X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/734e448ee58bbe0de6909534504ca96e5a719b9d..acec9514b1006e352ef283f205ecec75a9b6ff0d:/src/src/lookups/ldap.c diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index cfd384ccb..8d6ac2674 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -2,11 +2,11 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Many thanks to Stuart Lynne for contributing the original code for this -driver. Further contibutions from Michael Haardt, Brian Candler, Barry +driver. Further contributions from Michael Haardt, Brian Candler, Barry Pederson, Peter Savitch and Christian Kellner. Particular thanks to Brian for researching how to handle the different kinds of error. */ @@ -145,7 +145,7 @@ struct timeval *timeoutptr = NULL; uschar *attr; uschar **attrp; -uschar *data = NULL; +gstring * data = NULL; uschar *dn = NULL; uschar *host; uschar **values; @@ -161,9 +161,7 @@ int error_yield = DEFER; int msgid; int rc, ldap_rc, ldap_parse_rc; int port; -int ptr = 0; int rescount = 0; -int size = 0; BOOL attribute_found = FALSE; BOOL ldapi = FALSE; @@ -580,7 +578,7 @@ if (!lcp->bound || { DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n", (lcp->bound)? "re-" : "", user, password); - if (eldap_start_tls && !lcp->is_start_tls_called) + if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi) { #if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS) /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this. @@ -713,11 +711,16 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == LDAP_RES_SEARCH_ENTRY) { LDAPMessage *e; + int valuecount; /* We can see an attr spread across several + entries. If B is derived from A and we request + A and the directory contains both, A and B, + then we get two entries, one for A and one for B. + Here we just count the values per entry */ DEBUG(D_lookup) debug_printf("LDAP result loop\n"); - for(e = ldap_first_entry(lcp->ld, result); - e != NULL; + for(e = ldap_first_entry(lcp->ld, result), valuecount = 0; + e; e = ldap_next_entry(lcp->ld, e)) { uschar *new_dn; @@ -729,7 +732,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == /* Results for multiple entries values are separated by newlines. */ - if (data != NULL) data = string_cat(data, &size, &ptr, US"\n", 1); + if (data) data = string_catn(data, US"\n", 1); /* Get the DN from the last result. */ @@ -757,8 +760,8 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == { /* condition, because of the else */ if (new_dn != NULL) /* below, that's for the first only */ { - data = string_cat(data, &size, &ptr, new_dn, Ustrlen(new_dn)); - data[ptr] = 0; + data = string_cat(data, new_dn); + (void) string_from_gstring(data); attribute_found = TRUE; } } @@ -771,32 +774,36 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == If there are multiple values, they are given within the quotes, comma separated. */ else for (attr = US ldap_first_attribute(lcp->ld, e, &ber); - attr != NULL; - attr = US ldap_next_attribute(lcp->ld, e, ber)) + attr; attr = US ldap_next_attribute(lcp->ld, e, ber)) { DEBUG(D_lookup) debug_printf("LDAP attr loop\n"); + + /* In case of attrs_requested == 1 we just count the values, in all other cases + (0, >1) we count the values per attribute */ + if (attrs_requested != 1) valuecount = 0; + if (attr[0] != 0) { /* Get array of values for this attribute. */ - if ((firstval = values = USS ldap_get_values(lcp->ld, e, CS attr)) - != NULL) + if ((firstval = values = USS ldap_get_values(lcp->ld, e, CS attr))) { if (attrs_requested != 1) { if (insert_space) - data = string_cat(data, &size, &ptr, US" ", 1); + data = string_catn(data, US" ", 1); else insert_space = TRUE; - data = string_cat(data, &size, &ptr, attr, Ustrlen(attr)); - data = string_cat(data, &size, &ptr, US"=\"", 2); + data = string_cat(data, attr); + data = string_catn(data, US"=\"", 2); } - while (*values != NULL) + while (*values) { uschar *value = *values; int len = Ustrlen(value); + ++valuecount; DEBUG(D_lookup) debug_printf("LDAP value loop %s:%s\n", attr, value); @@ -806,8 +813,8 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == then query for A.) In all other cases we detect the different attribute and append only every non first value. */ - if ((attr_count == 1 && data) || (values != firstval)) - data = string_cat(data, &size, &ptr, US",", 1); + if (data && valuecount > 1) + data = string_catn(data, US",", 1); /* For multiple attributes, the data is in quotes. We must escape internal quotes, backslashes, newlines, and must double commas. */ @@ -818,14 +825,14 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == for (j = 0; j < len; j++) { if (value[j] == '\n') - data = string_cat(data, &size, &ptr, US"\\n", 2); + data = string_catn(data, US"\\n", 2); else if (value[j] == ',') - data = string_cat(data, &size, &ptr, US",,", 2); + data = string_catn(data, US",,", 2); else { if (value[j] == '\"' || value[j] == '\\') - data = string_cat(data, &size, &ptr, US"\\", 1); - data = string_cat(data, &size, &ptr, value+j, 1); + data = string_catn(data, US"\\", 1); + data = string_catn(data, value+j, 1); } } } @@ -836,12 +843,10 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == { int j; for (j = 0; j < len; j++) - { if (value[j] == ',') - data = string_cat(data, &size, &ptr, US",,", 2); + data = string_catn(data, US",,", 2); else - data = string_cat(data, &size, &ptr, value+j, 1); - } + data = string_catn(data, value+j, 1); } @@ -854,7 +859,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == /* Closing quote at the end of the data for a named attribute. */ if (attrs_requested != 1) - data = string_cat(data, &size, &ptr, US"\"", 1); + data = string_catn(data, US"\"", 1); /* Free the values */ @@ -881,15 +886,15 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == /* Terminate the dynamic string that we have built and reclaim unused store */ -if (data != NULL) +if (data) { - data[ptr] = 0; - store_reset(data + ptr + 1); + (void) string_from_gstring(data); + store_reset(data->s + data->ptr + 1); } /* Copy the last dn into eldap_dn */ -if (dn != NULL) +if (dn) { eldap_dn = string_copy(dn); #if defined LDAP_LIB_NETSCAPE || defined LDAP_LIB_OPENLDAP2 @@ -1068,8 +1073,8 @@ if (!attribute_found) /* Otherwise, it's all worked */ -DEBUG(D_lookup) debug_printf("LDAP search: returning: %s\n", data); -*res = data; +DEBUG(D_lookup) debug_printf("LDAP search: returning: %s\n", data->s); +*res = data->s; RETURN_OK: if (result != NULL) ldap_msgfree(result);