* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* OpenLDAP library versions, USE_OPENLDAP shall not be defined.
*/
-#ifdef CURL_LDAP_WIN /* Use Windows LDAP implementation. */
+#ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
# include <winldap.h>
# ifndef LDAP_VENDOR_NAME
# error Your Platform SDK is NOT sufficient for LDAP support! \
# endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
#endif
+/* These are macros in both <wincrypt.h> (in above <winldap.h>) and typedefs
+ * in BoringSSL's <openssl/x509.h>
+ */
+#ifdef HAVE_BORINGSSL
+# undef X509_NAME
+# undef X509_CERT_PAIR
+# undef X509_EXTENSIONS
+#endif
+
#include "urldata.h"
#include <curl/curl.h>
#include "sendf.h"
#include "escape.h"
#include "progress.h"
#include "transfer.h"
-#include "strequal.h"
+#include "strcase.h"
#include "strtok.h"
#include "curl_ldap.h"
-#include "curl_memory.h"
#include "curl_multibyte.h"
#include "curl_base64.h"
-#include "rawstr.h"
#include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#ifndef HAVE_LDAP_URL_PARSE
typedef struct {
char *lud_host;
int lud_port;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
TCHAR *lud_dn;
TCHAR **lud_attrs;
#else
char **lud_attrs;
#endif
int lud_scope;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
TCHAR *lud_filter;
#else
char *lud_filter;
#undef LDAPURLDesc
#define LDAPURLDesc CURL_LDAPURLDesc
-static int _ldap_url_parse (const struct connectdata *conn,
- LDAPURLDesc **ludp);
-static void _ldap_free_urldesc (LDAPURLDesc *ludp);
+static int _ldap_url_parse(const struct connectdata *conn,
+ LDAPURLDesc **ludp);
+static void _ldap_free_urldesc(LDAPURLDesc *ludp);
#undef ldap_free_urldesc
#define ldap_free_urldesc _ldap_free_urldesc
#ifdef DEBUG_LDAP
#define LDAP_TRACE(x) do { \
- _ldap_trace ("%u: ", __LINE__); \
+ _ldap_trace("%u: ", __LINE__); \
_ldap_trace x; \
} WHILE_FALSE
- static void _ldap_trace (const char *fmt, ...);
+ static void _ldap_trace(const char *fmt, ...);
#else
#define LDAP_TRACE(x) Curl_nop_stmt
#endif
LDAPMessage *ldapmsg = NULL;
LDAPMessage *entryIterator;
int num = 0;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data=conn->data;
int ldap_proto = LDAP_VERSION3;
int ldap_ssl = 0;
char *val_b64 = NULL;
size_t val_b64_sz = 0;
curl_off_t dlsize = 0;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
- struct timeval ldap_timeout = {10,0}; /* 10 sec connection/search timeout */
+ struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
#endif
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
TCHAR *host = NULL;
TCHAR *user = NULL;
TCHAR *passwd = NULL;
goto quit;
}
- /* Get the URL scheme ( either ldap or ldaps ) */
+ /* Get the URL scheme (either ldap or ldaps) */
if(conn->given->flags & PROTOPT_SSL)
ldap_ssl = 1;
infof(data, "LDAP local: trying to establish %s connection\n",
ldap_ssl ? "encrypted" : "cleartext");
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
host = Curl_convert_UTF8_to_tchar(conn->host.name);
if(!host) {
result = CURLE_OUT_OF_MEMORY;
if(ldap_ssl) {
#ifdef HAVE_LDAP_SSL
-#ifdef CURL_LDAP_WIN
+#ifdef USE_WIN32_LDAP
/* Win32 LDAP SDK doesn't support insecure mode without CA! */
server = ldap_sslinit(host, (int)conn->port, 1);
ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
#else
int ldap_option;
- char* ldap_ca = data->set.str[STRING_SSL_CAFILE];
+ char *ldap_ca = conn->ssl_config.CAfile;
#if defined(CURL_HAS_NOVELL_LDAPSDK)
rc = ldapssl_client_init(NULL, NULL);
if(rc != LDAP_SUCCESS) {
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
- if(data->set.ssl.verifypeer) {
+ if(conn->ssl_config.verifypeer) {
/* Novell SDK supports DER or BASE64 files. */
int cert_type = LDAPSSL_CERT_FILETYPE_B64;
- if((data->set.str[STRING_CERT_TYPE]) &&
- (Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER")))
+ if((data->set.ssl.cert_type) &&
+ (strcasecompare(data->set.ssl.cert_type, "DER")))
cert_type = LDAPSSL_CERT_FILETYPE_DER;
if(!ldap_ca) {
failf(data, "LDAP local: ERROR %s CA cert not set!",
goto quit;
}
#elif defined(LDAP_OPT_X_TLS)
- if(data->set.ssl.verifypeer) {
+ if(conn->ssl_config.verifypeer) {
/* OpenLDAP SDK supports BASE64 files. */
- if((data->set.str[STRING_CERT_TYPE]) &&
- (!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
+ if((data->set.ssl.cert_type) &&
+ (!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
result = CURLE_SSL_CERTPROBLEM;
goto quit;
goto quit;
}
}
-#ifdef CURL_LDAP_WIN
+#ifdef USE_WIN32_LDAP
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
#endif
entryIterator;
entryIterator = ldap_next_entry(server, entryIterator), num++) {
BerElement *ber = NULL;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
TCHAR *attribute;
#else
char *attribute; /*! suspicious that this isn't 'const' */
{
char *name;
size_t name_len;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
TCHAR *dn = ldap_get_dn(server, entryIterator);
name = Curl_convert_tchar_to_UTF8(dn);
if(!name) {
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
if(result) {
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(name);
#endif
ldap_memfree(dn);
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *) name,
name_len);
if(result) {
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(name);
#endif
ldap_memfree(dn);
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
if(result) {
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(name);
#endif
ldap_memfree(dn);
dlsize += name_len + 5;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(name);
#endif
ldap_memfree(dn);
attribute = ldap_next_attribute(server, entryIterator, ber)) {
BerValue **vals;
size_t attr_len;
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
char *attr = Curl_convert_tchar_to_UTF8(attribute);
if(!attr) {
if(ber)
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
(char *) attr, attr_len);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
&val_b64_sz);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
free(val_b64);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
vals[i]->bv_len);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
if(result) {
ldap_value_free_len(vals);
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
}
/* Free the attribute as we are done with it */
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(attr);
#endif
ldap_memfree(attribute);
quit:
if(ldapmsg) {
ldap_msgfree(ldapmsg);
- LDAP_TRACE (("Received %d entries\n", num));
+ LDAP_TRACE(("Received %d entries\n", num));
}
if(rc == LDAP_SIZELIMIT_EXCEEDED)
infof(data, "There are more than %d entries\n", num);
ldapssl_client_deinit();
#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
Curl_unicodefree(passwd);
Curl_unicodefree(user);
Curl_unicodefree(host);
}
#ifdef DEBUG_LDAP
-static void _ldap_trace (const char *fmt, ...)
+static void _ldap_trace(const char *fmt, ...)
{
static int do_trace = -1;
va_list args;
if(!do_trace)
return;
- va_start (args, fmt);
- vfprintf (stderr, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
}
#endif
/*
* Return scope-value for a scope-string.
*/
-static int str2scope (const char *p)
+static int str2scope(const char *p)
{
- if(strequal(p, "one"))
- return LDAP_SCOPE_ONELEVEL;
- if(strequal(p, "onetree"))
- return LDAP_SCOPE_ONELEVEL;
- if(strequal(p, "base"))
- return LDAP_SCOPE_BASE;
- if(strequal(p, "sub"))
- return LDAP_SCOPE_SUBTREE;
- if(strequal( p, "subtree"))
- return LDAP_SCOPE_SUBTREE;
+ if(strcasecompare(p, "one"))
+ return LDAP_SCOPE_ONELEVEL;
+ if(strcasecompare(p, "onetree"))
+ return LDAP_SCOPE_ONELEVEL;
+ if(strcasecompare(p, "base"))
+ return LDAP_SCOPE_BASE;
+ if(strcasecompare(p, "sub"))
+ return LDAP_SCOPE_SUBTREE;
+ if(strcasecompare(p, "subtree"))
+ return LDAP_SCOPE_SUBTREE;
return (-1);
}
*
* Defined in RFC4516 section 2.
*/
-static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
+static int _ldap_url_parse2(const struct connectdata *conn, LDAPURLDesc *ludp)
{
int rc = LDAP_SUCCESS;
char *path;
size_t i;
if(!conn->data ||
- !conn->data->state.path ||
- conn->data->state.path[0] != '/' ||
- !checkprefix("LDAP", conn->data->change.url))
+ !conn->data->state.path ||
+ conn->data->state.path[0] != '/' ||
+ !checkprefix("LDAP", conn->data->change.url))
return LDAP_INVALID_SYNTAX;
ludp->lud_scope = LDAP_SCOPE_BASE;
if(*p) {
char *dn = p;
char *unescaped;
+ CURLcode result;
- LDAP_TRACE (("DN '%s'\n", dn));
+ LDAP_TRACE(("DN '%s'\n", dn));
/* Unescape the DN */
- unescaped = curl_easy_unescape(conn->data, dn, 0, NULL);
- if(!unescaped) {
+ result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, FALSE);
+ if(result) {
rc = LDAP_NO_MEMORY;
goto quit;
}
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
/* Convert the unescaped string to a tchar */
ludp->lud_dn = Curl_convert_UTF8_to_tchar(unescaped);
}
/* Allocate our array (+1 for the NULL entry) */
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
#else
ludp->lud_attrs = calloc(count + 1, sizeof(char *));
#endif
if(!ludp->lud_attrs) {
- Curl_safefree(attributes);
+ free(attributes);
rc = LDAP_NO_MEMORY;
for(i = 0; i < count; i++) {
char *unescaped;
+ CURLcode result;
- LDAP_TRACE (("attr[%d] '%s'\n", i, attributes[i]));
+ LDAP_TRACE(("attr[%d] '%s'\n", i, attributes[i]));
/* Unescape the attribute */
- unescaped = curl_easy_unescape(conn->data, attributes[i], 0, NULL);
- if(!unescaped) {
- Curl_safefree(attributes);
+ result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
+ FALSE);
+ if(result) {
+ free(attributes);
rc = LDAP_NO_MEMORY;
goto quit;
}
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
/* Convert the unescaped string to a tchar */
ludp->lud_attrs[i] = Curl_convert_UTF8_to_tchar(unescaped);
Curl_unicodefree(unescaped);
if(!ludp->lud_attrs[i]) {
- Curl_safefree(attributes);
+ free(attributes);
rc = LDAP_NO_MEMORY;
ludp->lud_attrs_dups++;
}
- Curl_safefree(attributes);
+ free(attributes);
}
p = q;
goto quit;
}
- LDAP_TRACE (("scope %d\n", ludp->lud_scope));
+ LDAP_TRACE(("scope %d\n", ludp->lud_scope));
}
p = q;
if(*p) {
char *filter = p;
char *unescaped;
+ CURLcode result;
- LDAP_TRACE (("filter '%s'\n", filter));
+ LDAP_TRACE(("filter '%s'\n", filter));
/* Unescape the filter */
- unescaped = curl_easy_unescape(conn->data, filter, 0, NULL);
- if(!unescaped) {
+ result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL, FALSE);
+ if(result) {
rc = LDAP_NO_MEMORY;
goto quit;
}
-#if defined(CURL_LDAP_WIN)
+#if defined(USE_WIN32_LDAP)
/* Convert the unescaped string to a tchar */
ludp->lud_filter = Curl_convert_UTF8_to_tchar(unescaped);
}
quit:
- Curl_safefree(path);
+ free(path);
return rc;
}
-static int _ldap_url_parse (const struct connectdata *conn,
- LDAPURLDesc **ludpp)
+static int _ldap_url_parse(const struct connectdata *conn,
+ LDAPURLDesc **ludpp)
{
LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
int rc;
if(!ludp)
return LDAP_NO_MEMORY;
- rc = _ldap_url_parse2 (conn, ludp);
+ rc = _ldap_url_parse2(conn, ludp);
if(rc != LDAP_SUCCESS) {
_ldap_free_urldesc(ludp);
ludp = NULL;
return (rc);
}
-static void _ldap_free_urldesc (LDAPURLDesc *ludp)
+static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{
size_t i;
if(!ludp)
return;
- if(ludp->lud_dn)
- free(ludp->lud_dn);
-
- if(ludp->lud_filter)
- free(ludp->lud_filter);
+ free(ludp->lud_dn);
+ free(ludp->lud_filter);
if(ludp->lud_attrs) {
for(i = 0; i < ludp->lud_attrs_dups; i++)
free(ludp->lud_attrs);
}
- free (ludp);
+ free(ludp);
}
#endif /* !HAVE_LDAP_URL_PARSE */
#endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */