1 /*
2 * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "%Z%%M% %I% %E% SMI"
7
8
9 /*
10 * The contents of this file are subject to the Netscape Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/NPL/
14 *
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
19 *
20 * The Original Code is Mozilla Communicator client code, released
21 * March 31, 1998.
22 *
23 * The Initial Developer of the Original Code is Netscape
24 * Communications Corporation. Portions created by Netscape are
25 * Copyright (C) 1998-1999 Netscape Communications Corporation. All
26 * Rights Reserved.
27 *
28 * Contributor(s):
29 */
30 /*
31 * Copyright (c) 1996 Regents of the University of Michigan.
32 * All rights reserved.
33 *
34 */
35 /* LIBLDAP url.c -- LDAP URL related routines
36 *
37 * LDAP URLs look like this:
38 * l d a p : / / hostport / dn [ ? attributes [ ? scope [ ? filter ] ] ]
39 *
40 * where:
41 * attributes is a comma separated list
42 * scope is one of these three strings: base one sub (default=base)
43 * filter is an string-represented filter as in RFC 1558
44 *
45 * e.g., ldap://ldap.itd.umich.edu/c=US?o,description?one?o=umich
46 *
47 * We also tolerate URLs that look like: <ldapurl> and <URL:ldapurl>
48 */
49
50 #if 0
51 #ifndef lint
52 static char copyright[] = "@(#) Copyright (c) 1996 Regents of the University of Michigan.\nAll rights reserved.\n";
53 #endif
54 #endif
55
56 #include "ldap-int.h"
57
58
59 static int skip_url_prefix( const char **urlp, int *enclosedp, int *securep );
60
61
62 int
63 LDAP_CALL
ldap_is_ldap_url(const char * url)64 ldap_is_ldap_url( const char *url )
65 {
66 int enclosed, secure;
67
68 return( url != NULL
69 && skip_url_prefix( &url, &enclosed, &secure ));
70 }
71
72
73 static int
skip_url_prefix(const char ** urlp,int * enclosedp,int * securep)74 skip_url_prefix( const char **urlp, int *enclosedp, int *securep )
75 {
76 /*
77 * return non-zero if this looks like a LDAP URL; zero if not
78 * if non-zero returned, *urlp will be moved past "ldap://" part of URL
79 * The data that *urlp points to is not changed by this function.
80 */
81 if ( *urlp == NULL ) {
82 return( 0 );
83 }
84
85 /* skip leading '<' (if any) */
86 if ( **urlp == '<' ) {
87 *enclosedp = 1;
88 ++*urlp;
89 } else {
90 *enclosedp = 0;
91 }
92
93 /* skip leading "URL:" (if any) */
94 if ( strlen( *urlp ) >= LDAP_URL_URLCOLON_LEN && strncasecmp(
95 *urlp, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
96 *urlp += LDAP_URL_URLCOLON_LEN;
97 }
98
99 /* check for an "ldap://" prefix */
100 if ( strlen( *urlp ) >= LDAP_URL_PREFIX_LEN && strncasecmp( *urlp,
101 LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
102 /* skip over URL prefix and return success */
103 *urlp += LDAP_URL_PREFIX_LEN;
104 *securep = 0;
105 return( 1 );
106 }
107
108 /* check for an "ldaps://" prefix */
109 if ( strlen( *urlp ) >= LDAPS_URL_PREFIX_LEN && strncasecmp( *urlp,
110 LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
111 /* skip over URL prefix and return success */
112 *urlp += LDAPS_URL_PREFIX_LEN;
113 *securep = 1;
114 return( 1 );
115 }
116
117 return( 0 ); /* not an LDAP URL */
118 }
119
120
121 int
122 LDAP_CALL
ldap_url_parse(const char * url,LDAPURLDesc ** ludpp)123 ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
124 {
125 /*
126 * Pick apart the pieces of an LDAP URL.
127 */
128 int rc;
129
130 if (( rc = nsldapi_url_parse( url, ludpp, 1 )) == 0 ) {
131 if ( (*ludpp)->lud_scope == -1 ) {
132 (*ludpp)->lud_scope = LDAP_SCOPE_BASE;
133 }
134 if ( (*ludpp)->lud_filter == NULL ) {
135 (*ludpp)->lud_filter = "(objectclass=*)";
136 }
137 if ( *((*ludpp)->lud_dn) == '\0' ) {
138 (*ludpp)->lud_dn = NULL;
139 }
140 }
141
142 return( rc );
143 }
144
145 /* same as ldap_url_parse(), but dn is not require */
146 int
147 LDAP_CALL
ldap_url_parse_nodn(const char * url,LDAPURLDesc ** ludpp)148 ldap_url_parse_nodn(const char *url, LDAPURLDesc **ludpp)
149 {
150 /*
151 * Pick apart the pieces of an LDAP URL.
152 */
153 int rc;
154
155 if ((rc = nsldapi_url_parse(url, ludpp, 0)) == 0) {
156 if ((*ludpp)->lud_scope == -1) {
157 (*ludpp)->lud_scope = LDAP_SCOPE_BASE;
158 }
159 if ((*ludpp)->lud_filter == NULL) {
160 (*ludpp)->lud_filter = "(objectclass=*)";
161 }
162 if ((*ludpp)->lud_dn && *((*ludpp)->lud_dn) == '\0') {
163 (*ludpp)->lud_dn = NULL;
164 }
165 }
166
167 return (rc);
168 }
169
170
171 /*
172 * like ldap_url_parse() with a few exceptions:
173 * 1) if dn_required is zero, a missing DN does not generate an error
174 * (we just leave the lud_dn field NULL)
175 * 2) no defaults are set for lud_scope and lud_filter (they are set to -1
176 * and NULL respectively if no SCOPE or FILTER are present in the URL).
177 * 3) when there is a zero-length DN in a URL we do not set lud_dn to NULL.
178 * 4) if an LDAPv3 URL extensions are included,
179 */
180 int
nsldapi_url_parse(const char * url,LDAPURLDesc ** ludpp,int dn_required)181 nsldapi_url_parse( const char *url, LDAPURLDesc **ludpp, int dn_required )
182 {
183
184 LDAPURLDesc *ludp;
185 char *urlcopy, *attrs, *scope, *extensions = NULL, *p, *q;
186 int enclosed, secure, i, nattrs, at_start;
187
188 LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_url_parse(%s)\n", url, 0, 0 );
189
190 if ( url == NULL || ludpp == NULL ) {
191 return( LDAP_URL_ERR_PARAM );
192 }
193
194 *ludpp = NULL; /* pessimistic */
195
196 if ( !skip_url_prefix( &url, &enclosed, &secure )) {
197 return( LDAP_URL_ERR_NOTLDAP );
198 }
199
200 /* allocate return struct */
201 if (( ludp = (LDAPURLDesc *)NSLDAPI_CALLOC( 1, sizeof( LDAPURLDesc )))
202 == NULLLDAPURLDESC ) {
203 return( LDAP_URL_ERR_MEM );
204 }
205
206 if ( secure ) {
207 ludp->lud_options |= LDAP_URL_OPT_SECURE;
208 }
209
210 /* make working copy of the remainder of the URL */
211 if (( urlcopy = nsldapi_strdup( url )) == NULL ) {
212 ldap_free_urldesc( ludp );
213 return( LDAP_URL_ERR_MEM );
214 }
215
216 if ( enclosed && *((p = urlcopy + strlen( urlcopy ) - 1)) == '>' ) {
217 *p = '\0';
218 }
219
220 /* initialize scope and filter */
221 ludp->lud_scope = -1;
222 ludp->lud_filter = NULL;
223
224 /* lud_string is the only malloc'd string space we use */
225 ludp->lud_string = urlcopy;
226
227 /* scan forward for '/' that marks end of hostport and begin. of dn */
228 if (( ludp->lud_dn = strchr( urlcopy, '/' )) == NULL ) {
229 if ( dn_required ) {
230 ldap_free_urldesc( ludp );
231 return( LDAP_URL_ERR_NODN );
232 }
233 } else {
234 /* terminate hostport; point to start of dn */
235 *ludp->lud_dn++ = '\0';
236 }
237
238
239 if ( *urlcopy == '\0' ) {
240 ludp->lud_host = NULL;
241 } else {
242 ludp->lud_host = urlcopy;
243 nsldapi_hex_unescape( ludp->lud_host );
244
245 /*
246 * Locate and strip off optional port number (:#) in host
247 * portion of URL.
248 *
249 * If more than one space-separated host is listed, we only
250 * look for a port number within the right-most one since
251 * ldap_init() will handle host parameters that look like
252 * host:port anyway.
253 */
254 if (( p = strrchr( ludp->lud_host, ' ' )) == NULL ) {
255 p = ludp->lud_host;
256 } else {
257 ++p;
258 }
259 if ( *p == '[' && ( q = strchr( p, ']' )) != NULL ) {
260 /* square brackets present -- skip past them */
261 p = q++;
262 }
263 if (( p = strchr( p, ':' )) != NULL ) {
264 *p++ = '\0';
265 ludp->lud_port = atoi( p );
266 if ( *ludp->lud_host == '\0' ) {
267 /*
268 * no hostname and a port: invalid hostcode
269 * according to RFC 1738
270 */
271 ldap_free_urldesc(ludp);
272 return (LDAP_URL_ERR_HOSTPORT);
273 }
274 }
275 }
276
277 /* scan for '?' that marks end of dn and beginning of attributes */
278 attrs = NULL;
279 if ( ludp->lud_dn != NULL &&
280 ( attrs = strchr( ludp->lud_dn, '?' )) != NULL ) {
281 /* terminate dn; point to start of attrs. */
282 *attrs++ = '\0';
283
284 /* scan for '?' that marks end of attrs and begin. of scope */
285 if (( p = strchr( attrs, '?' )) != NULL ) {
286 /*
287 * terminate attrs; point to start of scope and scan for
288 * '?' that marks end of scope and begin. of filter
289 */
290 *p++ = '\0';
291 scope = p;
292
293 if (( p = strchr( scope, '?' )) != NULL ) {
294 /* terminate scope; point to start of filter */
295 *p++ = '\0';
296 if ( *p != '\0' ) {
297 ludp->lud_filter = p;
298 /*
299 * scan for the '?' that marks the end
300 * of the filter and the start of any
301 * extensions
302 */
303 if (( p = strchr( ludp->lud_filter, '?' ))
304 != NULL ) {
305 *p++ = '\0'; /* term. filter */
306 extensions = p;
307 }
308 if ( *ludp->lud_filter == '\0' ) {
309 ludp->lud_filter = NULL;
310 } else {
311 nsldapi_hex_unescape( ludp->lud_filter );
312 }
313 }
314 }
315
316
317 if ( strcasecmp( scope, "one" ) == 0 ) {
318 ludp->lud_scope = LDAP_SCOPE_ONELEVEL;
319 } else if ( strcasecmp( scope, "base" ) == 0 ) {
320 ludp->lud_scope = LDAP_SCOPE_BASE;
321 } else if ( strcasecmp( scope, "sub" ) == 0 ) {
322 ludp->lud_scope = LDAP_SCOPE_SUBTREE;
323 } else if ( *scope != '\0' ) {
324 ldap_free_urldesc( ludp );
325 return( LDAP_URL_ERR_BADSCOPE );
326 }
327 }
328 }
329
330 if ( ludp->lud_dn != NULL ) {
331 nsldapi_hex_unescape( ludp->lud_dn );
332 }
333
334 /*
335 * if attrs list was included, turn it into a null-terminated array
336 */
337 if ( attrs != NULL && *attrs != '\0' ) {
338 nsldapi_hex_unescape( attrs );
339 for ( nattrs = 1, p = attrs; *p != '\0'; ++p ) {
340 if ( *p == ',' ) {
341 ++nattrs;
342 }
343 }
344
345 if (( ludp->lud_attrs = (char **)NSLDAPI_CALLOC( nattrs + 1,
346 sizeof( char * ))) == NULL ) {
347 ldap_free_urldesc( ludp );
348 return( LDAP_URL_ERR_MEM );
349 }
350
351 for ( i = 0, p = attrs; i < nattrs; ++i ) {
352 ludp->lud_attrs[ i ] = p;
353 if (( p = strchr( p, ',' )) != NULL ) {
354 *p++ ='\0';
355 }
356 nsldapi_hex_unescape( ludp->lud_attrs[ i ] );
357 }
358 }
359
360 /* if extensions list was included, check for critical ones */
361 if ( extensions != NULL && *extensions != '\0' ) {
362 /* Note: at present, we do not recognize ANY extensions */
363 at_start = 1;
364 for ( p = extensions; *p != '\0'; ++p ) {
365 if ( at_start ) {
366 if ( *p == '!' ) { /* critical extension */
367 ldap_free_urldesc( ludp );
368 /* this is what iplanet did *
369 return( LDAP_URL_UNRECOGNIZED_CRITICAL_EXTENSION );
370 * and this is what we do */
371 return( LDAP_URL_ERR_PARAM );
372 }
373 at_start = 0;
374 } else if ( *p == ',' ) {
375 at_start = 1;
376 }
377 }
378 }
379
380
381 *ludpp = ludp;
382
383 return( 0 );
384 }
385
386
387 void
388 LDAP_CALL
ldap_free_urldesc(LDAPURLDesc * ludp)389 ldap_free_urldesc( LDAPURLDesc *ludp )
390 {
391 if ( ludp != NULLLDAPURLDESC ) {
392 if ( ludp->lud_string != NULL ) {
393 NSLDAPI_FREE( ludp->lud_string );
394 }
395 if ( ludp->lud_attrs != NULL ) {
396 NSLDAPI_FREE( ludp->lud_attrs );
397 }
398 NSLDAPI_FREE( ludp );
399 }
400 }
401
402
403 int
404 LDAP_CALL
ldap_url_search(LDAP * ld,const char * url,int attrsonly)405 ldap_url_search( LDAP *ld, const char *url, int attrsonly )
406 {
407 int err, msgid;
408 LDAPURLDesc *ludp;
409 BerElement *ber;
410 LDAPServer *srv;
411 char *host;
412
413 if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
414 return( -1 ); /* punt */
415 }
416
417 if ( ldap_url_parse( url, &ludp ) != 0 ) {
418 LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
419 return( -1 );
420 }
421
422 LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
423 msgid = ++ld->ld_msgid;
424 LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
425
426 if ( nsldapi_build_search_req( ld, ludp->lud_dn, ludp->lud_scope,
427 ludp->lud_filter, ludp->lud_attrs, attrsonly, NULL, NULL,
428 -1, -1, msgid, &ber ) != LDAP_SUCCESS ) {
429 return( -1 );
430 }
431
432 err = 0;
433
434 if ( ludp->lud_host == NULL ) {
435 host = ld->ld_defhost;
436 } else {
437 host = ludp->lud_host;
438 }
439
440 if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
441 == NULL || ( host != NULL &&
442 ( srv->lsrv_host = nsldapi_strdup( host )) == NULL )) {
443 if ( srv != NULL ) {
444 NSLDAPI_FREE( srv );
445 }
446 LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
447 err = -1;
448 } else {
449 if ( ludp->lud_port != 0 ) {
450 /* URL includes a port - use it */
451 srv->lsrv_port = ludp->lud_port;
452 } else if ( ludp->lud_host == NULL ) {
453 /* URL has no port or host - use port from ld */
454 srv->lsrv_port = ld->ld_defport;
455 } else if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) == 0 ) {
456 /* ldap URL has a host but no port - use std. port */
457 srv->lsrv_port = LDAP_PORT;
458 } else {
459 /* ldaps URL has a host but no port - use std. port */
460 srv->lsrv_port = LDAPS_PORT;
461 }
462 }
463
464 if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ) {
465 srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
466 }
467
468 if ( err != 0 ) {
469 ber_free( ber, 1 );
470 } else {
471 err = nsldapi_send_server_request( ld, ber, msgid, NULL, srv,
472 NULL, NULL, 1 );
473 }
474
475 ldap_free_urldesc( ludp );
476 return( err );
477 }
478
479
480 int
481 LDAP_CALL
ldap_url_search_st(LDAP * ld,const char * url,int attrsonly,struct timeval * timeout,LDAPMessage ** res)482 ldap_url_search_st( LDAP *ld, const char *url, int attrsonly,
483 struct timeval *timeout, LDAPMessage **res )
484 {
485 int msgid;
486
487 /*
488 * It is an error to pass in a zero'd timeval.
489 */
490 if ( timeout != NULL && timeout->tv_sec == 0 &&
491 timeout->tv_usec == 0 ) {
492 if ( ld != NULL ) {
493 LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
494 }
495 if ( res != NULL ) {
496 *res = NULL;
497 }
498 return( LDAP_PARAM_ERROR );
499 }
500
501 if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
502 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
503 }
504
505 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) {
506 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
507 }
508
509 if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
510 (void) ldap_abandon( ld, msgid );
511 LDAP_SET_LDERRNO( ld, LDAP_TIMEOUT, NULL, NULL );
512 return( LDAP_TIMEOUT );
513 }
514
515 return( ldap_result2error( ld, *res, 0 ));
516 }
517
518
519 int
520 LDAP_CALL
ldap_url_search_s(LDAP * ld,const char * url,int attrsonly,LDAPMessage ** res)521 ldap_url_search_s( LDAP *ld, const char *url, int attrsonly, LDAPMessage **res )
522 {
523 int msgid;
524
525 if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
526 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
527 }
528
529 if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, res ) == -1 ) {
530 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
531 }
532
533 return( ldap_result2error( ld, *res, 0 ));
534 }
535
536 #ifdef _SOLARIS_SDK
537 /*
538 * Locate the LDAP URL associated with a DNS domain name.
539 *
540 * The supplied DNS domain name is converted into a distinguished
541 * name. The directory entry specified by that distinguished name
542 * is searched for a labeledURI attribute. If successful then the
543 * LDAP URL is returned. If unsuccessful then that entry's parent
544 * is searched and so on until the target distinguished name is
545 * reduced to only two nameparts.
546 *
547 * For example, if 'ny.eng.wiz.com' is the DNS domain then the
548 * following entries are searched until one succeeds:
549 * dc=ny,dc=eng,dc=wiz,dc=com
550 * dc=eng,dc=wiz,dc=com
551 * dc=wiz,dc=com
552 *
553 * If dns_name is NULL then the environment variable LOCALDOMAIN is used.
554 * If attrs is not NULL then it is appended to the URL's attribute list.
555 * If scope is not NULL then it overrides the URL's scope.
556 * If filter is not NULL then it is merged with the URL's filter.
557 *
558 * If an error is encountered then zero is returned, otherwise a string
559 * URL is returned. The caller should free the returned string if it is
560 * non-zero.
561 */
562
563 char *
ldap_dns_to_url(LDAP * ld,char * dns_name,char * attrs,char * scope,char * filter)564 ldap_dns_to_url(
565 LDAP *ld,
566 char *dns_name,
567 char *attrs,
568 char *scope,
569 char *filter
570 )
571 {
572 char *dn;
573 char *url = 0;
574 char *url2 = 0;
575 LDAPURLDesc *urldesc;
576 char *cp;
577 char *cp2;
578 size_t attrs_len = 0;
579 size_t scope_len = 0;
580 size_t filter_len = 0;
581 int nameparts;
582 int no_attrs = 0;
583 int no_scope = 0;
584
585 if (dns_name == 0) {
586 dns_name = (char *)getenv("LOCALDOMAIN");
587 }
588
589 if ((ld == NULL) || ((dn = ldap_dns_to_dn(dns_name, &nameparts)) ==
590 NULL))
591 return (0);
592
593 if ((url = ldap_dn_to_url(ld, dn, nameparts)) == NULL) {
594 free(dn);
595 return (0);
596 }
597 free(dn);
598
599 /* merge filter and/or scope and/or attributes with URL */
600 if (attrs || scope || filter) {
601
602 if (attrs)
603 attrs_len = strlen(attrs) + 2; /* for comma and NULL */
604
605 if (scope)
606 scope_len = strlen(scope) + 1; /* for NULL */
607
608 if (filter)
609 filter_len = strlen(filter) + 4;
610 /* for ampersand, parentheses and NULL */
611
612 if (ldap_is_ldap_url(url)) {
613
614 if ((url2 = (char *)malloc(attrs_len + scope_len +
615 filter_len + strlen(url) + 1)) == NULL) {
616 return (0);
617 }
618 cp = url;
619 cp2 = url2;
620
621 /* copy URL scheme, hostname, port number and DN */
622 while (*cp && (*cp != '?')) {
623 *cp2++ = *cp++;
624 }
625
626 /* handle URL attributes */
627
628 if (*cp == '?') { /* test first '?' */
629 *cp2++ = *cp++; /* copy first '?' */
630
631 if (*cp == '?') { /* test second '?' */
632
633 /* insert supplied attributes */
634 if (attrs) {
635 while (*attrs) {
636 *cp2++ = *attrs++;
637 }
638 } else {
639 no_attrs = 1;
640 }
641
642 } else {
643
644 /* copy URL attributes */
645 while (*cp && (*cp != '?')) {
646 *cp2++ = *cp++;
647 }
648
649 /* append supplied attributes */
650 if (attrs) {
651 *cp2++ = ',';
652 while (*attrs) {
653 *cp2++ = *attrs++;
654 }
655 }
656 }
657
658 } else {
659 /* append supplied attributes */
660 if (attrs) {
661 *cp2++ = '?';
662 while (*attrs) {
663 *cp2++ = *attrs++;
664 }
665 } else {
666 no_attrs = 1;
667 }
668 }
669
670 /* handle URL scope */
671
672 if (*cp == '?') { /* test second '?' */
673 *cp2++ = *cp++; /* copy second '?' */
674
675 if (*cp == '?') { /* test third '?' */
676
677 /* insert supplied scope */
678 if (scope) {
679 while (*scope) {
680 *cp2++ = *scope++;
681 }
682 } else {
683 no_scope = 1;
684 }
685
686 } else {
687
688 if (scope) {
689 /* skip over URL scope */
690 while (*cp && (*cp != '?')) {
691 *cp++;
692 }
693 /* insert supplied scope */
694 while (*scope) {
695 *cp2++ = *scope++;
696 }
697 } else {
698
699 /* copy URL scope */
700 while (*cp && (*cp != '?')) {
701 *cp2++ = *cp++;
702 }
703 }
704 }
705
706 } else {
707 /* append supplied scope */
708 if (scope) {
709 if (no_attrs) {
710 *cp2++ = '?';
711 }
712 *cp2++ = '?';
713 while (*scope) {
714 *cp2++ = *scope++;
715 }
716 } else {
717 no_scope = 1;
718 }
719 }
720
721 /* handle URL filter */
722
723 if (*cp == '?') { /* test third '?' */
724 *cp2++ = *cp++; /* copy third '?' */
725
726 if (filter) {
727
728 /* merge URL and supplied filters */
729
730 *cp2++ = '(';
731 *cp2++ = '&';
732 /* copy URL filter */
733 while (*cp) {
734 *cp2++ = *cp++;
735 }
736 /* append supplied filter */
737 while (*filter) {
738 *cp2++ = *filter++;
739 }
740 *cp2++ = ')';
741 } else {
742
743 /* copy URL filter */
744 while (*cp) {
745 *cp2++ = *cp++;
746 }
747 }
748
749 } else {
750 /* append supplied filter */
751 if (filter) {
752 if (no_scope) {
753 if (no_attrs) {
754 *cp2++ = '?';
755 }
756 *cp2++ = '?';
757 }
758 *cp2++ = '?';
759 while (*filter) {
760 *cp2++ = *filter++;
761 }
762 }
763 }
764
765 *cp2++ = '\0';
766 free (url);
767 url = url2;
768
769 } else {
770 return (0); /* not an LDAP URL */
771 }
772 }
773 return (url);
774 }
775
776 /*
777 * Locate the LDAP URL associated with a distinguished name.
778 *
779 * The number of nameparts in the supplied distinguished name must be
780 * provided. The specified directory entry is searched for a labeledURI
781 * attribute. If successful then the LDAP URL is returned. If unsuccessful
782 * then that entry's parent is searched and so on until the target
783 * distinguished name is reduced to only two nameparts.
784 *
785 * For example, if 'l=ny,ou=eng,o=wiz,c=us' is the distinguished name
786 * then the following entries are searched until one succeeds:
787 * l=ny,ou=eng,o=wiz,c=us
788 * ou=eng,o=wiz,c=us
789 * o=wiz,c=us
790 *
791 * If an error is encountered then zero is returned, otherwise a string
792 * URL is returned. The caller should free the returned string if it is
793 * non-zero.
794 */
795
796 char *
ldap_dn_to_url(LDAP * ld,char * dn,int nameparts)797 ldap_dn_to_url(
798 LDAP *ld,
799 char *dn,
800 int nameparts
801 )
802 {
803 char *next_dn = dn;
804 char *url = 0;
805 char *attrs[2] = {"labeledURI", 0};
806 LDAPMessage *res, *e;
807 char **vals;
808
809 /*
810 * Search for a URL in the named entry or its parent entry.
811 * Continue until only 2 nameparts remain.
812 */
813 while (dn && (nameparts > 1) && (! url)) {
814
815 /* search for the labeledURI attribute */
816 if (ldap_search_s(ld, dn, LDAP_SCOPE_BASE,
817 "(objectClass=*)", attrs, 0, &res) == LDAP_SUCCESS) {
818
819 /* locate the first entry returned */
820 if ((e = ldap_first_entry(ld, res)) != NULL) {
821
822 /* locate the labeledURI attribute */
823 if ((vals =
824 ldap_get_values(ld, e, "labeledURI")) !=
825 NULL) {
826
827 /* copy the attribute value */
828 if ((url = strdup((char *)vals[0])) !=
829 NULL) {
830 ldap_value_free(vals);
831 }
832 }
833 }
834 /* free the search results */
835 if (res != NULL) {
836 ldap_msgfree(res);
837 }
838 }
839
840 if (! url) {
841 /* advance along the DN by one namepart */
842 if (next_dn = strchr(dn, ',')) {
843 next_dn++;
844 dn = next_dn;
845 nameparts--;
846 }
847 }
848 }
849
850 return (url);
851 }
852
853 #endif /* _SOLARIS_SDK */
854