Utility functions to escape and parse DNs. More...

#include <freeradius-devel/ldap/base.h>
#include <freeradius-devel/util/base16.h>
#include <freeradius-devel/util/value.h>
#include <stdarg.h>

Include dependency graph for util.c:

Go to the source code of this file.

Functions
int	fr_ldap_attrs_check (char const *attrs, char const attr)
	Check that a particular attribute is included in an attribute list.

uint8_t *	fr_ldap_berval_to_bin (TALLOC_CTX ctx, struct berval const in)
	Convert a berval to a talloced buffer.

char *	fr_ldap_berval_to_string (TALLOC_CTX ctx, struct berval const in)
	Convert a berval to a talloced string.

size_t	fr_ldap_common_dn (char const full, char const part)
	Find the place at which the two DN strings diverge.

int	fr_ldap_dn_box_escape (fr_value_box_t vb, UNUSED void uctx)

size_t	fr_ldap_dn_escape_func (UNUSED request_t request, char out, size_t outlen, char const in, UNUSED void arg)
	Escape a string for use as an RFC 4514 DN attribute value.

void	fr_ldap_entry_dump (LDAPMessage *entry)
	Dump out the contents of an LDAPMessage.

int	fr_ldap_filter_box_escape (fr_value_box_t vb, UNUSED void uctx)

size_t	fr_ldap_filter_escape_func (UNUSED request_t request, char out, size_t outlen, char const in, UNUSED void arg)
	Escape a string for use as an RFC 4515 filter assertion value.

int	fr_ldap_filter_to_tmpl (TALLOC_CTX ctx, tmpl_rules_t const t_rules, char const sub, size_t sublen, tmpl_t out)
	Combine filters and tokenize to a tmpl.

int	fr_ldap_parse_url_extensions (LDAPControl *sss, size_t sss_len, char extensions[])
	Parse a subset (just server side sort and virtual list view for now) of LDAP URL extensions.

int	fr_ldap_server_config_check (fr_ldap_config_t handle_config, char const server, CONF_SECTION *cs)
	Check an LDAP server config in server:port format is valid.

int	fr_ldap_server_url_check (fr_ldap_config_t handle_config, char const server, CONF_SECTION const *cs)
	Check an LDAP server entry in URL format is valid.

size_t	fr_ldap_uri_unescape_func (UNUSED request_t request, char out, size_t outlen, char const in, UNUSED void arg)
	Converts escaped DNs and filter strings into normal.

char const *	fr_ldap_url_err_to_str (int ldap_url_err)
	Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror()

bool	fr_ldap_util_is_dn (char const *in, size_t inlen)
	Check whether a string looks like a DN.

size_t	fr_ldap_util_normalise_dn (char out, char const in)
	Normalise escape sequences in a DN.

Variables
static USES_APPLE_DEPRECATED_API const char	dn_specials [] = ",+\"\<>;*=()"

static const bool	escapes [SBUFF_CHAR_CLASS]

static const char	filter_specials [] = "*()\\"

static const char	hextab [] = "0123456789abcdef"

Detailed Description

Utility functions to escape and parse DNs.

Id: 276aad16deac022122c515734cba4faf627f1de9

Author: Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Copyright: 2017 Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg); 2017 The FreeRADIUS Server Project.

Definition in file util.c.

Function Documentation

◆ fr_ldap_attrs_check()

int fr_ldap_attrs_check	(	char const **	attrs,
		char const *	attr
	)

Check that a particular attribute is included in an attribute list.

Parameters

[in]	attrs	list to check
[in]	attr	to look for

Returns

1 if attr is in list
0 if attr is missing
-1 if checks not possible

Definition at line 700 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_berval_to_bin()

uint8_t * fr_ldap_berval_to_bin	(	TALLOC_CTX *	ctx,
		struct berval const *	in
	)

Convert a berval to a talloced buffer.

Parameters

ctx	to allocate in.
in	Berval to copy.

Returns: buffer containing in->bv_val.

Definition at line 530 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_berval_to_string()

char * fr_ldap_berval_to_string	(	TALLOC_CTX *	ctx,
		struct berval const *	in
	)

Convert a berval to a talloced string.

The ldap_get_values function is deprecated, and ldap_get_values_len does not guarantee the berval buffers it returns are \0 terminated.

For some cases this is fine, for others we require a \0 terminated buffer (feeding DNs back into libldap for example).

Parameters

ctx	to allocate in.
in	Berval to copy.

Returns: \0 terminated buffer containing in->bv_val.

Definition at line 511 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_common_dn()

size_t fr_ldap_common_dn	(	char const *	full,
		char const *	part
	)

Find the place at which the two DN strings diverge.

Returns the length of the non matching string in full.

Parameters

full	DN.
part	Partial DN as returned by ldap_parse_result.

Returns

Length of the portion of full which wasn't matched
-1 on failure.

Definition at line 609 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_dn_box_escape()

int fr_ldap_dn_box_escape	(	fr_value_box_t *	vb,
		UNUSED void *	uctx
	)

Definition at line 109 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_dn_escape_func()

size_t fr_ldap_dn_escape_func	(	UNUSED request_t *	request,
		char *	out,
		size_t	outlen,
		char const *	in,
		UNUSED void *	arg
	)

Escape a string for use as an RFC 4514 DN attribute value.

Escapes characters that have special meaning in DNs. Leading space and '#' are also escaped as required by RFC 4514. Escape sequence is

\<hex><hex>

.

Parameters

request	The current request.
out	Pointer to output buffer.
outlen	Size of the output buffer.
in	Raw unescaped string.
arg	Any additional arguments (unused).

Definition at line 69 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_entry_dump()

void fr_ldap_entry_dump ( LDAPMessage * entry )

Dump out the contents of an LDAPMessage.

Intended to be called from a debugger.

Parameters

[in] entry LDAPMessage to dump.

Definition at line 910 of file util.c.

Here is the call graph for this function:

◆ fr_ldap_filter_box_escape()

int fr_ldap_filter_box_escape	(	fr_value_box_t *	vb,
		UNUSED void *	uctx
	)

Definition at line 183 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_filter_escape_func()

size_t fr_ldap_filter_escape_func	(	UNUSED request_t *	request,
		char *	out,
		size_t	outlen,
		char const *	in,
		UNUSED void *	arg
	)

Escape a string for use as an RFC 4515 filter assertion value.

Escapes only the characters that MUST be escaped in filter assertion values per RFC 4515: '*', '(', ')', '\'. Other characters (including ',', '+', '=') must NOT be escaped – some LDAP implementations do not decode non-required \HH sequences in assertion values and will fail to match. Escape sequence is

\<hex><hex>

.

Parameters

request	The current request.
out	Pointer to output buffer.
outlen	Size of the output buffer.
in	Raw unescaped string.
arg	Any additional arguments (unused).

Definition at line 155 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_filter_to_tmpl()

int fr_ldap_filter_to_tmpl	(	TALLOC_CTX *	ctx,
		tmpl_rules_t const *	t_rules,
		char const **	sub,
		size_t	sublen,
		tmpl_t **	out
	)

Combine filters and tokenize to a tmpl.

Parameters

ctx	To allocate combined filter in
t_rules	Rules for parsing combined filter.
sub	Array of subfilters (may contain NULLs).
sublen	Number of potential subfilters in array.
out	Where to write a pointer to the resulting tmpl.

Returns: length of combined data.

Definition at line 638 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_parse_url_extensions()

int fr_ldap_parse_url_extensions	(	LDAPControl **	sss,
		size_t	sss_len,
		char *	extensions[]
	)

Parse a subset (just server side sort and virtual list view for now) of LDAP URL extensions.

Parameters

[out]	sss	Array of LDAPControl * pointers to add controls to.
[in]	sss_len	How many elements remain in the sss array.
[in]	extensions	A NULL terminated array of extensions.

Returns

>0 the number of controls added.
0 if no controls added.
-1 on failure.

Definition at line 372 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_server_config_check()

int fr_ldap_server_config_check	(	fr_ldap_config_t *	handle_config,
		char const *	server,
		CONF_SECTION *	cs
	)

Check an LDAP server config in server:port format is valid.

Parameters

[in,out]	handle_config	LDAP handle config being built
[in]	server	string to parse
[in]	cs	in which the server is defined

Returns

0 for valid server definition
-1 for invalid server definition

Definition at line 822 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_server_url_check()

int fr_ldap_server_url_check	(	fr_ldap_config_t *	handle_config,
		char const *	server,
		CONF_SECTION const *	cs
	)

Check an LDAP server entry in URL format is valid.

Parameters

[in,out]	handle_config	LDAP handle config being built
[in]	server	string to parse
[in]	cs	in which the server is defined

Returns

0 for valid server definition
-1 for invalid server definition

Definition at line 726 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_uri_unescape_func()

size_t fr_ldap_uri_unescape_func	(	UNUSED request_t *	request,
		char *	out,
		size_t	outlen,
		char const *	in,
		UNUSED void *	arg
	)

Converts escaped DNs and filter strings into normal.

Note

RFC 4515 says filter strings can only use the

\<hex><hex>

format, whereas RFC 4514 indicates that some chars in DNs, may be escaped simply with a backslash..

Will unescape any special characters in strings, or

\<hex><hex>

sequences.

Parameters

request	The current request.
out	Pointer to output buffer.
outlen	Size of the output buffer.
in	Escaped string string.
arg	Any additional arguments (unused).

Definition at line 227 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_url_err_to_str()

char const * fr_ldap_url_err_to_str ( int ldap_url_err )

Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_strerror()

Parameters

[in] ldap_url_err The error code returned

Definition at line 863 of file util.c.

Here is the caller graph for this function:

◆ fr_ldap_util_is_dn()

bool fr_ldap_util_is_dn	(	char const *	in,
		size_t	inlen
	)

Check whether a string looks like a DN.

Parameters

[in]	in	Str to check.
[in]	inlen	Length of string to check.

Returns

true if string looks like a DN.
false if string does not look like DN.

Definition at line 274 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_ldap_util_normalise_dn()

size_t fr_ldap_util_normalise_dn	(	char *	out,
		char const *	in
	)

Normalise escape sequences in a DN.

Characters in a DN can either be escaped as

\<hex><hex>

or

\<special>

The LDAP directory chooses how characters are escaped, which can make local comparisons of DNs difficult.

Here we search for hex sequences that match special chars, and convert them to the

\<special>

form.

Note: the resulting output string will only ever be shorter than the input, so it's fine to use the same buffer for both out and in.

Parameters

out	Where to write the normalised DN.
in	The input DN.

Returns: The number of bytes written to out.

Definition at line 560 of file util.c.

Here is the caller graph for this function:

Variable Documentation

◆ dn_specials

USES_APPLE_DEPRECATED_API const char dn_specials[] = ",+\"\<>;*=()"

static

Definition at line 38 of file util.c.

◆ escapes

const bool escapes[SBUFF_CHAR_CLASS]

static

Initial value:

= {
        [' '] = true,
        ['#'] = true,
        ['='] = true,
        ['"'] = true,
        ['+'] = true,
        [','] = true,
        [';'] = true,
        ['<'] = true,
        ['>'] = true,
        ['\''] = true
}

Definition at line 40 of file util.c.

◆ filter_specials

const char filter_specials[] = "*()\\"

static

Definition at line 54 of file util.c.

◆ hextab

const char hextab[] = "0123456789abcdef"

static

Definition at line 39 of file util.c.

Functions

Variables

Detailed Description

Function Documentation

◆ fr_ldap_attrs_check()

◆ fr_ldap_berval_to_bin()

◆ fr_ldap_berval_to_string()

◆ fr_ldap_common_dn()

◆ fr_ldap_dn_box_escape()

◆ fr_ldap_dn_escape_func()

◆ fr_ldap_entry_dump()

◆ fr_ldap_filter_box_escape()

◆ fr_ldap_filter_escape_func()

◆ fr_ldap_filter_to_tmpl()

◆ fr_ldap_parse_url_extensions()

◆ fr_ldap_server_config_check()

◆ fr_ldap_server_url_check()

◆ fr_ldap_uri_unescape_func()

◆ fr_ldap_url_err_to_str()

◆ fr_ldap_util_is_dn()

◆ fr_ldap_util_normalise_dn()

Variable Documentation

◆ dn_specials

◆ escapes

◆ filter_specials

◆ hextab