/* $NetBSD: controls.c,v 1.3 2021/08/14 16:14:55 christos Exp $ */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* This notice applies to changes, created by or for Novell, Inc.,
* to preexisting works for which notices appear elsewhere in this file.
*
* Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
*
* THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
* USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
* 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
* HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
* TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
* WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
*---
* Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
*/
#include
__RCSID("$NetBSD: controls.c,v 1.3 2021/08/14 16:14:55 christos Exp $");
#include "portable.h"
#include
#include
#include
#include "ldap-int.h"
/* LDAPv3 Controls (RFC 4511)
*
* Controls ::= SEQUENCE OF control Control
*
* Control ::= SEQUENCE {
* controlType LDAPOID,
* criticality BOOLEAN DEFAULT FALSE,
* controlValue OCTET STRING OPTIONAL
* }
*/
int
ldap_pvt_put_control(
const LDAPControl *c,
BerElement *ber )
{
if ( ber_printf( ber, "{s" /*}*/, c->ldctl_oid ) == -1 ) {
return LDAP_ENCODING_ERROR;
}
if ( c->ldctl_iscritical /* only if true */
&& ( ber_printf( ber, "b",
(ber_int_t) c->ldctl_iscritical ) == -1 ) )
{
return LDAP_ENCODING_ERROR;
}
if ( !BER_BVISNULL( &c->ldctl_value ) /* only if we have a value */
&& ( ber_printf( ber, "O", &c->ldctl_value ) == -1 ) )
{
return LDAP_ENCODING_ERROR;
}
if ( ber_printf( ber, /*{*/"N}" ) == -1 ) {
return LDAP_ENCODING_ERROR;
}
return LDAP_SUCCESS;
}
/*
* ldap_int_put_controls
*/
int
ldap_int_put_controls(
LDAP *ld,
LDAPControl *const *ctrls,
BerElement *ber )
{
LDAPControl *const *c;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( ber != NULL );
if( ctrls == NULL ) {
/* use default server controls */
ctrls = ld->ld_sctrls;
}
if( ctrls == NULL || *ctrls == NULL ) {
return LDAP_SUCCESS;
}
if ( ld->ld_version < LDAP_VERSION3 ) {
/* LDAPv2 doesn't support controls,
* error if any control is critical
*/
for( c = ctrls ; *c != NULL; c++ ) {
if( (*c)->ldctl_iscritical ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;
return ld->ld_errno;
}
}
return LDAP_SUCCESS;
}
/* Controls are encoded as a sequence of sequences */
if( ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
for( c = ctrls ; *c != NULL; c++ ) {
ld->ld_errno = ldap_pvt_put_control( *c, ber );
if ( ld->ld_errno != LDAP_SUCCESS ) {
return ld->ld_errno;
}
}
if( ber_printf( ber, /*{*/ "}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
return LDAP_SUCCESS;
}
int ldap_pvt_get_controls(
BerElement *ber,
LDAPControl ***ctrls )
{
int nctrls;
ber_tag_t tag;
ber_len_t len;
char *opaque;
assert( ber != NULL );
if( ctrls == NULL ) {
return LDAP_SUCCESS;
}
*ctrls = NULL;
len = ber_pvt_ber_remaining( ber );
if( len == 0) {
/* no controls */
return LDAP_SUCCESS;
}
if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
if( tag == LBER_ERROR ) {
/* decoding error */
return LDAP_DECODING_ERROR;
}
/* ignore unexpected input */
return LDAP_SUCCESS;
}
/* set through each element */
nctrls = 0;
*ctrls = LDAP_MALLOC( 1 * sizeof(LDAPControl *) );
if( *ctrls == NULL ) {
return LDAP_NO_MEMORY;
}
*ctrls[nctrls] = NULL;
for( tag = ber_first_element( ber, &len, &opaque );
tag != LBER_ERROR;
tag = ber_next_element( ber, &len, opaque ) )
{
LDAPControl *tctrl;
LDAPControl **tctrls;
tctrl = LDAP_CALLOC( 1, sizeof(LDAPControl) );
/* allocate pointer space for current controls (nctrls)
* + this control + extra NULL
*/
tctrls = (tctrl == NULL) ? NULL :
LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));
if( tctrls == NULL ) {
/* one of the above allocation failed */
if( tctrl != NULL ) {
LDAP_FREE( tctrl );
}
ldap_controls_free(*ctrls);
*ctrls = NULL;
return LDAP_NO_MEMORY;
}
tctrls[nctrls++] = tctrl;
tctrls[nctrls] = NULL;
tag = ber_scanf( ber, "{a" /*}*/, &tctrl->ldctl_oid );
if( tag == LBER_ERROR ) {
*ctrls = NULL;
ldap_controls_free( tctrls );
return LDAP_DECODING_ERROR;
}
tag = ber_peek_tag( ber, &len );
if( tag == LBER_BOOLEAN ) {
ber_int_t crit;
tag = ber_scanf( ber, "b", &crit );
tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
tag = ber_peek_tag( ber, &len );
}
if( tag == LBER_OCTETSTRING ) {
tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
} else {
BER_BVZERO( &tctrl->ldctl_value );
}
*ctrls = tctrls;
}
return LDAP_SUCCESS;
}
/*
* Free a LDAPControl
*/
void
ldap_control_free( LDAPControl *c )
{
LDAP_MEMORY_DEBUG_ASSERT( c != NULL );
if ( c != NULL ) {
if( c->ldctl_oid != NULL) {
LDAP_FREE( c->ldctl_oid );
}
if( c->ldctl_value.bv_val != NULL ) {
LDAP_FREE( c->ldctl_value.bv_val );
}
LDAP_FREE( c );
}
}
/*
* Free an array of LDAPControl's
*/
void
ldap_controls_free( LDAPControl **controls )
{
LDAP_MEMORY_DEBUG_ASSERT( controls != NULL );
if ( controls != NULL ) {
int i;
for( i=0; controls[i] != NULL; i++) {
ldap_control_free( controls[i] );
}
LDAP_FREE( controls );
}
}
/*
* Duplicate an array of LDAPControl
*/
LDAPControl **
ldap_controls_dup( LDAPControl *const *controls )
{
LDAPControl **new;
int i;
if ( controls == NULL ) {
return NULL;
}
/* count the controls */
for(i=0; controls[i] != NULL; i++) /* empty */ ;
if( i < 1 ) {
/* no controls to duplicate */
return NULL;
}
new = (LDAPControl **) LDAP_MALLOC( (i+1) * sizeof(LDAPControl *) );
if( new == NULL ) {
/* memory allocation failure */
return NULL;
}
/* duplicate the controls */
for(i=0; controls[i] != NULL; i++) {
new[i] = ldap_control_dup( controls[i] );
if( new[i] == NULL ) {
ldap_controls_free( new );
return NULL;
}
}
new[i] = NULL;
return new;
}
/*
* Duplicate a LDAPControl
*/
LDAPControl *
ldap_control_dup( const LDAPControl *c )
{
LDAPControl *new;
if ( c == NULL || c->ldctl_oid == NULL ) {
return NULL;
}
new = (LDAPControl *) LDAP_MALLOC( sizeof(LDAPControl) );
if( new == NULL ) {
return NULL;
}
new->ldctl_oid = LDAP_STRDUP( c->ldctl_oid );
if(new->ldctl_oid == NULL) {
LDAP_FREE( new );
return NULL;
}
if( c->ldctl_value.bv_val != NULL ) {
new->ldctl_value.bv_val =
(char *) LDAP_MALLOC( c->ldctl_value.bv_len + 1 );
if(new->ldctl_value.bv_val == NULL) {
if(new->ldctl_oid != NULL) {
LDAP_FREE( new->ldctl_oid );
}
LDAP_FREE( new );
return NULL;
}
new->ldctl_value.bv_len = c->ldctl_value.bv_len;
AC_MEMCPY( new->ldctl_value.bv_val, c->ldctl_value.bv_val,
c->ldctl_value.bv_len );
new->ldctl_value.bv_val[new->ldctl_value.bv_len] = '\0';
} else {
new->ldctl_value.bv_len = 0;
new->ldctl_value.bv_val = NULL;
}
new->ldctl_iscritical = c->ldctl_iscritical;
return new;
}
/*
* Find a LDAPControl - deprecated
*/
LDAPControl *
ldap_find_control(
LDAP_CONST char *oid,
LDAPControl **ctrls )
{
if( ctrls == NULL || *ctrls == NULL ) {
return NULL;
}
for( ; *ctrls != NULL; ctrls++ ) {
if( strcmp( (*ctrls)->ldctl_oid, oid ) == 0 ) {
return *ctrls;
}
}
return NULL;
}
/*
* Find a LDAPControl
*/
LDAPControl *
ldap_control_find(
LDAP_CONST char *oid,
LDAPControl **ctrls,
LDAPControl ***nextctrlp )
{
if ( oid == NULL || ctrls == NULL || *ctrls == NULL ) {
return NULL;
}
for( ; *ctrls != NULL; ctrls++ ) {
if( strcmp( (*ctrls)->ldctl_oid, oid ) == 0 ) {
if ( nextctrlp != NULL ) {
*nextctrlp = ctrls + 1;
}
return *ctrls;
}
}
if ( nextctrlp != NULL ) {
*nextctrlp = NULL;
}
return NULL;
}
/*
* Create a LDAPControl, optionally from ber - deprecated
*/
int
ldap_create_control(
LDAP_CONST char *requestOID,
BerElement *ber,
int iscritical,
LDAPControl **ctrlp )
{
LDAPControl *ctrl;
assert( requestOID != NULL );
assert( ctrlp != NULL );
ctrl = (LDAPControl *) LDAP_MALLOC( sizeof(LDAPControl) );
if ( ctrl == NULL ) {
return LDAP_NO_MEMORY;
}
BER_BVZERO(&ctrl->ldctl_value);
if ( ber && ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 )) {
LDAP_FREE( ctrl );
return LDAP_NO_MEMORY;
}
ctrl->ldctl_oid = LDAP_STRDUP( requestOID );
ctrl->ldctl_iscritical = iscritical;
if ( requestOID != NULL && ctrl->ldctl_oid == NULL ) {
ldap_control_free( ctrl );
return LDAP_NO_MEMORY;
}
*ctrlp = ctrl;
return LDAP_SUCCESS;
}
/*
* Create a LDAPControl, optionally from value
*/
int
ldap_control_create(
LDAP_CONST char *requestOID,
int iscritical,
struct berval *value,
int dupval,
LDAPControl **ctrlp )
{
LDAPControl *ctrl;
assert( requestOID != NULL );
assert( ctrlp != NULL );
ctrl = (LDAPControl *) LDAP_CALLOC( sizeof(LDAPControl), 1 );
if ( ctrl == NULL ) {
return LDAP_NO_MEMORY;
}
ctrl->ldctl_iscritical = iscritical;
if ( requestOID != NULL ) {
ctrl->ldctl_oid = LDAP_STRDUP( requestOID );
if ( ctrl->ldctl_oid == NULL ) {
ldap_control_free( ctrl );
return LDAP_NO_MEMORY;
}
}
if ( value && !BER_BVISNULL( value ) ) {
if ( dupval ) {
ber_dupbv( &ctrl->ldctl_value, value );
if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
ldap_control_free( ctrl );
return LDAP_NO_MEMORY;
}
} else {
ctrl->ldctl_value = *value;
}
}
*ctrlp = ctrl;
return LDAP_SUCCESS;
}
/*
* check for critical client controls and bitch if present
* if we ever support critical controls, we'll have to
* find a means for maintaining per API call control
* information.
*/
int ldap_int_client_controls( LDAP *ld, LDAPControl **ctrls )
{
LDAPControl *const *c;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
if( ctrls == NULL ) {
/* use default client controls */
ctrls = ld->ld_cctrls;
}
if( ctrls == NULL || *ctrls == NULL ) {
return LDAP_SUCCESS;
}
for( c = ctrls ; *c != NULL; c++ ) {
if( (*c)->ldctl_iscritical ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;
return ld->ld_errno;
}
}
return LDAP_SUCCESS;
}