_unescape(data, ludp->lud_filter, 0, NULL);
509 if (!ludp->lud_filter)
513 for (i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
514 ludp->lud_attrs[i] = curl_easy_unescape(data, ludp->lud_attrs[i], 0, NULL);
515 if (!ludp->lud_attrs[i])
519 for (i = 0; ludp->lud_exts && ludp->lud_exts[i]; i++) {
520 ludp->lud_exts[i] = curl_easy_unescape(data, ludp->lud_exts[i], 0, NULL);
521 if (!ludp->lud_exts[i])
526 char *dn = ludp->lud_dn;
527 char *new_dn = curl_easy_unescape(data, dn, 0, NULL);
530 ludp->lud_dn = new_dn;
538 * Break apart the pieces of an LDAP URL.
540 * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
542 * <hostname> already known from 'conn->host.name'.
543 * <port> already known from 'conn->remote_port'.
544 * extract the rest from 'conn->data->reqdata.path+1'. All fields are optional.
546 * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
547 * yields ludp->lud_dn = "".
549 * Ref. http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm#2831915
551 static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
557 !conn->data->reqdata.path ||
558 conn->data->reqdata.path[0] != '/' ||
559 !checkprefix(conn->protostr, conn->data->change.url))
560 return LDAP_INVALID_SYNTAX;
562 ludp->lud_scope = LDAP_SCOPE_BASE;
563 ludp->lud_port = conn->remote_port;
564 ludp->lud_host = conn->host.name;
566 /* parse DN (Distinguished Name).
568 ludp->lud_dn = strdup(conn->data->reqdata.path+1);
570 return LDAP_NO_MEMORY;
572 p = strchr(ludp->lud_dn, '?');
573 LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) :
574 strlen(ludp->lud_dn), ludp->lud_dn));
581 /* parse attributes. skip "??".
587 if (*p && *p != '?') {
588 ludp->lud_attrs = split_str(p);
589 if (!ludp->lud_attrs)
590 return LDAP_NO_MEMORY;
592 for (i = 0; ludp->lud_attrs[i]; i++)
593 LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
600 /* parse scope. skip "??"
606 if (*p && *p != '?') {
607 ludp->lud_scope = str2scope(p);
608 if (ludp->lud_scope == -1)
609 return LDAP_INVALID_SYNTAX;
610 LDAP_TRACE (("scope %d\n", ludp->lud_scope));
623 return LDAP_INVALID_SYNTAX;
625 ludp->lud_filter = p;
626 LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
634 ludp->lud_exts = split_str(p);
636 return LDAP_NO_MEMORY;
638 for (i = 0; ludp->lud_exts[i]; i++)
639 LDAP_TRACE (("exts[%d] '%s'\n", i, ludp->lud_exts[i]));
642 if (!unescape_elements(conn->data, ludp))
643 return LDAP_NO_MEMORY;
647 static int _ldap_url_parse (const struct connectdata *conn,
650 LDAPURLDesc *ludp = calloc(sizeof(*ludp), 1);
655 return LDAP_NO_MEMORY;
657 rc = _ldap_url_parse2 (conn, ludp);
658 if (rc != LDAP_SUCCESS) {
659 _ldap_free_urldesc(ludp);
666 static void _ldap_free_urldesc (LDAPURLDesc *ludp)
676 if (ludp->lud_filter)
677 free(ludp->lud_filter);
679 if (ludp->lud_attrs) {
680 for (i = 0; ludp->lud_attrs[i]; i++)
681 free(ludp->lud_attrs[i]);
682 free(ludp->lud_attrs);
685 if (ludp->lud_exts) {
686 for (i = 0; ludp->lud_exts[i]; i++)
687 free(ludp->lud_exts[i]);
688 free(ludp->lud_exts);
693 #endif /* CURL_DISABLE_LDAP */