diff options
Diffstat (limited to 'ldap/c-sdk/libldap/request.c')
| -rw-r--r-- | ldap/c-sdk/libldap/request.c | 1659 |
1 files changed, 1659 insertions, 0 deletions
diff --git a/ldap/c-sdk/libldap/request.c b/ldap/c-sdk/libldap/request.c new file mode 100644 index 000000000..d379917b2 --- /dev/null +++ b/ldap/c-sdk/libldap/request.c @@ -0,0 +1,1659 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Mozilla Communicator client code, released + * March 31, 1998. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1998-1999 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either of the GNU General Public License Version 2 or later (the "GPL"), + * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * Copyright (c) 1995 Regents of the University of Michigan. + * All rights reserved. + */ +/* + * request.c - sending of ldap requests; handling of referrals + */ + +#if 0 +#ifndef lint +static char copyright[] = "@(#) Copyright (c) 1995 Regents of the University of Michigan.\nAll rights reserved.\n"; +#endif +#endif + +#include "ldap-int.h" + +static LDAPConn *find_connection( LDAP *ld, LDAPServer *srv, int any ); +static void free_servers( LDAPServer *srvlist ); +static int chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq, + char *refurl, char *desc, int *unknownp, int is_reference ); +static int re_encode_request( LDAP *ld, BerElement *origber, + int msgid, LDAPURLDesc *ludp, BerElement **berp, int is_reference ); + +#ifdef LDAP_DNS +static LDAPServer *dn2servers( LDAP *ld, char *dn ); +#endif /* LDAP_DNS */ + + +/* returns an LDAP error code and also sets error inside LDAP * */ +int +nsldapi_alloc_ber_with_options( LDAP *ld, BerElement **berp ) +{ + int err; + + LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK ); + if (( *berp = ber_alloc_t( ld->ld_lberoptions )) == NULLBER ) { + err = LDAP_NO_MEMORY; + LDAP_SET_LDERRNO( ld, err, NULL, NULL ); + } else { + err = LDAP_SUCCESS; +#ifdef STR_TRANSLATION + nsldapi_set_ber_options( ld, *berp ); +#endif /* STR_TRANSLATION */ + } + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); + + return( err ); +} + + +void +nsldapi_set_ber_options( LDAP *ld, BerElement *ber ) +{ + ber->ber_options = ld->ld_lberoptions; +#ifdef STR_TRANSLATION + if (( ld->ld_lberoptions & LBER_OPT_TRANSLATE_STRINGS ) != 0 ) { + ber_set_string_translators( ber, + ld->ld_lber_encode_translate_proc, + ld->ld_lber_decode_translate_proc ); + } +#endif /* STR_TRANSLATION */ +} + + +/* returns the message id of the request or -1 if an error occurs */ +int +nsldapi_send_initial_request( LDAP *ld, int msgid, unsigned long msgtype, + char *dn, BerElement *ber ) +{ + LDAPServer *servers; + + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_initial_request\n", 0,0,0 ); + +#ifdef LDAP_DNS + LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK ); + if (( ld->ld_options & LDAP_BITOPT_DNS ) != 0 && ldap_is_dns_dn( dn )) { + if (( servers = dn2servers( ld, dn )) == NULL ) { + ber_free( ber, 1 ); + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); + return( -1 ); + } + +#ifdef LDAP_DEBUG + if ( ldap_debug & LDAP_DEBUG_TRACE ) { + LDAPServer *srv; + char msg[256]; + + for ( srv = servers; srv != NULL; + srv = srv->lsrv_next ) { + sprintf( msg, + "LDAP server %s: dn %s, port %d\n", + srv->lsrv_host, ( srv->lsrv_dn == NULL ) ? + "(default)" : srv->lsrv_dn, + srv->lsrv_port ); + ber_err_print( msg ); + } + } +#endif /* LDAP_DEBUG */ + } else { +#endif /* LDAP_DNS */ + /* + * use of DNS is turned off or this is an LDAP DN... + * use our default connection + */ + servers = NULL; +#ifdef LDAP_DNS + } + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); +#endif /* LDAP_DNS */ + + return( nsldapi_send_server_request( ld, ber, msgid, NULL, + servers, NULL, ( msgtype == LDAP_REQ_BIND ) ? dn : NULL, 0 )); +} + + +/* returns the message id of the request or -1 if an error occurs */ +int +nsldapi_send_server_request( + LDAP *ld, /* session handle */ + BerElement *ber, /* message to send */ + int msgid, /* ID of message to send */ + LDAPRequest *parentreq, /* non-NULL for referred requests */ + LDAPServer *srvlist, /* servers to connect to (NULL for default) */ + LDAPConn *lc, /* connection to use (NULL for default) */ + char *bindreqdn, /* non-NULL for bind requests */ + int bind /* perform a bind after opening new conn.? */ +) +{ + LDAPRequest *lr; + int err; + int incparent; /* did we bump parent's ref count? */ + /* EPIPE and Unsolicited Response handling variables */ + int res_rc = 0; + int epipe_err = 0; + int ext_res_rc = 0; + char *ext_oid = NULL; + struct berval *ext_data = NULL; + LDAPMessage *ext_res = NULL; + + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_server_request\n", 0, 0, 0 ); + + incparent = 0; + LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK ); + if ( lc == NULL ) { + if ( srvlist == NULL ) { + if ( ld->ld_defconn == NULL ) { + LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK ); + if ( bindreqdn == NULL && ( ld->ld_options + & LDAP_BITOPT_RECONNECT ) != 0 ) { + LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, + NULL, NULL ); + ber_free( ber, 1 ); + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); + + if ( nsldapi_open_ldap_defconn( ld ) < 0 ) { + ber_free( ber, 1 ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + } + lc = ld->ld_defconn; + } else { + if (( lc = find_connection( ld, srvlist, 1 )) == + NULL ) { + if ( bind && (parentreq != NULL) ) { + /* Remember the bind in the parent */ + incparent = 1; + ++parentreq->lr_outrefcnt; + } + + lc = nsldapi_new_connection( ld, &srvlist, 0, + 1, bind ); + } + free_servers( srvlist ); + } + } + + + /* + * return a fatal error if: + * 1. no connections exists + * or + * 2. the connection is dead + * or + * 3. it is not in the connected state with normal (non async) I/O + */ + if ( lc == NULL + || ( lc->lconn_status == LDAP_CONNST_DEAD ) + || ( 0 == (ld->ld_options & LDAP_BITOPT_ASYNC) && + lc->lconn_status != LDAP_CONNST_CONNECTED) ) { + + ber_free( ber, 1 ); + if ( lc != NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL ); + } + if ( incparent ) { + /* Forget about the bind */ + --parentreq->lr_outrefcnt; + } + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + + if (( lr = nsldapi_new_request( lc, ber, msgid, + 1 /* expect a response */)) == NULL + || ( bindreqdn != NULL && ( bindreqdn = + nsldapi_strdup( bindreqdn )) == NULL )) { + if ( lr != NULL ) { + NSLDAPI_FREE( lr ); + } + LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL ); + nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 ); + ber_free( ber, 1 ); + if ( incparent ) { + /* Forget about the bind */ + --parentreq->lr_outrefcnt; + } + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + lr->lr_binddn = bindreqdn; + + if ( parentreq != NULL ) { /* sub-request */ + if ( !incparent ) { + /* Increment if we didn't do it before the bind */ + ++parentreq->lr_outrefcnt; + } + lr->lr_origid = parentreq->lr_origid; + lr->lr_parentcnt = parentreq->lr_parentcnt + 1; + lr->lr_parent = parentreq; + if ( parentreq->lr_child != NULL ) { + lr->lr_sibling = parentreq->lr_child; + } + parentreq->lr_child = lr; + } else { /* original request */ + lr->lr_origid = lr->lr_msgid; + } + + LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK ); + /* add new request to the end of the list of outstanding requests */ + nsldapi_queue_request_nolock( ld, lr ); + + /* + * Issue a non-blocking poll() if we need to check this + * connection's status. + */ + if ( lc->lconn_status == LDAP_CONNST_CONNECTING || + lc->lconn_pending_requests > 0 ) { + struct timeval tv; + + tv.tv_sec = tv.tv_usec = 0; + (void)nsldapi_iostatus_poll( ld, &tv ); + } + + /* + * If the connect is pending, check to see if it has now completed. + */ + if ( lc->lconn_status == LDAP_CONNST_CONNECTING && + nsldapi_iostatus_is_write_ready( ld, lc->lconn_sb )) { + lc->lconn_status = LDAP_CONNST_CONNECTED; + + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: connection 0x%p -" + " LDAP_CONNST_CONNECTING -> LDAP_CONNST_CONNECTED\n", + lc, 0, 0 ); + } + + if ( lc->lconn_status == LDAP_CONNST_CONNECTING || + lc->lconn_pending_requests > 0 ) { + /* + * The connect is not yet complete, or there are existing + * requests that have not yet been sent to the server. + * Delay sending this request. + */ + lr->lr_status = LDAP_REQST_WRITING; + ++lc->lconn_pending_requests; + nsldapi_iostatus_interest_write( ld, lc->lconn_sb ); + + /* + * If the connection is now connected, and it is ready + * to accept some more outbound data, send as many + * pending requests as possible. + */ + if ( lc->lconn_status != LDAP_CONNST_CONNECTING + && nsldapi_iostatus_is_write_ready( ld, lc->lconn_sb )) { + if ( nsldapi_send_pending_requests_nolock( ld, lc ) + == -1 ) { /* error */ + /* + * Since nsldapi_send_pending_requests_nolock() + * sets LDAP errno, there is no need to do so + * here. + */ + LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + } + + } else { + if (( err = nsldapi_send_ber_message( ld, lc->lconn_sb, + ber, 0 /* do not free ber */, + 1 /* will handle EPIPE */ )) != 0 ) { + + epipe_err = LDAP_GET_ERRNO( ld ); + if ( epipe_err == EPIPE ) { + res_rc = nsldapi_result_nolock(ld, LDAP_RES_UNSOLICITED, 1, + 1, (struct timeval *) NULL, &ext_res); + if ( ( res_rc == LDAP_RES_EXTENDED ) && ext_res ) { + ext_res_rc = ldap_parse_extended_result( ld, ext_res, + &ext_oid, &ext_data, 0 ); + if ( ext_res_rc != LDAP_SUCCESS ) { + if ( ext_res ) { + ldap_msgfree( ext_res ); + } + nsldapi_connection_lost_nolock( ld, lc->lconn_sb ); + } else { +#ifdef LDAP_DEBUG + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: Unsolicited response\n", 0, 0, 0 ); + if ( ext_oid ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: Unsolicited response oid: %s\n", + ext_oid, 0, 0 ); + } + if ( ext_data && ext_data->bv_len && ext_data->bv_val ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: Unsolicited response len: %d\n", + ext_data->bv_len, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: Unsolicited response val: %s\n", + ext_data->bv_val, 0, 0 ); + } + if ( !ext_oid && !ext_data ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_send_server_request: Unsolicited response is empty\n", + 0, 0, 0 ); + } +#endif /* LDAP_DEBUG */ + if ( ext_oid ) { + if ( strcmp ( ext_oid, + LDAP_NOTICE_OF_DISCONNECTION ) == 0 ) { + if ( ext_data ) { + ber_bvfree( ext_data ); + } + if ( ext_oid ) { + ldap_memfree( ext_oid ); + } + if ( ext_res ) { + ldap_msgfree( ext_res ); + } + nsldapi_connection_lost_nolock( ld, + lc->lconn_sb ); + nsldapi_free_request( ld, lr, 0 ); + nsldapi_free_connection( ld, lc, + NULL, NULL, 0, 0 ); + LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + } + } + } else { + if ( ext_res ) { + ldap_msgfree( ext_res ); + } + nsldapi_connection_lost_nolock( ld, lc->lconn_sb ); + } + } + + /* need to continue write later */ + if (err == -2 ) { + lr->lr_status = LDAP_REQST_WRITING; + ++lc->lconn_pending_requests; + nsldapi_iostatus_interest_write( ld, lc->lconn_sb ); + } else { + LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL ); + nsldapi_free_request( ld, lr, 0 ); + nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 ); + LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + return( -1 ); + } + + } else { + if ( parentreq == NULL ) { + ber->ber_end = ber->ber_ptr; + ber->ber_ptr = ber->ber_buf; + } + + /* sent -- waiting for a response */ + if (ld->ld_options & LDAP_BITOPT_ASYNC) { + lc->lconn_status = LDAP_CONNST_CONNECTED; + } + + nsldapi_iostatus_interest_read( ld, lc->lconn_sb ); + } + } + LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK ); + LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); + + LDAP_SET_LDERRNO( ld, LDAP_SUCCESS, NULL, NULL ); + return( msgid ); +} + + +/* + * nsldapi_send_ber_message(): Attempt to send a BER-encoded message. + * If freeit is non-zero, ber is freed when the send succeeds. + * If errno is EPIPE and epipe_handler is set we let the caller + * deal with EPIPE and dont call lost_nolock here but the caller + * should call lost_nolock itself when done with handling EPIPE. + * + * Return values: + * 0: message sent successfully. + * -1: a fatal error occurred while trying to send. + * -2: async. I/O is enabled and the send would block. + */ +int +nsldapi_send_ber_message( LDAP *ld, Sockbuf *sb, BerElement *ber, int freeit, + int epipe_handler ) +{ + int rc = 0; /* optimistic */ + int async = ( 0 != (ld->ld_options & LDAP_BITOPT_ASYNC)); + int more_to_send = 1; + + while ( more_to_send) { + /* + * ber_flush() doesn't set errno on EOF, so we pre-set it to + * zero to avoid getting tricked by leftover "EAGAIN" errors + */ + LDAP_SET_ERRNO( ld, 0 ); + + if ( ber_flush( sb, ber, freeit ) == 0 ) { + more_to_send = 0; /* success */ + } else { + int terrno = LDAP_GET_ERRNO( ld ); + if ( NSLDAPI_ERRNO_IO_INPROGRESS( terrno )) { + if ( async ) { + rc = -2; + break; + } + } else { + if ( !(epipe_handler && ( terrno == EPIPE )) ) { + nsldapi_connection_lost_nolock( ld, sb ); + } + rc = -1; /* fatal error */ + break; + } + } + } + + return( rc ); +} + + +/* + * nsldapi_send_pending_requests_nolock(): Send one or more pending requests + * that are associated with connection 'lc'. + * + * Return values: 0 -- success. + * -1 -- fatal error; connection closed. + * + * Must be called with these two mutexes locked, in this order: + * LDAP_CONN_LOCK + * LDAP_REQ_LOCK + */ +int +nsldapi_send_pending_requests_nolock( LDAP *ld, LDAPConn *lc ) +{ + int err; + int waiting_for_a_response = 0; + int rc = 0; + LDAPRequest *lr; + char *logname = "nsldapi_send_pending_requests_nolock"; + + LDAPDebug( LDAP_DEBUG_TRACE, "%s\n", logname, 0, 0 ); + + for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) { + /* + * This code relies on the fact that the ld_requests list + * is in order from oldest to newest request (the oldest + * requests that have not yet been sent to the server are + * sent first). + */ + if ( lr->lr_status == LDAP_REQST_WRITING + && lr->lr_conn == lc ) { + err = nsldapi_send_ber_message( ld, lc->lconn_sb, + lr->lr_ber, 0 /* do not free ber */, + 0 /* will not handle EPIPE */ ); + if ( err == 0 ) { /* send succeeded */ + LDAPDebug( LDAP_DEBUG_TRACE, + "%s: 0x%p SENT\n", logname, lr, 0 ); + lr->lr_ber->ber_end = lr->lr_ber->ber_ptr; + lr->lr_ber->ber_ptr = lr->lr_ber->ber_buf; + lr->lr_status = LDAP_REQST_INPROGRESS; + --lc->lconn_pending_requests; + } else if ( err == -2 ) { /* would block */ + rc = 0; /* not an error */ + LDAPDebug( LDAP_DEBUG_TRACE, + "%s: 0x%p WOULD BLOCK\n", logname, lr, 0 ); + break; + } else { /* fatal error */ + LDAPDebug( LDAP_DEBUG_TRACE, + "%s: 0x%p FATAL ERROR\n", logname, lr, 0 ); + LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, + NULL, NULL ); + nsldapi_free_request( ld, lr, 0 ); + lr = NULL; + nsldapi_free_connection( ld, lc, NULL, NULL, + 0, 0 ); + lc = NULL; + rc = -1; + break; + } + } + + if (lr->lr_status == LDAP_REQST_INPROGRESS ) { + if (lr->lr_expect_resp) { + ++waiting_for_a_response; + } else { + LDAPDebug( LDAP_DEBUG_TRACE, + "%s: 0x%p NO RESPONSE EXPECTED;" + " freeing request \n", logname, lr, 0 ); + nsldapi_free_request( ld, lr, 0 ); + lr = NULL; + } + } + } + + if ( lc != NULL ) { + if ( lc->lconn_pending_requests < 1 ) { + /* no need to poll for "write ready" any longer */ + nsldapi_iostatus_interest_clear( ld, lc->lconn_sb ); + } + + if ( waiting_for_a_response ) { + /* need to poll for "read ready" */ + nsldapi_iostatus_interest_read( ld, lc->lconn_sb ); + } + } + + LDAPDebug( LDAP_DEBUG_TRACE, "%s <- %d\n", logname, rc, 0 ); + return( rc ); +} + + +LDAPConn * +nsldapi_new_connection( LDAP *ld, LDAPServer **srvlistp, int use_ldsb, + int connect, int bind ) +{ + int rc = -1; + LDAPConn *lc; + LDAPServer *prevsrv, *srv; + Sockbuf *sb = NULL; + + /* + * make a new LDAP server connection + */ + if (( lc = (LDAPConn *)NSLDAPI_CALLOC( 1, sizeof( LDAPConn ))) == NULL + || ( !use_ldsb && ( sb = ber_sockbuf_alloc()) == NULL )) { + if ( lc != NULL ) { + NSLDAPI_FREE( (char *)lc ); + } + LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL ); + return( NULL ); + } + + LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK ); + if ( !use_ldsb ) { + /* + * we have allocated a new sockbuf + * set I/O routines to match those in default LDAP sockbuf + */ + IFP sb_fn; + struct lber_x_ext_io_fns extiofns; + + extiofns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE; + + if ( ber_sockbuf_get_option( ld->ld_sbp, + LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns ) == 0 ) { + ber_sockbuf_set_option( sb, + LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns ); + } + if ( ber_sockbuf_get_option( ld->ld_sbp, + LBER_SOCKBUF_OPT_READ_FN, (void *)&sb_fn ) == 0 + && sb_fn != NULL ) { + ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_READ_FN, + (void *)sb_fn ); + } + if ( ber_sockbuf_get_option( ld->ld_sbp, + LBER_SOCKBUF_OPT_WRITE_FN, (void *)&sb_fn ) == 0 + && sb_fn != NULL ) { + ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_WRITE_FN, + (void *)sb_fn ); + } + } + + lc->lconn_sb = ( use_ldsb ) ? ld->ld_sbp : sb; + lc->lconn_version = ld->ld_version; /* inherited */ + LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); + + if ( connect ) { + prevsrv = NULL; + /* + * save the return code for later + */ + for ( srv = *srvlistp; srv != NULL; srv = srv->lsrv_next ) { + rc = nsldapi_connect_to_host( ld, lc->lconn_sb, + srv->lsrv_host, srv->lsrv_port, + ( srv->lsrv_options & LDAP_SRV_OPT_SECURE ) != 0, + &lc->lconn_krbinstance ); + if (rc != -1) { + break; + } + prevsrv = srv; + } + + if ( srv == NULL ) { + if ( !use_ldsb ) { + NSLDAPI_FREE( (char *)lc->lconn_sb ); + } + NSLDAPI_FREE( (char *)lc ); + /* nsldapi_open_ldap_connection has already set ld_errno */ + return( NULL ); + } + + if ( prevsrv == NULL ) { + *srvlistp = srv->lsrv_next; + } else { + prevsrv->lsrv_next = srv->lsrv_next; + } + lc->lconn_server = srv; + } + + if ( 0 != (ld->ld_options & LDAP_BITOPT_ASYNC)) { + /* + * Technically, the socket may already be connected but we are + * not sure. By setting the state to LDAP_CONNST_CONNECTING, we + * ensure that we will check the socket status to make sure it + * is connected before we try to send any LDAP messages. + */ + lc->lconn_status = LDAP_CONNST_CONNECTING; + } else { + lc->lconn_status = LDAP_CONNST_CONNECTED; + } + + lc->lconn_next = ld->ld_conns; + ld->ld_conns = lc; + + /* + * XXX for now, we always do a synchronous bind. This will have + * to change in the long run... + */ + if ( bind ) { + int err, lderr, freepasswd, authmethod; + char *binddn, *passwd; + LDAPConn *savedefconn; + + freepasswd = err = 0; + + if ( ld->ld_rebind_fn == NULL ) { + binddn = passwd = ""; + authmethod = LDAP_AUTH_SIMPLE; + } else { + if (( lderr = (*ld->ld_rebind_fn)( ld, &binddn, &passwd, + &authmethod, 0, ld->ld_rebind_arg )) + == LDAP_SUCCESS ) { + freepasswd = 1; + } else { + LDAP_SET_LDERRNO( ld, lderr, NULL, NULL ); + err = -1; + } + } + + + if ( err == 0 ) { + savedefconn = ld->ld_defconn; + ld->ld_defconn = lc; + ++lc->lconn_refcnt; /* avoid premature free */ + + /* + * when binding, we will back down as low as LDAPv2 + * if we get back "protocol error" from bind attempts + */ + for ( ;; ) { + /* LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); */ + if (( lderr = ldap_bind_s( ld, binddn, passwd, + authmethod )) == LDAP_SUCCESS ) { + /* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */ + break; + } + /* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */ + if ( lc->lconn_version <= LDAP_VERSION2 + || lderr != LDAP_PROTOCOL_ERROR ) { + err = -1; + break; + } + --lc->lconn_version; /* try lower version */ + } + --lc->lconn_refcnt; + ld->ld_defconn = savedefconn; + } + + if ( freepasswd ) { + (*ld->ld_rebind_fn)( ld, &binddn, &passwd, + &authmethod, 1, ld->ld_rebind_arg ); + } + + if ( err != 0 ) { + nsldapi_free_connection( ld, lc, NULL, NULL, 1, 0 ); + lc = NULL; + } + } + + return( lc ); +} + + +#define LDAP_CONN_SAMEHOST( h1, h2 ) \ + (( (h1) == NULL && (h2) == NULL ) || \ + ( (h1) != NULL && (h2) != NULL && strcasecmp( (h1), (h2) ) == 0 )) + +static LDAPConn * +find_connection( LDAP *ld, LDAPServer *srv, int any ) +/* + * return an existing connection (if any) to the server srv + * if "any" is non-zero, check for any server in the "srv" chain + */ +{ + LDAPConn *lc; + LDAPServer *ls; + + for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) { + for ( ls = srv; ls != NULL; ls = ls->lsrv_next ) { + if ( LDAP_CONN_SAMEHOST( ls->lsrv_host, + lc->lconn_server->lsrv_host ) + && ls->lsrv_port == lc->lconn_server->lsrv_port + && ls->lsrv_options == + lc->lconn_server->lsrv_options ) { + return( lc ); + } + if ( !any ) { + break; + } + } + } + + return( NULL ); +} + + +void +nsldapi_free_connection( LDAP *ld, LDAPConn *lc, LDAPControl **serverctrls, + LDAPControl **clientctrls, int force, int unbind ) +{ + LDAPConn *tmplc, *prevlc; + + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection\n", 0, 0, 0 ); + + if ( force || --lc->lconn_refcnt <= 0 ) { + nsldapi_iostatus_interest_clear( ld, lc->lconn_sb ); + if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) { + if ( unbind ) { + nsldapi_send_unbind( ld, lc->lconn_sb, + serverctrls, clientctrls ); + } + } + nsldapi_close_connection( ld, lc->lconn_sb ); + prevlc = NULL; + for ( tmplc = ld->ld_conns; tmplc != NULL; + tmplc = tmplc->lconn_next ) { + if ( tmplc == lc ) { + if ( prevlc == NULL ) { + ld->ld_conns = tmplc->lconn_next; + } else { + prevlc->lconn_next = tmplc->lconn_next; + } + break; + } + prevlc = tmplc; + } + free_servers( lc->lconn_server ); + if ( lc->lconn_krbinstance != NULL ) { + NSLDAPI_FREE( lc->lconn_krbinstance ); + } + /* + * if this is the default connection (lc->lconn_sb==ld->ld_sbp) + * we do not free the Sockbuf here since it will be freed + * later inside ldap_unbind(). + */ + if ( lc->lconn_sb != ld->ld_sbp ) { + ber_sockbuf_free( lc->lconn_sb ); + lc->lconn_sb = NULL; + } + if ( lc->lconn_ber != NULLBER ) { + ber_free( lc->lconn_ber, 1 ); + } + if ( lc->lconn_binddn != NULL ) { + NSLDAPI_FREE( lc->lconn_binddn ); + } +#ifdef LDAP_SASLIO_HOOKS + if ( lc->lconn_sasl_ctx ) { /* the sasl connection context */ + sasl_dispose(&lc->lconn_sasl_ctx); + lc->lconn_sasl_ctx = NULL; + } +#endif /* LDAP_SASLIO_HOOKS */ + NSLDAPI_FREE( lc ); + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: actually freed\n", + 0, 0, 0 ); + } else { + lc->lconn_lastused = time( 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: refcnt %d\n", + lc->lconn_refcnt, 0, 0 ); + } +} + + +#ifdef LDAP_DEBUG +void +nsldapi_dump_connection( LDAP *ld, LDAPConn *lconns, int all ) +{ + LDAPConn *lc; + char msg[256]; +/* CTIME for this platform doesn't use this. */ +#if !defined(SUNOS4) && !defined(_WIN32) && !defined(LINUX) && !defined(macintosh) + char buf[26]; +#endif + + sprintf( msg, "** Connection%s:\n", all ? "s" : "" ); + ber_err_print( msg ); + for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) { + if ( lc->lconn_server != NULL ) { + sprintf( msg, "* 0x%p - host: %s port: %d secure: %s%s\n", + lc, ( lc->lconn_server->lsrv_host == NULL ) ? "(null)" + : lc->lconn_server->lsrv_host, + lc->lconn_server->lsrv_port, + ( lc->lconn_server->lsrv_options & + LDAP_SRV_OPT_SECURE ) ? "Yes" : + "No", ( lc->lconn_sb == ld->ld_sbp ) ? + " (default)" : "" ); + ber_err_print( msg ); + } + sprintf( msg, " refcnt: %d pending: %d status: %s\n", + lc->lconn_refcnt, lc->lconn_pending_requests, + ( lc->lconn_status == LDAP_CONNST_CONNECTING ) + ? "Connecting" : + ( lc->lconn_status == LDAP_CONNST_DEAD ) ? "Dead" : + "Connected" ); + ber_err_print( msg ); + sprintf( msg, " last used: %s", + NSLDAPI_CTIME( (time_t *) &lc->lconn_lastused, buf, + sizeof(buf) )); + ber_err_print( msg ); + if ( lc->lconn_ber != NULLBER ) { + ber_err_print( " partial response has been received:\n" ); + ber_dump( lc->lconn_ber, 1 ); + } + ber_err_print( "\n" ); + + if ( !all ) { + break; + } + } +} + + +void +nsldapi_dump_requests_and_responses( LDAP *ld ) +{ + LDAPRequest *lr; + LDAPMessage *lm, *l; + char msg[256]; + + ber_err_print( "** Outstanding Requests:\n" ); + LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK ); + if (( lr = ld->ld_requests ) == NULL ) { + ber_err_print( " Empty\n" ); + } + for ( ; lr != NULL; lr = lr->lr_next ) { + sprintf( msg, " * 0x%p - msgid %d, origid %d, status %s\n", + lr, lr->lr_msgid, lr->lr_origid, ( lr->lr_status == + LDAP_REQST_INPROGRESS ) ? "InProgress" : + ( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" : + ( lr->lr_status == LDAP_REQST_CONNDEAD ) ? "Dead" : + "Writing" ); + ber_err_print( msg ); + sprintf( msg, " outstanding referrals %d, parent count %d\n", + lr->lr_outrefcnt, lr->lr_parentcnt ); + ber_err_print( msg ); + if ( lr->lr_binddn != NULL ) { + sprintf( msg, " pending bind DN: <%s>\n", lr->lr_binddn ); + ber_err_print( msg ); + } + } + LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK ); + + ber_err_print( "** Response Queue:\n" ); + LDAP_MUTEX_LOCK( ld, LDAP_RESP_LOCK ); + if (( lm = ld->ld_responses ) == NULLMSG ) { + ber_err_print( " Empty\n" ); + } + for ( ; lm != NULLMSG; lm = lm->lm_next ) { + sprintf( msg, " * 0x%p - msgid %d, type %d\n", + lm, lm->lm_msgid, lm->lm_msgtype ); + ber_err_print( msg ); + if (( l = lm->lm_chain ) != NULL ) { + ber_err_print( " chained responses:\n" ); + for ( ; l != NULLMSG; l = l->lm_chain ) { + sprintf( msg, + " * 0x%p - msgid %d, type %d\n", + l, l->lm_msgid, l->lm_msgtype ); + ber_err_print( msg ); + } + } + } + LDAP_MUTEX_UNLOCK( ld, LDAP_RESP_LOCK ); +} +#endif /* LDAP_DEBUG */ + + +LDAPRequest * +nsldapi_new_request( LDAPConn *lc, BerElement *ber, int msgid, int expect_resp ) +{ + LDAPRequest *lr; + + lr = (LDAPRequest *)NSLDAPI_CALLOC( 1, sizeof( LDAPRequest )); + + if ( lr != NULL ) { + lr->lr_conn = lc; + lr->lr_ber = ber; + lr->lr_msgid = lr->lr_origid = msgid; + lr->lr_expect_resp = expect_resp; + lr->lr_status = LDAP_REQST_INPROGRESS; + lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */ + + if ( lc != NULL ) { /* mark connection as in use */ + ++lc->lconn_refcnt; + lc->lconn_lastused = time( 0 ); + } + } + + return( lr ); +} + + +void +nsldapi_free_request( LDAP *ld, LDAPRequest *lr, int free_conn ) +{ + LDAPRequest *tmplr, *nextlr; + + LDAPDebug( LDAP_DEBUG_TRACE, + "nsldapi_free_request 0x%p (origid %d, msgid %d)\n", + lr, lr->lr_origid, lr->lr_msgid ); + + if ( lr->lr_parent != NULL ) { + /* unlink child from parent */ + lr->lr_parent->lr_child = NULL; + --lr->lr_parent->lr_outrefcnt; + } + + if ( lr->lr_status == LDAP_REQST_WRITING ) { + --lr->lr_conn->lconn_pending_requests; + } + + /* free all of our spawned referrals (child requests) */ + for ( tmplr = lr->lr_child; tmplr != NULL; tmplr = nextlr ) { + nextlr = tmplr->lr_sibling; + nsldapi_free_request( ld, tmplr, free_conn ); + } + + if ( free_conn ) { + nsldapi_free_connection( ld, lr->lr_conn, NULL, NULL, 0, 1 ); + } + + if ( lr->lr_prev == NULL ) { + ld->ld_requests = lr->lr_next; + } else { + lr->lr_prev->lr_next = lr->lr_next; + } + + if ( lr->lr_next != NULL ) { + lr->lr_next->lr_prev = lr->lr_prev; + } + + if ( lr->lr_ber != NULL ) { + ber_free( lr->lr_ber, 1 ); + } + + if ( lr->lr_res_error != NULL ) { + NSLDAPI_FREE( lr->lr_res_error ); + } + + if ( lr->lr_res_matched != NULL ) { + NSLDAPI_FREE( lr->lr_res_matched ); + } + + if ( lr->lr_binddn != NULL ) { + NSLDAPI_FREE( lr->lr_binddn ); + } + + if ( lr->lr_res_ctrls != NULL ) { + ldap_controls_free( lr->lr_res_ctrls ); + } + NSLDAPI_FREE( lr ); +} + + +/* + * Add a request to the end of the list of outstanding requests. + * This function must be called with these two locks in hand, acquired in + * this order: + * LDAP_CONN_LOCK + * LDAP_REQ_LOCK + */ +void +nsldapi_queue_request_nolock( LDAP *ld, LDAPRequest *lr ) +{ + if ( NULL == ld->ld_requests ) { + ld->ld_requests = lr; + } else { + LDAPRequest *tmplr; + + for ( tmplr = ld->ld_requests; tmplr->lr_next != NULL; + tmplr = tmplr->lr_next ) { + ; + } + tmplr->lr_next = lr; + lr->lr_prev = tmplr; + } +} + + +static void +free_servers( LDAPServer *srvlist ) +{ + LDAPServer *nextsrv; + + while ( srvlist != NULL ) { + nextsrv = srvlist->lsrv_next; + if ( srvlist->lsrv_dn != NULL ) { + NSLDAPI_FREE( srvlist->lsrv_dn ); + } + if ( srvlist->lsrv_host != NULL ) { + NSLDAPI_FREE( srvlist->lsrv_host ); + } + NSLDAPI_FREE( srvlist ); + srvlist = nextsrv; + } +} + + +/* + * Initiate chasing of LDAPv2+ (Umich extension) referrals. + * + * Returns an LDAP error code. + * + * Note that *hadrefp will be set to 1 if one or more referrals were found in + * "*errstrp" (even if we can't chase them) and zero if none were found. + * + * XXX merging of errors in this routine needs to be improved. + */ +int +nsldapi_chase_v2_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp, + int *totalcountp, int *chasingcountp ) +{ + char *p, *ref, *unfollowed; + LDAPRequest *origreq; + int rc, tmprc, len, unknown; + + LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_chase_v2_referrals\n", 0, 0, 0 ); + + *totalcountp = *chasingcountp = 0; + + if ( *errstrp == NULL ) { + return( LDAP_SUCCESS ); + } + + len = strlen( *errstrp ); + for ( p = *errstrp; len >= LDAP_REF_STR_LEN; ++p, --len ) { + if (( *p == 'R' || *p == 'r' ) && strncasecmp( p, + LDAP_REF_STR, LDAP_REF_STR_LEN ) == 0 ) { + *p = '\0'; + p += LDAP_REF_STR_LEN; + break; + } + } + + if ( len < LDAP_REF_STR_LEN ) { + return( LDAP_SUCCESS ); + } + + if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "more than %d referral hops (dropping)\n", + ld->ld_refhoplimit, 0, 0 ); + return( LDAP_REFERRAL_LIMIT_EXCEEDED ); + } + + /* find original request */ + for ( origreq = lr; origreq->lr_parent != NULL; + origreq = origreq->lr_parent ) { + ; + } + + unfollowed = NULL; + rc = LDAP_SUCCESS; + + /* parse out & follow referrals */ + for ( ref = p; rc == LDAP_SUCCESS && ref != NULL; ref = p ) { + if (( p = strchr( ref, '\n' )) != NULL ) { + *p++ = '\0'; + } else { + p = NULL; + } + + ++*totalcountp; + + rc = chase_one_referral( ld, lr, origreq, ref, "v2 referral", + &unknown, 0 /* not a reference */ ); + + if ( rc != LDAP_SUCCESS || unknown ) { + if (( tmprc = nsldapi_append_referral( ld, &unfollowed, + ref )) != LDAP_SUCCESS ) { + rc = tmprc; + } + } else { + ++*chasingcountp; + } + } + + NSLDAPI_FREE( *errstrp ); + *errstrp = unfollowed; + + return( rc ); +} + + +/* returns an LDAP error code */ +int +nsldapi_chase_v3_refs( LDAP *ld, LDAPRequest *lr, char **v3refs, + int is_reference, int *totalcountp, int *chasingcountp ) +{ + int rc = LDAP_SUCCESS; + int i, unknown; + LDAPRequest *origreq; + + *totalcountp = *chasingcountp = 0; + + if ( v3refs == NULL || v3refs[0] == NULL ) { + return( LDAP_SUCCESS ); + } + + *totalcountp = 1; + + if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "more than %d referral hops (dropping)\n", + ld->ld_refhoplimit, 0, 0 ); + return( LDAP_REFERRAL_LIMIT_EXCEEDED ); + } + + /* find original request */ + for ( origreq = lr; origreq->lr_parent != NULL; + origreq = origreq->lr_parent ) { + ; + } + + /* + * in LDAPv3, we just need to follow one referral in the set. + * we dp this by stopping as soon as we succeed in initiating a + * chase on any referral (basically this means we were able to connect + * to the server and bind). + */ + for ( i = 0; v3refs[i] != NULL; ++i ) { + rc = chase_one_referral( ld, lr, origreq, v3refs[i], + is_reference ? "v3 reference" : "v3 referral", &unknown, + is_reference ); + if ( rc == LDAP_SUCCESS && !unknown ) { + *chasingcountp = 1; + break; + } + } + + /* XXXmcs: should we save unfollowed referrals somewhere? */ + + return( rc ); /* last error is as good as any other I guess... */ +} + + +/* + * returns an LDAP error code + * + * XXXmcs: this function used to have #ifdef LDAP_DNS code in it but I + * removed it when I improved the parsing (we don't define LDAP_DNS + * here at Netscape). + */ +static int +chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq, + char *refurl, char *desc, int *unknownp, int is_reference ) +{ + int rc, tmprc, secure, msgid; + LDAPServer *srv; + BerElement *ber; + LDAPURLDesc *ludp; + + *unknownp = 0; + ludp = NULLLDAPURLDESC; + + if ( nsldapi_url_parse( refurl, &ludp, 0 ) != 0 ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "ignoring unknown %s <%s>\n", desc, refurl, 0 ); + *unknownp = 1; + rc = LDAP_SUCCESS; + goto cleanup_and_return; + } + + secure = (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ); + +/* XXXmcs: can't tell if secure is supported by connect callback */ + if ( secure && ld->ld_extconnect_fn == NULL ) { + LDAPDebug( LDAP_DEBUG_TRACE, + "ignoring LDAPS %s <%s>\n", desc, refurl, 0 ); + *unknownp = 1; + rc = LDAP_SUCCESS; + goto cleanup_and_return; + } + + LDAPDebug( LDAP_DEBUG_TRACE, "chasing LDAP%s %s: <%s>\n", + secure ? "S" : "", desc, refurl ); + + LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK ); + msgid = ++ld->ld_msgid; + LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK ); + + if (( tmprc = re_encode_request( ld, origreq->lr_ber, msgid, + ludp, &ber, is_reference )) != LDAP_SUCCESS ) { + rc = tmprc; + goto cleanup_and_return; + } + + if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer ))) + == NULL ) { + ber_free( ber, 1 ); + rc = LDAP_NO_MEMORY; + goto cleanup_and_return; + } + + if ( ludp->lud_host == NULL && ld->ld_defhost == NULL ) { + srv->lsrv_host = NULL; + } else { + if ( ludp->lud_host == NULL ) { + srv->lsrv_host = + nsldapi_strdup( origreq->lr_conn->lconn_server->lsrv_host ); + LDAPDebug( LDAP_DEBUG_TRACE, + "chase_one_referral: using hostname '%s' from original " + "request on new request\n", + srv->lsrv_host, 0, 0); + } else { + srv->lsrv_host = nsldapi_strdup( ludp->lud_host ); + LDAPDebug( LDAP_DEBUG_TRACE, + "chase_one_referral: using hostname '%s' as specified " + "on new request\n", + srv->lsrv_host, 0, 0); + } + + if ( srv->lsrv_host == NULL ) { + NSLDAPI_FREE( (char *)srv ); + ber_free( ber, 1 ); + rc = LDAP_NO_MEMORY; + goto cleanup_and_return; + } + } + + if ( ludp->lud_port == 0 && ludp->lud_host == NULL ) { + srv->lsrv_port = origreq->lr_conn->lconn_server->lsrv_port; + LDAPDebug( LDAP_DEBUG_TRACE, + "chase_one_referral: using port (%d) from original " + "request on new request\n", + srv->lsrv_port, 0, 0); + } else if ( ludp->lud_port != 0 ) { + srv->lsrv_port = ludp->lud_port; + LDAPDebug( LDAP_DEBUG_TRACE, + "chase_one_referral: using port (%d) as specified on " + "new request\n", + srv->lsrv_port, 0, 0); + } else { + srv->lsrv_port = secure ? LDAPS_PORT : LDAP_PORT; + LDAPDebug( LDAP_DEBUG_TRACE, + "chase_one_referral: using default port (%d)\n", + srv->lsrv_port, 0, 0 ); + } + + if ( secure ) { + srv->lsrv_options |= LDAP_SRV_OPT_SECURE; + } + + if ( nsldapi_send_server_request( ld, ber, msgid, + lr, srv, NULL, NULL, 1 ) < 0 ) { + rc = LDAP_GET_LDERRNO( ld, NULL, NULL ); + LDAPDebug( LDAP_DEBUG_ANY, "Unable to chase %s %s (%s)\n", + desc, refurl, ldap_err2string( rc )); + } else { + rc = LDAP_SUCCESS; + } + +cleanup_and_return: + if ( ludp != NULLLDAPURLDESC ) { + ldap_free_urldesc( ludp ); + } + + return( rc ); +} + + +/* returns an LDAP error code */ +int +nsldapi_append_referral( LDAP *ld, char **referralsp, char *s ) +{ + int first; + + if ( *referralsp == NULL ) { + first = 1; + *referralsp = (char *)NSLDAPI_MALLOC( strlen( s ) + + LDAP_REF_STR_LEN + 1 ); + } else { + first = 0; + *referralsp = (char *)NSLDAPI_REALLOC( *referralsp, + strlen( *referralsp ) + strlen( s ) + 2 ); + } + + if ( *referralsp == NULL ) { + return( LDAP_NO_MEMORY ); + } + + if ( first ) { + strcpy( *referralsp, LDAP_REF_STR ); + } else { + strcat( *referralsp, "\n" ); + } + strcat( *referralsp, s ); + + return( LDAP_SUCCESS ); +} + + + +/* returns an LDAP error code */ +static int +re_encode_request( LDAP *ld, BerElement *origber, int msgid, LDAPURLDesc *ludp, + BerElement **berp, int is_reference ) +{ +/* + * XXX this routine knows way too much about how the lber library works! + */ + ber_int_t origmsgid; + ber_tag_t tag; + ber_int_t ver; + int rc; + BerElement *ber; + struct berelement tmpber; + char *dn, *orig_dn; + /* extra stuff for search request */ + ber_int_t scope = -1; + + LDAPDebug( LDAP_DEBUG_TRACE, + "re_encode_request: new msgid %d, new dn <%s>\n", + msgid, ( ludp->lud_dn == NULL ) ? "NONE" : ludp->lud_dn, 0 ); + + tmpber = *origber; + + /* + * All LDAP requests are sequences that start with a message id. For + * everything except delete requests, this is followed by a sequence + * that is tagged with the operation code. For deletes, there is just + * a DN that is tagged with the operation code. + */ + + /* skip past msgid and get operation tag */ + if ( ber_scanf( &tmpber, "{it", &origmsgid, &tag ) == LBER_ERROR ) { + return( LDAP_DECODING_ERROR ); + } + + /* + * XXXmcs: we don't support filters in search referrals yet, + * so if present we return an error which is probably + * better than just ignoring the extra info. + * XXXrichm: we now support scopes. Supporting filters would require + * a lot more additional work to be able to read the filter from + * the ber original search request, convert to string, etc. It might + * be better and easier to change nsldapi_build_search_req to have + * some special mode by which you could tell it to skip filter and + * attrlist encoding if no filter was given - then we could just + * create a new ber search request with our new filter if present. + */ + if ( ( tag == LDAP_REQ_SEARCH ) && ( ludp->lud_filter != NULL )) { + return( LDAP_LOCAL_ERROR ); + } + + if ( tag == LDAP_REQ_BIND ) { + /* bind requests have a version number before the DN */ + rc = ber_scanf( &tmpber, "{ia", &ver, &orig_dn ); + } else if ( tag == LDAP_REQ_DELETE ) { + /* delete requests DNs are not within a sequence */ + rc = ber_scanf( &tmpber, "a", &orig_dn ); + } else if ( tag == LDAP_REQ_SEARCH ) { + /* need scope */ + rc = ber_scanf( &tmpber, "{ae", &orig_dn, &scope ); + } else { + rc = ber_scanf( &tmpber, "{a", &orig_dn ); + } + + if ( rc == LBER_ERROR ) { + return( LDAP_DECODING_ERROR ); + } + + if ( ludp->lud_dn == NULL ) { + dn = orig_dn; + } else { + dn = ludp->lud_dn; + NSLDAPI_FREE( orig_dn ); + orig_dn = NULL; + } + + if ( ludp->lud_scope != -1 ) { + scope = ludp->lud_scope; /* scope provided by ref - use it */ + } else if (is_reference) { + /* + * RFC 4511 says that the we should use scope BASE in the + * search reference if the client's original request was for scope + * ONELEVEL - since the server did not include the scope in the + * search reference returned, we must provide the correct behavior + * in the client (i.e. the correct behavior is implied) + * see RFC 4511 section 4.5.3 for more information + */ + if (scope == LDAP_SCOPE_ONELEVEL) { + scope = LDAP_SCOPE_BASE; + } + } + + /* allocate and build the new request */ + if (( rc = nsldapi_alloc_ber_with_options( ld, &ber )) + != LDAP_SUCCESS ) { + if ( orig_dn != NULL ) { + NSLDAPI_FREE( orig_dn ); + } + return( rc ); + } + + if ( tag == LDAP_REQ_BIND ) { + rc = ber_printf( ber, "{it{is", msgid, tag, ver , dn ); + } else if ( tag == LDAP_REQ_DELETE ) { + rc = ber_printf( ber, "{its}", msgid, tag, dn ); + } else if ( tag == LDAP_REQ_SEARCH ) { + rc = ber_printf( ber, "{it{se", msgid, tag, dn, scope ); + } else { + rc = ber_printf( ber, "{it{s", msgid, tag, dn ); + } + + if ( orig_dn != NULL ) { + NSLDAPI_FREE( orig_dn ); + } +/* + * can't use "dn" or "orig_dn" from this point on (they've been freed) + */ + + if ( rc == -1 ) { + ber_free( ber, 1 ); + return( LDAP_ENCODING_ERROR ); + } + + if ( tag != LDAP_REQ_DELETE && + ( ber_write( ber, tmpber.ber_ptr, ( tmpber.ber_end - + tmpber.ber_ptr ), 0 ) != ( tmpber.ber_end - tmpber.ber_ptr ) + || ber_printf( ber, "}}" ) == -1 )) { + ber_free( ber, 1 ); + return( LDAP_ENCODING_ERROR ); + } + +#ifdef LDAP_DEBUG + if ( ldap_debug & LDAP_DEBUG_PACKETS ) { + LDAPDebug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n", + 0, 0, 0 ); + ber_dump( ber, 0 ); + } +#endif /* LDAP_DEBUG */ + + *berp = ber; + return( LDAP_SUCCESS ); +} + + +LDAPRequest * +nsldapi_find_request_by_msgid( LDAP *ld, int msgid ) +{ + LDAPRequest *lr; + + for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) { + if ( msgid == lr->lr_msgid ) { + break; + } + } + + return( lr ); +} + + +/* + * nsldapi_connection_lost_nolock() resets "ld" to a non-connected, known + * state. It should be called whenever a fatal error occurs on the + * Sockbuf "sb." sb == NULL means we don't know specifically where + * the problem was so we assume all connections are bad. + */ +void +nsldapi_connection_lost_nolock( LDAP *ld, Sockbuf *sb ) +{ + LDAPRequest *lr; + + /* + * change status of all pending requests that are associated with "sb + * to "connection dead." + * also change the connection status to "dead" and remove it from + * the list of sockets we are interested in. + */ + for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) { + if ( sb == NULL || + ( lr->lr_conn != NULL && lr->lr_conn->lconn_sb == sb )) { + lr->lr_status = LDAP_REQST_CONNDEAD; + if ( lr->lr_conn != NULL ) { + lr->lr_conn->lconn_status = LDAP_CONNST_DEAD; + nsldapi_iostatus_interest_clear( ld, + lr->lr_conn->lconn_sb ); + } + } + } +} + + +#ifdef LDAP_DNS +static LDAPServer * +dn2servers( LDAP *ld, char *dn ) /* dn can also be a domain.... */ +{ + char *p, *domain, *host, *server_dn, **dxs; + int i, port; + LDAPServer *srvlist, *prevsrv, *srv; + + if (( domain = strrchr( dn, '@' )) != NULL ) { + ++domain; + } else { + domain = dn; + } + + if (( dxs = nsldapi_getdxbyname( domain )) == NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL ); + return( NULL ); + } + + srvlist = NULL; + + for ( i = 0; dxs[ i ] != NULL; ++i ) { + port = LDAP_PORT; + server_dn = NULL; + if ( strchr( dxs[ i ], ':' ) == NULL ) { + host = dxs[ i ]; + } else if ( strlen( dxs[ i ] ) >= 7 && + strncmp( dxs[ i ], "ldap://", 7 ) == 0 ) { + host = dxs[ i ] + 7; + if (( p = strchr( host, ':' )) == NULL ) { + p = host; + } else { + *p++ = '\0'; + port = atoi( p ); + } + if (( p = strchr( p, '/' )) != NULL ) { + server_dn = ++p; + if ( *server_dn == '\0' ) { + server_dn = NULL; + } + } + } else { + host = NULL; + } + + if ( host != NULL ) { /* found a server we can use */ + if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, + sizeof( LDAPServer ))) == NULL ) { + free_servers( srvlist ); + srvlist = NULL; + break; /* exit loop & return */ + } + + /* add to end of list of servers */ + if ( srvlist == NULL ) { + srvlist = srv; + } else { + prevsrv->lsrv_next = srv; + } + prevsrv = srv; + + /* copy in info. */ + if (( srv->lsrv_host = nsldapi_strdup( host )) == NULL + || ( server_dn != NULL && ( srv->lsrv_dn = + nsldapi_strdup( server_dn )) == NULL )) { + free_servers( srvlist ); + srvlist = NULL; + break; /* exit loop & return */ + } + srv->lsrv_port = port; + } + } + + ldap_value_free( dxs ); + + if ( srvlist == NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL ); + } + + return( srvlist ); +} +#endif /* LDAP_DNS */ |