summaryrefslogtreecommitdiffstats
path: root/ldap/c-sdk/libraries/libldap/request.c
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/c-sdk/libraries/libldap/request.c')
-rw-r--r--ldap/c-sdk/libraries/libldap/request.c1659
1 files changed, 1659 insertions, 0 deletions
diff --git a/ldap/c-sdk/libraries/libldap/request.c b/ldap/c-sdk/libraries/libldap/request.c
new file mode 100644
index 000000000..d379917b2
--- /dev/null
+++ b/ldap/c-sdk/libraries/libldap/request.c
@@ -0,0 +1,1659 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/*
+ * Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ */
+/*
+ * request.c - sending of ldap requests; handling of referrals
+ */
+
+#if 0
+#ifndef lint
+static char copyright[] = "@(#) Copyright (c) 1995 Regents of the University of Michigan.\nAll rights reserved.\n";
+#endif
+#endif
+
+#include "ldap-int.h"
+
+static LDAPConn *find_connection( LDAP *ld, LDAPServer *srv, int any );
+static void free_servers( LDAPServer *srvlist );
+static int chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq,
+ char *refurl, char *desc, int *unknownp, int is_reference );
+static int re_encode_request( LDAP *ld, BerElement *origber,
+ int msgid, LDAPURLDesc *ludp, BerElement **berp, int is_reference );
+
+#ifdef LDAP_DNS
+static LDAPServer *dn2servers( LDAP *ld, char *dn );
+#endif /* LDAP_DNS */
+
+
+/* returns an LDAP error code and also sets error inside LDAP * */
+int
+nsldapi_alloc_ber_with_options( LDAP *ld, BerElement **berp )
+{
+ int err;
+
+ LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
+ if (( *berp = ber_alloc_t( ld->ld_lberoptions )) == NULLBER ) {
+ err = LDAP_NO_MEMORY;
+ LDAP_SET_LDERRNO( ld, err, NULL, NULL );
+ } else {
+ err = LDAP_SUCCESS;
+#ifdef STR_TRANSLATION
+ nsldapi_set_ber_options( ld, *berp );
+#endif /* STR_TRANSLATION */
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+
+ return( err );
+}
+
+
+void
+nsldapi_set_ber_options( LDAP *ld, BerElement *ber )
+{
+ ber->ber_options = ld->ld_lberoptions;
+#ifdef STR_TRANSLATION
+ if (( ld->ld_lberoptions & LBER_OPT_TRANSLATE_STRINGS ) != 0 ) {
+ ber_set_string_translators( ber,
+ ld->ld_lber_encode_translate_proc,
+ ld->ld_lber_decode_translate_proc );
+ }
+#endif /* STR_TRANSLATION */
+}
+
+
+/* returns the message id of the request or -1 if an error occurs */
+int
+nsldapi_send_initial_request( LDAP *ld, int msgid, unsigned long msgtype,
+ char *dn, BerElement *ber )
+{
+ LDAPServer *servers;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_initial_request\n", 0,0,0 );
+
+#ifdef LDAP_DNS
+ LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
+ if (( ld->ld_options & LDAP_BITOPT_DNS ) != 0 && ldap_is_dns_dn( dn )) {
+ if (( servers = dn2servers( ld, dn )) == NULL ) {
+ ber_free( ber, 1 );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+ return( -1 );
+ }
+
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_TRACE ) {
+ LDAPServer *srv;
+ char msg[256];
+
+ for ( srv = servers; srv != NULL;
+ srv = srv->lsrv_next ) {
+ sprintf( msg,
+ "LDAP server %s: dn %s, port %d\n",
+ srv->lsrv_host, ( srv->lsrv_dn == NULL ) ?
+ "(default)" : srv->lsrv_dn,
+ srv->lsrv_port );
+ ber_err_print( msg );
+ }
+ }
+#endif /* LDAP_DEBUG */
+ } else {
+#endif /* LDAP_DNS */
+ /*
+ * use of DNS is turned off or this is an LDAP DN...
+ * use our default connection
+ */
+ servers = NULL;
+#ifdef LDAP_DNS
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+#endif /* LDAP_DNS */
+
+ return( nsldapi_send_server_request( ld, ber, msgid, NULL,
+ servers, NULL, ( msgtype == LDAP_REQ_BIND ) ? dn : NULL, 0 ));
+}
+
+
+/* returns the message id of the request or -1 if an error occurs */
+int
+nsldapi_send_server_request(
+ LDAP *ld, /* session handle */
+ BerElement *ber, /* message to send */
+ int msgid, /* ID of message to send */
+ LDAPRequest *parentreq, /* non-NULL for referred requests */
+ LDAPServer *srvlist, /* servers to connect to (NULL for default) */
+ LDAPConn *lc, /* connection to use (NULL for default) */
+ char *bindreqdn, /* non-NULL for bind requests */
+ int bind /* perform a bind after opening new conn.? */
+)
+{
+ LDAPRequest *lr;
+ int err;
+ int incparent; /* did we bump parent's ref count? */
+ /* EPIPE and Unsolicited Response handling variables */
+ int res_rc = 0;
+ int epipe_err = 0;
+ int ext_res_rc = 0;
+ char *ext_oid = NULL;
+ struct berval *ext_data = NULL;
+ LDAPMessage *ext_res = NULL;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_server_request\n", 0, 0, 0 );
+
+ incparent = 0;
+ LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
+ if ( lc == NULL ) {
+ if ( srvlist == NULL ) {
+ if ( ld->ld_defconn == NULL ) {
+ LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
+ if ( bindreqdn == NULL && ( ld->ld_options
+ & LDAP_BITOPT_RECONNECT ) != 0 ) {
+ LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN,
+ NULL, NULL );
+ ber_free( ber, 1 );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+
+ if ( nsldapi_open_ldap_defconn( ld ) < 0 ) {
+ ber_free( ber, 1 );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+ }
+ lc = ld->ld_defconn;
+ } else {
+ if (( lc = find_connection( ld, srvlist, 1 )) ==
+ NULL ) {
+ if ( bind && (parentreq != NULL) ) {
+ /* Remember the bind in the parent */
+ incparent = 1;
+ ++parentreq->lr_outrefcnt;
+ }
+
+ lc = nsldapi_new_connection( ld, &srvlist, 0,
+ 1, bind );
+ }
+ free_servers( srvlist );
+ }
+ }
+
+
+ /*
+ * return a fatal error if:
+ * 1. no connections exists
+ * or
+ * 2. the connection is dead
+ * or
+ * 3. it is not in the connected state with normal (non async) I/O
+ */
+ if ( lc == NULL
+ || ( lc->lconn_status == LDAP_CONNST_DEAD )
+ || ( 0 == (ld->ld_options & LDAP_BITOPT_ASYNC) &&
+ lc->lconn_status != LDAP_CONNST_CONNECTED) ) {
+
+ ber_free( ber, 1 );
+ if ( lc != NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
+ }
+ if ( incparent ) {
+ /* Forget about the bind */
+ --parentreq->lr_outrefcnt;
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+
+ if (( lr = nsldapi_new_request( lc, ber, msgid,
+ 1 /* expect a response */)) == NULL
+ || ( bindreqdn != NULL && ( bindreqdn =
+ nsldapi_strdup( bindreqdn )) == NULL )) {
+ if ( lr != NULL ) {
+ NSLDAPI_FREE( lr );
+ }
+ LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
+ nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
+ ber_free( ber, 1 );
+ if ( incparent ) {
+ /* Forget about the bind */
+ --parentreq->lr_outrefcnt;
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+ lr->lr_binddn = bindreqdn;
+
+ if ( parentreq != NULL ) { /* sub-request */
+ if ( !incparent ) {
+ /* Increment if we didn't do it before the bind */
+ ++parentreq->lr_outrefcnt;
+ }
+ lr->lr_origid = parentreq->lr_origid;
+ lr->lr_parentcnt = parentreq->lr_parentcnt + 1;
+ lr->lr_parent = parentreq;
+ if ( parentreq->lr_child != NULL ) {
+ lr->lr_sibling = parentreq->lr_child;
+ }
+ parentreq->lr_child = lr;
+ } else { /* original request */
+ lr->lr_origid = lr->lr_msgid;
+ }
+
+ LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK );
+ /* add new request to the end of the list of outstanding requests */
+ nsldapi_queue_request_nolock( ld, lr );
+
+ /*
+ * Issue a non-blocking poll() if we need to check this
+ * connection's status.
+ */
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTING ||
+ lc->lconn_pending_requests > 0 ) {
+ struct timeval tv;
+
+ tv.tv_sec = tv.tv_usec = 0;
+ (void)nsldapi_iostatus_poll( ld, &tv );
+ }
+
+ /*
+ * If the connect is pending, check to see if it has now completed.
+ */
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTING &&
+ nsldapi_iostatus_is_write_ready( ld, lc->lconn_sb )) {
+ lc->lconn_status = LDAP_CONNST_CONNECTED;
+
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: connection 0x%p -"
+ " LDAP_CONNST_CONNECTING -> LDAP_CONNST_CONNECTED\n",
+ lc, 0, 0 );
+ }
+
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTING ||
+ lc->lconn_pending_requests > 0 ) {
+ /*
+ * The connect is not yet complete, or there are existing
+ * requests that have not yet been sent to the server.
+ * Delay sending this request.
+ */
+ lr->lr_status = LDAP_REQST_WRITING;
+ ++lc->lconn_pending_requests;
+ nsldapi_iostatus_interest_write( ld, lc->lconn_sb );
+
+ /*
+ * If the connection is now connected, and it is ready
+ * to accept some more outbound data, send as many
+ * pending requests as possible.
+ */
+ if ( lc->lconn_status != LDAP_CONNST_CONNECTING
+ && nsldapi_iostatus_is_write_ready( ld, lc->lconn_sb )) {
+ if ( nsldapi_send_pending_requests_nolock( ld, lc )
+ == -1 ) { /* error */
+ /*
+ * Since nsldapi_send_pending_requests_nolock()
+ * sets LDAP errno, there is no need to do so
+ * here.
+ */
+ LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+ }
+
+ } else {
+ if (( err = nsldapi_send_ber_message( ld, lc->lconn_sb,
+ ber, 0 /* do not free ber */,
+ 1 /* will handle EPIPE */ )) != 0 ) {
+
+ epipe_err = LDAP_GET_ERRNO( ld );
+ if ( epipe_err == EPIPE ) {
+ res_rc = nsldapi_result_nolock(ld, LDAP_RES_UNSOLICITED, 1,
+ 1, (struct timeval *) NULL, &ext_res);
+ if ( ( res_rc == LDAP_RES_EXTENDED ) && ext_res ) {
+ ext_res_rc = ldap_parse_extended_result( ld, ext_res,
+ &ext_oid, &ext_data, 0 );
+ if ( ext_res_rc != LDAP_SUCCESS ) {
+ if ( ext_res ) {
+ ldap_msgfree( ext_res );
+ }
+ nsldapi_connection_lost_nolock( ld, lc->lconn_sb );
+ } else {
+#ifdef LDAP_DEBUG
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: Unsolicited response\n", 0, 0, 0 );
+ if ( ext_oid ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: Unsolicited response oid: %s\n",
+ ext_oid, 0, 0 );
+ }
+ if ( ext_data && ext_data->bv_len && ext_data->bv_val ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: Unsolicited response len: %d\n",
+ ext_data->bv_len, 0, 0 );
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: Unsolicited response val: %s\n",
+ ext_data->bv_val, 0, 0 );
+ }
+ if ( !ext_oid && !ext_data ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_send_server_request: Unsolicited response is empty\n",
+ 0, 0, 0 );
+ }
+#endif /* LDAP_DEBUG */
+ if ( ext_oid ) {
+ if ( strcmp ( ext_oid,
+ LDAP_NOTICE_OF_DISCONNECTION ) == 0 ) {
+ if ( ext_data ) {
+ ber_bvfree( ext_data );
+ }
+ if ( ext_oid ) {
+ ldap_memfree( ext_oid );
+ }
+ if ( ext_res ) {
+ ldap_msgfree( ext_res );
+ }
+ nsldapi_connection_lost_nolock( ld,
+ lc->lconn_sb );
+ nsldapi_free_request( ld, lr, 0 );
+ nsldapi_free_connection( ld, lc,
+ NULL, NULL, 0, 0 );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+ }
+ }
+ } else {
+ if ( ext_res ) {
+ ldap_msgfree( ext_res );
+ }
+ nsldapi_connection_lost_nolock( ld, lc->lconn_sb );
+ }
+ }
+
+ /* need to continue write later */
+ if (err == -2 ) {
+ lr->lr_status = LDAP_REQST_WRITING;
+ ++lc->lconn_pending_requests;
+ nsldapi_iostatus_interest_write( ld, lc->lconn_sb );
+ } else {
+ LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
+ nsldapi_free_request( ld, lr, 0 );
+ nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+ return( -1 );
+ }
+
+ } else {
+ if ( parentreq == NULL ) {
+ ber->ber_end = ber->ber_ptr;
+ ber->ber_ptr = ber->ber_buf;
+ }
+
+ /* sent -- waiting for a response */
+ if (ld->ld_options & LDAP_BITOPT_ASYNC) {
+ lc->lconn_status = LDAP_CONNST_CONNECTED;
+ }
+
+ nsldapi_iostatus_interest_read( ld, lc->lconn_sb );
+ }
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
+ LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
+
+ LDAP_SET_LDERRNO( ld, LDAP_SUCCESS, NULL, NULL );
+ return( msgid );
+}
+
+
+/*
+ * nsldapi_send_ber_message(): Attempt to send a BER-encoded message.
+ * If freeit is non-zero, ber is freed when the send succeeds.
+ * If errno is EPIPE and epipe_handler is set we let the caller
+ * deal with EPIPE and dont call lost_nolock here but the caller
+ * should call lost_nolock itself when done with handling EPIPE.
+ *
+ * Return values:
+ * 0: message sent successfully.
+ * -1: a fatal error occurred while trying to send.
+ * -2: async. I/O is enabled and the send would block.
+ */
+int
+nsldapi_send_ber_message( LDAP *ld, Sockbuf *sb, BerElement *ber, int freeit,
+ int epipe_handler )
+{
+ int rc = 0; /* optimistic */
+ int async = ( 0 != (ld->ld_options & LDAP_BITOPT_ASYNC));
+ int more_to_send = 1;
+
+ while ( more_to_send) {
+ /*
+ * ber_flush() doesn't set errno on EOF, so we pre-set it to
+ * zero to avoid getting tricked by leftover "EAGAIN" errors
+ */
+ LDAP_SET_ERRNO( ld, 0 );
+
+ if ( ber_flush( sb, ber, freeit ) == 0 ) {
+ more_to_send = 0; /* success */
+ } else {
+ int terrno = LDAP_GET_ERRNO( ld );
+ if ( NSLDAPI_ERRNO_IO_INPROGRESS( terrno )) {
+ if ( async ) {
+ rc = -2;
+ break;
+ }
+ } else {
+ if ( !(epipe_handler && ( terrno == EPIPE )) ) {
+ nsldapi_connection_lost_nolock( ld, sb );
+ }
+ rc = -1; /* fatal error */
+ break;
+ }
+ }
+ }
+
+ return( rc );
+}
+
+
+/*
+ * nsldapi_send_pending_requests_nolock(): Send one or more pending requests
+ * that are associated with connection 'lc'.
+ *
+ * Return values: 0 -- success.
+ * -1 -- fatal error; connection closed.
+ *
+ * Must be called with these two mutexes locked, in this order:
+ * LDAP_CONN_LOCK
+ * LDAP_REQ_LOCK
+ */
+int
+nsldapi_send_pending_requests_nolock( LDAP *ld, LDAPConn *lc )
+{
+ int err;
+ int waiting_for_a_response = 0;
+ int rc = 0;
+ LDAPRequest *lr;
+ char *logname = "nsldapi_send_pending_requests_nolock";
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "%s\n", logname, 0, 0 );
+
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ /*
+ * This code relies on the fact that the ld_requests list
+ * is in order from oldest to newest request (the oldest
+ * requests that have not yet been sent to the server are
+ * sent first).
+ */
+ if ( lr->lr_status == LDAP_REQST_WRITING
+ && lr->lr_conn == lc ) {
+ err = nsldapi_send_ber_message( ld, lc->lconn_sb,
+ lr->lr_ber, 0 /* do not free ber */,
+ 0 /* will not handle EPIPE */ );
+ if ( err == 0 ) { /* send succeeded */
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "%s: 0x%p SENT\n", logname, lr, 0 );
+ lr->lr_ber->ber_end = lr->lr_ber->ber_ptr;
+ lr->lr_ber->ber_ptr = lr->lr_ber->ber_buf;
+ lr->lr_status = LDAP_REQST_INPROGRESS;
+ --lc->lconn_pending_requests;
+ } else if ( err == -2 ) { /* would block */
+ rc = 0; /* not an error */
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "%s: 0x%p WOULD BLOCK\n", logname, lr, 0 );
+ break;
+ } else { /* fatal error */
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "%s: 0x%p FATAL ERROR\n", logname, lr, 0 );
+ LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN,
+ NULL, NULL );
+ nsldapi_free_request( ld, lr, 0 );
+ lr = NULL;
+ nsldapi_free_connection( ld, lc, NULL, NULL,
+ 0, 0 );
+ lc = NULL;
+ rc = -1;
+ break;
+ }
+ }
+
+ if (lr->lr_status == LDAP_REQST_INPROGRESS ) {
+ if (lr->lr_expect_resp) {
+ ++waiting_for_a_response;
+ } else {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "%s: 0x%p NO RESPONSE EXPECTED;"
+ " freeing request \n", logname, lr, 0 );
+ nsldapi_free_request( ld, lr, 0 );
+ lr = NULL;
+ }
+ }
+ }
+
+ if ( lc != NULL ) {
+ if ( lc->lconn_pending_requests < 1 ) {
+ /* no need to poll for "write ready" any longer */
+ nsldapi_iostatus_interest_clear( ld, lc->lconn_sb );
+ }
+
+ if ( waiting_for_a_response ) {
+ /* need to poll for "read ready" */
+ nsldapi_iostatus_interest_read( ld, lc->lconn_sb );
+ }
+ }
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "%s <- %d\n", logname, rc, 0 );
+ return( rc );
+}
+
+
+LDAPConn *
+nsldapi_new_connection( LDAP *ld, LDAPServer **srvlistp, int use_ldsb,
+ int connect, int bind )
+{
+ int rc = -1;
+ LDAPConn *lc;
+ LDAPServer *prevsrv, *srv;
+ Sockbuf *sb = NULL;
+
+ /*
+ * make a new LDAP server connection
+ */
+ if (( lc = (LDAPConn *)NSLDAPI_CALLOC( 1, sizeof( LDAPConn ))) == NULL
+ || ( !use_ldsb && ( sb = ber_sockbuf_alloc()) == NULL )) {
+ if ( lc != NULL ) {
+ NSLDAPI_FREE( (char *)lc );
+ }
+ LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
+ return( NULL );
+ }
+
+ LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
+ if ( !use_ldsb ) {
+ /*
+ * we have allocated a new sockbuf
+ * set I/O routines to match those in default LDAP sockbuf
+ */
+ IFP sb_fn;
+ struct lber_x_ext_io_fns extiofns;
+
+ extiofns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE;
+
+ if ( ber_sockbuf_get_option( ld->ld_sbp,
+ LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns ) == 0 ) {
+ ber_sockbuf_set_option( sb,
+ LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns );
+ }
+ if ( ber_sockbuf_get_option( ld->ld_sbp,
+ LBER_SOCKBUF_OPT_READ_FN, (void *)&sb_fn ) == 0
+ && sb_fn != NULL ) {
+ ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_READ_FN,
+ (void *)sb_fn );
+ }
+ if ( ber_sockbuf_get_option( ld->ld_sbp,
+ LBER_SOCKBUF_OPT_WRITE_FN, (void *)&sb_fn ) == 0
+ && sb_fn != NULL ) {
+ ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_WRITE_FN,
+ (void *)sb_fn );
+ }
+ }
+
+ lc->lconn_sb = ( use_ldsb ) ? ld->ld_sbp : sb;
+ lc->lconn_version = ld->ld_version; /* inherited */
+ LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
+
+ if ( connect ) {
+ prevsrv = NULL;
+ /*
+ * save the return code for later
+ */
+ for ( srv = *srvlistp; srv != NULL; srv = srv->lsrv_next ) {
+ rc = nsldapi_connect_to_host( ld, lc->lconn_sb,
+ srv->lsrv_host, srv->lsrv_port,
+ ( srv->lsrv_options & LDAP_SRV_OPT_SECURE ) != 0,
+ &lc->lconn_krbinstance );
+ if (rc != -1) {
+ break;
+ }
+ prevsrv = srv;
+ }
+
+ if ( srv == NULL ) {
+ if ( !use_ldsb ) {
+ NSLDAPI_FREE( (char *)lc->lconn_sb );
+ }
+ NSLDAPI_FREE( (char *)lc );
+ /* nsldapi_open_ldap_connection has already set ld_errno */
+ return( NULL );
+ }
+
+ if ( prevsrv == NULL ) {
+ *srvlistp = srv->lsrv_next;
+ } else {
+ prevsrv->lsrv_next = srv->lsrv_next;
+ }
+ lc->lconn_server = srv;
+ }
+
+ if ( 0 != (ld->ld_options & LDAP_BITOPT_ASYNC)) {
+ /*
+ * Technically, the socket may already be connected but we are
+ * not sure. By setting the state to LDAP_CONNST_CONNECTING, we
+ * ensure that we will check the socket status to make sure it
+ * is connected before we try to send any LDAP messages.
+ */
+ lc->lconn_status = LDAP_CONNST_CONNECTING;
+ } else {
+ lc->lconn_status = LDAP_CONNST_CONNECTED;
+ }
+
+ lc->lconn_next = ld->ld_conns;
+ ld->ld_conns = lc;
+
+ /*
+ * XXX for now, we always do a synchronous bind. This will have
+ * to change in the long run...
+ */
+ if ( bind ) {
+ int err, lderr, freepasswd, authmethod;
+ char *binddn, *passwd;
+ LDAPConn *savedefconn;
+
+ freepasswd = err = 0;
+
+ if ( ld->ld_rebind_fn == NULL ) {
+ binddn = passwd = "";
+ authmethod = LDAP_AUTH_SIMPLE;
+ } else {
+ if (( lderr = (*ld->ld_rebind_fn)( ld, &binddn, &passwd,
+ &authmethod, 0, ld->ld_rebind_arg ))
+ == LDAP_SUCCESS ) {
+ freepasswd = 1;
+ } else {
+ LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
+ err = -1;
+ }
+ }
+
+
+ if ( err == 0 ) {
+ savedefconn = ld->ld_defconn;
+ ld->ld_defconn = lc;
+ ++lc->lconn_refcnt; /* avoid premature free */
+
+ /*
+ * when binding, we will back down as low as LDAPv2
+ * if we get back "protocol error" from bind attempts
+ */
+ for ( ;; ) {
+ /* LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); */
+ if (( lderr = ldap_bind_s( ld, binddn, passwd,
+ authmethod )) == LDAP_SUCCESS ) {
+ /* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
+ break;
+ }
+ /* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
+ if ( lc->lconn_version <= LDAP_VERSION2
+ || lderr != LDAP_PROTOCOL_ERROR ) {
+ err = -1;
+ break;
+ }
+ --lc->lconn_version; /* try lower version */
+ }
+ --lc->lconn_refcnt;
+ ld->ld_defconn = savedefconn;
+ }
+
+ if ( freepasswd ) {
+ (*ld->ld_rebind_fn)( ld, &binddn, &passwd,
+ &authmethod, 1, ld->ld_rebind_arg );
+ }
+
+ if ( err != 0 ) {
+ nsldapi_free_connection( ld, lc, NULL, NULL, 1, 0 );
+ lc = NULL;
+ }
+ }
+
+ return( lc );
+}
+
+
+#define LDAP_CONN_SAMEHOST( h1, h2 ) \
+ (( (h1) == NULL && (h2) == NULL ) || \
+ ( (h1) != NULL && (h2) != NULL && strcasecmp( (h1), (h2) ) == 0 ))
+
+static LDAPConn *
+find_connection( LDAP *ld, LDAPServer *srv, int any )
+/*
+ * return an existing connection (if any) to the server srv
+ * if "any" is non-zero, check for any server in the "srv" chain
+ */
+{
+ LDAPConn *lc;
+ LDAPServer *ls;
+
+ for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
+ for ( ls = srv; ls != NULL; ls = ls->lsrv_next ) {
+ if ( LDAP_CONN_SAMEHOST( ls->lsrv_host,
+ lc->lconn_server->lsrv_host )
+ && ls->lsrv_port == lc->lconn_server->lsrv_port
+ && ls->lsrv_options ==
+ lc->lconn_server->lsrv_options ) {
+ return( lc );
+ }
+ if ( !any ) {
+ break;
+ }
+ }
+ }
+
+ return( NULL );
+}
+
+
+void
+nsldapi_free_connection( LDAP *ld, LDAPConn *lc, LDAPControl **serverctrls,
+ LDAPControl **clientctrls, int force, int unbind )
+{
+ LDAPConn *tmplc, *prevlc;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection\n", 0, 0, 0 );
+
+ if ( force || --lc->lconn_refcnt <= 0 ) {
+ nsldapi_iostatus_interest_clear( ld, lc->lconn_sb );
+ if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) {
+ if ( unbind ) {
+ nsldapi_send_unbind( ld, lc->lconn_sb,
+ serverctrls, clientctrls );
+ }
+ }
+ nsldapi_close_connection( ld, lc->lconn_sb );
+ prevlc = NULL;
+ for ( tmplc = ld->ld_conns; tmplc != NULL;
+ tmplc = tmplc->lconn_next ) {
+ if ( tmplc == lc ) {
+ if ( prevlc == NULL ) {
+ ld->ld_conns = tmplc->lconn_next;
+ } else {
+ prevlc->lconn_next = tmplc->lconn_next;
+ }
+ break;
+ }
+ prevlc = tmplc;
+ }
+ free_servers( lc->lconn_server );
+ if ( lc->lconn_krbinstance != NULL ) {
+ NSLDAPI_FREE( lc->lconn_krbinstance );
+ }
+ /*
+ * if this is the default connection (lc->lconn_sb==ld->ld_sbp)
+ * we do not free the Sockbuf here since it will be freed
+ * later inside ldap_unbind().
+ */
+ if ( lc->lconn_sb != ld->ld_sbp ) {
+ ber_sockbuf_free( lc->lconn_sb );
+ lc->lconn_sb = NULL;
+ }
+ if ( lc->lconn_ber != NULLBER ) {
+ ber_free( lc->lconn_ber, 1 );
+ }
+ if ( lc->lconn_binddn != NULL ) {
+ NSLDAPI_FREE( lc->lconn_binddn );
+ }
+#ifdef LDAP_SASLIO_HOOKS
+ if ( lc->lconn_sasl_ctx ) { /* the sasl connection context */
+ sasl_dispose(&lc->lconn_sasl_ctx);
+ lc->lconn_sasl_ctx = NULL;
+ }
+#endif /* LDAP_SASLIO_HOOKS */
+ NSLDAPI_FREE( lc );
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: actually freed\n",
+ 0, 0, 0 );
+ } else {
+ lc->lconn_lastused = time( 0 );
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: refcnt %d\n",
+ lc->lconn_refcnt, 0, 0 );
+ }
+}
+
+
+#ifdef LDAP_DEBUG
+void
+nsldapi_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
+{
+ LDAPConn *lc;
+ char msg[256];
+/* CTIME for this platform doesn't use this. */
+#if !defined(SUNOS4) && !defined(_WIN32) && !defined(LINUX) && !defined(macintosh)
+ char buf[26];
+#endif
+
+ sprintf( msg, "** Connection%s:\n", all ? "s" : "" );
+ ber_err_print( msg );
+ for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) {
+ if ( lc->lconn_server != NULL ) {
+ sprintf( msg, "* 0x%p - host: %s port: %d secure: %s%s\n",
+ lc, ( lc->lconn_server->lsrv_host == NULL ) ? "(null)"
+ : lc->lconn_server->lsrv_host,
+ lc->lconn_server->lsrv_port,
+ ( lc->lconn_server->lsrv_options &
+ LDAP_SRV_OPT_SECURE ) ? "Yes" :
+ "No", ( lc->lconn_sb == ld->ld_sbp ) ?
+ " (default)" : "" );
+ ber_err_print( msg );
+ }
+ sprintf( msg, " refcnt: %d pending: %d status: %s\n",
+ lc->lconn_refcnt, lc->lconn_pending_requests,
+ ( lc->lconn_status == LDAP_CONNST_CONNECTING )
+ ? "Connecting" :
+ ( lc->lconn_status == LDAP_CONNST_DEAD ) ? "Dead" :
+ "Connected" );
+ ber_err_print( msg );
+ sprintf( msg, " last used: %s",
+ NSLDAPI_CTIME( (time_t *) &lc->lconn_lastused, buf,
+ sizeof(buf) ));
+ ber_err_print( msg );
+ if ( lc->lconn_ber != NULLBER ) {
+ ber_err_print( " partial response has been received:\n" );
+ ber_dump( lc->lconn_ber, 1 );
+ }
+ ber_err_print( "\n" );
+
+ if ( !all ) {
+ break;
+ }
+ }
+}
+
+
+void
+nsldapi_dump_requests_and_responses( LDAP *ld )
+{
+ LDAPRequest *lr;
+ LDAPMessage *lm, *l;
+ char msg[256];
+
+ ber_err_print( "** Outstanding Requests:\n" );
+ LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK );
+ if (( lr = ld->ld_requests ) == NULL ) {
+ ber_err_print( " Empty\n" );
+ }
+ for ( ; lr != NULL; lr = lr->lr_next ) {
+ sprintf( msg, " * 0x%p - msgid %d, origid %d, status %s\n",
+ lr, lr->lr_msgid, lr->lr_origid, ( lr->lr_status ==
+ LDAP_REQST_INPROGRESS ) ? "InProgress" :
+ ( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
+ ( lr->lr_status == LDAP_REQST_CONNDEAD ) ? "Dead" :
+ "Writing" );
+ ber_err_print( msg );
+ sprintf( msg, " outstanding referrals %d, parent count %d\n",
+ lr->lr_outrefcnt, lr->lr_parentcnt );
+ ber_err_print( msg );
+ if ( lr->lr_binddn != NULL ) {
+ sprintf( msg, " pending bind DN: <%s>\n", lr->lr_binddn );
+ ber_err_print( msg );
+ }
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
+
+ ber_err_print( "** Response Queue:\n" );
+ LDAP_MUTEX_LOCK( ld, LDAP_RESP_LOCK );
+ if (( lm = ld->ld_responses ) == NULLMSG ) {
+ ber_err_print( " Empty\n" );
+ }
+ for ( ; lm != NULLMSG; lm = lm->lm_next ) {
+ sprintf( msg, " * 0x%p - msgid %d, type %d\n",
+ lm, lm->lm_msgid, lm->lm_msgtype );
+ ber_err_print( msg );
+ if (( l = lm->lm_chain ) != NULL ) {
+ ber_err_print( " chained responses:\n" );
+ for ( ; l != NULLMSG; l = l->lm_chain ) {
+ sprintf( msg,
+ " * 0x%p - msgid %d, type %d\n",
+ l, l->lm_msgid, l->lm_msgtype );
+ ber_err_print( msg );
+ }
+ }
+ }
+ LDAP_MUTEX_UNLOCK( ld, LDAP_RESP_LOCK );
+}
+#endif /* LDAP_DEBUG */
+
+
+LDAPRequest *
+nsldapi_new_request( LDAPConn *lc, BerElement *ber, int msgid, int expect_resp )
+{
+ LDAPRequest *lr;
+
+ lr = (LDAPRequest *)NSLDAPI_CALLOC( 1, sizeof( LDAPRequest ));
+
+ if ( lr != NULL ) {
+ lr->lr_conn = lc;
+ lr->lr_ber = ber;
+ lr->lr_msgid = lr->lr_origid = msgid;
+ lr->lr_expect_resp = expect_resp;
+ lr->lr_status = LDAP_REQST_INPROGRESS;
+ lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */
+
+ if ( lc != NULL ) { /* mark connection as in use */
+ ++lc->lconn_refcnt;
+ lc->lconn_lastused = time( 0 );
+ }
+ }
+
+ return( lr );
+}
+
+
+void
+nsldapi_free_request( LDAP *ld, LDAPRequest *lr, int free_conn )
+{
+ LDAPRequest *tmplr, *nextlr;
+
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "nsldapi_free_request 0x%p (origid %d, msgid %d)\n",
+ lr, lr->lr_origid, lr->lr_msgid );
+
+ if ( lr->lr_parent != NULL ) {
+ /* unlink child from parent */
+ lr->lr_parent->lr_child = NULL;
+ --lr->lr_parent->lr_outrefcnt;
+ }
+
+ if ( lr->lr_status == LDAP_REQST_WRITING ) {
+ --lr->lr_conn->lconn_pending_requests;
+ }
+
+ /* free all of our spawned referrals (child requests) */
+ for ( tmplr = lr->lr_child; tmplr != NULL; tmplr = nextlr ) {
+ nextlr = tmplr->lr_sibling;
+ nsldapi_free_request( ld, tmplr, free_conn );
+ }
+
+ if ( free_conn ) {
+ nsldapi_free_connection( ld, lr->lr_conn, NULL, NULL, 0, 1 );
+ }
+
+ if ( lr->lr_prev == NULL ) {
+ ld->ld_requests = lr->lr_next;
+ } else {
+ lr->lr_prev->lr_next = lr->lr_next;
+ }
+
+ if ( lr->lr_next != NULL ) {
+ lr->lr_next->lr_prev = lr->lr_prev;
+ }
+
+ if ( lr->lr_ber != NULL ) {
+ ber_free( lr->lr_ber, 1 );
+ }
+
+ if ( lr->lr_res_error != NULL ) {
+ NSLDAPI_FREE( lr->lr_res_error );
+ }
+
+ if ( lr->lr_res_matched != NULL ) {
+ NSLDAPI_FREE( lr->lr_res_matched );
+ }
+
+ if ( lr->lr_binddn != NULL ) {
+ NSLDAPI_FREE( lr->lr_binddn );
+ }
+
+ if ( lr->lr_res_ctrls != NULL ) {
+ ldap_controls_free( lr->lr_res_ctrls );
+ }
+ NSLDAPI_FREE( lr );
+}
+
+
+/*
+ * Add a request to the end of the list of outstanding requests.
+ * This function must be called with these two locks in hand, acquired in
+ * this order:
+ * LDAP_CONN_LOCK
+ * LDAP_REQ_LOCK
+ */
+void
+nsldapi_queue_request_nolock( LDAP *ld, LDAPRequest *lr )
+{
+ if ( NULL == ld->ld_requests ) {
+ ld->ld_requests = lr;
+ } else {
+ LDAPRequest *tmplr;
+
+ for ( tmplr = ld->ld_requests; tmplr->lr_next != NULL;
+ tmplr = tmplr->lr_next ) {
+ ;
+ }
+ tmplr->lr_next = lr;
+ lr->lr_prev = tmplr;
+ }
+}
+
+
+static void
+free_servers( LDAPServer *srvlist )
+{
+ LDAPServer *nextsrv;
+
+ while ( srvlist != NULL ) {
+ nextsrv = srvlist->lsrv_next;
+ if ( srvlist->lsrv_dn != NULL ) {
+ NSLDAPI_FREE( srvlist->lsrv_dn );
+ }
+ if ( srvlist->lsrv_host != NULL ) {
+ NSLDAPI_FREE( srvlist->lsrv_host );
+ }
+ NSLDAPI_FREE( srvlist );
+ srvlist = nextsrv;
+ }
+}
+
+
+/*
+ * Initiate chasing of LDAPv2+ (Umich extension) referrals.
+ *
+ * Returns an LDAP error code.
+ *
+ * Note that *hadrefp will be set to 1 if one or more referrals were found in
+ * "*errstrp" (even if we can't chase them) and zero if none were found.
+ *
+ * XXX merging of errors in this routine needs to be improved.
+ */
+int
+nsldapi_chase_v2_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp,
+ int *totalcountp, int *chasingcountp )
+{
+ char *p, *ref, *unfollowed;
+ LDAPRequest *origreq;
+ int rc, tmprc, len, unknown;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_chase_v2_referrals\n", 0, 0, 0 );
+
+ *totalcountp = *chasingcountp = 0;
+
+ if ( *errstrp == NULL ) {
+ return( LDAP_SUCCESS );
+ }
+
+ len = strlen( *errstrp );
+ for ( p = *errstrp; len >= LDAP_REF_STR_LEN; ++p, --len ) {
+ if (( *p == 'R' || *p == 'r' ) && strncasecmp( p,
+ LDAP_REF_STR, LDAP_REF_STR_LEN ) == 0 ) {
+ *p = '\0';
+ p += LDAP_REF_STR_LEN;
+ break;
+ }
+ }
+
+ if ( len < LDAP_REF_STR_LEN ) {
+ return( LDAP_SUCCESS );
+ }
+
+ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "more than %d referral hops (dropping)\n",
+ ld->ld_refhoplimit, 0, 0 );
+ return( LDAP_REFERRAL_LIMIT_EXCEEDED );
+ }
+
+ /* find original request */
+ for ( origreq = lr; origreq->lr_parent != NULL;
+ origreq = origreq->lr_parent ) {
+ ;
+ }
+
+ unfollowed = NULL;
+ rc = LDAP_SUCCESS;
+
+ /* parse out & follow referrals */
+ for ( ref = p; rc == LDAP_SUCCESS && ref != NULL; ref = p ) {
+ if (( p = strchr( ref, '\n' )) != NULL ) {
+ *p++ = '\0';
+ } else {
+ p = NULL;
+ }
+
+ ++*totalcountp;
+
+ rc = chase_one_referral( ld, lr, origreq, ref, "v2 referral",
+ &unknown, 0 /* not a reference */ );
+
+ if ( rc != LDAP_SUCCESS || unknown ) {
+ if (( tmprc = nsldapi_append_referral( ld, &unfollowed,
+ ref )) != LDAP_SUCCESS ) {
+ rc = tmprc;
+ }
+ } else {
+ ++*chasingcountp;
+ }
+ }
+
+ NSLDAPI_FREE( *errstrp );
+ *errstrp = unfollowed;
+
+ return( rc );
+}
+
+
+/* returns an LDAP error code */
+int
+nsldapi_chase_v3_refs( LDAP *ld, LDAPRequest *lr, char **v3refs,
+ int is_reference, int *totalcountp, int *chasingcountp )
+{
+ int rc = LDAP_SUCCESS;
+ int i, unknown;
+ LDAPRequest *origreq;
+
+ *totalcountp = *chasingcountp = 0;
+
+ if ( v3refs == NULL || v3refs[0] == NULL ) {
+ return( LDAP_SUCCESS );
+ }
+
+ *totalcountp = 1;
+
+ if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "more than %d referral hops (dropping)\n",
+ ld->ld_refhoplimit, 0, 0 );
+ return( LDAP_REFERRAL_LIMIT_EXCEEDED );
+ }
+
+ /* find original request */
+ for ( origreq = lr; origreq->lr_parent != NULL;
+ origreq = origreq->lr_parent ) {
+ ;
+ }
+
+ /*
+ * in LDAPv3, we just need to follow one referral in the set.
+ * we dp this by stopping as soon as we succeed in initiating a
+ * chase on any referral (basically this means we were able to connect
+ * to the server and bind).
+ */
+ for ( i = 0; v3refs[i] != NULL; ++i ) {
+ rc = chase_one_referral( ld, lr, origreq, v3refs[i],
+ is_reference ? "v3 reference" : "v3 referral", &unknown,
+ is_reference );
+ if ( rc == LDAP_SUCCESS && !unknown ) {
+ *chasingcountp = 1;
+ break;
+ }
+ }
+
+ /* XXXmcs: should we save unfollowed referrals somewhere? */
+
+ return( rc ); /* last error is as good as any other I guess... */
+}
+
+
+/*
+ * returns an LDAP error code
+ *
+ * XXXmcs: this function used to have #ifdef LDAP_DNS code in it but I
+ * removed it when I improved the parsing (we don't define LDAP_DNS
+ * here at Netscape).
+ */
+static int
+chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq,
+ char *refurl, char *desc, int *unknownp, int is_reference )
+{
+ int rc, tmprc, secure, msgid;
+ LDAPServer *srv;
+ BerElement *ber;
+ LDAPURLDesc *ludp;
+
+ *unknownp = 0;
+ ludp = NULLLDAPURLDESC;
+
+ if ( nsldapi_url_parse( refurl, &ludp, 0 ) != 0 ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "ignoring unknown %s <%s>\n", desc, refurl, 0 );
+ *unknownp = 1;
+ rc = LDAP_SUCCESS;
+ goto cleanup_and_return;
+ }
+
+ secure = (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 );
+
+/* XXXmcs: can't tell if secure is supported by connect callback */
+ if ( secure && ld->ld_extconnect_fn == NULL ) {
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "ignoring LDAPS %s <%s>\n", desc, refurl, 0 );
+ *unknownp = 1;
+ rc = LDAP_SUCCESS;
+ goto cleanup_and_return;
+ }
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "chasing LDAP%s %s: <%s>\n",
+ secure ? "S" : "", desc, refurl );
+
+ LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
+ msgid = ++ld->ld_msgid;
+ LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
+
+ if (( tmprc = re_encode_request( ld, origreq->lr_ber, msgid,
+ ludp, &ber, is_reference )) != LDAP_SUCCESS ) {
+ rc = tmprc;
+ goto cleanup_and_return;
+ }
+
+ if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
+ == NULL ) {
+ ber_free( ber, 1 );
+ rc = LDAP_NO_MEMORY;
+ goto cleanup_and_return;
+ }
+
+ if ( ludp->lud_host == NULL && ld->ld_defhost == NULL ) {
+ srv->lsrv_host = NULL;
+ } else {
+ if ( ludp->lud_host == NULL ) {
+ srv->lsrv_host =
+ nsldapi_strdup( origreq->lr_conn->lconn_server->lsrv_host );
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "chase_one_referral: using hostname '%s' from original "
+ "request on new request\n",
+ srv->lsrv_host, 0, 0);
+ } else {
+ srv->lsrv_host = nsldapi_strdup( ludp->lud_host );
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "chase_one_referral: using hostname '%s' as specified "
+ "on new request\n",
+ srv->lsrv_host, 0, 0);
+ }
+
+ if ( srv->lsrv_host == NULL ) {
+ NSLDAPI_FREE( (char *)srv );
+ ber_free( ber, 1 );
+ rc = LDAP_NO_MEMORY;
+ goto cleanup_and_return;
+ }
+ }
+
+ if ( ludp->lud_port == 0 && ludp->lud_host == NULL ) {
+ srv->lsrv_port = origreq->lr_conn->lconn_server->lsrv_port;
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "chase_one_referral: using port (%d) from original "
+ "request on new request\n",
+ srv->lsrv_port, 0, 0);
+ } else if ( ludp->lud_port != 0 ) {
+ srv->lsrv_port = ludp->lud_port;
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "chase_one_referral: using port (%d) as specified on "
+ "new request\n",
+ srv->lsrv_port, 0, 0);
+ } else {
+ srv->lsrv_port = secure ? LDAPS_PORT : LDAP_PORT;
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "chase_one_referral: using default port (%d)\n",
+ srv->lsrv_port, 0, 0 );
+ }
+
+ if ( secure ) {
+ srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
+ }
+
+ if ( nsldapi_send_server_request( ld, ber, msgid,
+ lr, srv, NULL, NULL, 1 ) < 0 ) {
+ rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
+ LDAPDebug( LDAP_DEBUG_ANY, "Unable to chase %s %s (%s)\n",
+ desc, refurl, ldap_err2string( rc ));
+ } else {
+ rc = LDAP_SUCCESS;
+ }
+
+cleanup_and_return:
+ if ( ludp != NULLLDAPURLDESC ) {
+ ldap_free_urldesc( ludp );
+ }
+
+ return( rc );
+}
+
+
+/* returns an LDAP error code */
+int
+nsldapi_append_referral( LDAP *ld, char **referralsp, char *s )
+{
+ int first;
+
+ if ( *referralsp == NULL ) {
+ first = 1;
+ *referralsp = (char *)NSLDAPI_MALLOC( strlen( s ) +
+ LDAP_REF_STR_LEN + 1 );
+ } else {
+ first = 0;
+ *referralsp = (char *)NSLDAPI_REALLOC( *referralsp,
+ strlen( *referralsp ) + strlen( s ) + 2 );
+ }
+
+ if ( *referralsp == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ if ( first ) {
+ strcpy( *referralsp, LDAP_REF_STR );
+ } else {
+ strcat( *referralsp, "\n" );
+ }
+ strcat( *referralsp, s );
+
+ return( LDAP_SUCCESS );
+}
+
+
+
+/* returns an LDAP error code */
+static int
+re_encode_request( LDAP *ld, BerElement *origber, int msgid, LDAPURLDesc *ludp,
+ BerElement **berp, int is_reference )
+{
+/*
+ * XXX this routine knows way too much about how the lber library works!
+ */
+ ber_int_t origmsgid;
+ ber_tag_t tag;
+ ber_int_t ver;
+ int rc;
+ BerElement *ber;
+ struct berelement tmpber;
+ char *dn, *orig_dn;
+ /* extra stuff for search request */
+ ber_int_t scope = -1;
+
+ LDAPDebug( LDAP_DEBUG_TRACE,
+ "re_encode_request: new msgid %d, new dn <%s>\n",
+ msgid, ( ludp->lud_dn == NULL ) ? "NONE" : ludp->lud_dn, 0 );
+
+ tmpber = *origber;
+
+ /*
+ * All LDAP requests are sequences that start with a message id. For
+ * everything except delete requests, this is followed by a sequence
+ * that is tagged with the operation code. For deletes, there is just
+ * a DN that is tagged with the operation code.
+ */
+
+ /* skip past msgid and get operation tag */
+ if ( ber_scanf( &tmpber, "{it", &origmsgid, &tag ) == LBER_ERROR ) {
+ return( LDAP_DECODING_ERROR );
+ }
+
+ /*
+ * XXXmcs: we don't support filters in search referrals yet,
+ * so if present we return an error which is probably
+ * better than just ignoring the extra info.
+ * XXXrichm: we now support scopes. Supporting filters would require
+ * a lot more additional work to be able to read the filter from
+ * the ber original search request, convert to string, etc. It might
+ * be better and easier to change nsldapi_build_search_req to have
+ * some special mode by which you could tell it to skip filter and
+ * attrlist encoding if no filter was given - then we could just
+ * create a new ber search request with our new filter if present.
+ */
+ if ( ( tag == LDAP_REQ_SEARCH ) && ( ludp->lud_filter != NULL )) {
+ return( LDAP_LOCAL_ERROR );
+ }
+
+ if ( tag == LDAP_REQ_BIND ) {
+ /* bind requests have a version number before the DN */
+ rc = ber_scanf( &tmpber, "{ia", &ver, &orig_dn );
+ } else if ( tag == LDAP_REQ_DELETE ) {
+ /* delete requests DNs are not within a sequence */
+ rc = ber_scanf( &tmpber, "a", &orig_dn );
+ } else if ( tag == LDAP_REQ_SEARCH ) {
+ /* need scope */
+ rc = ber_scanf( &tmpber, "{ae", &orig_dn, &scope );
+ } else {
+ rc = ber_scanf( &tmpber, "{a", &orig_dn );
+ }
+
+ if ( rc == LBER_ERROR ) {
+ return( LDAP_DECODING_ERROR );
+ }
+
+ if ( ludp->lud_dn == NULL ) {
+ dn = orig_dn;
+ } else {
+ dn = ludp->lud_dn;
+ NSLDAPI_FREE( orig_dn );
+ orig_dn = NULL;
+ }
+
+ if ( ludp->lud_scope != -1 ) {
+ scope = ludp->lud_scope; /* scope provided by ref - use it */
+ } else if (is_reference) {
+ /*
+ * RFC 4511 says that the we should use scope BASE in the
+ * search reference if the client's original request was for scope
+ * ONELEVEL - since the server did not include the scope in the
+ * search reference returned, we must provide the correct behavior
+ * in the client (i.e. the correct behavior is implied)
+ * see RFC 4511 section 4.5.3 for more information
+ */
+ if (scope == LDAP_SCOPE_ONELEVEL) {
+ scope = LDAP_SCOPE_BASE;
+ }
+ }
+
+ /* allocate and build the new request */
+ if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
+ != LDAP_SUCCESS ) {
+ if ( orig_dn != NULL ) {
+ NSLDAPI_FREE( orig_dn );
+ }
+ return( rc );
+ }
+
+ if ( tag == LDAP_REQ_BIND ) {
+ rc = ber_printf( ber, "{it{is", msgid, tag, ver , dn );
+ } else if ( tag == LDAP_REQ_DELETE ) {
+ rc = ber_printf( ber, "{its}", msgid, tag, dn );
+ } else if ( tag == LDAP_REQ_SEARCH ) {
+ rc = ber_printf( ber, "{it{se", msgid, tag, dn, scope );
+ } else {
+ rc = ber_printf( ber, "{it{s", msgid, tag, dn );
+ }
+
+ if ( orig_dn != NULL ) {
+ NSLDAPI_FREE( orig_dn );
+ }
+/*
+ * can't use "dn" or "orig_dn" from this point on (they've been freed)
+ */
+
+ if ( rc == -1 ) {
+ ber_free( ber, 1 );
+ return( LDAP_ENCODING_ERROR );
+ }
+
+ if ( tag != LDAP_REQ_DELETE &&
+ ( ber_write( ber, tmpber.ber_ptr, ( tmpber.ber_end -
+ tmpber.ber_ptr ), 0 ) != ( tmpber.ber_end - tmpber.ber_ptr )
+ || ber_printf( ber, "}}" ) == -1 )) {
+ ber_free( ber, 1 );
+ return( LDAP_ENCODING_ERROR );
+ }
+
+#ifdef LDAP_DEBUG
+ if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
+ LDAPDebug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n",
+ 0, 0, 0 );
+ ber_dump( ber, 0 );
+ }
+#endif /* LDAP_DEBUG */
+
+ *berp = ber;
+ return( LDAP_SUCCESS );
+}
+
+
+LDAPRequest *
+nsldapi_find_request_by_msgid( LDAP *ld, int msgid )
+{
+ LDAPRequest *lr;
+
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if ( msgid == lr->lr_msgid ) {
+ break;
+ }
+ }
+
+ return( lr );
+}
+
+
+/*
+ * nsldapi_connection_lost_nolock() resets "ld" to a non-connected, known
+ * state. It should be called whenever a fatal error occurs on the
+ * Sockbuf "sb." sb == NULL means we don't know specifically where
+ * the problem was so we assume all connections are bad.
+ */
+void
+nsldapi_connection_lost_nolock( LDAP *ld, Sockbuf *sb )
+{
+ LDAPRequest *lr;
+
+ /*
+ * change status of all pending requests that are associated with "sb
+ * to "connection dead."
+ * also change the connection status to "dead" and remove it from
+ * the list of sockets we are interested in.
+ */
+ for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
+ if ( sb == NULL ||
+ ( lr->lr_conn != NULL && lr->lr_conn->lconn_sb == sb )) {
+ lr->lr_status = LDAP_REQST_CONNDEAD;
+ if ( lr->lr_conn != NULL ) {
+ lr->lr_conn->lconn_status = LDAP_CONNST_DEAD;
+ nsldapi_iostatus_interest_clear( ld,
+ lr->lr_conn->lconn_sb );
+ }
+ }
+ }
+}
+
+
+#ifdef LDAP_DNS
+static LDAPServer *
+dn2servers( LDAP *ld, char *dn ) /* dn can also be a domain.... */
+{
+ char *p, *domain, *host, *server_dn, **dxs;
+ int i, port;
+ LDAPServer *srvlist, *prevsrv, *srv;
+
+ if (( domain = strrchr( dn, '@' )) != NULL ) {
+ ++domain;
+ } else {
+ domain = dn;
+ }
+
+ if (( dxs = nsldapi_getdxbyname( domain )) == NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
+ return( NULL );
+ }
+
+ srvlist = NULL;
+
+ for ( i = 0; dxs[ i ] != NULL; ++i ) {
+ port = LDAP_PORT;
+ server_dn = NULL;
+ if ( strchr( dxs[ i ], ':' ) == NULL ) {
+ host = dxs[ i ];
+ } else if ( strlen( dxs[ i ] ) >= 7 &&
+ strncmp( dxs[ i ], "ldap://", 7 ) == 0 ) {
+ host = dxs[ i ] + 7;
+ if (( p = strchr( host, ':' )) == NULL ) {
+ p = host;
+ } else {
+ *p++ = '\0';
+ port = atoi( p );
+ }
+ if (( p = strchr( p, '/' )) != NULL ) {
+ server_dn = ++p;
+ if ( *server_dn == '\0' ) {
+ server_dn = NULL;
+ }
+ }
+ } else {
+ host = NULL;
+ }
+
+ if ( host != NULL ) { /* found a server we can use */
+ if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1,
+ sizeof( LDAPServer ))) == NULL ) {
+ free_servers( srvlist );
+ srvlist = NULL;
+ break; /* exit loop & return */
+ }
+
+ /* add to end of list of servers */
+ if ( srvlist == NULL ) {
+ srvlist = srv;
+ } else {
+ prevsrv->lsrv_next = srv;
+ }
+ prevsrv = srv;
+
+ /* copy in info. */
+ if (( srv->lsrv_host = nsldapi_strdup( host )) == NULL
+ || ( server_dn != NULL && ( srv->lsrv_dn =
+ nsldapi_strdup( server_dn )) == NULL )) {
+ free_servers( srvlist );
+ srvlist = NULL;
+ break; /* exit loop & return */
+ }
+ srv->lsrv_port = port;
+ }
+ }
+
+ ldap_value_free( dxs );
+
+ if ( srvlist == NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
+ }
+
+ return( srvlist );
+}
+#endif /* LDAP_DNS */