Lines Matching +full:multi +full:- +full:attr
2 * Copyright (c) 2001-2009 Proofpoint, Inc. and its suppliers.
14 SM_RCSID("@(#)$Id: ldap.c,v 1.86 2013-11-22 20:51:43 ca Exp $")
34 "@(#)$Debug: sm_trace_ldap - trace LDAP operations $");
42 ** SM_LDAP_CLEAR -- set default values for SM_LDAP_STRUCT
45 ** lmap -- pointer to SM_LDAP_STRUCT to clear
71 lmap->ldap_host = NULL;
72 lmap->ldap_port = LDAP_PORT;
73 lmap->ldap_uri = NULL;
74 lmap->ldap_version = SM_LDAP_VERSION_DEFAULT;
75 lmap->ldap_deref = LDAP_DEREF_NEVER;
76 lmap->ldap_timelimit = LDAP_NO_LIMIT;
77 lmap->ldap_sizelimit = LDAP_NO_LIMIT;
79 lmap->ldap_options = LDAP_OPT_REFERRALS;
81 lmap->ldap_options = 0;
83 lmap->ldap_attrsep = '\0';
85 lmap->ldap_networktmo = 0;
87 lmap->ldap_binddn = NULL;
88 lmap->ldap_secret = NULL;
89 lmap->ldap_method = LDAP_AUTH_SIMPLE;
90 lmap->ldap_base = NULL;
91 lmap->ldap_scope = LDAP_SCOPE_SUBTREE;
92 lmap->ldap_attrsonly = LDAPMAP_FALSE;
93 lmap->ldap_timeout.tv_sec = 0;
94 lmap->ldap_timeout.tv_usec = 0;
95 lmap->ldap_ld = NULL;
96 lmap->ldap_filter = NULL;
97 lmap->ldap_attr[0] = NULL;
98 lmap->ldap_attr_type[0] = SM_LDAP_ATTR_NONE;
99 lmap->ldap_attr_needobjclass[0] = NULL;
100 lmap->ldap_res = NULL;
101 lmap->ldap_next = NULL;
102 lmap->ldap_pid = 0;
103 lmap->ldap_multi_args = false;
123 if (lmap->ldap_networktmo > 0) \
129 lmap->ldap_networktmo); \
130 tmo.tv_sec = lmap->ldap_networktmo; \
140 ** SM_LDAP_SETOPTSG -- set some (global) LDAP options
143 ** lmap -- LDAP map information
165 lmap->ldap_debug != 0)
172 sm_dprintf("ldap_debug0=%d\n", lmap->ldap_debug);
174 &(lmap->ldap_debug));
178 &(lmap->ldap_debug));
189 ** SM_LDAP_SETOPTS -- set LDAP options
192 ** ld -- LDAP session handle
193 ** lmap -- LDAP map information
206 if (lmap->ldap_version != 0)
209 &lmap->ldap_version);
211 ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref);
212 if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options))
216 ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit);
217 ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit);
221 && lmap->ldap_debug > 0)
227 lmap->ldap_debug, dbg_init);
229 &(lmap->ldap_debug));
257 ld->ld_deref = lmap->ldap_deref;
258 ld->ld_options = lmap->ldap_options;
259 ld->ld_sizelimit = lmap->ldap_sizelimit;
260 ld->ld_timelimit = lmap->ldap_timelimit;
265 ** SM_LDAP_START -- actually connect to an LDAP server
268 ** name -- name of map for debug output.
269 ** lmap -- the LDAP map being opened.
275 ** Populates lmap->ldap_ld.
342 if (lmap->ldap_host != NULL)
343 id = lmap->ldap_host;
344 else if (lmap->ldap_uri != NULL)
345 id = lmap->ldap_uri;
352 if (lmap->ldap_uri != NULL)
356 lmap->ldap_port);
359 if (lmap->ldap_uri != NULL)
363 sm_dprintf("ldap_initialize(%s)\n", lmap->ldap_uri);
365 save_errno = ldap_initialize(&ld, lmap->ldap_uri);
367 sm_dprintf("ldap_initialize(%s)=%d, ld=%p\n", lmap->ldap_uri, save_errno, ld);
374 err = ldap_url_parse(lmap->ldap_uri, &ludp);
380 lmap->ldap_host = sm_strdup_x(ludp->lud_host);
381 if (lmap->ldap_host == NULL)
388 lmap->ldap_port = ludp->lud_port;
397 sm_dprintf("ldap_init(%s, %d)\n", lmap->ldap_host, lmap->ldap_port);
398 ld = ldap_init(lmap->ldap_host, lmap->ldap_port);
409 sm_dprintf("ldap_open(%s, %d)\n", lmap->ldap_host, lmap->ldap_port);
411 SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec, "ldap_open");
412 ld = ldap_open(lmap->ldap_host, lmap->ldap_port);
424 sm_dprintf("FAIL: ldap_open(%s, %d)=%d\n", lmap->ldap_host, lmap->ldap_port, save_errno);
435 SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec, "ldap_bind");
439 if (lmap->ldap_method == LDAP_AUTH_KRBV4 &&
440 lmap->ldap_secret != NULL)
448 (void) putenv(lmap->ldap_secret);
453 tmo.tv_sec = lmap->ldap_networktmo;
455 tmo.tv_sec = lmap->ldap_timeout.tv_sec;
460 sm_dprintf("ldap_bind(%s)\n", lmap->ldap_uri);
462 msgid = ldap_bind(ld, lmap->ldap_binddn, lmap->ldap_secret,
463 lmap->ldap_method);
469 lmap->ldap_uri, msgid, save_errno,
477 if (-1 == msgid)
479 r = -1;
488 tmo.tv_sec == 0 ? NULL : &(tmo), &(lmap->ldap_res));
494 lmap->ldap_uri, r, errno,
502 if (-1 == r)
512 r = -1;
515 r = ldap_parse_result(ld, lmap->ldap_res, &err, NULL, &errmsg, NULL,
520 lmap->ldap_uri, r, err, errmsg);
533 sm_dprintf("ldap_cleartimeout(%s)\n", lmap->ldap_uri);
539 if (-1 == r)
552 lmap->ldap_pid = getpid();
553 lmap->ldap_ld = ld;
563 ** SM_LDAP_SEARCH_M -- initiate multi-key LDAP search
569 ** lmap -- LDAP map information
570 ** argv -- key vector of substitutions in LDAP filter
594 p = lmap->ldap_filter;
599 if (lmap->ldap_multi_args)
608 key = argv[q[1] - '0'];
627 "%.*s%s", (int) (q - p), p, key);
632 (lmap->ldap_multi_args && q[1] >= '0' && q[1] <= '9'))
637 "%.*s", (int) (q - p), p);
665 "%.*s", (int) (q - p + 1), p);
674 lmap->ldap_res = NULL;
675 msgid = ldap_search(lmap->ldap_ld, lmap->ldap_base,
676 lmap->ldap_scope, filter,
677 (lmap->ldap_attr[0] == NULL ? NULL :
678 lmap->ldap_attr),
679 lmap->ldap_attrsonly);
684 ** SM_LDAP_SEARCH -- initiate LDAP search
691 ** lmap -- LDAP map information
692 ** key -- key to substitute in LDAP filter
712 ** SM_LDAP_HAS_OBJECTCLASS -- determine if an LDAP entry is part of a
716 ** lmap -- pointer to SM_LDAP_STRUCT in use
717 ** entry -- current LDAP entry struct
718 ** ocvalue -- particular objectclass in question.
739 vals = ldap_get_values(lmap->ldap_ld, entry, "objectClass");
754 if ((p - q) == strlen(vals[i]) &&
755 sm_strncasecmp(vals[i], q, p - q) == 0)
772 ** SM_LDAP_RESULTS -- return results from an LDAP lookup in result
775 ** lmap -- pointer to SM_LDAP_STRUCT in use
776 ** msgid -- msgid returned by sm_ldap_search()
777 ** flags -- flags for the lookup
778 ** delim -- delimiter for result concatenation
779 ** rpool -- memory pool for storage
780 ** result -- return string
781 ** recurse -- recursion list
789 if (lmap->ldap_res != NULL) \
791 ldap_msgfree(lmap->ldap_res); \
792 lmap->ldap_res = NULL; \
794 (void) ldap_abandon(lmap->ldap_ld, msgid); \
824 (*top)->lrl_cnt = 0;
825 (*top)->lrl_size = 0;
826 (*top)->lrl_data = NULL;
829 if ((*top)->lrl_cnt >= (*top)->lrl_size)
832 olddata = (*top)->lrl_data;
833 if ((*top)->lrl_size == 0)
836 (*top)->lrl_size = 256;
840 oldsizeb = (*top)->lrl_size * sizeof *((*top)->lrl_data);
841 (*top)->lrl_size *= 2;
843 (*top)->lrl_data = sm_rpool_malloc_x(rpool,
844 (*top)->lrl_size * sizeof *((*top)->lrl_data));
846 memcpy((*top)->lrl_data, olddata, oldsizeb);
855 m = (*top)->lrl_cnt - 1;
859 insertat = -1;
861 while (insertat == -1)
865 rc = sm_strcasecmp(item, (*top)->lrl_data[p]->lr_search);
867 rc = type - (*top)->lrl_data[p]->lr_type;
870 m = p - 1;
874 return (*top)->lrl_data[p];
876 if (m == -1)
878 else if (n >= (*top)->lrl_cnt)
879 insertat = (*top)->lrl_cnt;
892 moveb = ((*top)->lrl_cnt - insertat) * sizeof *((*top)->lrl_data);
894 memmove(&((*top)->lrl_data[insertat + 1]),
895 &((*top)->lrl_data[insertat]),
898 newe->lr_search = sm_rpool_strdup_x(rpool, item);
899 newe->lr_type = type;
900 newe->lr_ludp = NULL;
901 newe->lr_attrs = NULL;
902 newe->lr_done = false;
904 ((*top)->lrl_data)[insertat] = newe;
905 (*top)->lrl_cnt++;
937 while ((ret = ldap_result(lmap->ldap_ld, msgid, 0,
938 (lmap->ldap_timeout.tv_sec == 0 ? NULL :
939 &(lmap->ldap_timeout)),
940 &(lmap->ldap_res))) == LDAP_RES_SEARCH_ENTRY)
951 for (entry = ldap_first_entry(lmap->ldap_ld, lmap->ldap_res);
953 entry = ldap_next_entry(lmap->ldap_ld, lmap->ldap_res))
956 char *attr; local
982 dn = ldap_get_dn(lmap->ldap_ld, entry);
985 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1003 else if (rl->lr_done)
1018 lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
1021 for (attr = ldap_first_attribute(lmap->ldap_ld, entry,
1023 attr != NULL;
1024 attr = ldap_next_attribute(lmap->ldap_ld, entry,
1032 for (i = 0; lmap->ldap_attr[i] != NULL; i++)
1034 if (SM_STRCASEEQ(lmap->ldap_attr[i],
1035 attr))
1037 type = lmap->ldap_attr_type[i];
1038 needobjclass = lmap->ldap_attr_needobjclass[i];
1054 ldap_memfree(attr);
1073 ldap_memfree(attr);
1077 if (lmap->ldap_attrsonly == LDAPMAP_FALSE)
1079 vals = ldap_get_values(lmap->ldap_ld,
1081 attr);
1084 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1087 ldap_memfree(attr);
1093 ldap_memfree(attr);
1109 lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
1119 if (lmap->ldap_attrsonly == LDAPMAP_FALSE)
1121 ldap_memfree(attr);
1146 if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
1149 attr);
1150 ldap_memfree(attr);
1157 ldap_memfree(attr);
1162 if (lmap->ldap_attrsep != '\0')
1163 vsize += strlen(attr) + 1;
1166 if (lmap->ldap_attrsep != '\0')
1169 attr,
1170 lmap->ldap_attrsep,
1176 ldap_memfree(attr);
1181 if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
1185 attr);
1199 strlen(attr) + 2;
1205 attr);
1208 ldap_memfree(attr);
1252 if (lmap->ldap_attrsep != '\0')
1253 vsize += strlen(attr) + 1;
1297 if (lmap->ldap_attrsep != '\0')
1299 p += sm_strlcpy(p, attr,
1300 pe - p);
1302 *p++ = lmap->ldap_attrsep;
1306 pe - p);
1307 *resultln = p - (*result);
1319 ldap_memfree(attr);
1321 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1329 ** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
1343 rl->lr_done = true;
1344 if (rl->lr_ludp != NULL)
1346 ldap_free_urldesc(rl->lr_ludp);
1347 rl->lr_ludp = NULL;
1349 if (rl->lr_attrs != NULL)
1351 free(rl->lr_attrs);
1352 rl->lr_attrs = NULL;
1361 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1371 ldap_msgfree(lmap->ldap_res);
1372 lmap->ldap_res = NULL;
1386 if (lmap->ldap_res == NULL)
1392 save_errno = ldap_parse_result(lmap->ldap_ld,
1393 lmap->ldap_res, &rc, NULL, NULL,
1400 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1428 if (lmap->ldap_res != NULL)
1430 ldap_msgfree(lmap->ldap_res);
1431 lmap->ldap_res = NULL;
1439 ** Spin through the built-up recurse list at the top
1447 for (rlidx = 0; recurse != NULL && rlidx < recurse->lrl_cnt;
1454 rl = recurse->lrl_data[rlidx];
1457 if (rl->lr_done)
1463 if (rl->lr_type == SM_LDAP_ATTR_DN)
1466 sid = ldap_search(lmap->ldap_ld,
1467 rl->lr_search,
1468 lmap->ldap_scope,
1470 (lmap->ldap_attr[0] == NULL ?
1471 NULL : lmap->ldap_attr),
1472 lmap->ldap_attrsonly);
1474 else if (rl->lr_type == SM_LDAP_ATTR_FILTER)
1477 sid = ldap_search(lmap->ldap_ld,
1478 lmap->ldap_base,
1479 lmap->ldap_scope,
1480 rl->lr_search,
1481 (lmap->ldap_attr[0] == NULL ?
1482 NULL : lmap->ldap_attr),
1483 lmap->ldap_attrsonly);
1485 else if (rl->lr_type == SM_LDAP_ATTR_URL)
1488 sid = ldap_url_parse(rl->lr_search,
1489 &rl->lr_ludp);
1498 if (rl->lr_ludp->lud_attrs != NULL)
1502 while (rl->lr_ludp->lud_attrs[attrnum] != NULL)
1504 if (strcasecmp(rl->lr_ludp->lud_attrs[attrnum],
1508 attrnum = -1;
1518 rl->lr_attrs = (char **)malloc(sizeof(char *) * (attrnum + 2));
1519 if (rl->lr_attrs == NULL)
1522 ldap_free_urldesc(rl->lr_ludp);
1528 rl->lr_attrs[i] = rl->lr_ludp->lud_attrs[i];
1530 rl->lr_attrs[i++] = "objectClass";
1531 rl->lr_attrs[i++] = NULL;
1544 sid = ldap_search(lmap->ldap_ld,
1545 rl->lr_ludp->lud_dn,
1546 rl->lr_ludp->lud_scope,
1547 rl->lr_ludp->lud_filter,
1548 rl->lr_attrs,
1549 lmap->ldap_attrsonly);
1562 if (sid == -1)
1564 save_errno = sm_ldap_geterrno(lmap->ldap_ld);
1598 rl->lr_done = true;
1599 if (rl->lr_ludp != NULL)
1601 ldap_free_urldesc(rl->lr_ludp);
1602 rl->lr_ludp = NULL;
1604 if (rl->lr_attrs != NULL)
1606 free(rl->lr_attrs);
1607 rl->lr_attrs = NULL;
1611 rlidx = -1;
1618 ** SM_LDAP_CLOSE -- close LDAP connection
1621 ** lmap -- LDAP map information
1631 if (lmap->ldap_ld == NULL)
1634 if (lmap->ldap_pid == getpid())
1635 ldap_unbind(lmap->ldap_ld);
1636 lmap->ldap_ld = NULL;
1637 lmap->ldap_pid = 0;
1641 ** SM_LDAP_GETERRNO -- get ldap errno value
1644 ** ld -- LDAP session handle
1667 err = ld->ld_errno;
1674 ld->ld_errno = LDAP_SUCCESS;
1681 ** SM_LDAP_GETERROR -- get ldap error value
1684 ** ld -- LDAP session handle