26RCSID(
"$Id: 7bdabe8117965e7890e17b0fdd4d4fff228c1f00 $")
30#include <freeradius-devel/ldap/base.h>
31#include <freeradius-devel/util/base16.h>
37static const char hextab[] =
"0123456789abcdef";
107 return outlen - left;
122 if (!fr_sbuff_init_talloc(vb, &sbuff, &sbuff_ctx, vb->vb_length * 3, vb->vb_length * 3)) {
132 if (len == vb->vb_length) {
161 size_t freespace = outlen;
163 if (outlen <= 1)
return 0;
166 while (*p && (--freespace > 0)) {
182 if (!(c1 = memchr(
hextab, tolower(p[0]), 16)) ||
183 !(c2 = memchr(
hextab, tolower(p[1]), 16)))
goto next;
192 return outlen - freespace;
209 bool too_soon =
true;
221 if (
inlen < 2)
return false;
244 if (
inlen < 3)
return false;
263 if (too_soon || (*p != want))
return false;
269 if (too_soon || (*p != want))
return false;
287 if (too_soon || (
comp < 2))
return false;
304 LDAPControl **sss_p = sss, **sss_end = sss_p + sss_len;
315 for (i = 0; extensions[i]; i++) {
317 bool is_critical =
false;
319 if (sss_p == sss_end) {
336 "in the format \"[!]sss=<key>[,key]\"");
340 if (*s) ldap_control_free(*s);
347 if (ret != LDAP_SUCCESS) {
353 if (*sss_p) ldap_control_free(*sss_p);
356 ldap_free_sort_keylist(keys);
357 if (ret != LDAP_SUCCESS) {
359 ldap_err2string(ret));
370 struct berval attr_value;
376 "in the format \"[!]vlv=<before>/<after>(/<offset>/<count>|:<value>)");
380 vlvinfo.ldvlv_context = NULL;
382 if (
fr_sbuff_out(NULL, &ext_value, &sbuff) <= 0)
goto vlv_error;
384 vlvinfo.ldvlv_before_count = ext_value;
386 if (
fr_sbuff_out(NULL, &ext_value, &sbuff) <= 0)
goto vlv_error;
387 vlvinfo.ldvlv_after_count = ext_value;
392 vlvinfo.ldvlv_attrvalue = NULL;
394 if (
fr_sbuff_out(NULL, &ext_value, &sbuff) <= 0)
goto vlv_error;
396 vlvinfo.ldvlv_offset = ext_value;
398 if (
fr_sbuff_out(NULL, &ext_value, &sbuff) <= 0)
goto vlv_error;
399 vlvinfo.ldvlv_count = ext_value;
405 vlvinfo.ldvlv_attrvalue = &attr_value;
411 if (ret != LDAP_SUCCESS) {
413 ldap_err2string(ret));
426 return (sss_end - sss_p);
445 out = talloc_array(ctx,
char,
in->bv_len + 1);
446 if (!
out)
return NULL;
448 memcpy(
out,
in->bv_val,
in->bv_len);
449 out[
in->bv_len] =
'\0';
465 if (!
out)
return NULL;
467 memcpy(
out,
in->bv_val,
in->bv_len);
495 for (p =
in; *p !=
'\0'; p++) {
541 size_t f_len, p_len, i;
543 if (!full)
return -1;
545 f_len = strlen(full);
547 if (!part)
return -1;
549 p_len = strlen(part);
550 if (!p_len)
return f_len;
552 if ((f_len < p_len) || !f_len)
return -1;
554 for (i = 0; i < p_len; i++)
if (part[p_len - i] != full[f_len - i])
return -1;
556 return f_len - p_len;
571 char const *
in = NULL;
582 for (i = 0; i < sublen; i++) {
583 if (sub[i] && *sub[i]) {
586 len += strlen(sub[i]);
596 buffer = talloc_array(ctx,
char, len + 4);
599 for (i = 0; i < sublen; i++) {
600 if (sub[i] && (*sub[i] !=
'\0')) {
634 if (!attr)
return -1;
636 len = talloc_array_length(attrs);
638 for (i = 0; i < len; i++) {
639 if (!attrs[i])
continue;
640 if (
strcasecmp(attrs[i], attr) == 0)
return 1;
658 LDAPURLDesc *ldap_url;
659 bool set_port_maybe =
true;
660 int default_port = LDAP_PORT;
664 if (ldap_url_parse(server, &ldap_url)) {
665 cf_log_err(ci,
"Parsing LDAP URL \"%s\" failed", server);
667 ldap_free_urldesc(ldap_url);
671 if (ldap_url->lud_dn && (ldap_url->lud_dn[0] !=
'\0')) {
672 cf_log_err(ci,
"Base DN cannot be specified via server URL");
676 if (ldap_url->lud_attrs && ldap_url->lud_attrs[0]) {
677 cf_log_err(ci,
"Attribute list cannot be speciried via server URL");
684 if (ldap_url->lud_scope != LDAP_SCOPE_BASE) {
685 cf_log_err(ci,
"Scope cannot be specified via server URL");
688 ldap_url->lud_scope = -1;
695 if ((p = strchr(server,
']')) && (p[1] ==
':')) {
696 set_port_maybe =
false;
697 }
else if ((p = strchr(server,
':')) && (strchr(p+1,
':') != NULL)) {
698 set_port_maybe =
false;
704 if (ldap_url->lud_scheme) {
705 if (strcmp(ldap_url->lud_scheme,
"ldaps") == 0) {
707 cf_log_err(ci,
"ldaps:// scheme is not compatible with 'start_tls'");
710 default_port = LDAPS_PORT;
711 handle_config->
tls_mode = LDAP_OPT_X_TLS_HARD;
712 }
else if (strcmp(ldap_url->lud_scheme,
"ldapi") == 0) {
713 set_port_maybe =
false;
717 if (set_port_maybe) {
721 ldap_url->lud_port = handle_config->
port;
728 if (!ldap_url->lud_port) ldap_url->lud_port = default_port;
731 url = ldap_url_desc2str(ldap_url);
733 cf_log_err(ci,
"Failed recombining URL components");
736 handle_config->
server = talloc_asprintf_append(handle_config->
server,
"%s ", url);
738 ldap_free_urldesc(ldap_url);
759 port = handle_config->
port;
765 if (strchr(server,
'/')) {
769 cf_log_err(ci,
"Invalid 'server' entry, must be in format <server>[:<port>] or "
770 "an ldap URI (ldap|cldap|ldaps|ldapi)://<server>:<port>");
774 p = strrchr(server,
':');
776 port = (int)strtol((p + 1), &q, 10);
777 if ((p == server) || ((p + 1) == q) || (*q !=
'\0'))
goto bad_server_fmt;
780 len = strlen(server);
782 if (port == 0) port = LDAP_PORT;
784 handle_config->
server = talloc_asprintf_append(handle_config->
server,
"ldap://%.*s:%i ",
785 (
int)len, server, port);
795 switch (ldap_url_err) {
796 case LDAP_URL_SUCCESS:
799 case LDAP_URL_ERR_MEM:
802 case LDAP_URL_ERR_PARAM:
803 return "parameter is bad";
805 case LDAP_URL_ERR_BADSCHEME:
806 return "URL doesn't begin with \"[c]ldap[si]://\"";
808 case LDAP_URL_ERR_BADENCLOSURE:
809 return "URL is missing trailing \">\"";
811 case LDAP_URL_ERR_BADURL:
814 case LDAP_URL_ERR_BADHOST:
815 return "host/port is bad";
817 case LDAP_URL_ERR_BADATTRS:
818 return "bad (or missing) attributes";
820 case LDAP_URL_ERR_BADSCOPE:
821 return "scope string is invalid (or missing)";
823 case LDAP_URL_ERR_BADFILTER:
824 return "bad or missing filter";
826 case LDAP_URL_ERR_BADEXTS:
827 return "bad or missing extensions";
830 return "unknown reason";
static int const char char buffer[256]
strcpy(log_entry->msg, buffer)
#define fr_base16_decode(_err, _out, _in, _no_trailing)
#define USES_APPLE_DEPRECATED_API
Common header for all CONF_* types.
A section grouping multiple CONF_PAIR.
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
#define cf_log_err(_cf, _fmt,...)
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
char * server
Initial server to bind to.
bool start_tls
Send the Start TLS message to the LDAP directory to start encrypted communications using the standard...
uint16_t port
Port to use when binding to the server.
Connection configuration.
LDAP * fr_ldap_handle_thread_local(void)
Get a thread local dummy LDAP handle.
char const * fr_ldap_url_err_to_str(int ldap_url_err)
Translate the error code emitted from ldap_url_parse and friends into something accessible with fr_st...
static const char hextab[]
size_t fr_ldap_util_normalise_dn(char *out, char const *in)
Normalise escape sequences in a DN.
size_t fr_ldap_uri_escape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg)
Converts "bad" strings into ones which are safe for LDAP.
bool fr_ldap_util_is_dn(char const *in, size_t inlen)
Check whether a string looks like a DN.
size_t fr_ldap_common_dn(char const *full, char const *part)
Find the place at which the two DN strings diverge.
int fr_ldap_attrs_check(char const **attrs, char const *attr)
Check that a particular attribute is included in an attribute list.
static USES_APPLE_DEPRECATED_API const char specials[]
uint8_t * fr_ldap_berval_to_bin(TALLOC_CTX *ctx, struct berval const *in)
Convert a berval to a talloced buffer.
int fr_ldap_server_url_check(fr_ldap_config_t *handle_config, char const *server, CONF_SECTION const *cs)
Check an LDAP server entry in URL format is valid.
char * fr_ldap_berval_to_string(TALLOC_CTX *ctx, struct berval const *in)
Convert a berval to a talloced string.
int fr_ldap_box_escape(fr_value_box_t *vb, UNUSED void *uctx)
int fr_ldap_server_config_check(fr_ldap_config_t *handle_config, char const *server, CONF_SECTION *cs)
Check an LDAP server config in server:port format is valid.
size_t fr_ldap_uri_unescape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg)
Converts escaped DNs and filter strings into normal.
static const bool escapes[UINT8_MAX+1]
int fr_ldap_parse_url_extensions(LDAPControl **sss, size_t sss_len, char *extensions[])
Parse a subset (just server side sort and virtual list view for now) of LDAP URL extensions.
int fr_ldap_filter_to_tmpl(TALLOC_CTX *ctx, tmpl_rules_t const *t_rules, char const **sub, size_t sublen, tmpl_t **out)
Combine filters and tokenize to a tmpl.
#define EMARKER(_str, _marker_idx, _marker)
@ FR_TYPE_STRING
String of printable characters.
int strcasecmp(char *s1, char *s2)
static int encode(bio_handle_t *h, request_t *request, bio_request_t *u, uint8_t id)
static int8_t comp(void const *a, void const *b)
int fr_sbuff_trim_talloc(fr_sbuff_t *sbuff, size_t len)
Trim a talloced sbuff to the minimum length required to represent the contained string.
size_t fr_sbuff_adv_past_str(fr_sbuff_t *sbuff, char const *needle, size_t needle_len)
Return true and advance past the end of the needle if needle occurs next in the sbuff.
bool fr_sbuff_next_if_char(fr_sbuff_t *sbuff, char c)
Return true if the current char matches, and if it does, advance.
#define FR_SBUFF_IN(_start, _len_or_end)
#define fr_sbuff_current(_sbuff_or_marker)
#define fr_sbuff_buff(_sbuff_or_marker)
#define fr_sbuff_out(_err, _out, _in)
#define fr_sbuff_remaining(_sbuff_or_marker)
Talloc sbuff extension structure.
ssize_t tmpl_afrom_substr(TALLOC_CTX *ctx, tmpl_t **out, fr_sbuff_t *in, fr_token_t quote, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules))
Convert an arbitrary string into a tmpl_t.
Optional arguments passed to vp_tmpl functions.
char const * fr_strerror(void)
Get the last library error.
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
#define fr_strerror_const(_msg)
int fr_value_box_cast_in_place(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv)
Convert one type of fr_value_box_t to another in place.
void fr_value_box_strdup_shallow_replace(fr_value_box_t *vb, char const *src, ssize_t len)
Free the existing buffer (if talloced) associated with the valuebox, and replace it with a new one.
#define fr_value_box_is_safe_for(_box, _safe_for)
static size_t char fr_sbuff_t size_t inlen
static size_t char ** out