The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Functions | Variables
util.c File Reference

Utility functions to escape and parse DNs. More...

#include <freeradius-devel/ldap/base.h>
#include <freeradius-devel/util/base16.h>
#include <stdarg.h>
#include <ctype.h>
+ Include dependency graph for util.c:

Go to the source code of this file.

Functions

int fr_ldap_attrs_check (char const **attrs, char const *attr)
 Check that a particular attribute is included in an attribute list. More...
 
uint8_tfr_ldap_berval_to_bin (TALLOC_CTX *ctx, struct berval const *in)
 Convert a berval to a talloced buffer. More...
 
char * fr_ldap_berval_to_string (TALLOC_CTX *ctx, struct berval const *in)
 Convert a berval to a talloced string. More...
 
int fr_ldap_box_escape (fr_value_box_t *vb, UNUSED void *uctx)
 
size_t fr_ldap_common_dn (char const *full, char const *part)
 Find the place at which the two DN strings diverge. More...
 
int fr_ldap_filter_to_tmpl (TALLOC_CTX *ctx, tmpl_rules_t const *t_rules, char const **sub, size_t sublen, tmpl_t **out)
 Combine filters and tokenize to a tmpl. More...
 
int fr_ldap_parse_url_extensions (LDAPControl **sss, size_t sss_len, char *extensions[])
 Parse a subset (just server side sort for now) of LDAP URL extensions. More...
 
int fr_ldap_server_config_check (fr_ldap_config_t *handle_config, char const *server, CONF_SECTION *cs)
 Check an LDAP server config in server:port format is valid. More...
 
int fr_ldap_server_url_check (fr_ldap_config_t *handle_config, char const *server, CONF_SECTION const *cs)
 Check an LDAP server entry in URL format is valid. More...
 
size_t fr_ldap_uri_escape_func (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg)
 Converts "bad" strings into ones which are safe for LDAP. More...
 
size_t fr_ldap_uri_unescape_func (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg)
 Converts escaped DNs and filter strings into normal. More...
 
char const * fr_ldap_url_err_to_str (int ldap_url_err)
 Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror() More...
 
bool fr_ldap_util_is_dn (char const *in, size_t inlen)
 Check whether a string looks like a DN. More...
 
size_t fr_ldap_util_normalise_dn (char *out, char const *in)
 Normalise escape sequences in a DN. More...
 

Variables

static const bool escapes [UINT8_MAX+1]
 
static const char hextab [] = "0123456789abcdef"
 
static USES_APPLE_DEPRECATED_API const char specials [] = ",+\"\<>;*=()"
 

Detailed Description

Utility functions to escape and parse DNs.

Id
9eb629a2fd782018dad9fbf70467a9dc29a9a742
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Copyright
2017 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
2017 The FreeRADIUS Server Project.

Definition in file util.c.

Function Documentation

◆ fr_ldap_attrs_check()

int fr_ldap_attrs_check ( char const **  attrs,
char const *  attr 
)

Check that a particular attribute is included in an attribute list.

Parameters
[in]attrslist to check
[in]attrto look for
Returns
  • 1 if attr is in list
  • 0 if attr is missing
  • -1 if checks not possible

Definition at line 579 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_bin()

uint8_t* fr_ldap_berval_to_bin ( TALLOC_CTX *  ctx,
struct berval const *  in 
)

Convert a berval to a talloced buffer.

Parameters
ctxto allocate in.
inBerval to copy.
Returns
buffer containing in->bv_val.

Definition at line 409 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_berval_to_string()

char* fr_ldap_berval_to_string ( TALLOC_CTX *  ctx,
struct berval const *  in 
)

Convert a berval to a talloced string.

The ldap_get_values function is deprecated, and ldap_get_values_len does not guarantee the berval buffers it returns are \0 terminated.

For some cases this is fine, for others we require a \0 terminated buffer (feeding DNs back into libldap for example).

Parameters
ctxto allocate in.
inBerval to copy.
Returns
\0 terminated buffer containing in->bv_val.

Definition at line 390 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_box_escape()

int fr_ldap_box_escape ( fr_value_box_t vb,
UNUSED void *  uctx 
)

Definition at line 110 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_common_dn()

size_t fr_ldap_common_dn ( char const *  full,
char const *  part 
)

Find the place at which the two DN strings diverge.

Returns the length of the non matching string in full.

Parameters
fullDN.
partPartial DN as returned by ldap_parse_result.
Returns
  • Length of the portion of full which wasn't matched
  • -1 on failure.

Definition at line 488 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_filter_to_tmpl()

int fr_ldap_filter_to_tmpl ( TALLOC_CTX *  ctx,
tmpl_rules_t const *  t_rules,
char const **  sub,
size_t  sublen,
tmpl_t **  out 
)

Combine filters and tokenize to a tmpl.

Parameters
ctxTo allocate combined filter in
t_rulesRules for parsing combined filter.
subArray of subfilters (may contain NULLs).
sublenNumber of potential subfilters in array.
outWhere to write a pointer to the resulting tmpl.
Returns
length of combined data.

Definition at line 517 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_parse_url_extensions()

int fr_ldap_parse_url_extensions ( LDAPControl **  sss,
size_t  sss_len,
char *  extensions[] 
)

Parse a subset (just server side sort for now) of LDAP URL extensions.

Parameters
[out]sssArray of LDAPControl * pointers to add controls to.
[in]sss_lenHow many elements remain in the sss array.
[in]extensionsA NULL terminated array of extensions.
Returns
  • >0 the number of controls added.
  • 0 if no controls added.
  • -1 on failure.

Definition at line 309 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_server_config_check()

int fr_ldap_server_config_check ( fr_ldap_config_t handle_config,
char const *  server,
CONF_SECTION cs 
)

Check an LDAP server config in server:port format is valid.

Parameters
[in,out]handle_configLDAP handle config being built
[in]serverstring to parse
[in]csin which the server is defined
Returns
  • 0 for valid server definition
  • -1 for invalid server definition

Definition at line 699 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_server_url_check()

int fr_ldap_server_url_check ( fr_ldap_config_t handle_config,
char const *  server,
CONF_SECTION const *  cs 
)

Check an LDAP server entry in URL format is valid.

Parameters
[in,out]handle_configLDAP handle config being built
[in]serverstring to parse
[in]csin which the server is defined
Returns
  • 0 for valid server definition
  • -1 for invalid server definition

Definition at line 605 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_uri_escape_func()

size_t fr_ldap_uri_escape_func ( UNUSED request_t request,
char *  out,
size_t  outlen,
char const *  in,
UNUSED void *  arg 
)

Converts "bad" strings into ones which are safe for LDAP.

Note
RFC 4515 says filter strings can only use the
\<hex><hex>
format, whereas RFC 4514 indicates that some chars in DNs, may be escaped simply with a backslash. For simplicity, we always use the hex escape sequences. In other areas where we're doing DN comparison, the DNs need to be normalised first so that they both use only hex escape sequences.
This is a callback for xlat operations.

Will escape any characters in input strings that would cause the string to be interpreted as part of a DN and or filter. Escape sequence is

\<hex><hex>

.

Parameters
requestThe current request.
outPointer to output buffer.
outlenSize of the output buffer.
inRaw unescaped string.
argAny additional arguments (unused).

Definition at line 70 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_uri_unescape_func()

size_t fr_ldap_uri_unescape_func ( UNUSED request_t request,
char *  out,
size_t  outlen,
char const *  in,
UNUSED void *  arg 
)

Converts escaped DNs and filter strings into normal.

Note
RFC 4515 says filter strings can only use the
\<hex><hex>
format, whereas RFC 4514 indicates that some chars in DNs, may be escaped simply with a backslash..

Will unescape any special characters in strings, or

\<hex><hex>

sequences.

Parameters
requestThe current request.
outPointer to output buffer.
outlenSize of the output buffer.
inEscaped string string.
argAny additional arguments (unused).

Definition at line 164 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_url_err_to_str()

char const* fr_ldap_url_err_to_str ( int  ldap_url_err)

Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror()

Parameters
[in]ldap_url_errThe error code returned

Definition at line 740 of file util.c.

+ Here is the caller graph for this function:

◆ fr_ldap_util_is_dn()

bool fr_ldap_util_is_dn ( char const *  in,
size_t  inlen 
)

Check whether a string looks like a DN.

Parameters
[in]inStr to check.
[in]inlenLength of string to check.
Returns
  • true if string looks like a DN.
  • false if string does not look like DN.

Definition at line 211 of file util.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_ldap_util_normalise_dn()

size_t fr_ldap_util_normalise_dn ( char *  out,
char const *  in 
)

Normalise escape sequences in a DN.

Characters in a DN can either be escaped as 

\<hex><hex>

or

\<special>

The LDAP directory chooses how characters are escaped, which can make local comparisons of DNs difficult.

Here we search for hex sequences that match special chars, and convert them to the

\<special>

form.

Note
the resulting output string will only ever be shorter than the input, so it's fine to use the same buffer for both out and in.
Parameters
outWhere to write the normalised DN.
inThe input DN.
Returns
The number of bytes written to out.

Definition at line 439 of file util.c.

+ Here is the caller graph for this function:

Variable Documentation

◆ escapes

const bool escapes[UINT8_MAX+1]
static
Initial value:
= {
[' '] = true,
['#'] = true,
['='] = true,
['"'] = true,
['+'] = true,
[','] = true,
[';'] = true,
['<'] = true,
['>'] = true,
['\''] = true
}

Definition at line 38 of file util.c.

◆ hextab

const char hextab[] = "0123456789abcdef"
static

Definition at line 37 of file util.c.

◆ specials

USES_APPLE_DEPRECATED_API const char specials[] = ",+\"\<>;*=()"
static

Definition at line 36 of file util.c.

Generated by   doxygen 1.9.1