1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
22 ***************************************************************************/
26 #ifndef CURL_DISABLE_LDAP
27 /* -- WIN32 approved -- */
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
36 #ifdef HAVE_SYS_STAT_H
56 #include <curl/curl.h>
65 #define _MPRINTF_REPLACE /* use our functions only */
66 #include <curl/mprintf.h>
70 /* WLdap32.dll functions are *not* stdcall. Must call these via __cdecl
71 * pointers in case libcurl was compiled as fastcall (cl -Gr). Watcom
72 * uses fastcall by default.
74 #if !defined(WIN32) && !defined(__cdecl)
78 #ifndef LDAP_SIZELIMIT_EXCEEDED
79 #define LDAP_SIZELIMIT_EXCEEDED 4
82 #define DLOPEN_MODE RTLD_LAZY /*! assume all dlopen() implementations have
85 #if defined(RTLD_LAZY_GLOBAL) /* It turns out some systems use this: */
87 # define DLOPEN_MODE RTLD_LAZY_GLOBAL
88 #elif defined(RTLD_GLOBAL)
90 # define DLOPEN_MODE (RTLD_LAZY | RTLD_GLOBAL)
93 #define DYNA_GET_FUNCTION(type, fnc) do { \
94 (fnc) = (type)DynaGetFunction(#fnc); \
96 return CURLE_FUNCTION_NOT_FOUND; \
99 /*! CygWin etc. configure could set these, but we don't want it.
100 * Must use WLdap32.dll code.
107 typedef void * (*dynafunc)(void *input);
109 /***********************************************************************
111 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL) || defined(WIN32)
112 static void *libldap = NULL;
113 #if defined(DL_LBER_FILE)
114 static void *liblber = NULL;
118 static int DynaOpen(const char **mod_name)
120 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
121 if (libldap == NULL) {
123 * libldap.so can normally resolve its dependency on liblber.so
124 * automatically, but in broken installation it does not so
125 * handle it here by opening liblber.so as global.
128 *mod_name = DL_LBER_FILE;
129 liblber = dlopen(*mod_name, DLOPEN_MODE);
134 /* Assume loading libldap.so will fail if loading of liblber.so failed
136 *mod_name = DL_LDAP_FILE;
137 libldap = dlopen(*mod_name, RTLD_LAZY);
139 return (libldap != NULL);
142 *mod_name = DL_LDAP_FILE;
144 libldap = (void*)LoadLibrary(*mod_name);
145 return (libldap != NULL);
153 static void DynaClose(void)
155 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
168 FreeLibrary ((HMODULE)libldap);
174 static dynafunc DynaGetFunction(const char *name)
176 dynafunc func = (dynafunc)NULL;
178 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
180 /* This typecast magic below was brought by Joe Halpin. In ISO C, you
181 * cannot typecast a data pointer to a function pointer, but that's
182 * exactly what we need to do here to avoid compiler warnings on picky
184 *(void**) (&func) = dlsym(libldap, name);
188 func = (dynafunc)GetProcAddress((HINSTANCE)libldap, name);
196 /***********************************************************************
198 typedef struct ldap_url_desc {
199 struct ldap_url_desc *lud_next;
212 static int _ldap_url_parse (const struct connectdata *conn,
214 static void _ldap_free_urldesc (LDAPURLDesc *ludp);
216 static void (*ldap_free_urldesc)(LDAPURLDesc *) = _ldap_free_urldesc;
220 #define LDAP_TRACE(x) do { \
221 _ldap_trace ("%u: ", __LINE__); \
225 static void _ldap_trace (const char *fmt, ...);
227 #define LDAP_TRACE(x) ((void)0)
231 CURLcode Curl_ldap(struct connectdata *conn, bool *done)
233 CURLcode status = CURLE_OK;
236 int (*ldap_url_parse)(char *, LDAPURLDesc **);
237 void (*ldap_free_urldesc)(void *);
239 void *(__cdecl *ldap_init)(char *, int);
240 int (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
241 int (__cdecl *ldap_unbind_s)(void *);
242 int (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
244 void *(__cdecl *ldap_first_entry)(void *, void *);
245 void *(__cdecl *ldap_next_entry)(void *, void *);
246 char *(__cdecl *ldap_err2string)(int);
247 char *(__cdecl *ldap_get_dn)(void *, void *);
248 char *(__cdecl *ldap_first_attribute)(void *, void *, void **);
249 char *(__cdecl *ldap_next_attribute)(void *, void *, void *);
250 char **(__cdecl *ldap_get_values)(void *, void *, const char *);
251 void (__cdecl *ldap_value_free)(char **);
252 void (__cdecl *ldap_memfree)(void *);
253 void (__cdecl *ber_free)(void *, int);
256 LDAPURLDesc *ludp = NULL;
257 const char *mod_name;
259 void *entryIterator; /*! type should be 'LDAPMessage *' */
261 struct SessionHandle *data=conn->data;
263 *done = TRUE; /* unconditionally */
264 infof(data, "LDAP local: %s\n", data->change.url);
266 if (!DynaOpen(&mod_name)) {
267 failf(data, "The %s LDAP library/libraries couldn't be opened", mod_name);
268 return CURLE_LIBRARY_NOT_FOUND;
271 /* The types are needed because ANSI C distinguishes between
272 * pointer-to-object (data) and pointer-to-function.
274 DYNA_GET_FUNCTION(void *(__cdecl *)(char *, int), ldap_init);
275 DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, char *), ldap_simple_bind_s);
276 DYNA_GET_FUNCTION(int (__cdecl *)(void *), ldap_unbind_s);
278 DYNA_GET_FUNCTION(int (*)(char *, LDAPURLDesc **), ldap_url_parse);
279 DYNA_GET_FUNCTION(void (*)(void *), ldap_free_urldesc);
281 DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, int, char *, char **, int,
282 void **), ldap_search_s);
283 DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_first_entry);
284 DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_next_entry);
285 DYNA_GET_FUNCTION(char *(__cdecl *)(int), ldap_err2string);
286 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *), ldap_get_dn);
287 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void **), ldap_first_attribute);
288 DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void *), ldap_next_attribute);
289 DYNA_GET_FUNCTION(char **(__cdecl *)(void *, void *, const char *), ldap_get_values);
290 DYNA_GET_FUNCTION(void (__cdecl *)(char **), ldap_value_free);
291 DYNA_GET_FUNCTION(void (__cdecl *)(void *), ldap_memfree);
292 DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free);
294 server = (*ldap_init)(conn->host.name, (int)conn->port);
295 if (server == NULL) {
296 failf(data, "LDAP local: Cannot connect to %s:%d",
297 conn->host.name, conn->port);
298 status = CURLE_COULDNT_CONNECT;
302 rc = (*ldap_simple_bind_s)(server,
303 conn->bits.user_passwd ? conn->user : NULL,
304 conn->bits.user_passwd ? conn->passwd : NULL);
306 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
307 status = CURLE_LDAP_CANNOT_BIND;
312 rc = _ldap_url_parse(conn, &ludp);
314 rc = (*ldap_url_parse)(data->change.url, &ludp);
318 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
319 status = CURLE_LDAP_INVALID_URL;
323 rc = (*ldap_search_s)(server, ludp->lud_dn, ludp->lud_scope,
324 ludp->lud_filter, ludp->lud_attrs, 0, &result);
326 if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
327 failf(data, "LDAP remote: %s", (*ldap_err2string)(rc));
328 status = CURLE_LDAP_SEARCH_FAILED;
332 for(num = 0, entryIterator = (*ldap_first_entry)(server, result);
334 entryIterator = (*ldap_next_entry)(server, entryIterator), num++)
336 void *ber = NULL; /*! is really 'BerElement **' */
337 void *attribute; /*! suspicious that this isn't 'const' */
338 char *dn = (*ldap_get_dn)(server, entryIterator);
341 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"DN: ", 4);
342 Curl_client_write(data, CLIENTWRITE_BODY, (char *)dn, 0);
343 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
345 for (attribute = (*ldap_first_attribute)(server, entryIterator, &ber);
347 attribute = (*ldap_next_attribute)(server, entryIterator, ber))
349 char **vals = (*ldap_get_values)(server, entryIterator, attribute);
353 for (i = 0; (vals[i] != NULL); i++)
355 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\t", 1);
356 Curl_client_write(data, CLIENTWRITE_BODY, (char*) attribute, 0);
357 Curl_client_write(data, CLIENTWRITE_BODY, (char *)": ", 2);
358 Curl_client_write(data, CLIENTWRITE_BODY, vals[i], 0);
359 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 0);
362 /* Free memory used to store values */
363 (*ldap_value_free)(vals);
365 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
367 (*ldap_memfree)(attribute);
375 LDAP_TRACE (("Received %d entries\n", num));
376 if (rc == LDAP_SIZELIMIT_EXCEEDED)
377 infof(data, "There are more than %d entries\n", num);
379 (*ldap_free_urldesc)(ludp);
381 (*ldap_unbind_s)(server);
385 /* no data to transfer */
386 Curl_Transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
387 conn->bits.close = TRUE;
393 static void _ldap_trace (const char *fmt, ...)
395 static int do_trace = -1;
398 if (do_trace == -1) {
399 const char *env = getenv("CURL_TRACE");
400 do_trace = (env && atoi(env) > 0);
405 va_start (args, fmt);
406 vfprintf (stderr, fmt, args);
413 * Return scope-value for a scope-string.
415 static int str2scope (const char *p)
417 if (!stricmp(p, "one"))
418 return LDAP_SCOPE_ONELEVEL;
419 if (!stricmp(p, "onetree"))
420 return LDAP_SCOPE_ONELEVEL;
421 if (!stricmp(p, "base"))
422 return LDAP_SCOPE_BASE;
423 if (!stricmp(p, "sub"))
424 return LDAP_SCOPE_SUBTREE;
425 if (!stricmp( p, "subtree"))
426 return LDAP_SCOPE_SUBTREE;
431 * Split 'str' into strings separated by commas.
432 * Note: res[] points into 'str'.
434 static char **split_str (char *str)
436 char **res, *lasts, *s;
439 for (i = 2, s = strchr(str,','); s; i++)
442 res = calloc(i, sizeof(char*));
446 for (i = 0, s = strtok_r(str, ",", &lasts); s;
447 s = strtok_r(NULL, ",", &lasts), i++)
453 * Unescape the LDAP-URL components
455 static bool unescape_elements (LDAPURLDesc *ludp)
459 if (ludp->lud_filter) {
460 ludp->lud_filter = curl_unescape(ludp->lud_filter, 0);
461 if (!ludp->lud_filter)
465 for (i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
466 ludp->lud_attrs[i] = curl_unescape(ludp->lud_attrs[i], 0);
467 if (!ludp->lud_attrs[i])
471 for (i = 0; ludp->lud_exts && ludp->lud_exts[i]; i++) {
472 ludp->lud_exts[i] = curl_unescape(ludp->lud_exts[i], 0);
473 if (!ludp->lud_exts[i])
478 char *dn = ludp->lud_dn;
479 char *new_dn = curl_unescape(dn, 0);
482 ludp->lud_dn = new_dn;
490 * Break apart the pieces of an LDAP URL.
492 * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
494 * <hostname> already known from 'conn->host.name'.
495 * <port> already known from 'conn->remote_port'.
496 * extract the rest from 'conn->path+1'. All fields are optional. e.g.
497 * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter> yields ludp->lud_dn = "".
499 * Ref. http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm#2831915
501 static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
506 if (!conn->path || conn->path[0] != '/' ||
507 !checkprefix(conn->protostr, conn->data->change.url))
508 return LDAP_INVALID_SYNTAX;
510 ludp->lud_scope = LDAP_SCOPE_BASE;
511 ludp->lud_port = conn->remote_port;
512 ludp->lud_host = conn->host.name;
514 /* parse DN (Distinguished Name).
516 ludp->lud_dn = strdup(conn->path+1);
518 return LDAP_NO_MEMORY;
520 p = strchr(ludp->lud_dn, '?');
521 LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) : strlen(ludp->lud_dn),
529 /* parse attributes. skip "??".
535 if (*p && *p != '?') {
536 ludp->lud_attrs = split_str(p);
537 if (!ludp->lud_attrs)
538 return LDAP_NO_MEMORY;
540 for (i = 0; ludp->lud_attrs[i]; i++)
541 LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
548 /* parse scope. skip "??"
554 if (*p && *p != '?') {
555 ludp->lud_scope = str2scope(p);
556 if (ludp->lud_scope == -1)
557 return LDAP_INVALID_SYNTAX;
558 LDAP_TRACE (("scope %d\n", ludp->lud_scope));
571 return LDAP_INVALID_SYNTAX;
573 ludp->lud_filter = p;
574 LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
582 ludp->lud_exts = split_str(p);
584 return LDAP_NO_MEMORY;
586 for (i = 0; ludp->lud_exts[i]; i++)
587 LDAP_TRACE (("exts[%d] '%s'\n", i, ludp->lud_exts[i]));
590 if (!unescape_elements(ludp))
591 return LDAP_NO_MEMORY;
595 static int _ldap_url_parse (const struct connectdata *conn,
598 LDAPURLDesc *ludp = calloc(sizeof(*ludp), 1);
603 return LDAP_NO_MEMORY;
605 rc = _ldap_url_parse2 (conn, ludp);
606 if (rc != LDAP_SUCCESS) {
607 _ldap_free_urldesc(ludp);
614 static void _ldap_free_urldesc (LDAPURLDesc *ludp)
624 if (ludp->lud_filter)
625 free(ludp->lud_filter);
627 if (ludp->lud_attrs) {
628 for (i = 0; ludp->lud_attrs[i]; i++)
629 free(ludp->lud_attrs[i]);
630 free(ludp->lud_attrs);
633 if (ludp->lud_exts) {
634 for (i = 0; ludp->lud_exts[i]; i++)
635 free(ludp->lud_exts[i]);
636 free(ludp->lud_exts);
641 #endif /* CURL_DISABLE_LDAP */