1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> |
9 | * Copyright (C) 2011 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
10 | * |
11 | * This software is licensed as described in the file COPYING, which |
12 | * you should have received as part of this distribution. The terms |
13 | * are also available at https://curl.haxx.se/docs/copyright.html. |
14 | * |
15 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
16 | * copies of the Software, and permit persons to whom the Software is |
17 | * furnished to do so, under the terms of the COPYING file. |
18 | * |
19 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
20 | * KIND, either express or implied. |
21 | * |
22 | ***************************************************************************/ |
23 | |
24 | #include "curl_setup.h" |
25 | |
26 | #if !defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP) |
27 | |
28 | /* |
29 | * Notice that USE_OPENLDAP is only a source code selection switch. When |
30 | * libcurl is built with USE_OPENLDAP defined the libcurl source code that |
31 | * gets compiled is the code from openldap.c, otherwise the code that gets |
32 | * compiled is the code from ldap.c. |
33 | * |
34 | * When USE_OPENLDAP is defined a recent version of the OpenLDAP library |
35 | * might be required for compilation and runtime. In order to use ancient |
36 | * OpenLDAP library versions, USE_OPENLDAP shall not be defined. |
37 | */ |
38 | |
39 | #include <ldap.h> |
40 | |
41 | #include "urldata.h" |
42 | #include <curl/curl.h> |
43 | #include "sendf.h" |
44 | #include "vtls/vtls.h" |
45 | #include "transfer.h" |
46 | #include "curl_ldap.h" |
47 | #include "curl_base64.h" |
48 | #include "connect.h" |
49 | /* The last 3 #include files should be in this order */ |
50 | #include "curl_printf.h" |
51 | #include "curl_memory.h" |
52 | #include "memdebug.h" |
53 | |
54 | /* |
55 | * Uncommenting this will enable the built-in debug logging of the openldap |
56 | * library. The debug log level can be set using the CURL_OPENLDAP_TRACE |
57 | * environment variable. The debug output is written to stderr. |
58 | * |
59 | * The library supports the following debug flags: |
60 | * LDAP_DEBUG_NONE 0x0000 |
61 | * LDAP_DEBUG_TRACE 0x0001 |
62 | * LDAP_DEBUG_CONSTRUCT 0x0002 |
63 | * LDAP_DEBUG_DESTROY 0x0004 |
64 | * LDAP_DEBUG_PARAMETER 0x0008 |
65 | * LDAP_DEBUG_ANY 0xffff |
66 | * |
67 | * For example, use CURL_OPENLDAP_TRACE=0 for no debug, |
68 | * CURL_OPENLDAP_TRACE=2 for LDAP_DEBUG_CONSTRUCT messages only, |
69 | * CURL_OPENLDAP_TRACE=65535 for all debug message levels. |
70 | */ |
71 | /* #define CURL_OPENLDAP_DEBUG */ |
72 | |
73 | #ifndef _LDAP_PVT_H |
74 | extern int ldap_pvt_url_scheme2proto(const char *); |
75 | extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url, |
76 | LDAP **ld); |
77 | #endif |
78 | |
79 | static CURLcode ldap_setup_connection(struct connectdata *conn); |
80 | static CURLcode ldap_do(struct connectdata *conn, bool *done); |
81 | static CURLcode ldap_done(struct connectdata *conn, CURLcode, bool); |
82 | static CURLcode ldap_connect(struct connectdata *conn, bool *done); |
83 | static CURLcode ldap_connecting(struct connectdata *conn, bool *done); |
84 | static CURLcode ldap_disconnect(struct connectdata *conn, bool dead); |
85 | |
86 | static Curl_recv ldap_recv; |
87 | |
88 | /* |
89 | * LDAP protocol handler. |
90 | */ |
91 | |
92 | const struct Curl_handler Curl_handler_ldap = { |
93 | "LDAP" , /* scheme */ |
94 | ldap_setup_connection, /* setup_connection */ |
95 | ldap_do, /* do_it */ |
96 | ldap_done, /* done */ |
97 | ZERO_NULL, /* do_more */ |
98 | ldap_connect, /* connect_it */ |
99 | ldap_connecting, /* connecting */ |
100 | ZERO_NULL, /* doing */ |
101 | ZERO_NULL, /* proto_getsock */ |
102 | ZERO_NULL, /* doing_getsock */ |
103 | ZERO_NULL, /* domore_getsock */ |
104 | ZERO_NULL, /* perform_getsock */ |
105 | ldap_disconnect, /* disconnect */ |
106 | ZERO_NULL, /* readwrite */ |
107 | ZERO_NULL, /* connection_check */ |
108 | PORT_LDAP, /* defport */ |
109 | CURLPROTO_LDAP, /* protocol */ |
110 | PROTOPT_NONE /* flags */ |
111 | }; |
112 | |
113 | #ifdef USE_SSL |
114 | /* |
115 | * LDAPS protocol handler. |
116 | */ |
117 | |
118 | const struct Curl_handler Curl_handler_ldaps = { |
119 | "LDAPS" , /* scheme */ |
120 | ldap_setup_connection, /* setup_connection */ |
121 | ldap_do, /* do_it */ |
122 | ldap_done, /* done */ |
123 | ZERO_NULL, /* do_more */ |
124 | ldap_connect, /* connect_it */ |
125 | ldap_connecting, /* connecting */ |
126 | ZERO_NULL, /* doing */ |
127 | ZERO_NULL, /* proto_getsock */ |
128 | ZERO_NULL, /* doing_getsock */ |
129 | ZERO_NULL, /* domore_getsock */ |
130 | ZERO_NULL, /* perform_getsock */ |
131 | ldap_disconnect, /* disconnect */ |
132 | ZERO_NULL, /* readwrite */ |
133 | ZERO_NULL, /* connection_check */ |
134 | PORT_LDAPS, /* defport */ |
135 | CURLPROTO_LDAP, /* protocol */ |
136 | PROTOPT_SSL /* flags */ |
137 | }; |
138 | #endif |
139 | |
140 | static const char *url_errs[] = { |
141 | "success" , |
142 | "out of memory" , |
143 | "bad parameter" , |
144 | "unrecognized scheme" , |
145 | "unbalanced delimiter" , |
146 | "bad URL" , |
147 | "bad host or port" , |
148 | "bad or missing attributes" , |
149 | "bad or missing scope" , |
150 | "bad or missing filter" , |
151 | "bad or missing extensions" |
152 | }; |
153 | |
154 | struct ldapconninfo { |
155 | LDAP *ld; |
156 | Curl_recv *recv; /* for stacking SSL handler */ |
157 | Curl_send *send; |
158 | int proto; |
159 | int msgid; |
160 | bool ssldone; |
161 | bool sslinst; |
162 | bool didbind; |
163 | }; |
164 | |
165 | typedef struct ldapreqinfo { |
166 | int msgid; |
167 | int nument; |
168 | } ldapreqinfo; |
169 | |
170 | static CURLcode ldap_setup_connection(struct connectdata *conn) |
171 | { |
172 | struct ldapconninfo *li; |
173 | LDAPURLDesc *lud; |
174 | struct Curl_easy *data = conn->data; |
175 | int rc, proto; |
176 | CURLcode status; |
177 | |
178 | rc = ldap_url_parse(data->change.url, &lud); |
179 | if(rc != LDAP_URL_SUCCESS) { |
180 | const char *msg = "url parsing problem" ; |
181 | status = CURLE_URL_MALFORMAT; |
182 | if(rc > LDAP_URL_SUCCESS && rc <= LDAP_URL_ERR_BADEXTS) { |
183 | if(rc == LDAP_URL_ERR_MEM) |
184 | status = CURLE_OUT_OF_MEMORY; |
185 | msg = url_errs[rc]; |
186 | } |
187 | failf(conn->data, "LDAP local: %s" , msg); |
188 | return status; |
189 | } |
190 | proto = ldap_pvt_url_scheme2proto(lud->lud_scheme); |
191 | ldap_free_urldesc(lud); |
192 | |
193 | li = calloc(1, sizeof(struct ldapconninfo)); |
194 | if(!li) |
195 | return CURLE_OUT_OF_MEMORY; |
196 | li->proto = proto; |
197 | conn->proto.ldapc = li; |
198 | connkeep(conn, "OpenLDAP default" ); |
199 | return CURLE_OK; |
200 | } |
201 | |
202 | #ifdef USE_SSL |
203 | static Sockbuf_IO ldapsb_tls; |
204 | #endif |
205 | |
206 | static CURLcode ldap_connect(struct connectdata *conn, bool *done) |
207 | { |
208 | struct ldapconninfo *li = conn->proto.ldapc; |
209 | struct Curl_easy *data = conn->data; |
210 | int rc, proto = LDAP_VERSION3; |
211 | char hosturl[1024]; |
212 | char *ptr; |
213 | |
214 | (void)done; |
215 | |
216 | strcpy(hosturl, "ldap" ); |
217 | ptr = hosturl + 4; |
218 | if(conn->handler->flags & PROTOPT_SSL) |
219 | *ptr++ = 's'; |
220 | msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d" , |
221 | conn->host.name, conn->remote_port); |
222 | |
223 | #ifdef CURL_OPENLDAP_DEBUG |
224 | static int do_trace = 0; |
225 | const char *env = getenv("CURL_OPENLDAP_TRACE" ); |
226 | do_trace = (env && strtol(env, NULL, 10) > 0); |
227 | if(do_trace) { |
228 | ldap_set_option(li->ld, LDAP_OPT_DEBUG_LEVEL, &do_trace); |
229 | } |
230 | #endif |
231 | |
232 | rc = ldap_init_fd(conn->sock[FIRSTSOCKET], li->proto, hosturl, &li->ld); |
233 | if(rc) { |
234 | failf(data, "LDAP local: Cannot connect to %s, %s" , |
235 | hosturl, ldap_err2string(rc)); |
236 | return CURLE_COULDNT_CONNECT; |
237 | } |
238 | |
239 | ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto); |
240 | |
241 | #ifdef USE_SSL |
242 | if(conn->handler->flags & PROTOPT_SSL) { |
243 | CURLcode result; |
244 | result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &li->ssldone); |
245 | if(result) |
246 | return result; |
247 | } |
248 | #endif |
249 | |
250 | return CURLE_OK; |
251 | } |
252 | |
253 | static CURLcode ldap_connecting(struct connectdata *conn, bool *done) |
254 | { |
255 | struct ldapconninfo *li = conn->proto.ldapc; |
256 | struct Curl_easy *data = conn->data; |
257 | LDAPMessage *msg = NULL; |
258 | struct timeval tv = {0, 1}, *tvp; |
259 | int rc, err; |
260 | char *info = NULL; |
261 | |
262 | #ifdef USE_SSL |
263 | if(conn->handler->flags & PROTOPT_SSL) { |
264 | /* Is the SSL handshake complete yet? */ |
265 | if(!li->ssldone) { |
266 | CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, |
267 | &li->ssldone); |
268 | if(result || !li->ssldone) |
269 | return result; |
270 | } |
271 | |
272 | /* Have we installed the libcurl SSL handlers into the sockbuf yet? */ |
273 | if(!li->sslinst) { |
274 | Sockbuf *sb; |
275 | ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); |
276 | ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, conn); |
277 | li->sslinst = TRUE; |
278 | li->recv = conn->recv[FIRSTSOCKET]; |
279 | li->send = conn->send[FIRSTSOCKET]; |
280 | } |
281 | } |
282 | #endif |
283 | |
284 | tvp = &tv; |
285 | |
286 | retry: |
287 | if(!li->didbind) { |
288 | char *binddn; |
289 | struct berval passwd; |
290 | |
291 | if(conn->bits.user_passwd) { |
292 | binddn = conn->user; |
293 | passwd.bv_val = conn->passwd; |
294 | passwd.bv_len = strlen(passwd.bv_val); |
295 | } |
296 | else { |
297 | binddn = NULL; |
298 | passwd.bv_val = NULL; |
299 | passwd.bv_len = 0; |
300 | } |
301 | rc = ldap_sasl_bind(li->ld, binddn, LDAP_SASL_SIMPLE, &passwd, |
302 | NULL, NULL, &li->msgid); |
303 | if(rc) |
304 | return CURLE_LDAP_CANNOT_BIND; |
305 | li->didbind = TRUE; |
306 | if(tvp) |
307 | return CURLE_OK; |
308 | } |
309 | |
310 | rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, tvp, &msg); |
311 | if(rc < 0) { |
312 | failf(data, "LDAP local: bind ldap_result %s" , ldap_err2string(rc)); |
313 | return CURLE_LDAP_CANNOT_BIND; |
314 | } |
315 | if(rc == 0) { |
316 | /* timed out */ |
317 | return CURLE_OK; |
318 | } |
319 | |
320 | rc = ldap_parse_result(li->ld, msg, &err, NULL, &info, NULL, NULL, 1); |
321 | if(rc) { |
322 | failf(data, "LDAP local: bind ldap_parse_result %s" , ldap_err2string(rc)); |
323 | return CURLE_LDAP_CANNOT_BIND; |
324 | } |
325 | |
326 | /* Try to fallback to LDAPv2? */ |
327 | if(err == LDAP_PROTOCOL_ERROR) { |
328 | int proto; |
329 | ldap_get_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto); |
330 | if(proto == LDAP_VERSION3) { |
331 | if(info) { |
332 | ldap_memfree(info); |
333 | info = NULL; |
334 | } |
335 | proto = LDAP_VERSION2; |
336 | ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto); |
337 | li->didbind = FALSE; |
338 | goto retry; |
339 | } |
340 | } |
341 | |
342 | if(err) { |
343 | failf(data, "LDAP remote: bind failed %s %s" , ldap_err2string(rc), |
344 | info ? info : "" ); |
345 | if(info) |
346 | ldap_memfree(info); |
347 | return CURLE_LOGIN_DENIED; |
348 | } |
349 | |
350 | if(info) |
351 | ldap_memfree(info); |
352 | conn->recv[FIRSTSOCKET] = ldap_recv; |
353 | *done = TRUE; |
354 | |
355 | return CURLE_OK; |
356 | } |
357 | |
358 | static CURLcode ldap_disconnect(struct connectdata *conn, bool dead_connection) |
359 | { |
360 | struct ldapconninfo *li = conn->proto.ldapc; |
361 | (void) dead_connection; |
362 | |
363 | if(li) { |
364 | if(li->ld) { |
365 | ldap_unbind_ext(li->ld, NULL, NULL); |
366 | li->ld = NULL; |
367 | } |
368 | conn->proto.ldapc = NULL; |
369 | free(li); |
370 | } |
371 | return CURLE_OK; |
372 | } |
373 | |
374 | static CURLcode ldap_do(struct connectdata *conn, bool *done) |
375 | { |
376 | struct ldapconninfo *li = conn->proto.ldapc; |
377 | ldapreqinfo *lr; |
378 | CURLcode status = CURLE_OK; |
379 | int rc = 0; |
380 | LDAPURLDesc *ludp = NULL; |
381 | int msgid; |
382 | struct Curl_easy *data = conn->data; |
383 | |
384 | connkeep(conn, "OpenLDAP do" ); |
385 | |
386 | infof(data, "LDAP local: %s\n" , data->change.url); |
387 | |
388 | rc = ldap_url_parse(data->change.url, &ludp); |
389 | if(rc != LDAP_URL_SUCCESS) { |
390 | const char *msg = "url parsing problem" ; |
391 | status = CURLE_URL_MALFORMAT; |
392 | if(rc > LDAP_URL_SUCCESS && rc <= LDAP_URL_ERR_BADEXTS) { |
393 | if(rc == LDAP_URL_ERR_MEM) |
394 | status = CURLE_OUT_OF_MEMORY; |
395 | msg = url_errs[rc]; |
396 | } |
397 | failf(conn->data, "LDAP local: %s" , msg); |
398 | return status; |
399 | } |
400 | |
401 | rc = ldap_search_ext(li->ld, ludp->lud_dn, ludp->lud_scope, |
402 | ludp->lud_filter, ludp->lud_attrs, 0, |
403 | NULL, NULL, NULL, 0, &msgid); |
404 | ldap_free_urldesc(ludp); |
405 | if(rc != LDAP_SUCCESS) { |
406 | failf(data, "LDAP local: ldap_search_ext %s" , ldap_err2string(rc)); |
407 | return CURLE_LDAP_SEARCH_FAILED; |
408 | } |
409 | lr = calloc(1, sizeof(ldapreqinfo)); |
410 | if(!lr) |
411 | return CURLE_OUT_OF_MEMORY; |
412 | lr->msgid = msgid; |
413 | data->req.protop = lr; |
414 | Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1); |
415 | *done = TRUE; |
416 | return CURLE_OK; |
417 | } |
418 | |
419 | static CURLcode ldap_done(struct connectdata *conn, CURLcode res, |
420 | bool premature) |
421 | { |
422 | ldapreqinfo *lr = conn->data->req.protop; |
423 | |
424 | (void)res; |
425 | (void)premature; |
426 | |
427 | if(lr) { |
428 | /* if there was a search in progress, abandon it */ |
429 | if(lr->msgid) { |
430 | struct ldapconninfo *li = conn->proto.ldapc; |
431 | ldap_abandon_ext(li->ld, lr->msgid, NULL, NULL); |
432 | lr->msgid = 0; |
433 | } |
434 | conn->data->req.protop = NULL; |
435 | free(lr); |
436 | } |
437 | |
438 | return CURLE_OK; |
439 | } |
440 | |
441 | static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf, |
442 | size_t len, CURLcode *err) |
443 | { |
444 | struct ldapconninfo *li = conn->proto.ldapc; |
445 | struct Curl_easy *data = conn->data; |
446 | ldapreqinfo *lr = data->req.protop; |
447 | int rc, ret; |
448 | LDAPMessage *msg = NULL; |
449 | LDAPMessage *ent; |
450 | BerElement *ber = NULL; |
451 | struct timeval tv = {0, 1}; |
452 | |
453 | (void)len; |
454 | (void)buf; |
455 | (void)sockindex; |
456 | |
457 | rc = ldap_result(li->ld, lr->msgid, LDAP_MSG_RECEIVED, &tv, &msg); |
458 | if(rc < 0) { |
459 | failf(data, "LDAP local: search ldap_result %s" , ldap_err2string(rc)); |
460 | *err = CURLE_RECV_ERROR; |
461 | return -1; |
462 | } |
463 | |
464 | *err = CURLE_AGAIN; |
465 | ret = -1; |
466 | |
467 | /* timed out */ |
468 | if(!msg) |
469 | return ret; |
470 | |
471 | for(ent = ldap_first_message(li->ld, msg); ent; |
472 | ent = ldap_next_message(li->ld, ent)) { |
473 | struct berval bv, *bvals; |
474 | int binary = 0, msgtype; |
475 | CURLcode writeerr; |
476 | |
477 | msgtype = ldap_msgtype(ent); |
478 | if(msgtype == LDAP_RES_SEARCH_RESULT) { |
479 | int code; |
480 | char *info = NULL; |
481 | rc = ldap_parse_result(li->ld, ent, &code, NULL, &info, NULL, NULL, 0); |
482 | if(rc) { |
483 | failf(data, "LDAP local: search ldap_parse_result %s" , |
484 | ldap_err2string(rc)); |
485 | *err = CURLE_LDAP_SEARCH_FAILED; |
486 | } |
487 | else if(code && code != LDAP_SIZELIMIT_EXCEEDED) { |
488 | failf(data, "LDAP remote: search failed %s %s" , ldap_err2string(rc), |
489 | info ? info : "" ); |
490 | *err = CURLE_LDAP_SEARCH_FAILED; |
491 | } |
492 | else { |
493 | /* successful */ |
494 | if(code == LDAP_SIZELIMIT_EXCEEDED) |
495 | infof(data, "There are more than %d entries\n" , lr->nument); |
496 | data->req.size = data->req.bytecount; |
497 | *err = CURLE_OK; |
498 | ret = 0; |
499 | } |
500 | lr->msgid = 0; |
501 | ldap_memfree(info); |
502 | break; |
503 | } |
504 | else if(msgtype != LDAP_RES_SEARCH_ENTRY) |
505 | continue; |
506 | |
507 | lr->nument++; |
508 | rc = ldap_get_dn_ber(li->ld, ent, &ber, &bv); |
509 | if(rc < 0) { |
510 | *err = CURLE_RECV_ERROR; |
511 | return -1; |
512 | } |
513 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: " , 4); |
514 | if(writeerr) { |
515 | *err = writeerr; |
516 | return -1; |
517 | } |
518 | |
519 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val, |
520 | bv.bv_len); |
521 | if(writeerr) { |
522 | *err = writeerr; |
523 | return -1; |
524 | } |
525 | |
526 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n" , 1); |
527 | if(writeerr) { |
528 | *err = writeerr; |
529 | return -1; |
530 | } |
531 | data->req.bytecount += bv.bv_len + 5; |
532 | |
533 | for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals); |
534 | rc == LDAP_SUCCESS; |
535 | rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) { |
536 | int i; |
537 | |
538 | if(bv.bv_val == NULL) |
539 | break; |
540 | |
541 | if(bv.bv_len > 7 && !strncmp(bv.bv_val + bv.bv_len - 7, ";binary" , 7)) |
542 | binary = 1; |
543 | else |
544 | binary = 0; |
545 | |
546 | if(bvals == NULL) { |
547 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t" , 1); |
548 | if(writeerr) { |
549 | *err = writeerr; |
550 | return -1; |
551 | } |
552 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val, |
553 | bv.bv_len); |
554 | if(writeerr) { |
555 | *err = writeerr; |
556 | return -1; |
557 | } |
558 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":\n" , 2); |
559 | if(writeerr) { |
560 | *err = writeerr; |
561 | return -1; |
562 | } |
563 | data->req.bytecount += bv.bv_len + 3; |
564 | continue; |
565 | } |
566 | |
567 | for(i = 0; bvals[i].bv_val != NULL; i++) { |
568 | int binval = 0; |
569 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t" , 1); |
570 | if(writeerr) { |
571 | *err = writeerr; |
572 | return -1; |
573 | } |
574 | |
575 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val, |
576 | bv.bv_len); |
577 | if(writeerr) { |
578 | *err = writeerr; |
579 | return -1; |
580 | } |
581 | |
582 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":" , 1); |
583 | if(writeerr) { |
584 | *err = writeerr; |
585 | return -1; |
586 | } |
587 | data->req.bytecount += bv.bv_len + 2; |
588 | |
589 | if(!binary) { |
590 | /* check for leading or trailing whitespace */ |
591 | if(ISSPACE(bvals[i].bv_val[0]) || |
592 | ISSPACE(bvals[i].bv_val[bvals[i].bv_len-1])) |
593 | binval = 1; |
594 | else { |
595 | /* check for unprintable characters */ |
596 | unsigned int j; |
597 | for(j = 0; j<bvals[i].bv_len; j++) |
598 | if(!ISPRINT(bvals[i].bv_val[j])) { |
599 | binval = 1; |
600 | break; |
601 | } |
602 | } |
603 | } |
604 | if(binary || binval) { |
605 | char *val_b64 = NULL; |
606 | size_t val_b64_sz = 0; |
607 | /* Binary value, encode to base64. */ |
608 | CURLcode error = Curl_base64_encode(data, |
609 | bvals[i].bv_val, |
610 | bvals[i].bv_len, |
611 | &val_b64, |
612 | &val_b64_sz); |
613 | if(error) { |
614 | ber_memfree(bvals); |
615 | ber_free(ber, 0); |
616 | ldap_msgfree(msg); |
617 | *err = error; |
618 | return -1; |
619 | } |
620 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, |
621 | (char *)": " , 2); |
622 | if(writeerr) { |
623 | *err = writeerr; |
624 | return -1; |
625 | } |
626 | |
627 | data->req.bytecount += 2; |
628 | if(val_b64_sz > 0) { |
629 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, |
630 | val_b64_sz); |
631 | if(writeerr) { |
632 | *err = writeerr; |
633 | return -1; |
634 | } |
635 | free(val_b64); |
636 | data->req.bytecount += val_b64_sz; |
637 | } |
638 | } |
639 | else { |
640 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)" " , 1); |
641 | if(writeerr) { |
642 | *err = writeerr; |
643 | return -1; |
644 | } |
645 | |
646 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, bvals[i].bv_val, |
647 | bvals[i].bv_len); |
648 | if(writeerr) { |
649 | *err = writeerr; |
650 | return -1; |
651 | } |
652 | |
653 | data->req.bytecount += bvals[i].bv_len + 1; |
654 | } |
655 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n" , 0); |
656 | if(writeerr) { |
657 | *err = writeerr; |
658 | return -1; |
659 | } |
660 | |
661 | data->req.bytecount++; |
662 | } |
663 | ber_memfree(bvals); |
664 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n" , 0); |
665 | if(writeerr) { |
666 | *err = writeerr; |
667 | return -1; |
668 | } |
669 | data->req.bytecount++; |
670 | } |
671 | writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n" , 0); |
672 | if(writeerr) { |
673 | *err = writeerr; |
674 | return -1; |
675 | } |
676 | data->req.bytecount++; |
677 | ber_free(ber, 0); |
678 | } |
679 | ldap_msgfree(msg); |
680 | return ret; |
681 | } |
682 | |
683 | #ifdef USE_SSL |
684 | static int |
685 | ldapsb_tls_setup(Sockbuf_IO_Desc *sbiod, void *arg) |
686 | { |
687 | sbiod->sbiod_pvt = arg; |
688 | return 0; |
689 | } |
690 | |
691 | static int |
692 | ldapsb_tls_remove(Sockbuf_IO_Desc *sbiod) |
693 | { |
694 | sbiod->sbiod_pvt = NULL; |
695 | return 0; |
696 | } |
697 | |
698 | /* We don't need to do anything because libcurl does it already */ |
699 | static int |
700 | ldapsb_tls_close(Sockbuf_IO_Desc *sbiod) |
701 | { |
702 | (void)sbiod; |
703 | return 0; |
704 | } |
705 | |
706 | static int |
707 | ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg) |
708 | { |
709 | (void)arg; |
710 | if(opt == LBER_SB_OPT_DATA_READY) { |
711 | struct connectdata *conn = sbiod->sbiod_pvt; |
712 | return Curl_ssl_data_pending(conn, FIRSTSOCKET); |
713 | } |
714 | return 0; |
715 | } |
716 | |
717 | static ber_slen_t |
718 | ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) |
719 | { |
720 | struct connectdata *conn = sbiod->sbiod_pvt; |
721 | struct ldapconninfo *li = conn->proto.ldapc; |
722 | ber_slen_t ret; |
723 | CURLcode err = CURLE_RECV_ERROR; |
724 | |
725 | ret = (li->recv)(conn, FIRSTSOCKET, buf, len, &err); |
726 | if(ret < 0 && err == CURLE_AGAIN) { |
727 | SET_SOCKERRNO(EWOULDBLOCK); |
728 | } |
729 | return ret; |
730 | } |
731 | |
732 | static ber_slen_t |
733 | ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) |
734 | { |
735 | struct connectdata *conn = sbiod->sbiod_pvt; |
736 | struct ldapconninfo *li = conn->proto.ldapc; |
737 | ber_slen_t ret; |
738 | CURLcode err = CURLE_SEND_ERROR; |
739 | |
740 | ret = (li->send)(conn, FIRSTSOCKET, buf, len, &err); |
741 | if(ret < 0 && err == CURLE_AGAIN) { |
742 | SET_SOCKERRNO(EWOULDBLOCK); |
743 | } |
744 | return ret; |
745 | } |
746 | |
747 | static Sockbuf_IO ldapsb_tls = |
748 | { |
749 | ldapsb_tls_setup, |
750 | ldapsb_tls_remove, |
751 | ldapsb_tls_ctrl, |
752 | ldapsb_tls_read, |
753 | ldapsb_tls_write, |
754 | ldapsb_tls_close |
755 | }; |
756 | #endif /* USE_SSL */ |
757 | |
758 | #endif /* !CURL_DISABLE_LDAP && USE_OPENLDAP */ |
759 | |