1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 *
4 * Copyright 1998-2021 The OpenLDAP Foundation.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
9 * Public License.
10 *
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
14 */
15
16 #include "portable.h"
17
18 #include <stdio.h>
19 #include <ac/stdlib.h>
20
21 #include <ac/socket.h>
22 #include <ac/string.h>
23 #include <ac/time.h>
24
25 #include "ldap-int.h"
26 #include "ldap_log.h"
27
28 BerElement *
ldap_build_extended_req(LDAP * ld,LDAP_CONST char * reqoid,struct berval * reqdata,LDAPControl ** sctrls,LDAPControl ** cctrls,ber_int_t * msgidp)29 ldap_build_extended_req(
30 LDAP *ld,
31 LDAP_CONST char *reqoid,
32 struct berval *reqdata,
33 LDAPControl **sctrls,
34 LDAPControl **cctrls,
35 ber_int_t *msgidp )
36 {
37 BerElement *ber;
38 int rc;
39
40 /* create a message to send */
41 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
42 return( NULL );
43 }
44
45 LDAP_NEXT_MSGID( ld, *msgidp );
46 if ( reqdata != NULL ) {
47 rc = ber_printf( ber, "{it{tstON}", /* '}' */
48 *msgidp, LDAP_REQ_EXTENDED,
49 LDAP_TAG_EXOP_REQ_OID, reqoid,
50 LDAP_TAG_EXOP_REQ_VALUE, reqdata );
51
52 } else {
53 rc = ber_printf( ber, "{it{tsN}", /* '}' */
54 *msgidp, LDAP_REQ_EXTENDED,
55 LDAP_TAG_EXOP_REQ_OID, reqoid );
56 }
57
58 if( rc == -1 ) {
59 ld->ld_errno = LDAP_ENCODING_ERROR;
60 ber_free( ber, 1 );
61 return( NULL );
62 }
63
64 /* Put Server Controls */
65 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
66 ber_free( ber, 1 );
67 return( NULL );
68 }
69
70 if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
71 ld->ld_errno = LDAP_ENCODING_ERROR;
72 ber_free( ber, 1 );
73 return( NULL );
74 }
75
76 return( ber );
77 }
78
79 /*
80 * LDAPv3 Extended Operation Request
81 * ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
82 * requestName [0] LDAPOID,
83 * requestValue [1] OCTET STRING OPTIONAL
84 * }
85 *
86 * LDAPv3 Extended Operation Response
87 * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
88 * COMPONENTS OF LDAPResult,
89 * responseName [10] LDAPOID OPTIONAL,
90 * response [11] OCTET STRING OPTIONAL
91 * }
92 *
93 * (Source RFC 4511)
94 */
95
96 int
ldap_extended_operation(LDAP * ld,LDAP_CONST char * reqoid,struct berval * reqdata,LDAPControl ** sctrls,LDAPControl ** cctrls,int * msgidp)97 ldap_extended_operation(
98 LDAP *ld,
99 LDAP_CONST char *reqoid,
100 struct berval *reqdata,
101 LDAPControl **sctrls,
102 LDAPControl **cctrls,
103 int *msgidp )
104 {
105 BerElement *ber;
106 ber_int_t id;
107
108 Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation\n" );
109
110 assert( ld != NULL );
111 assert( LDAP_VALID( ld ) );
112 assert( reqoid != NULL && *reqoid != '\0' );
113 assert( msgidp != NULL );
114
115 /* must be version 3 (or greater) */
116 if ( ld->ld_version < LDAP_VERSION3 ) {
117 ld->ld_errno = LDAP_NOT_SUPPORTED;
118 return( ld->ld_errno );
119 }
120
121 ber = ldap_build_extended_req( ld, reqoid, reqdata,
122 sctrls, cctrls, &id );
123 if ( !ber )
124 return( ld->ld_errno );
125
126 /* send the message */
127 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_EXTENDED, NULL, ber, id );
128
129 return( *msgidp < 0 ? ld->ld_errno : LDAP_SUCCESS );
130 }
131
132 int
ldap_extended_operation_s(LDAP * ld,LDAP_CONST char * reqoid,struct berval * reqdata,LDAPControl ** sctrls,LDAPControl ** cctrls,char ** retoidp,struct berval ** retdatap)133 ldap_extended_operation_s(
134 LDAP *ld,
135 LDAP_CONST char *reqoid,
136 struct berval *reqdata,
137 LDAPControl **sctrls,
138 LDAPControl **cctrls,
139 char **retoidp,
140 struct berval **retdatap )
141 {
142 int rc;
143 int msgid;
144 LDAPMessage *res;
145
146 Debug0( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n" );
147
148 assert( ld != NULL );
149 assert( LDAP_VALID( ld ) );
150 assert( reqoid != NULL && *reqoid != '\0' );
151
152 rc = ldap_extended_operation( ld, reqoid, reqdata,
153 sctrls, cctrls, &msgid );
154
155 if ( rc != LDAP_SUCCESS ) {
156 return( rc );
157 }
158
159 if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
160 return( ld->ld_errno );
161 }
162
163 if ( retoidp != NULL ) *retoidp = NULL;
164 if ( retdatap != NULL ) *retdatap = NULL;
165
166 rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
167
168 if( rc != LDAP_SUCCESS ) {
169 ldap_msgfree( res );
170 return rc;
171 }
172
173 return( ldap_result2error( ld, res, 1 ) );
174 }
175
176 /* Parse an extended result */
177 int
ldap_parse_extended_result(LDAP * ld,LDAPMessage * res,char ** retoidp,struct berval ** retdatap,int freeit)178 ldap_parse_extended_result (
179 LDAP *ld,
180 LDAPMessage *res,
181 char **retoidp,
182 struct berval **retdatap,
183 int freeit )
184 {
185 BerElement *ber;
186 ber_tag_t rc;
187 ber_tag_t tag;
188 ber_len_t len;
189 struct berval *resdata;
190 ber_int_t errcode;
191 char *resoid;
192
193 assert( ld != NULL );
194 assert( LDAP_VALID( ld ) );
195 assert( res != NULL );
196
197 Debug0( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n" );
198
199 if( ld->ld_version < LDAP_VERSION3 ) {
200 ld->ld_errno = LDAP_NOT_SUPPORTED;
201 return ld->ld_errno;
202 }
203
204 if( res->lm_msgtype != LDAP_RES_EXTENDED ) {
205 ld->ld_errno = LDAP_PARAM_ERROR;
206 return ld->ld_errno;
207 }
208
209 if( retoidp != NULL ) *retoidp = NULL;
210 if( retdatap != NULL ) *retdatap = NULL;
211
212 if ( ld->ld_error ) {
213 LDAP_FREE( ld->ld_error );
214 ld->ld_error = NULL;
215 }
216
217 if ( ld->ld_matched ) {
218 LDAP_FREE( ld->ld_matched );
219 ld->ld_matched = NULL;
220 }
221
222 ber = ber_dup( res->lm_ber );
223
224 if ( ber == NULL ) {
225 ld->ld_errno = LDAP_NO_MEMORY;
226 return ld->ld_errno;
227 }
228
229 rc = ber_scanf( ber, "{eAA" /*}*/, &errcode,
230 &ld->ld_matched, &ld->ld_error );
231
232 if( rc == LBER_ERROR ) {
233 ld->ld_errno = LDAP_DECODING_ERROR;
234 ber_free( ber, 0 );
235 return ld->ld_errno;
236 }
237
238 resoid = NULL;
239 resdata = NULL;
240
241 tag = ber_peek_tag( ber, &len );
242
243 if( tag == LDAP_TAG_REFERRAL ) {
244 /* skip over referral */
245 if( ber_scanf( ber, "x" ) == LBER_ERROR ) {
246 ld->ld_errno = LDAP_DECODING_ERROR;
247 ber_free( ber, 0 );
248 return ld->ld_errno;
249 }
250
251 tag = ber_peek_tag( ber, &len );
252 }
253
254 if( tag == LDAP_TAG_EXOP_RES_OID ) {
255 /* we have a resoid */
256 if( ber_scanf( ber, "a", &resoid ) == LBER_ERROR ) {
257 ld->ld_errno = LDAP_DECODING_ERROR;
258 ber_free( ber, 0 );
259 return ld->ld_errno;
260 }
261
262 assert( resoid[ 0 ] != '\0' );
263
264 tag = ber_peek_tag( ber, &len );
265 }
266
267 if( tag == LDAP_TAG_EXOP_RES_VALUE ) {
268 /* we have a resdata */
269 if( ber_scanf( ber, "O", &resdata ) == LBER_ERROR ) {
270 ld->ld_errno = LDAP_DECODING_ERROR;
271 ber_free( ber, 0 );
272 if( resoid != NULL ) LDAP_FREE( resoid );
273 return ld->ld_errno;
274 }
275 }
276
277 ber_free( ber, 0 );
278
279 if( retoidp != NULL ) {
280 *retoidp = resoid;
281 } else {
282 LDAP_FREE( resoid );
283 }
284
285 if( retdatap != NULL ) {
286 *retdatap = resdata;
287 } else {
288 ber_bvfree( resdata );
289 }
290
291 ld->ld_errno = errcode;
292
293 if( freeit ) {
294 ldap_msgfree( res );
295 }
296
297 return LDAP_SUCCESS;
298 }
299
300
301 /* Parse an extended partial */
302 int
ldap_parse_intermediate(LDAP * ld,LDAPMessage * res,char ** retoidp,struct berval ** retdatap,LDAPControl *** serverctrls,int freeit)303 ldap_parse_intermediate (
304 LDAP *ld,
305 LDAPMessage *res,
306 char **retoidp,
307 struct berval **retdatap,
308 LDAPControl ***serverctrls,
309 int freeit )
310 {
311 BerElement *ber;
312 ber_tag_t tag;
313 ber_len_t len;
314 struct berval *resdata;
315 char *resoid;
316
317 assert( ld != NULL );
318 assert( LDAP_VALID( ld ) );
319 assert( res != NULL );
320
321 Debug0( LDAP_DEBUG_TRACE, "ldap_parse_intermediate\n" );
322
323 if( ld->ld_version < LDAP_VERSION3 ) {
324 ld->ld_errno = LDAP_NOT_SUPPORTED;
325 return ld->ld_errno;
326 }
327
328 if( res->lm_msgtype != LDAP_RES_INTERMEDIATE ) {
329 ld->ld_errno = LDAP_PARAM_ERROR;
330 return ld->ld_errno;
331 }
332
333 if( retoidp != NULL ) *retoidp = NULL;
334 if( retdatap != NULL ) *retdatap = NULL;
335 if( serverctrls != NULL ) *serverctrls = NULL;
336
337 ber = ber_dup( res->lm_ber );
338
339 if ( ber == NULL ) {
340 ld->ld_errno = LDAP_NO_MEMORY;
341 return ld->ld_errno;
342 }
343
344 tag = ber_scanf( ber, "{" /*}*/ );
345
346 if( tag == LBER_ERROR ) {
347 ld->ld_errno = LDAP_DECODING_ERROR;
348 ber_free( ber, 0 );
349 return ld->ld_errno;
350 }
351
352 resoid = NULL;
353 resdata = NULL;
354
355 tag = ber_peek_tag( ber, &len );
356
357 /*
358 * NOTE: accept intermediate and extended response tag values
359 * as older versions of slapd(8) incorrectly used extended
360 * response tags.
361 * Should be removed when 2.2 is moved to Historic.
362 */
363 if( tag == LDAP_TAG_IM_RES_OID || tag == LDAP_TAG_EXOP_RES_OID ) {
364 /* we have a resoid */
365 if( ber_scanf( ber, "a", &resoid ) == LBER_ERROR ) {
366 ld->ld_errno = LDAP_DECODING_ERROR;
367 ber_free( ber, 0 );
368 return ld->ld_errno;
369 }
370
371 assert( resoid[ 0 ] != '\0' );
372
373 tag = ber_peek_tag( ber, &len );
374 }
375
376 if( tag == LDAP_TAG_IM_RES_VALUE || tag == LDAP_TAG_EXOP_RES_VALUE ) {
377 /* we have a resdata */
378 if( ber_scanf( ber, "O", &resdata ) == LBER_ERROR ) {
379 ld->ld_errno = LDAP_DECODING_ERROR;
380 ber_free( ber, 0 );
381 if( resoid != NULL ) LDAP_FREE( resoid );
382 return ld->ld_errno;
383 }
384 }
385
386 if ( serverctrls == NULL ) {
387 ld->ld_errno = LDAP_SUCCESS;
388 goto free_and_return;
389 }
390
391 if ( ber_scanf( ber, /*{*/ "}" ) == LBER_ERROR ) {
392 ld->ld_errno = LDAP_DECODING_ERROR;
393 goto free_and_return;
394 }
395
396 ld->ld_errno = ldap_pvt_get_controls( ber, serverctrls );
397
398 free_and_return:
399 ber_free( ber, 0 );
400
401 if( retoidp != NULL ) {
402 *retoidp = resoid;
403 } else {
404 LDAP_FREE( resoid );
405 }
406
407 if( retdatap != NULL ) {
408 *retdatap = resdata;
409 } else {
410 ber_bvfree( resdata );
411 }
412
413 if( freeit ) {
414 ldap_msgfree( res );
415 }
416
417 return ld->ld_errno;
418 }
419
420