1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _
3*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| |
4*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___
6*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker *
8*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker *
10*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker *
14*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker *
18*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker *
21*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker *
23*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker
25*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h"
26*6236dae4SAndroid Build Coastguard Worker
27*6236dae4SAndroid Build Coastguard Worker #if !defined(CURL_DISABLE_LDAP) && !defined(USE_OPENLDAP)
28*6236dae4SAndroid Build Coastguard Worker
29*6236dae4SAndroid Build Coastguard Worker /*
30*6236dae4SAndroid Build Coastguard Worker * Notice that USE_OPENLDAP is only a source code selection switch. When
31*6236dae4SAndroid Build Coastguard Worker * libcurl is built with USE_OPENLDAP defined the libcurl source code that
32*6236dae4SAndroid Build Coastguard Worker * gets compiled is the code from openldap.c, otherwise the code that gets
33*6236dae4SAndroid Build Coastguard Worker * compiled is the code from ldap.c.
34*6236dae4SAndroid Build Coastguard Worker *
35*6236dae4SAndroid Build Coastguard Worker * When USE_OPENLDAP is defined a recent version of the OpenLDAP library
36*6236dae4SAndroid Build Coastguard Worker * might be required for compilation and runtime. In order to use ancient
37*6236dae4SAndroid Build Coastguard Worker * OpenLDAP library versions, USE_OPENLDAP shall not be defined.
38*6236dae4SAndroid Build Coastguard Worker */
39*6236dae4SAndroid Build Coastguard Worker
40*6236dae4SAndroid Build Coastguard Worker /* Wincrypt must be included before anything that could include OpenSSL. */
41*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_CRYPTO)
42*6236dae4SAndroid Build Coastguard Worker #include <wincrypt.h>
43*6236dae4SAndroid Build Coastguard Worker /* Undefine wincrypt conflicting symbols for BoringSSL. */
44*6236dae4SAndroid Build Coastguard Worker #undef X509_NAME
45*6236dae4SAndroid Build Coastguard Worker #undef X509_EXTENSIONS
46*6236dae4SAndroid Build Coastguard Worker #undef PKCS7_ISSUER_AND_SERIAL
47*6236dae4SAndroid Build Coastguard Worker #undef PKCS7_SIGNER_INFO
48*6236dae4SAndroid Build Coastguard Worker #undef OCSP_REQUEST
49*6236dae4SAndroid Build Coastguard Worker #undef OCSP_RESPONSE
50*6236dae4SAndroid Build Coastguard Worker #endif
51*6236dae4SAndroid Build Coastguard Worker
52*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
53*6236dae4SAndroid Build Coastguard Worker # ifdef _MSC_VER
54*6236dae4SAndroid Build Coastguard Worker # pragma warning(push)
55*6236dae4SAndroid Build Coastguard Worker # pragma warning(disable: 4201)
56*6236dae4SAndroid Build Coastguard Worker # endif
57*6236dae4SAndroid Build Coastguard Worker # include <subauth.h> /* for [P]UNICODE_STRING */
58*6236dae4SAndroid Build Coastguard Worker # ifdef _MSC_VER
59*6236dae4SAndroid Build Coastguard Worker # pragma warning(pop)
60*6236dae4SAndroid Build Coastguard Worker # endif
61*6236dae4SAndroid Build Coastguard Worker # include <winldap.h>
62*6236dae4SAndroid Build Coastguard Worker # ifndef LDAP_VENDOR_NAME
63*6236dae4SAndroid Build Coastguard Worker # error Your Platform SDK is NOT sufficient for LDAP support! \
64*6236dae4SAndroid Build Coastguard Worker Update your Platform SDK, or disable LDAP support!
65*6236dae4SAndroid Build Coastguard Worker # else
66*6236dae4SAndroid Build Coastguard Worker # include <winber.h>
67*6236dae4SAndroid Build Coastguard Worker # endif
68*6236dae4SAndroid Build Coastguard Worker #else
69*6236dae4SAndroid Build Coastguard Worker # define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
70*6236dae4SAndroid Build Coastguard Worker # ifdef HAVE_LBER_H
71*6236dae4SAndroid Build Coastguard Worker # include <lber.h>
72*6236dae4SAndroid Build Coastguard Worker # endif
73*6236dae4SAndroid Build Coastguard Worker # include <ldap.h>
74*6236dae4SAndroid Build Coastguard Worker # if (defined(HAVE_LDAP_SSL) && defined(HAVE_LDAP_SSL_H))
75*6236dae4SAndroid Build Coastguard Worker # include <ldap_ssl.h>
76*6236dae4SAndroid Build Coastguard Worker # endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
77*6236dae4SAndroid Build Coastguard Worker #endif
78*6236dae4SAndroid Build Coastguard Worker
79*6236dae4SAndroid Build Coastguard Worker #include "urldata.h"
80*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
81*6236dae4SAndroid Build Coastguard Worker #include "sendf.h"
82*6236dae4SAndroid Build Coastguard Worker #include "escape.h"
83*6236dae4SAndroid Build Coastguard Worker #include "progress.h"
84*6236dae4SAndroid Build Coastguard Worker #include "transfer.h"
85*6236dae4SAndroid Build Coastguard Worker #include "strcase.h"
86*6236dae4SAndroid Build Coastguard Worker #include "strtok.h"
87*6236dae4SAndroid Build Coastguard Worker #include "curl_ldap.h"
88*6236dae4SAndroid Build Coastguard Worker #include "curl_multibyte.h"
89*6236dae4SAndroid Build Coastguard Worker #include "curl_base64.h"
90*6236dae4SAndroid Build Coastguard Worker #include "connect.h"
91*6236dae4SAndroid Build Coastguard Worker /* The last 3 #include files should be in this order */
92*6236dae4SAndroid Build Coastguard Worker #include "curl_printf.h"
93*6236dae4SAndroid Build Coastguard Worker #include "curl_memory.h"
94*6236dae4SAndroid Build Coastguard Worker #include "memdebug.h"
95*6236dae4SAndroid Build Coastguard Worker
96*6236dae4SAndroid Build Coastguard Worker #ifndef HAVE_LDAP_URL_PARSE
97*6236dae4SAndroid Build Coastguard Worker
98*6236dae4SAndroid Build Coastguard Worker /* Use our own implementation. */
99*6236dae4SAndroid Build Coastguard Worker
100*6236dae4SAndroid Build Coastguard Worker struct ldap_urldesc {
101*6236dae4SAndroid Build Coastguard Worker char *lud_host;
102*6236dae4SAndroid Build Coastguard Worker int lud_port;
103*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
104*6236dae4SAndroid Build Coastguard Worker TCHAR *lud_dn;
105*6236dae4SAndroid Build Coastguard Worker TCHAR **lud_attrs;
106*6236dae4SAndroid Build Coastguard Worker #else
107*6236dae4SAndroid Build Coastguard Worker char *lud_dn;
108*6236dae4SAndroid Build Coastguard Worker char **lud_attrs;
109*6236dae4SAndroid Build Coastguard Worker #endif
110*6236dae4SAndroid Build Coastguard Worker int lud_scope;
111*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
112*6236dae4SAndroid Build Coastguard Worker TCHAR *lud_filter;
113*6236dae4SAndroid Build Coastguard Worker #else
114*6236dae4SAndroid Build Coastguard Worker char *lud_filter;
115*6236dae4SAndroid Build Coastguard Worker #endif
116*6236dae4SAndroid Build Coastguard Worker char **lud_exts;
117*6236dae4SAndroid Build Coastguard Worker size_t lud_attrs_dups; /* how many were dup'ed, this field is not in the
118*6236dae4SAndroid Build Coastguard Worker "real" struct so can only be used in code
119*6236dae4SAndroid Build Coastguard Worker without HAVE_LDAP_URL_PARSE defined */
120*6236dae4SAndroid Build Coastguard Worker };
121*6236dae4SAndroid Build Coastguard Worker
122*6236dae4SAndroid Build Coastguard Worker #undef LDAPURLDesc
123*6236dae4SAndroid Build Coastguard Worker #define LDAPURLDesc struct ldap_urldesc
124*6236dae4SAndroid Build Coastguard Worker
125*6236dae4SAndroid Build Coastguard Worker static int _ldap_url_parse(struct Curl_easy *data,
126*6236dae4SAndroid Build Coastguard Worker const struct connectdata *conn,
127*6236dae4SAndroid Build Coastguard Worker LDAPURLDesc **ludp);
128*6236dae4SAndroid Build Coastguard Worker static void _ldap_free_urldesc(LDAPURLDesc *ludp);
129*6236dae4SAndroid Build Coastguard Worker
130*6236dae4SAndroid Build Coastguard Worker #undef ldap_free_urldesc
131*6236dae4SAndroid Build Coastguard Worker #define ldap_free_urldesc _ldap_free_urldesc
132*6236dae4SAndroid Build Coastguard Worker #endif
133*6236dae4SAndroid Build Coastguard Worker
134*6236dae4SAndroid Build Coastguard Worker #ifdef DEBUG_LDAP
135*6236dae4SAndroid Build Coastguard Worker #define LDAP_TRACE(x) do { \
136*6236dae4SAndroid Build Coastguard Worker _ldap_trace("%u: ", __LINE__); \
137*6236dae4SAndroid Build Coastguard Worker _ldap_trace x; \
138*6236dae4SAndroid Build Coastguard Worker } while(0)
139*6236dae4SAndroid Build Coastguard Worker
140*6236dae4SAndroid Build Coastguard Worker static void _ldap_trace(const char *fmt, ...) CURL_PRINTF(1, 2);
141*6236dae4SAndroid Build Coastguard Worker #else
142*6236dae4SAndroid Build Coastguard Worker #define LDAP_TRACE(x) Curl_nop_stmt
143*6236dae4SAndroid Build Coastguard Worker #endif
144*6236dae4SAndroid Build Coastguard Worker
145*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP) && defined(ldap_err2string)
146*6236dae4SAndroid Build Coastguard Worker /* Use ANSI error strings in Unicode builds */
147*6236dae4SAndroid Build Coastguard Worker #undef ldap_err2string
148*6236dae4SAndroid Build Coastguard Worker #define ldap_err2string ldap_err2stringA
149*6236dae4SAndroid Build Coastguard Worker #endif
150*6236dae4SAndroid Build Coastguard Worker
151*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP) && defined(_MSC_VER) && (_MSC_VER <= 1600)
152*6236dae4SAndroid Build Coastguard Worker /* Workaround for warning:
153*6236dae4SAndroid Build Coastguard Worker 'type cast' : conversion from 'int' to 'void *' of greater size */
154*6236dae4SAndroid Build Coastguard Worker #undef LDAP_OPT_ON
155*6236dae4SAndroid Build Coastguard Worker #undef LDAP_OPT_OFF
156*6236dae4SAndroid Build Coastguard Worker #define LDAP_OPT_ON ((void *)(size_t)1)
157*6236dae4SAndroid Build Coastguard Worker #define LDAP_OPT_OFF ((void *)(size_t)0)
158*6236dae4SAndroid Build Coastguard Worker #endif
159*6236dae4SAndroid Build Coastguard Worker
160*6236dae4SAndroid Build Coastguard Worker static CURLcode ldap_do(struct Curl_easy *data, bool *done);
161*6236dae4SAndroid Build Coastguard Worker
162*6236dae4SAndroid Build Coastguard Worker /*
163*6236dae4SAndroid Build Coastguard Worker * LDAP protocol handler.
164*6236dae4SAndroid Build Coastguard Worker */
165*6236dae4SAndroid Build Coastguard Worker
166*6236dae4SAndroid Build Coastguard Worker const struct Curl_handler Curl_handler_ldap = {
167*6236dae4SAndroid Build Coastguard Worker "ldap", /* scheme */
168*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* setup_connection */
169*6236dae4SAndroid Build Coastguard Worker ldap_do, /* do_it */
170*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* done */
171*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* do_more */
172*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connect_it */
173*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connecting */
174*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* doing */
175*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* proto_getsock */
176*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* doing_getsock */
177*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* domore_getsock */
178*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* perform_getsock */
179*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* disconnect */
180*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* write_resp */
181*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* write_resp_hd */
182*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connection_check */
183*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* attach connection */
184*6236dae4SAndroid Build Coastguard Worker PORT_LDAP, /* defport */
185*6236dae4SAndroid Build Coastguard Worker CURLPROTO_LDAP, /* protocol */
186*6236dae4SAndroid Build Coastguard Worker CURLPROTO_LDAP, /* family */
187*6236dae4SAndroid Build Coastguard Worker PROTOPT_NONE /* flags */
188*6236dae4SAndroid Build Coastguard Worker };
189*6236dae4SAndroid Build Coastguard Worker
190*6236dae4SAndroid Build Coastguard Worker #ifdef HAVE_LDAP_SSL
191*6236dae4SAndroid Build Coastguard Worker /*
192*6236dae4SAndroid Build Coastguard Worker * LDAPS protocol handler.
193*6236dae4SAndroid Build Coastguard Worker */
194*6236dae4SAndroid Build Coastguard Worker
195*6236dae4SAndroid Build Coastguard Worker const struct Curl_handler Curl_handler_ldaps = {
196*6236dae4SAndroid Build Coastguard Worker "ldaps", /* scheme */
197*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* setup_connection */
198*6236dae4SAndroid Build Coastguard Worker ldap_do, /* do_it */
199*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* done */
200*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* do_more */
201*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connect_it */
202*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connecting */
203*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* doing */
204*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* proto_getsock */
205*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* doing_getsock */
206*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* domore_getsock */
207*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* perform_getsock */
208*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* disconnect */
209*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* write_resp */
210*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* write_resp_hd */
211*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* connection_check */
212*6236dae4SAndroid Build Coastguard Worker ZERO_NULL, /* attach connection */
213*6236dae4SAndroid Build Coastguard Worker PORT_LDAPS, /* defport */
214*6236dae4SAndroid Build Coastguard Worker CURLPROTO_LDAPS, /* protocol */
215*6236dae4SAndroid Build Coastguard Worker CURLPROTO_LDAP, /* family */
216*6236dae4SAndroid Build Coastguard Worker PROTOPT_SSL /* flags */
217*6236dae4SAndroid Build Coastguard Worker };
218*6236dae4SAndroid Build Coastguard Worker #endif
219*6236dae4SAndroid Build Coastguard Worker
220*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
221*6236dae4SAndroid Build Coastguard Worker
222*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WINDOWS_SSPI)
ldap_win_bind_auth(LDAP * server,const char * user,const char * passwd,unsigned long authflags)223*6236dae4SAndroid Build Coastguard Worker static int ldap_win_bind_auth(LDAP *server, const char *user,
224*6236dae4SAndroid Build Coastguard Worker const char *passwd, unsigned long authflags)
225*6236dae4SAndroid Build Coastguard Worker {
226*6236dae4SAndroid Build Coastguard Worker ULONG method = 0;
227*6236dae4SAndroid Build Coastguard Worker SEC_WINNT_AUTH_IDENTITY cred;
228*6236dae4SAndroid Build Coastguard Worker int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
229*6236dae4SAndroid Build Coastguard Worker
230*6236dae4SAndroid Build Coastguard Worker memset(&cred, 0, sizeof(cred));
231*6236dae4SAndroid Build Coastguard Worker
232*6236dae4SAndroid Build Coastguard Worker #if defined(USE_SPNEGO)
233*6236dae4SAndroid Build Coastguard Worker if(authflags & CURLAUTH_NEGOTIATE) {
234*6236dae4SAndroid Build Coastguard Worker method = LDAP_AUTH_NEGOTIATE;
235*6236dae4SAndroid Build Coastguard Worker }
236*6236dae4SAndroid Build Coastguard Worker else
237*6236dae4SAndroid Build Coastguard Worker #endif
238*6236dae4SAndroid Build Coastguard Worker #if defined(USE_NTLM)
239*6236dae4SAndroid Build Coastguard Worker if(authflags & CURLAUTH_NTLM) {
240*6236dae4SAndroid Build Coastguard Worker method = LDAP_AUTH_NTLM;
241*6236dae4SAndroid Build Coastguard Worker }
242*6236dae4SAndroid Build Coastguard Worker else
243*6236dae4SAndroid Build Coastguard Worker #endif
244*6236dae4SAndroid Build Coastguard Worker #if !defined(CURL_DISABLE_DIGEST_AUTH)
245*6236dae4SAndroid Build Coastguard Worker if(authflags & CURLAUTH_DIGEST) {
246*6236dae4SAndroid Build Coastguard Worker method = LDAP_AUTH_DIGEST;
247*6236dae4SAndroid Build Coastguard Worker }
248*6236dae4SAndroid Build Coastguard Worker else
249*6236dae4SAndroid Build Coastguard Worker #endif
250*6236dae4SAndroid Build Coastguard Worker {
251*6236dae4SAndroid Build Coastguard Worker /* required anyway if one of upper preprocessor definitions enabled */
252*6236dae4SAndroid Build Coastguard Worker }
253*6236dae4SAndroid Build Coastguard Worker
254*6236dae4SAndroid Build Coastguard Worker if(method && user && passwd) {
255*6236dae4SAndroid Build Coastguard Worker CURLcode res = Curl_create_sspi_identity(user, passwd, &cred);
256*6236dae4SAndroid Build Coastguard Worker rc = (int)res;
257*6236dae4SAndroid Build Coastguard Worker if(!rc) {
258*6236dae4SAndroid Build Coastguard Worker rc = (int)ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
259*6236dae4SAndroid Build Coastguard Worker Curl_sspi_free_identity(&cred);
260*6236dae4SAndroid Build Coastguard Worker }
261*6236dae4SAndroid Build Coastguard Worker }
262*6236dae4SAndroid Build Coastguard Worker else {
263*6236dae4SAndroid Build Coastguard Worker /* proceed with current user credentials */
264*6236dae4SAndroid Build Coastguard Worker method = LDAP_AUTH_NEGOTIATE;
265*6236dae4SAndroid Build Coastguard Worker rc = (int)ldap_bind_s(server, NULL, NULL, method);
266*6236dae4SAndroid Build Coastguard Worker }
267*6236dae4SAndroid Build Coastguard Worker return rc;
268*6236dae4SAndroid Build Coastguard Worker }
269*6236dae4SAndroid Build Coastguard Worker #endif /* #if defined(USE_WINDOWS_SSPI) */
270*6236dae4SAndroid Build Coastguard Worker
ldap_win_bind(struct Curl_easy * data,LDAP * server,const char * user,const char * passwd)271*6236dae4SAndroid Build Coastguard Worker static int ldap_win_bind(struct Curl_easy *data, LDAP *server,
272*6236dae4SAndroid Build Coastguard Worker const char *user, const char *passwd)
273*6236dae4SAndroid Build Coastguard Worker {
274*6236dae4SAndroid Build Coastguard Worker int rc = LDAP_INVALID_CREDENTIALS;
275*6236dae4SAndroid Build Coastguard Worker
276*6236dae4SAndroid Build Coastguard Worker PTCHAR inuser = NULL;
277*6236dae4SAndroid Build Coastguard Worker PTCHAR inpass = NULL;
278*6236dae4SAndroid Build Coastguard Worker
279*6236dae4SAndroid Build Coastguard Worker if(user && passwd && (data->set.httpauth & CURLAUTH_BASIC)) {
280*6236dae4SAndroid Build Coastguard Worker inuser = curlx_convert_UTF8_to_tchar((char *) user);
281*6236dae4SAndroid Build Coastguard Worker inpass = curlx_convert_UTF8_to_tchar((char *) passwd);
282*6236dae4SAndroid Build Coastguard Worker
283*6236dae4SAndroid Build Coastguard Worker rc = (int)ldap_simple_bind_s(server, inuser, inpass);
284*6236dae4SAndroid Build Coastguard Worker
285*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(inuser);
286*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(inpass);
287*6236dae4SAndroid Build Coastguard Worker }
288*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WINDOWS_SSPI)
289*6236dae4SAndroid Build Coastguard Worker else {
290*6236dae4SAndroid Build Coastguard Worker rc = (int)ldap_win_bind_auth(server, user, passwd, data->set.httpauth);
291*6236dae4SAndroid Build Coastguard Worker }
292*6236dae4SAndroid Build Coastguard Worker #endif
293*6236dae4SAndroid Build Coastguard Worker
294*6236dae4SAndroid Build Coastguard Worker return rc;
295*6236dae4SAndroid Build Coastguard Worker }
296*6236dae4SAndroid Build Coastguard Worker #endif /* #if defined(USE_WIN32_LDAP) */
297*6236dae4SAndroid Build Coastguard Worker
298*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
299*6236dae4SAndroid Build Coastguard Worker #define FREE_ON_WINLDAP(x) curlx_unicodefree(x)
300*6236dae4SAndroid Build Coastguard Worker #define curl_ldap_num_t ULONG
301*6236dae4SAndroid Build Coastguard Worker #else
302*6236dae4SAndroid Build Coastguard Worker #define FREE_ON_WINLDAP(x)
303*6236dae4SAndroid Build Coastguard Worker #define curl_ldap_num_t int
304*6236dae4SAndroid Build Coastguard Worker #endif
305*6236dae4SAndroid Build Coastguard Worker
306*6236dae4SAndroid Build Coastguard Worker
ldap_do(struct Curl_easy * data,bool * done)307*6236dae4SAndroid Build Coastguard Worker static CURLcode ldap_do(struct Curl_easy *data, bool *done)
308*6236dae4SAndroid Build Coastguard Worker {
309*6236dae4SAndroid Build Coastguard Worker CURLcode result = CURLE_OK;
310*6236dae4SAndroid Build Coastguard Worker int rc = 0;
311*6236dae4SAndroid Build Coastguard Worker LDAP *server = NULL;
312*6236dae4SAndroid Build Coastguard Worker LDAPURLDesc *ludp = NULL;
313*6236dae4SAndroid Build Coastguard Worker LDAPMessage *ldapmsg = NULL;
314*6236dae4SAndroid Build Coastguard Worker LDAPMessage *entryIterator;
315*6236dae4SAndroid Build Coastguard Worker int num = 0;
316*6236dae4SAndroid Build Coastguard Worker struct connectdata *conn = data->conn;
317*6236dae4SAndroid Build Coastguard Worker int ldap_proto = LDAP_VERSION3;
318*6236dae4SAndroid Build Coastguard Worker int ldap_ssl = 0;
319*6236dae4SAndroid Build Coastguard Worker char *val_b64 = NULL;
320*6236dae4SAndroid Build Coastguard Worker size_t val_b64_sz = 0;
321*6236dae4SAndroid Build Coastguard Worker #ifdef LDAP_OPT_NETWORK_TIMEOUT
322*6236dae4SAndroid Build Coastguard Worker struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
323*6236dae4SAndroid Build Coastguard Worker #endif
324*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
325*6236dae4SAndroid Build Coastguard Worker TCHAR *host = NULL;
326*6236dae4SAndroid Build Coastguard Worker #else
327*6236dae4SAndroid Build Coastguard Worker char *host = NULL;
328*6236dae4SAndroid Build Coastguard Worker #endif
329*6236dae4SAndroid Build Coastguard Worker char *user = NULL;
330*6236dae4SAndroid Build Coastguard Worker char *passwd = NULL;
331*6236dae4SAndroid Build Coastguard Worker
332*6236dae4SAndroid Build Coastguard Worker *done = TRUE; /* unconditionally */
333*6236dae4SAndroid Build Coastguard Worker infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d",
334*6236dae4SAndroid Build Coastguard Worker LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION);
335*6236dae4SAndroid Build Coastguard Worker infof(data, "LDAP local: %s", data->state.url);
336*6236dae4SAndroid Build Coastguard Worker
337*6236dae4SAndroid Build Coastguard Worker #ifdef HAVE_LDAP_URL_PARSE
338*6236dae4SAndroid Build Coastguard Worker rc = ldap_url_parse(data->state.url, &ludp);
339*6236dae4SAndroid Build Coastguard Worker #else
340*6236dae4SAndroid Build Coastguard Worker rc = _ldap_url_parse(data, conn, &ludp);
341*6236dae4SAndroid Build Coastguard Worker #endif
342*6236dae4SAndroid Build Coastguard Worker if(rc) {
343*6236dae4SAndroid Build Coastguard Worker failf(data, "Bad LDAP URL: %s", ldap_err2string((curl_ldap_num_t)rc));
344*6236dae4SAndroid Build Coastguard Worker result = CURLE_URL_MALFORMAT;
345*6236dae4SAndroid Build Coastguard Worker goto quit;
346*6236dae4SAndroid Build Coastguard Worker }
347*6236dae4SAndroid Build Coastguard Worker
348*6236dae4SAndroid Build Coastguard Worker /* Get the URL scheme (either ldap or ldaps) */
349*6236dae4SAndroid Build Coastguard Worker if(conn->given->flags & PROTOPT_SSL)
350*6236dae4SAndroid Build Coastguard Worker ldap_ssl = 1;
351*6236dae4SAndroid Build Coastguard Worker infof(data, "LDAP local: trying to establish %s connection",
352*6236dae4SAndroid Build Coastguard Worker ldap_ssl ? "encrypted" : "cleartext");
353*6236dae4SAndroid Build Coastguard Worker
354*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
355*6236dae4SAndroid Build Coastguard Worker host = curlx_convert_UTF8_to_tchar(conn->host.name);
356*6236dae4SAndroid Build Coastguard Worker if(!host) {
357*6236dae4SAndroid Build Coastguard Worker result = CURLE_OUT_OF_MEMORY;
358*6236dae4SAndroid Build Coastguard Worker
359*6236dae4SAndroid Build Coastguard Worker goto quit;
360*6236dae4SAndroid Build Coastguard Worker }
361*6236dae4SAndroid Build Coastguard Worker #else
362*6236dae4SAndroid Build Coastguard Worker host = conn->host.name;
363*6236dae4SAndroid Build Coastguard Worker #endif
364*6236dae4SAndroid Build Coastguard Worker
365*6236dae4SAndroid Build Coastguard Worker if(data->state.aptr.user) {
366*6236dae4SAndroid Build Coastguard Worker user = conn->user;
367*6236dae4SAndroid Build Coastguard Worker passwd = conn->passwd;
368*6236dae4SAndroid Build Coastguard Worker }
369*6236dae4SAndroid Build Coastguard Worker
370*6236dae4SAndroid Build Coastguard Worker #ifdef LDAP_OPT_NETWORK_TIMEOUT
371*6236dae4SAndroid Build Coastguard Worker ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
372*6236dae4SAndroid Build Coastguard Worker #endif
373*6236dae4SAndroid Build Coastguard Worker ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
374*6236dae4SAndroid Build Coastguard Worker
375*6236dae4SAndroid Build Coastguard Worker if(ldap_ssl) {
376*6236dae4SAndroid Build Coastguard Worker #ifdef HAVE_LDAP_SSL
377*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WIN32_LDAP
378*6236dae4SAndroid Build Coastguard Worker /* Win32 LDAP SDK does not support insecure mode without CA! */
379*6236dae4SAndroid Build Coastguard Worker server = ldap_sslinit(host, (curl_ldap_num_t)conn->primary.remote_port, 1);
380*6236dae4SAndroid Build Coastguard Worker ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
381*6236dae4SAndroid Build Coastguard Worker #else
382*6236dae4SAndroid Build Coastguard Worker int ldap_option;
383*6236dae4SAndroid Build Coastguard Worker char *ldap_ca = conn->ssl_config.CAfile;
384*6236dae4SAndroid Build Coastguard Worker #if defined(CURL_HAS_NOVELL_LDAPSDK)
385*6236dae4SAndroid Build Coastguard Worker rc = ldapssl_client_init(NULL, NULL);
386*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
387*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
388*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
389*6236dae4SAndroid Build Coastguard Worker goto quit;
390*6236dae4SAndroid Build Coastguard Worker }
391*6236dae4SAndroid Build Coastguard Worker if(conn->ssl_config.verifypeer) {
392*6236dae4SAndroid Build Coastguard Worker /* Novell SDK supports DER or BASE64 files. */
393*6236dae4SAndroid Build Coastguard Worker int cert_type = LDAPSSL_CERT_FILETYPE_B64;
394*6236dae4SAndroid Build Coastguard Worker if((data->set.ssl.cert_type) &&
395*6236dae4SAndroid Build Coastguard Worker (strcasecompare(data->set.ssl.cert_type, "DER")))
396*6236dae4SAndroid Build Coastguard Worker cert_type = LDAPSSL_CERT_FILETYPE_DER;
397*6236dae4SAndroid Build Coastguard Worker if(!ldap_ca) {
398*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR %s CA cert not set",
399*6236dae4SAndroid Build Coastguard Worker (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
400*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
401*6236dae4SAndroid Build Coastguard Worker goto quit;
402*6236dae4SAndroid Build Coastguard Worker }
403*6236dae4SAndroid Build Coastguard Worker infof(data, "LDAP local: using %s CA cert '%s'",
404*6236dae4SAndroid Build Coastguard Worker (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
405*6236dae4SAndroid Build Coastguard Worker ldap_ca);
406*6236dae4SAndroid Build Coastguard Worker rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
407*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
408*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR setting %s CA cert: %s",
409*6236dae4SAndroid Build Coastguard Worker (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
410*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
411*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
412*6236dae4SAndroid Build Coastguard Worker goto quit;
413*6236dae4SAndroid Build Coastguard Worker }
414*6236dae4SAndroid Build Coastguard Worker ldap_option = LDAPSSL_VERIFY_SERVER;
415*6236dae4SAndroid Build Coastguard Worker }
416*6236dae4SAndroid Build Coastguard Worker else
417*6236dae4SAndroid Build Coastguard Worker ldap_option = LDAPSSL_VERIFY_NONE;
418*6236dae4SAndroid Build Coastguard Worker rc = ldapssl_set_verify_mode(ldap_option);
419*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
420*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR setting cert verify mode: %s",
421*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
422*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
423*6236dae4SAndroid Build Coastguard Worker goto quit;
424*6236dae4SAndroid Build Coastguard Worker }
425*6236dae4SAndroid Build Coastguard Worker server = ldapssl_init(host, conn->primary.remote_port, 1);
426*6236dae4SAndroid Build Coastguard Worker if(!server) {
427*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: Cannot connect to %s:%u",
428*6236dae4SAndroid Build Coastguard Worker conn->host.dispname, conn->primary.remote_port);
429*6236dae4SAndroid Build Coastguard Worker result = CURLE_COULDNT_CONNECT;
430*6236dae4SAndroid Build Coastguard Worker goto quit;
431*6236dae4SAndroid Build Coastguard Worker }
432*6236dae4SAndroid Build Coastguard Worker #elif defined(LDAP_OPT_X_TLS)
433*6236dae4SAndroid Build Coastguard Worker if(conn->ssl_config.verifypeer) {
434*6236dae4SAndroid Build Coastguard Worker /* OpenLDAP SDK supports BASE64 files. */
435*6236dae4SAndroid Build Coastguard Worker if((data->set.ssl.cert_type) &&
436*6236dae4SAndroid Build Coastguard Worker (!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
437*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type");
438*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
439*6236dae4SAndroid Build Coastguard Worker goto quit;
440*6236dae4SAndroid Build Coastguard Worker }
441*6236dae4SAndroid Build Coastguard Worker if(!ldap_ca) {
442*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR PEM CA cert not set");
443*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
444*6236dae4SAndroid Build Coastguard Worker goto quit;
445*6236dae4SAndroid Build Coastguard Worker }
446*6236dae4SAndroid Build Coastguard Worker infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca);
447*6236dae4SAndroid Build Coastguard Worker rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
448*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
449*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
450*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
451*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
452*6236dae4SAndroid Build Coastguard Worker goto quit;
453*6236dae4SAndroid Build Coastguard Worker }
454*6236dae4SAndroid Build Coastguard Worker ldap_option = LDAP_OPT_X_TLS_DEMAND;
455*6236dae4SAndroid Build Coastguard Worker }
456*6236dae4SAndroid Build Coastguard Worker else
457*6236dae4SAndroid Build Coastguard Worker ldap_option = LDAP_OPT_X_TLS_NEVER;
458*6236dae4SAndroid Build Coastguard Worker
459*6236dae4SAndroid Build Coastguard Worker rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
460*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
461*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR setting cert verify mode: %s",
462*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
463*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
464*6236dae4SAndroid Build Coastguard Worker goto quit;
465*6236dae4SAndroid Build Coastguard Worker }
466*6236dae4SAndroid Build Coastguard Worker server = ldap_init(host, conn->primary.remote_port);
467*6236dae4SAndroid Build Coastguard Worker if(!server) {
468*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: Cannot connect to %s:%u",
469*6236dae4SAndroid Build Coastguard Worker conn->host.dispname, conn->primary.remote_port);
470*6236dae4SAndroid Build Coastguard Worker result = CURLE_COULDNT_CONNECT;
471*6236dae4SAndroid Build Coastguard Worker goto quit;
472*6236dae4SAndroid Build Coastguard Worker }
473*6236dae4SAndroid Build Coastguard Worker ldap_option = LDAP_OPT_X_TLS_HARD;
474*6236dae4SAndroid Build Coastguard Worker rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
475*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
476*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
477*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
478*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
479*6236dae4SAndroid Build Coastguard Worker goto quit;
480*6236dae4SAndroid Build Coastguard Worker }
481*6236dae4SAndroid Build Coastguard Worker /*
482*6236dae4SAndroid Build Coastguard Worker rc = ldap_start_tls_s(server, NULL, NULL);
483*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
484*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
485*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
486*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
487*6236dae4SAndroid Build Coastguard Worker goto quit;
488*6236dae4SAndroid Build Coastguard Worker }
489*6236dae4SAndroid Build Coastguard Worker */
490*6236dae4SAndroid Build Coastguard Worker #else
491*6236dae4SAndroid Build Coastguard Worker (void)ldap_option;
492*6236dae4SAndroid Build Coastguard Worker (void)ldap_ca;
493*6236dae4SAndroid Build Coastguard Worker /* we should probably never come up to here since configure
494*6236dae4SAndroid Build Coastguard Worker should check in first place if we can support LDAP SSL/TLS */
495*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: SSL/TLS not supported with this version "
496*6236dae4SAndroid Build Coastguard Worker "of the OpenLDAP toolkit\n");
497*6236dae4SAndroid Build Coastguard Worker result = CURLE_SSL_CERTPROBLEM;
498*6236dae4SAndroid Build Coastguard Worker goto quit;
499*6236dae4SAndroid Build Coastguard Worker #endif
500*6236dae4SAndroid Build Coastguard Worker #endif
501*6236dae4SAndroid Build Coastguard Worker #endif /* CURL_LDAP_USE_SSL */
502*6236dae4SAndroid Build Coastguard Worker }
503*6236dae4SAndroid Build Coastguard Worker else if(data->set.use_ssl > CURLUSESSL_TRY) {
504*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: explicit TLS not supported");
505*6236dae4SAndroid Build Coastguard Worker result = CURLE_NOT_BUILT_IN;
506*6236dae4SAndroid Build Coastguard Worker goto quit;
507*6236dae4SAndroid Build Coastguard Worker }
508*6236dae4SAndroid Build Coastguard Worker else {
509*6236dae4SAndroid Build Coastguard Worker server = ldap_init(host, (curl_ldap_num_t)conn->primary.remote_port);
510*6236dae4SAndroid Build Coastguard Worker if(!server) {
511*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: Cannot connect to %s:%u",
512*6236dae4SAndroid Build Coastguard Worker conn->host.dispname, conn->primary.remote_port);
513*6236dae4SAndroid Build Coastguard Worker result = CURLE_COULDNT_CONNECT;
514*6236dae4SAndroid Build Coastguard Worker goto quit;
515*6236dae4SAndroid Build Coastguard Worker }
516*6236dae4SAndroid Build Coastguard Worker }
517*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WIN32_LDAP
518*6236dae4SAndroid Build Coastguard Worker ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
519*6236dae4SAndroid Build Coastguard Worker rc = ldap_win_bind(data, server, user, passwd);
520*6236dae4SAndroid Build Coastguard Worker #else
521*6236dae4SAndroid Build Coastguard Worker rc = ldap_simple_bind_s(server, user, passwd);
522*6236dae4SAndroid Build Coastguard Worker #endif
523*6236dae4SAndroid Build Coastguard Worker if(!ldap_ssl && rc) {
524*6236dae4SAndroid Build Coastguard Worker ldap_proto = LDAP_VERSION2;
525*6236dae4SAndroid Build Coastguard Worker ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
526*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WIN32_LDAP
527*6236dae4SAndroid Build Coastguard Worker rc = ldap_win_bind(data, server, user, passwd);
528*6236dae4SAndroid Build Coastguard Worker #else
529*6236dae4SAndroid Build Coastguard Worker rc = ldap_simple_bind_s(server, user, passwd);
530*6236dae4SAndroid Build Coastguard Worker #endif
531*6236dae4SAndroid Build Coastguard Worker }
532*6236dae4SAndroid Build Coastguard Worker if(rc) {
533*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WIN32_LDAP
534*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: bind via ldap_win_bind %s",
535*6236dae4SAndroid Build Coastguard Worker ldap_err2string((ULONG)rc));
536*6236dae4SAndroid Build Coastguard Worker #else
537*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP local: bind via ldap_simple_bind_s %s",
538*6236dae4SAndroid Build Coastguard Worker ldap_err2string(rc));
539*6236dae4SAndroid Build Coastguard Worker #endif
540*6236dae4SAndroid Build Coastguard Worker result = CURLE_LDAP_CANNOT_BIND;
541*6236dae4SAndroid Build Coastguard Worker goto quit;
542*6236dae4SAndroid Build Coastguard Worker }
543*6236dae4SAndroid Build Coastguard Worker
544*6236dae4SAndroid Build Coastguard Worker Curl_pgrsSetDownloadCounter(data, 0);
545*6236dae4SAndroid Build Coastguard Worker rc = (int)ldap_search_s(server, ludp->lud_dn,
546*6236dae4SAndroid Build Coastguard Worker (curl_ldap_num_t)ludp->lud_scope,
547*6236dae4SAndroid Build Coastguard Worker ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg);
548*6236dae4SAndroid Build Coastguard Worker
549*6236dae4SAndroid Build Coastguard Worker if(rc && rc != LDAP_SIZELIMIT_EXCEEDED) {
550*6236dae4SAndroid Build Coastguard Worker failf(data, "LDAP remote: %s", ldap_err2string((curl_ldap_num_t)rc));
551*6236dae4SAndroid Build Coastguard Worker result = CURLE_LDAP_SEARCH_FAILED;
552*6236dae4SAndroid Build Coastguard Worker goto quit;
553*6236dae4SAndroid Build Coastguard Worker }
554*6236dae4SAndroid Build Coastguard Worker
555*6236dae4SAndroid Build Coastguard Worker num = 0;
556*6236dae4SAndroid Build Coastguard Worker for(entryIterator = ldap_first_entry(server, ldapmsg);
557*6236dae4SAndroid Build Coastguard Worker entryIterator;
558*6236dae4SAndroid Build Coastguard Worker entryIterator = ldap_next_entry(server, entryIterator), num++) {
559*6236dae4SAndroid Build Coastguard Worker BerElement *ber = NULL;
560*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
561*6236dae4SAndroid Build Coastguard Worker TCHAR *attribute;
562*6236dae4SAndroid Build Coastguard Worker #else
563*6236dae4SAndroid Build Coastguard Worker char *attribute;
564*6236dae4SAndroid Build Coastguard Worker #endif
565*6236dae4SAndroid Build Coastguard Worker int i;
566*6236dae4SAndroid Build Coastguard Worker
567*6236dae4SAndroid Build Coastguard Worker /* Get the DN and write it to the client */
568*6236dae4SAndroid Build Coastguard Worker {
569*6236dae4SAndroid Build Coastguard Worker char *name;
570*6236dae4SAndroid Build Coastguard Worker size_t name_len;
571*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
572*6236dae4SAndroid Build Coastguard Worker TCHAR *dn = ldap_get_dn(server, entryIterator);
573*6236dae4SAndroid Build Coastguard Worker name = curlx_convert_tchar_to_UTF8(dn);
574*6236dae4SAndroid Build Coastguard Worker if(!name) {
575*6236dae4SAndroid Build Coastguard Worker ldap_memfree(dn);
576*6236dae4SAndroid Build Coastguard Worker
577*6236dae4SAndroid Build Coastguard Worker result = CURLE_OUT_OF_MEMORY;
578*6236dae4SAndroid Build Coastguard Worker
579*6236dae4SAndroid Build Coastguard Worker goto quit;
580*6236dae4SAndroid Build Coastguard Worker }
581*6236dae4SAndroid Build Coastguard Worker #else
582*6236dae4SAndroid Build Coastguard Worker char *dn = name = ldap_get_dn(server, entryIterator);
583*6236dae4SAndroid Build Coastguard Worker #endif
584*6236dae4SAndroid Build Coastguard Worker name_len = strlen(name);
585*6236dae4SAndroid Build Coastguard Worker
586*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"DN: ", 4);
587*6236dae4SAndroid Build Coastguard Worker if(result) {
588*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(name);
589*6236dae4SAndroid Build Coastguard Worker ldap_memfree(dn);
590*6236dae4SAndroid Build Coastguard Worker goto quit;
591*6236dae4SAndroid Build Coastguard Worker }
592*6236dae4SAndroid Build Coastguard Worker
593*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, name, name_len);
594*6236dae4SAndroid Build Coastguard Worker if(result) {
595*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(name);
596*6236dae4SAndroid Build Coastguard Worker ldap_memfree(dn);
597*6236dae4SAndroid Build Coastguard Worker goto quit;
598*6236dae4SAndroid Build Coastguard Worker }
599*6236dae4SAndroid Build Coastguard Worker
600*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
601*6236dae4SAndroid Build Coastguard Worker if(result) {
602*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(name);
603*6236dae4SAndroid Build Coastguard Worker ldap_memfree(dn);
604*6236dae4SAndroid Build Coastguard Worker
605*6236dae4SAndroid Build Coastguard Worker goto quit;
606*6236dae4SAndroid Build Coastguard Worker }
607*6236dae4SAndroid Build Coastguard Worker
608*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(name);
609*6236dae4SAndroid Build Coastguard Worker ldap_memfree(dn);
610*6236dae4SAndroid Build Coastguard Worker }
611*6236dae4SAndroid Build Coastguard Worker
612*6236dae4SAndroid Build Coastguard Worker /* Get the attributes and write them to the client */
613*6236dae4SAndroid Build Coastguard Worker for(attribute = ldap_first_attribute(server, entryIterator, &ber);
614*6236dae4SAndroid Build Coastguard Worker attribute;
615*6236dae4SAndroid Build Coastguard Worker attribute = ldap_next_attribute(server, entryIterator, ber)) {
616*6236dae4SAndroid Build Coastguard Worker BerValue **vals;
617*6236dae4SAndroid Build Coastguard Worker size_t attr_len;
618*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
619*6236dae4SAndroid Build Coastguard Worker char *attr = curlx_convert_tchar_to_UTF8(attribute);
620*6236dae4SAndroid Build Coastguard Worker if(!attr) {
621*6236dae4SAndroid Build Coastguard Worker if(ber)
622*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
623*6236dae4SAndroid Build Coastguard Worker
624*6236dae4SAndroid Build Coastguard Worker result = CURLE_OUT_OF_MEMORY;
625*6236dae4SAndroid Build Coastguard Worker
626*6236dae4SAndroid Build Coastguard Worker goto quit;
627*6236dae4SAndroid Build Coastguard Worker }
628*6236dae4SAndroid Build Coastguard Worker #else
629*6236dae4SAndroid Build Coastguard Worker char *attr = attribute;
630*6236dae4SAndroid Build Coastguard Worker #endif
631*6236dae4SAndroid Build Coastguard Worker attr_len = strlen(attr);
632*6236dae4SAndroid Build Coastguard Worker
633*6236dae4SAndroid Build Coastguard Worker vals = ldap_get_values_len(server, entryIterator, attribute);
634*6236dae4SAndroid Build Coastguard Worker if(vals) {
635*6236dae4SAndroid Build Coastguard Worker for(i = 0; (vals[i] != NULL); i++) {
636*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\t", 1);
637*6236dae4SAndroid Build Coastguard Worker if(result) {
638*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
639*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
640*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
641*6236dae4SAndroid Build Coastguard Worker if(ber)
642*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
643*6236dae4SAndroid Build Coastguard Worker
644*6236dae4SAndroid Build Coastguard Worker goto quit;
645*6236dae4SAndroid Build Coastguard Worker }
646*6236dae4SAndroid Build Coastguard Worker
647*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, attr, attr_len);
648*6236dae4SAndroid Build Coastguard Worker if(result) {
649*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
650*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
651*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
652*6236dae4SAndroid Build Coastguard Worker if(ber)
653*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
654*6236dae4SAndroid Build Coastguard Worker
655*6236dae4SAndroid Build Coastguard Worker goto quit;
656*6236dae4SAndroid Build Coastguard Worker }
657*6236dae4SAndroid Build Coastguard Worker
658*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)": ", 2);
659*6236dae4SAndroid Build Coastguard Worker if(result) {
660*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
661*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
662*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
663*6236dae4SAndroid Build Coastguard Worker if(ber)
664*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
665*6236dae4SAndroid Build Coastguard Worker
666*6236dae4SAndroid Build Coastguard Worker goto quit;
667*6236dae4SAndroid Build Coastguard Worker }
668*6236dae4SAndroid Build Coastguard Worker
669*6236dae4SAndroid Build Coastguard Worker if((attr_len > 7) &&
670*6236dae4SAndroid Build Coastguard Worker (strcmp(";binary", attr + (attr_len - 7)) == 0)) {
671*6236dae4SAndroid Build Coastguard Worker /* Binary attribute, encode to base64. */
672*6236dae4SAndroid Build Coastguard Worker result = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len,
673*6236dae4SAndroid Build Coastguard Worker &val_b64, &val_b64_sz);
674*6236dae4SAndroid Build Coastguard Worker if(result) {
675*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
676*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
677*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
678*6236dae4SAndroid Build Coastguard Worker if(ber)
679*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
680*6236dae4SAndroid Build Coastguard Worker
681*6236dae4SAndroid Build Coastguard Worker goto quit;
682*6236dae4SAndroid Build Coastguard Worker }
683*6236dae4SAndroid Build Coastguard Worker
684*6236dae4SAndroid Build Coastguard Worker if(val_b64_sz > 0) {
685*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, val_b64,
686*6236dae4SAndroid Build Coastguard Worker val_b64_sz);
687*6236dae4SAndroid Build Coastguard Worker free(val_b64);
688*6236dae4SAndroid Build Coastguard Worker if(result) {
689*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
690*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
691*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
692*6236dae4SAndroid Build Coastguard Worker if(ber)
693*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
694*6236dae4SAndroid Build Coastguard Worker
695*6236dae4SAndroid Build Coastguard Worker goto quit;
696*6236dae4SAndroid Build Coastguard Worker }
697*6236dae4SAndroid Build Coastguard Worker }
698*6236dae4SAndroid Build Coastguard Worker }
699*6236dae4SAndroid Build Coastguard Worker else {
700*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, vals[i]->bv_val,
701*6236dae4SAndroid Build Coastguard Worker vals[i]->bv_len);
702*6236dae4SAndroid Build Coastguard Worker if(result) {
703*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
704*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
705*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
706*6236dae4SAndroid Build Coastguard Worker if(ber)
707*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
708*6236dae4SAndroid Build Coastguard Worker
709*6236dae4SAndroid Build Coastguard Worker goto quit;
710*6236dae4SAndroid Build Coastguard Worker }
711*6236dae4SAndroid Build Coastguard Worker }
712*6236dae4SAndroid Build Coastguard Worker
713*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
714*6236dae4SAndroid Build Coastguard Worker if(result) {
715*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
716*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
717*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
718*6236dae4SAndroid Build Coastguard Worker if(ber)
719*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
720*6236dae4SAndroid Build Coastguard Worker
721*6236dae4SAndroid Build Coastguard Worker goto quit;
722*6236dae4SAndroid Build Coastguard Worker }
723*6236dae4SAndroid Build Coastguard Worker }
724*6236dae4SAndroid Build Coastguard Worker
725*6236dae4SAndroid Build Coastguard Worker /* Free memory used to store values */
726*6236dae4SAndroid Build Coastguard Worker ldap_value_free_len(vals);
727*6236dae4SAndroid Build Coastguard Worker }
728*6236dae4SAndroid Build Coastguard Worker
729*6236dae4SAndroid Build Coastguard Worker /* Free the attribute as we are done with it */
730*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(attr);
731*6236dae4SAndroid Build Coastguard Worker ldap_memfree(attribute);
732*6236dae4SAndroid Build Coastguard Worker
733*6236dae4SAndroid Build Coastguard Worker result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
734*6236dae4SAndroid Build Coastguard Worker if(result)
735*6236dae4SAndroid Build Coastguard Worker goto quit;
736*6236dae4SAndroid Build Coastguard Worker }
737*6236dae4SAndroid Build Coastguard Worker
738*6236dae4SAndroid Build Coastguard Worker if(ber)
739*6236dae4SAndroid Build Coastguard Worker ber_free(ber, 0);
740*6236dae4SAndroid Build Coastguard Worker }
741*6236dae4SAndroid Build Coastguard Worker
742*6236dae4SAndroid Build Coastguard Worker quit:
743*6236dae4SAndroid Build Coastguard Worker if(ldapmsg) {
744*6236dae4SAndroid Build Coastguard Worker ldap_msgfree(ldapmsg);
745*6236dae4SAndroid Build Coastguard Worker LDAP_TRACE(("Received %d entries\n", num));
746*6236dae4SAndroid Build Coastguard Worker }
747*6236dae4SAndroid Build Coastguard Worker if(rc == LDAP_SIZELIMIT_EXCEEDED)
748*6236dae4SAndroid Build Coastguard Worker infof(data, "There are more than %d entries", num);
749*6236dae4SAndroid Build Coastguard Worker if(ludp)
750*6236dae4SAndroid Build Coastguard Worker ldap_free_urldesc(ludp);
751*6236dae4SAndroid Build Coastguard Worker if(server)
752*6236dae4SAndroid Build Coastguard Worker ldap_unbind_s(server);
753*6236dae4SAndroid Build Coastguard Worker #if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
754*6236dae4SAndroid Build Coastguard Worker if(ldap_ssl)
755*6236dae4SAndroid Build Coastguard Worker ldapssl_client_deinit();
756*6236dae4SAndroid Build Coastguard Worker #endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
757*6236dae4SAndroid Build Coastguard Worker
758*6236dae4SAndroid Build Coastguard Worker FREE_ON_WINLDAP(host);
759*6236dae4SAndroid Build Coastguard Worker
760*6236dae4SAndroid Build Coastguard Worker /* no data to transfer */
761*6236dae4SAndroid Build Coastguard Worker Curl_xfer_setup_nop(data);
762*6236dae4SAndroid Build Coastguard Worker connclose(conn, "LDAP connection always disable reuse");
763*6236dae4SAndroid Build Coastguard Worker
764*6236dae4SAndroid Build Coastguard Worker return result;
765*6236dae4SAndroid Build Coastguard Worker }
766*6236dae4SAndroid Build Coastguard Worker
767*6236dae4SAndroid Build Coastguard Worker #ifdef DEBUG_LDAP
_ldap_trace(const char * fmt,...)768*6236dae4SAndroid Build Coastguard Worker static void _ldap_trace(const char *fmt, ...)
769*6236dae4SAndroid Build Coastguard Worker {
770*6236dae4SAndroid Build Coastguard Worker static int do_trace = -1;
771*6236dae4SAndroid Build Coastguard Worker va_list args;
772*6236dae4SAndroid Build Coastguard Worker
773*6236dae4SAndroid Build Coastguard Worker if(do_trace == -1) {
774*6236dae4SAndroid Build Coastguard Worker const char *env = getenv("CURL_TRACE");
775*6236dae4SAndroid Build Coastguard Worker do_trace = (env && strtol(env, NULL, 10) > 0);
776*6236dae4SAndroid Build Coastguard Worker }
777*6236dae4SAndroid Build Coastguard Worker if(!do_trace)
778*6236dae4SAndroid Build Coastguard Worker return;
779*6236dae4SAndroid Build Coastguard Worker
780*6236dae4SAndroid Build Coastguard Worker va_start(args, fmt);
781*6236dae4SAndroid Build Coastguard Worker vfprintf(stderr, fmt, args);
782*6236dae4SAndroid Build Coastguard Worker va_end(args);
783*6236dae4SAndroid Build Coastguard Worker }
784*6236dae4SAndroid Build Coastguard Worker #endif
785*6236dae4SAndroid Build Coastguard Worker
786*6236dae4SAndroid Build Coastguard Worker #ifndef HAVE_LDAP_URL_PARSE
787*6236dae4SAndroid Build Coastguard Worker
788*6236dae4SAndroid Build Coastguard Worker /*
789*6236dae4SAndroid Build Coastguard Worker * Return scope-value for a scope-string.
790*6236dae4SAndroid Build Coastguard Worker */
str2scope(const char * p)791*6236dae4SAndroid Build Coastguard Worker static int str2scope(const char *p)
792*6236dae4SAndroid Build Coastguard Worker {
793*6236dae4SAndroid Build Coastguard Worker if(strcasecompare(p, "one"))
794*6236dae4SAndroid Build Coastguard Worker return LDAP_SCOPE_ONELEVEL;
795*6236dae4SAndroid Build Coastguard Worker if(strcasecompare(p, "onetree"))
796*6236dae4SAndroid Build Coastguard Worker return LDAP_SCOPE_ONELEVEL;
797*6236dae4SAndroid Build Coastguard Worker if(strcasecompare(p, "base"))
798*6236dae4SAndroid Build Coastguard Worker return LDAP_SCOPE_BASE;
799*6236dae4SAndroid Build Coastguard Worker if(strcasecompare(p, "sub"))
800*6236dae4SAndroid Build Coastguard Worker return LDAP_SCOPE_SUBTREE;
801*6236dae4SAndroid Build Coastguard Worker if(strcasecompare(p, "subtree"))
802*6236dae4SAndroid Build Coastguard Worker return LDAP_SCOPE_SUBTREE;
803*6236dae4SAndroid Build Coastguard Worker return (-1);
804*6236dae4SAndroid Build Coastguard Worker }
805*6236dae4SAndroid Build Coastguard Worker
806*6236dae4SAndroid Build Coastguard Worker /*
807*6236dae4SAndroid Build Coastguard Worker * Split 'str' into strings separated by commas.
808*6236dae4SAndroid Build Coastguard Worker * Note: out[] points into 'str'.
809*6236dae4SAndroid Build Coastguard Worker */
split_str(char * str,char *** out,size_t * count)810*6236dae4SAndroid Build Coastguard Worker static bool split_str(char *str, char ***out, size_t *count)
811*6236dae4SAndroid Build Coastguard Worker {
812*6236dae4SAndroid Build Coastguard Worker char **res;
813*6236dae4SAndroid Build Coastguard Worker char *lasts;
814*6236dae4SAndroid Build Coastguard Worker char *s;
815*6236dae4SAndroid Build Coastguard Worker size_t i;
816*6236dae4SAndroid Build Coastguard Worker size_t items = 1;
817*6236dae4SAndroid Build Coastguard Worker
818*6236dae4SAndroid Build Coastguard Worker s = strchr(str, ',');
819*6236dae4SAndroid Build Coastguard Worker while(s) {
820*6236dae4SAndroid Build Coastguard Worker items++;
821*6236dae4SAndroid Build Coastguard Worker s = strchr(++s, ',');
822*6236dae4SAndroid Build Coastguard Worker }
823*6236dae4SAndroid Build Coastguard Worker
824*6236dae4SAndroid Build Coastguard Worker res = calloc(items, sizeof(char *));
825*6236dae4SAndroid Build Coastguard Worker if(!res)
826*6236dae4SAndroid Build Coastguard Worker return FALSE;
827*6236dae4SAndroid Build Coastguard Worker
828*6236dae4SAndroid Build Coastguard Worker for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
829*6236dae4SAndroid Build Coastguard Worker s = strtok_r(NULL, ",", &lasts), i++)
830*6236dae4SAndroid Build Coastguard Worker res[i] = s;
831*6236dae4SAndroid Build Coastguard Worker
832*6236dae4SAndroid Build Coastguard Worker *out = res;
833*6236dae4SAndroid Build Coastguard Worker *count = items;
834*6236dae4SAndroid Build Coastguard Worker
835*6236dae4SAndroid Build Coastguard Worker return TRUE;
836*6236dae4SAndroid Build Coastguard Worker }
837*6236dae4SAndroid Build Coastguard Worker
838*6236dae4SAndroid Build Coastguard Worker /*
839*6236dae4SAndroid Build Coastguard Worker * Break apart the pieces of an LDAP URL.
840*6236dae4SAndroid Build Coastguard Worker * Syntax:
841*6236dae4SAndroid Build Coastguard Worker * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
842*6236dae4SAndroid Build Coastguard Worker *
843*6236dae4SAndroid Build Coastguard Worker * <hostname> already known from 'conn->host.name'.
844*6236dae4SAndroid Build Coastguard Worker * <port> already known from 'conn->remote_port'.
845*6236dae4SAndroid Build Coastguard Worker * extract the rest from 'data->state.path+1'. All fields are optional.
846*6236dae4SAndroid Build Coastguard Worker * e.g.
847*6236dae4SAndroid Build Coastguard Worker * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
848*6236dae4SAndroid Build Coastguard Worker * yields ludp->lud_dn = "".
849*6236dae4SAndroid Build Coastguard Worker *
850*6236dae4SAndroid Build Coastguard Worker * Defined in RFC4516 section 2.
851*6236dae4SAndroid Build Coastguard Worker */
_ldap_url_parse2(struct Curl_easy * data,const struct connectdata * conn,LDAPURLDesc * ludp)852*6236dae4SAndroid Build Coastguard Worker static int _ldap_url_parse2(struct Curl_easy *data,
853*6236dae4SAndroid Build Coastguard Worker const struct connectdata *conn, LDAPURLDesc *ludp)
854*6236dae4SAndroid Build Coastguard Worker {
855*6236dae4SAndroid Build Coastguard Worker int rc = LDAP_SUCCESS;
856*6236dae4SAndroid Build Coastguard Worker char *p;
857*6236dae4SAndroid Build Coastguard Worker char *path;
858*6236dae4SAndroid Build Coastguard Worker char *q = NULL;
859*6236dae4SAndroid Build Coastguard Worker char *query = NULL;
860*6236dae4SAndroid Build Coastguard Worker size_t i;
861*6236dae4SAndroid Build Coastguard Worker
862*6236dae4SAndroid Build Coastguard Worker if(!data ||
863*6236dae4SAndroid Build Coastguard Worker !data->state.up.path ||
864*6236dae4SAndroid Build Coastguard Worker data->state.up.path[0] != '/' ||
865*6236dae4SAndroid Build Coastguard Worker !strncasecompare("LDAP", data->state.up.scheme, 4))
866*6236dae4SAndroid Build Coastguard Worker return LDAP_INVALID_SYNTAX;
867*6236dae4SAndroid Build Coastguard Worker
868*6236dae4SAndroid Build Coastguard Worker ludp->lud_scope = LDAP_SCOPE_BASE;
869*6236dae4SAndroid Build Coastguard Worker ludp->lud_port = conn->remote_port;
870*6236dae4SAndroid Build Coastguard Worker ludp->lud_host = conn->host.name;
871*6236dae4SAndroid Build Coastguard Worker
872*6236dae4SAndroid Build Coastguard Worker /* Duplicate the path */
873*6236dae4SAndroid Build Coastguard Worker p = path = strdup(data->state.up.path + 1);
874*6236dae4SAndroid Build Coastguard Worker if(!path)
875*6236dae4SAndroid Build Coastguard Worker return LDAP_NO_MEMORY;
876*6236dae4SAndroid Build Coastguard Worker
877*6236dae4SAndroid Build Coastguard Worker /* Duplicate the query if present */
878*6236dae4SAndroid Build Coastguard Worker if(data->state.up.query) {
879*6236dae4SAndroid Build Coastguard Worker q = query = strdup(data->state.up.query);
880*6236dae4SAndroid Build Coastguard Worker if(!query) {
881*6236dae4SAndroid Build Coastguard Worker free(path);
882*6236dae4SAndroid Build Coastguard Worker return LDAP_NO_MEMORY;
883*6236dae4SAndroid Build Coastguard Worker }
884*6236dae4SAndroid Build Coastguard Worker }
885*6236dae4SAndroid Build Coastguard Worker
886*6236dae4SAndroid Build Coastguard Worker /* Parse the DN (Distinguished Name) */
887*6236dae4SAndroid Build Coastguard Worker if(*p) {
888*6236dae4SAndroid Build Coastguard Worker char *dn = p;
889*6236dae4SAndroid Build Coastguard Worker char *unescaped;
890*6236dae4SAndroid Build Coastguard Worker CURLcode result;
891*6236dae4SAndroid Build Coastguard Worker
892*6236dae4SAndroid Build Coastguard Worker LDAP_TRACE(("DN '%s'\n", dn));
893*6236dae4SAndroid Build Coastguard Worker
894*6236dae4SAndroid Build Coastguard Worker /* Unescape the DN */
895*6236dae4SAndroid Build Coastguard Worker result = Curl_urldecode(dn, 0, &unescaped, NULL, REJECT_ZERO);
896*6236dae4SAndroid Build Coastguard Worker if(result) {
897*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
898*6236dae4SAndroid Build Coastguard Worker
899*6236dae4SAndroid Build Coastguard Worker goto quit;
900*6236dae4SAndroid Build Coastguard Worker }
901*6236dae4SAndroid Build Coastguard Worker
902*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
903*6236dae4SAndroid Build Coastguard Worker /* Convert the unescaped string to a tchar */
904*6236dae4SAndroid Build Coastguard Worker ludp->lud_dn = curlx_convert_UTF8_to_tchar(unescaped);
905*6236dae4SAndroid Build Coastguard Worker
906*6236dae4SAndroid Build Coastguard Worker /* Free the unescaped string as we are done with it */
907*6236dae4SAndroid Build Coastguard Worker free(unescaped);
908*6236dae4SAndroid Build Coastguard Worker
909*6236dae4SAndroid Build Coastguard Worker if(!ludp->lud_dn) {
910*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
911*6236dae4SAndroid Build Coastguard Worker
912*6236dae4SAndroid Build Coastguard Worker goto quit;
913*6236dae4SAndroid Build Coastguard Worker }
914*6236dae4SAndroid Build Coastguard Worker #else
915*6236dae4SAndroid Build Coastguard Worker ludp->lud_dn = unescaped;
916*6236dae4SAndroid Build Coastguard Worker #endif
917*6236dae4SAndroid Build Coastguard Worker }
918*6236dae4SAndroid Build Coastguard Worker
919*6236dae4SAndroid Build Coastguard Worker p = q;
920*6236dae4SAndroid Build Coastguard Worker if(!p)
921*6236dae4SAndroid Build Coastguard Worker goto quit;
922*6236dae4SAndroid Build Coastguard Worker
923*6236dae4SAndroid Build Coastguard Worker /* Parse the attributes. skip "??" */
924*6236dae4SAndroid Build Coastguard Worker q = strchr(p, '?');
925*6236dae4SAndroid Build Coastguard Worker if(q)
926*6236dae4SAndroid Build Coastguard Worker *q++ = '\0';
927*6236dae4SAndroid Build Coastguard Worker
928*6236dae4SAndroid Build Coastguard Worker if(*p) {
929*6236dae4SAndroid Build Coastguard Worker char **attributes;
930*6236dae4SAndroid Build Coastguard Worker size_t count = 0;
931*6236dae4SAndroid Build Coastguard Worker
932*6236dae4SAndroid Build Coastguard Worker /* Split the string into an array of attributes */
933*6236dae4SAndroid Build Coastguard Worker if(!split_str(p, &attributes, &count)) {
934*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
935*6236dae4SAndroid Build Coastguard Worker
936*6236dae4SAndroid Build Coastguard Worker goto quit;
937*6236dae4SAndroid Build Coastguard Worker }
938*6236dae4SAndroid Build Coastguard Worker
939*6236dae4SAndroid Build Coastguard Worker /* Allocate our array (+1 for the NULL entry) */
940*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
941*6236dae4SAndroid Build Coastguard Worker ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
942*6236dae4SAndroid Build Coastguard Worker #else
943*6236dae4SAndroid Build Coastguard Worker ludp->lud_attrs = calloc(count + 1, sizeof(char *));
944*6236dae4SAndroid Build Coastguard Worker #endif
945*6236dae4SAndroid Build Coastguard Worker if(!ludp->lud_attrs) {
946*6236dae4SAndroid Build Coastguard Worker free(attributes);
947*6236dae4SAndroid Build Coastguard Worker
948*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
949*6236dae4SAndroid Build Coastguard Worker
950*6236dae4SAndroid Build Coastguard Worker goto quit;
951*6236dae4SAndroid Build Coastguard Worker }
952*6236dae4SAndroid Build Coastguard Worker
953*6236dae4SAndroid Build Coastguard Worker for(i = 0; i < count; i++) {
954*6236dae4SAndroid Build Coastguard Worker char *unescaped;
955*6236dae4SAndroid Build Coastguard Worker CURLcode result;
956*6236dae4SAndroid Build Coastguard Worker
957*6236dae4SAndroid Build Coastguard Worker LDAP_TRACE(("attr[%zu] '%s'\n", i, attributes[i]));
958*6236dae4SAndroid Build Coastguard Worker
959*6236dae4SAndroid Build Coastguard Worker /* Unescape the attribute */
960*6236dae4SAndroid Build Coastguard Worker result = Curl_urldecode(attributes[i], 0, &unescaped, NULL,
961*6236dae4SAndroid Build Coastguard Worker REJECT_ZERO);
962*6236dae4SAndroid Build Coastguard Worker if(result) {
963*6236dae4SAndroid Build Coastguard Worker free(attributes);
964*6236dae4SAndroid Build Coastguard Worker
965*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
966*6236dae4SAndroid Build Coastguard Worker
967*6236dae4SAndroid Build Coastguard Worker goto quit;
968*6236dae4SAndroid Build Coastguard Worker }
969*6236dae4SAndroid Build Coastguard Worker
970*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
971*6236dae4SAndroid Build Coastguard Worker /* Convert the unescaped string to a tchar */
972*6236dae4SAndroid Build Coastguard Worker ludp->lud_attrs[i] = curlx_convert_UTF8_to_tchar(unescaped);
973*6236dae4SAndroid Build Coastguard Worker
974*6236dae4SAndroid Build Coastguard Worker /* Free the unescaped string as we are done with it */
975*6236dae4SAndroid Build Coastguard Worker free(unescaped);
976*6236dae4SAndroid Build Coastguard Worker
977*6236dae4SAndroid Build Coastguard Worker if(!ludp->lud_attrs[i]) {
978*6236dae4SAndroid Build Coastguard Worker free(attributes);
979*6236dae4SAndroid Build Coastguard Worker
980*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
981*6236dae4SAndroid Build Coastguard Worker
982*6236dae4SAndroid Build Coastguard Worker goto quit;
983*6236dae4SAndroid Build Coastguard Worker }
984*6236dae4SAndroid Build Coastguard Worker #else
985*6236dae4SAndroid Build Coastguard Worker ludp->lud_attrs[i] = unescaped;
986*6236dae4SAndroid Build Coastguard Worker #endif
987*6236dae4SAndroid Build Coastguard Worker
988*6236dae4SAndroid Build Coastguard Worker ludp->lud_attrs_dups++;
989*6236dae4SAndroid Build Coastguard Worker }
990*6236dae4SAndroid Build Coastguard Worker
991*6236dae4SAndroid Build Coastguard Worker free(attributes);
992*6236dae4SAndroid Build Coastguard Worker }
993*6236dae4SAndroid Build Coastguard Worker
994*6236dae4SAndroid Build Coastguard Worker p = q;
995*6236dae4SAndroid Build Coastguard Worker if(!p)
996*6236dae4SAndroid Build Coastguard Worker goto quit;
997*6236dae4SAndroid Build Coastguard Worker
998*6236dae4SAndroid Build Coastguard Worker /* Parse the scope. skip "??" */
999*6236dae4SAndroid Build Coastguard Worker q = strchr(p, '?');
1000*6236dae4SAndroid Build Coastguard Worker if(q)
1001*6236dae4SAndroid Build Coastguard Worker *q++ = '\0';
1002*6236dae4SAndroid Build Coastguard Worker
1003*6236dae4SAndroid Build Coastguard Worker if(*p) {
1004*6236dae4SAndroid Build Coastguard Worker ludp->lud_scope = str2scope(p);
1005*6236dae4SAndroid Build Coastguard Worker if(ludp->lud_scope == -1) {
1006*6236dae4SAndroid Build Coastguard Worker rc = LDAP_INVALID_SYNTAX;
1007*6236dae4SAndroid Build Coastguard Worker
1008*6236dae4SAndroid Build Coastguard Worker goto quit;
1009*6236dae4SAndroid Build Coastguard Worker }
1010*6236dae4SAndroid Build Coastguard Worker LDAP_TRACE(("scope %d\n", ludp->lud_scope));
1011*6236dae4SAndroid Build Coastguard Worker }
1012*6236dae4SAndroid Build Coastguard Worker
1013*6236dae4SAndroid Build Coastguard Worker p = q;
1014*6236dae4SAndroid Build Coastguard Worker if(!p)
1015*6236dae4SAndroid Build Coastguard Worker goto quit;
1016*6236dae4SAndroid Build Coastguard Worker
1017*6236dae4SAndroid Build Coastguard Worker /* Parse the filter */
1018*6236dae4SAndroid Build Coastguard Worker q = strchr(p, '?');
1019*6236dae4SAndroid Build Coastguard Worker if(q)
1020*6236dae4SAndroid Build Coastguard Worker *q++ = '\0';
1021*6236dae4SAndroid Build Coastguard Worker
1022*6236dae4SAndroid Build Coastguard Worker if(*p) {
1023*6236dae4SAndroid Build Coastguard Worker char *filter = p;
1024*6236dae4SAndroid Build Coastguard Worker char *unescaped;
1025*6236dae4SAndroid Build Coastguard Worker CURLcode result;
1026*6236dae4SAndroid Build Coastguard Worker
1027*6236dae4SAndroid Build Coastguard Worker LDAP_TRACE(("filter '%s'\n", filter));
1028*6236dae4SAndroid Build Coastguard Worker
1029*6236dae4SAndroid Build Coastguard Worker /* Unescape the filter */
1030*6236dae4SAndroid Build Coastguard Worker result = Curl_urldecode(filter, 0, &unescaped, NULL, REJECT_ZERO);
1031*6236dae4SAndroid Build Coastguard Worker if(result) {
1032*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
1033*6236dae4SAndroid Build Coastguard Worker
1034*6236dae4SAndroid Build Coastguard Worker goto quit;
1035*6236dae4SAndroid Build Coastguard Worker }
1036*6236dae4SAndroid Build Coastguard Worker
1037*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
1038*6236dae4SAndroid Build Coastguard Worker /* Convert the unescaped string to a tchar */
1039*6236dae4SAndroid Build Coastguard Worker ludp->lud_filter = curlx_convert_UTF8_to_tchar(unescaped);
1040*6236dae4SAndroid Build Coastguard Worker
1041*6236dae4SAndroid Build Coastguard Worker /* Free the unescaped string as we are done with it */
1042*6236dae4SAndroid Build Coastguard Worker free(unescaped);
1043*6236dae4SAndroid Build Coastguard Worker
1044*6236dae4SAndroid Build Coastguard Worker if(!ludp->lud_filter) {
1045*6236dae4SAndroid Build Coastguard Worker rc = LDAP_NO_MEMORY;
1046*6236dae4SAndroid Build Coastguard Worker
1047*6236dae4SAndroid Build Coastguard Worker goto quit;
1048*6236dae4SAndroid Build Coastguard Worker }
1049*6236dae4SAndroid Build Coastguard Worker #else
1050*6236dae4SAndroid Build Coastguard Worker ludp->lud_filter = unescaped;
1051*6236dae4SAndroid Build Coastguard Worker #endif
1052*6236dae4SAndroid Build Coastguard Worker }
1053*6236dae4SAndroid Build Coastguard Worker
1054*6236dae4SAndroid Build Coastguard Worker p = q;
1055*6236dae4SAndroid Build Coastguard Worker if(p && !*p) {
1056*6236dae4SAndroid Build Coastguard Worker rc = LDAP_INVALID_SYNTAX;
1057*6236dae4SAndroid Build Coastguard Worker
1058*6236dae4SAndroid Build Coastguard Worker goto quit;
1059*6236dae4SAndroid Build Coastguard Worker }
1060*6236dae4SAndroid Build Coastguard Worker
1061*6236dae4SAndroid Build Coastguard Worker quit:
1062*6236dae4SAndroid Build Coastguard Worker free(path);
1063*6236dae4SAndroid Build Coastguard Worker free(query);
1064*6236dae4SAndroid Build Coastguard Worker
1065*6236dae4SAndroid Build Coastguard Worker return rc;
1066*6236dae4SAndroid Build Coastguard Worker }
1067*6236dae4SAndroid Build Coastguard Worker
_ldap_url_parse(struct Curl_easy * data,const struct connectdata * conn,LDAPURLDesc ** ludpp)1068*6236dae4SAndroid Build Coastguard Worker static int _ldap_url_parse(struct Curl_easy *data,
1069*6236dae4SAndroid Build Coastguard Worker const struct connectdata *conn,
1070*6236dae4SAndroid Build Coastguard Worker LDAPURLDesc **ludpp)
1071*6236dae4SAndroid Build Coastguard Worker {
1072*6236dae4SAndroid Build Coastguard Worker LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
1073*6236dae4SAndroid Build Coastguard Worker int rc;
1074*6236dae4SAndroid Build Coastguard Worker
1075*6236dae4SAndroid Build Coastguard Worker *ludpp = NULL;
1076*6236dae4SAndroid Build Coastguard Worker if(!ludp)
1077*6236dae4SAndroid Build Coastguard Worker return LDAP_NO_MEMORY;
1078*6236dae4SAndroid Build Coastguard Worker
1079*6236dae4SAndroid Build Coastguard Worker rc = _ldap_url_parse2(data, conn, ludp);
1080*6236dae4SAndroid Build Coastguard Worker if(rc != LDAP_SUCCESS) {
1081*6236dae4SAndroid Build Coastguard Worker _ldap_free_urldesc(ludp);
1082*6236dae4SAndroid Build Coastguard Worker ludp = NULL;
1083*6236dae4SAndroid Build Coastguard Worker }
1084*6236dae4SAndroid Build Coastguard Worker *ludpp = ludp;
1085*6236dae4SAndroid Build Coastguard Worker return (rc);
1086*6236dae4SAndroid Build Coastguard Worker }
1087*6236dae4SAndroid Build Coastguard Worker
_ldap_free_urldesc(LDAPURLDesc * ludp)1088*6236dae4SAndroid Build Coastguard Worker static void _ldap_free_urldesc(LDAPURLDesc *ludp)
1089*6236dae4SAndroid Build Coastguard Worker {
1090*6236dae4SAndroid Build Coastguard Worker if(!ludp)
1091*6236dae4SAndroid Build Coastguard Worker return;
1092*6236dae4SAndroid Build Coastguard Worker
1093*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
1094*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(ludp->lud_dn);
1095*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(ludp->lud_filter);
1096*6236dae4SAndroid Build Coastguard Worker #else
1097*6236dae4SAndroid Build Coastguard Worker free(ludp->lud_dn);
1098*6236dae4SAndroid Build Coastguard Worker free(ludp->lud_filter);
1099*6236dae4SAndroid Build Coastguard Worker #endif
1100*6236dae4SAndroid Build Coastguard Worker
1101*6236dae4SAndroid Build Coastguard Worker if(ludp->lud_attrs) {
1102*6236dae4SAndroid Build Coastguard Worker size_t i;
1103*6236dae4SAndroid Build Coastguard Worker for(i = 0; i < ludp->lud_attrs_dups; i++) {
1104*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WIN32_LDAP)
1105*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(ludp->lud_attrs[i]);
1106*6236dae4SAndroid Build Coastguard Worker #else
1107*6236dae4SAndroid Build Coastguard Worker free(ludp->lud_attrs[i]);
1108*6236dae4SAndroid Build Coastguard Worker #endif
1109*6236dae4SAndroid Build Coastguard Worker }
1110*6236dae4SAndroid Build Coastguard Worker free(ludp->lud_attrs);
1111*6236dae4SAndroid Build Coastguard Worker }
1112*6236dae4SAndroid Build Coastguard Worker
1113*6236dae4SAndroid Build Coastguard Worker free(ludp);
1114*6236dae4SAndroid Build Coastguard Worker }
1115*6236dae4SAndroid Build Coastguard Worker #endif /* !HAVE_LDAP_URL_PARSE */
1116*6236dae4SAndroid Build Coastguard Worker #endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */
1117