diff options
author | molotkov-and <molotkov-and@ydb.tech> | 2023-08-18 17:20:47 +0300 |
---|---|---|
committer | molotkov-and <molotkov-and@ydb.tech> | 2023-08-18 19:42:07 +0300 |
commit | 73215359bc33e76f5b94d1832a377072bf245cfc (patch) | |
tree | 9cb8ad61d8c3cd107353d42951560ff3cf1b966d /contrib/libs/openldap/libraries/libldap/os-ip.c | |
parent | 1cbfd34a55732f7b1d407986b45e40853f01f2c2 (diff) | |
download | ydb-73215359bc33e76f5b94d1832a377072bf245cfc.tar.gz |
KIKIMR-18220: Enrich token with groups from LDAP
Add ldap functions wrapper and separate in different files for compatibility with different OS.
Add user groups fetching from ldap server.
Limitations:
- Fixed 'memberOf' attribute
- No tests to check how filter for search created
- Fetched groups are returned in event as is.
Diffstat (limited to 'contrib/libs/openldap/libraries/libldap/os-ip.c')
-rw-r--r-- | contrib/libs/openldap/libraries/libldap/os-ip.c | 1265 |
1 files changed, 1265 insertions, 0 deletions
diff --git a/contrib/libs/openldap/libraries/libldap/os-ip.c b/contrib/libs/openldap/libraries/libldap/os-ip.c new file mode 100644 index 0000000000..a84735e7af --- /dev/null +++ b/contrib/libs/openldap/libraries/libldap/os-ip.c @@ -0,0 +1,1265 @@ +/* os-ip.c -- platform-specific TCP & UDP related code */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 1998-2022 The OpenLDAP Foundation. + * Portions Copyright 1999 Lars Uffmann. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* Portions Copyright (c) 1995 Regents of the University of Michigan. + * All rights reserved. + */ +/* Significant additional contributors include: + * Lars Uffman + */ + +#include "portable.h" + +#include <stdio.h> + +#include <ac/stdlib.h> + +#include <ac/errno.h> +#include <ac/socket.h> +#include <ac/string.h> +#include <ac/time.h> +#include <ac/unistd.h> + +#ifdef HAVE_IO_H +#include <io.h> +#endif /* HAVE_IO_H */ +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + +#include "ldap-int.h" + +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) +# ifdef LDAP_PF_INET6 +int ldap_int_inet4or6 = AF_UNSPEC; +# else +int ldap_int_inet4or6 = AF_INET; +# endif +#endif + +static void +ldap_pvt_set_errno(int err) +{ + sock_errset(err); +} + +int +ldap_int_timeval_dup( struct timeval **dest, const struct timeval *src ) +{ + struct timeval *new; + + assert( dest != NULL ); + + if (src == NULL) { + *dest = NULL; + return 0; + } + + new = (struct timeval *) LDAP_MALLOC(sizeof(struct timeval)); + + if( new == NULL ) { + *dest = NULL; + return 1; + } + + AC_MEMCPY( (char *) new, (const char *) src, sizeof(struct timeval)); + + *dest = new; + return 0; +} + +static int +ldap_pvt_ndelay_on(LDAP *ld, int fd) +{ + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_on: %d\n",fd ); + return ber_pvt_socket_set_nonblock( fd, 1 ); +} + +static int +ldap_pvt_ndelay_off(LDAP *ld, int fd) +{ + Debug1(LDAP_DEBUG_TRACE, "ldap_ndelay_off: %d\n",fd ); + return ber_pvt_socket_set_nonblock( fd, 0 ); +} + +static ber_socket_t +ldap_int_socket(LDAP *ld, int family, int type ) +{ + ber_socket_t s = socket(family, type, 0); + Debug1(LDAP_DEBUG_TRACE, "ldap_new_socket: %d\n",s ); +#ifdef FD_CLOEXEC + fcntl(s, F_SETFD, FD_CLOEXEC); +#endif + return ( s ); +} + +static int +ldap_pvt_close_socket(LDAP *ld, int s) +{ + Debug1(LDAP_DEBUG_TRACE, "ldap_close_socket: %d\n",s ); + return tcp_close(s); +} + +static int +ldap_int_prepare_socket(LDAP *ld, int s, int proto ) +{ + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: %d\n", s ); + +#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY ) || defined( TCP_USER_TIMEOUT ) + if ( proto == LDAP_PROTO_TCP ) { + int dummy = 1; +#ifdef SO_KEEPALIVE + if ( setsockopt( s, SOL_SOCKET, SO_KEEPALIVE, + (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "setsockopt(%d, SO_KEEPALIVE) failed (ignored).\n", + s ); + } + if ( ld->ld_options.ldo_keepalive_idle > 0 ) + { +#ifdef TCP_KEEPIDLE + if ( setsockopt( s, IPPROTO_TCP, TCP_KEEPIDLE, + (void*) &ld->ld_options.ldo_keepalive_idle, + sizeof(ld->ld_options.ldo_keepalive_idle) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " + "setsockopt(%d, TCP_KEEPIDLE) failed (ignored).\n", + s ); + } +#else + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPIDLE not supported on this system.\n" ); +#endif /* TCP_KEEPIDLE */ + } + if ( ld->ld_options.ldo_keepalive_probes > 0 ) + { +#ifdef TCP_KEEPCNT + if ( setsockopt( s, IPPROTO_TCP, TCP_KEEPCNT, + (void*) &ld->ld_options.ldo_keepalive_probes, + sizeof(ld->ld_options.ldo_keepalive_probes) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " + "setsockopt(%d, TCP_KEEPCNT) failed (ignored).\n", + s ); + } +#else + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPCNT not supported on this system.\n" ); +#endif /* TCP_KEEPCNT */ + } + if ( ld->ld_options.ldo_keepalive_interval > 0 ) + { +#ifdef TCP_KEEPINTVL + if ( setsockopt( s, IPPROTO_TCP, TCP_KEEPINTVL, + (void*) &ld->ld_options.ldo_keepalive_interval, + sizeof(ld->ld_options.ldo_keepalive_interval) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " + "setsockopt(%d, TCP_KEEPINTVL) failed (ignored).\n", + s ); + } +#else + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_KEEPINTVL not supported on this system.\n" ); +#endif /* TCP_KEEPINTVL */ + } +#endif /* SO_KEEPALIVE */ +#ifdef TCP_NODELAY + if ( setsockopt( s, IPPROTO_TCP, TCP_NODELAY, + (char*) &dummy, sizeof(dummy) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "setsockopt(%d, TCP_NODELAY) failed (ignored).\n", + s ); + } +#endif /* TCP_NODELAY */ + if ( ld->ld_options.ldo_tcp_user_timeout > 0 ) + { +#ifdef TCP_USER_TIMEOUT + if ( setsockopt( s, IPPROTO_TCP, TCP_USER_TIMEOUT, + (void*) &ld->ld_options.ldo_tcp_user_timeout, + sizeof(ld->ld_options.ldo_tcp_user_timeout) ) == AC_SOCKET_ERROR ) + { + Debug1(LDAP_DEBUG_TRACE, + "ldap_prepare_socket: " + "setsockopt(%d, TCP_USER_TIMEOUT) failed (ignored).\n", + s ); + } +#else + Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: " + "sockopt TCP_USER_TIMEOUT not supported on this system.\n" ); +#endif /* TCP_USER_TIMEOUT */ + } + } +#endif /* SO_KEEPALIVE || TCP_NODELAY || TCP_USER_TIMEOUT */ + + return 0; +} + +#ifndef HAVE_WINSOCK + +#undef TRACE +#define TRACE do { \ + char ebuf[128]; \ + int saved_errno = errno; \ + Debug3(LDAP_DEBUG_TRACE, "ldap_is_socket_ready: error on socket %d: errno: %d (%s)\n", \ + s, \ + saved_errno, \ + sock_errstr(saved_errno, ebuf, sizeof(ebuf)) ); \ +} while( 0 ) + +/* + * check the socket for errors after select returned. + */ +static int +ldap_pvt_is_socket_ready(LDAP *ld, int s) +{ + Debug1(LDAP_DEBUG_TRACE, "ldap_is_sock_ready: %d\n",s ); + +#if defined( notyet ) /* && defined( SO_ERROR ) */ +{ + int so_errno; + ber_socklen_t dummy = sizeof(so_errno); + if ( getsockopt( s, SOL_SOCKET, SO_ERROR, &so_errno, &dummy ) + == AC_SOCKET_ERROR ) + { + return -1; + } + if ( so_errno ) { + ldap_pvt_set_errno(so_errno); + TRACE; + return -1; + } + return 0; +} +#else +{ + /* error slippery */ +#ifdef LDAP_PF_INET6 + struct sockaddr_storage sin; +#else + struct sockaddr_in sin; +#endif + char ch; + ber_socklen_t dummy = sizeof(sin); + if ( getpeername( s, (struct sockaddr *) &sin, &dummy ) + == AC_SOCKET_ERROR ) + { + /* XXX: needs to be replace with ber_stream_read() */ + (void)!read(s, &ch, 1); + TRACE; + return -1; + } + return 0; +} +#endif + return -1; +} +#undef TRACE + +#endif /* HAVE_WINSOCK */ + +/* NOTE: this is identical to analogous code in os-local.c */ +int +ldap_int_poll( + LDAP *ld, + ber_socket_t s, + struct timeval *tvp, + int wr ) +{ + int rc; + + + Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n", + s, tvp ? tvp->tv_sec : -1L ); + +#ifdef HAVE_POLL + { + struct pollfd fd; + int timeout = INFTIM; + short event = wr ? POLL_WRITE : POLL_READ; + + fd.fd = s; + fd.events = event; + + if ( tvp != NULL ) { + timeout = TV2MILLISEC( tvp ); + } + do { + fd.revents = 0; + rc = poll( &fd, 1, timeout ); + + } while ( rc == AC_SOCKET_ERROR && errno == EINTR && + LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ) ); + + if ( rc == AC_SOCKET_ERROR ) { + return rc; + } + + if ( timeout == 0 && rc == 0 ) { + return -2; + } + + if ( fd.revents & event ) { + if ( ldap_pvt_is_socket_ready( ld, s ) == -1 ) { + return -1; + } + + if ( ldap_pvt_ndelay_off( ld, s ) == -1 ) { + return -1; + } + return 0; + } + } +#else + { + fd_set wfds, *z = NULL; +#ifdef HAVE_WINSOCK + fd_set efds; +#endif + struct timeval tv = { 0 }; + +#if defined( FD_SETSIZE ) && !defined( HAVE_WINSOCK ) + if ( s >= FD_SETSIZE ) { + rc = AC_SOCKET_ERROR; + tcp_close( s ); + ldap_pvt_set_errno( EMFILE ); + return rc; + } +#endif + + if ( tvp != NULL ) { + tv = *tvp; + } + + do { + FD_ZERO(&wfds); + FD_SET(s, &wfds ); + +#ifdef HAVE_WINSOCK + FD_ZERO(&efds); + FD_SET(s, &efds ); +#endif + + rc = select( ldap_int_tblsize, z, &wfds, +#ifdef HAVE_WINSOCK + &efds, +#else + z, +#endif + tvp ? &tv : NULL ); + } while ( rc == AC_SOCKET_ERROR && errno == EINTR && + LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ) ); + + if ( rc == AC_SOCKET_ERROR ) { + return rc; + } + + if ( rc == 0 && tvp && tvp->tv_sec == 0 && tvp->tv_usec == 0 ) { + return -2; + } + +#ifdef HAVE_WINSOCK + /* This means the connection failed */ + if ( FD_ISSET(s, &efds) ) { + int so_errno; + ber_socklen_t dummy = sizeof(so_errno); + if ( getsockopt( s, SOL_SOCKET, SO_ERROR, + (char *) &so_errno, &dummy ) == AC_SOCKET_ERROR || !so_errno ) + { + /* impossible */ + so_errno = WSAGetLastError(); + } + ldap_pvt_set_errno( so_errno ); + Debug3(LDAP_DEBUG_TRACE, + "ldap_int_poll: error on socket %d: " + "errno: %d (%s)\n", s, so_errno, sock_errstr( so_errno, dummy, dummy )); + return -1; + } +#endif + if ( FD_ISSET(s, &wfds) ) { +#ifndef HAVE_WINSOCK + if ( ldap_pvt_is_socket_ready( ld, s ) == -1 ) { + return -1; + } +#endif + if ( ldap_pvt_ndelay_off(ld, s) == -1 ) { + return -1; + } + return 0; + } + } +#endif + + Debug0(LDAP_DEBUG_TRACE, "ldap_int_poll: timed out\n" ); + ldap_pvt_set_errno( ETIMEDOUT ); + return -1; +} + +static int +ldap_pvt_connect(LDAP *ld, ber_socket_t s, + struct sockaddr *sin, ber_socklen_t addrlen, + int async) +{ + int rc, err; + struct timeval tv, *opt_tv = NULL; + +#ifdef LDAP_CONNECTIONLESS + /* We could do a connect() but that would interfere with + * attempts to poll a broadcast address + */ + if (LDAP_IS_UDP(ld)) { + if (ld->ld_options.ldo_peer) + ldap_memfree(ld->ld_options.ldo_peer); + ld->ld_options.ldo_peer=ldap_memcalloc(1, sizeof(struct sockaddr_storage)); + AC_MEMCPY(ld->ld_options.ldo_peer,sin,addrlen); + return ( 0 ); + } +#endif + if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) { + tv = ld->ld_options.ldo_tm_net; + opt_tv = &tv; + } + + Debug3(LDAP_DEBUG_TRACE, + "ldap_pvt_connect: fd: %d tm: %ld async: %d\n", + s, opt_tv ? tv.tv_sec : -1L, async); + + if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 ) + return ( -1 ); + + do{ + Debug0(LDAP_DEBUG_TRACE, "attempting to connect: \n" ); + if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) { + Debug0(LDAP_DEBUG_TRACE, "connect success\n" ); + + if ( !async && opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 ) + return ( -1 ); + return ( 0 ); + } + err = sock_errno(); + Debug1(LDAP_DEBUG_TRACE, "connect errno: %d\n", err ); + + } while(err == EINTR && + LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART )); + + if ( err != EINPROGRESS && err != EWOULDBLOCK ) { + return ( -1 ); + } + + if ( async ) { + /* caller will call ldap_int_poll() as appropriate? */ + return ( -2 ); + } + + rc = ldap_int_poll( ld, s, opt_tv, 1 ); + + Debug1(LDAP_DEBUG_TRACE, "ldap_pvt_connect: %d\n", rc ); + + return rc; +} + +#ifndef HAVE_INET_ATON +int +ldap_pvt_inet_aton( const char *host, struct in_addr *in) +{ + unsigned long u = inet_addr( host ); + +#ifdef INADDR_NONE + if ( u == INADDR_NONE ) return 0; +#endif + if ( u == 0xffffffffUL || u == (unsigned long) -1L ) return 0; + + in->s_addr = u; + return 1; +} +#endif + +int +ldap_validate_and_fill_sourceip (char** source_ip_lst, ldapsourceip* temp_source_ip ) +{ + int i = 0; + int rc = LDAP_PARAM_ERROR; + + for ( i = 0; source_ip_lst[i] != NULL; i++ ) { + Debug1( LDAP_DEBUG_TRACE, + "ldap_validate_and_fill_sourceip(%s)\n", + source_ip_lst[i] ); + + if ( !temp_source_ip->has_ipv4 ) { + if ( inet_aton( source_ip_lst[i], &temp_source_ip->ip4_addr ) ) { + temp_source_ip->has_ipv4 = 1; + rc = LDAP_OPT_SUCCESS; + continue; + } + } +#ifdef LDAP_PF_INET6 + if ( !temp_source_ip->has_ipv6 ) { + if ( inet_pton( AF_INET6, source_ip_lst[i], + & temp_source_ip->ip6_addr ) ) { + temp_source_ip->has_ipv6 = 1; + rc = LDAP_OPT_SUCCESS; + continue; + } + } +#endif + memset( temp_source_ip, 0, sizeof( * (temp_source_ip ) ) ); + Debug1( LDAP_DEBUG_TRACE, + "ldap_validate_and_fill_sourceip: validation failed for (%s)\n", + source_ip_lst[i] ); + break; + } + return rc; +} + +int +ldap_int_connect_cbs(LDAP *ld, Sockbuf *sb, ber_socket_t *s, LDAPURLDesc *srv, struct sockaddr *addr) +{ + struct ldapoptions *lo; + ldaplist *ll; + ldap_conncb *cb; + int rc; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, s ); + + /* Invoke all handle-specific callbacks first */ + lo = &ld->ld_options; + for (ll = lo->ldo_conn_cbs; ll; ll = ll->ll_next) { + cb = ll->ll_data; + rc = cb->lc_add( ld, sb, srv, addr, cb ); + /* on any failure, call the teardown functions for anything + * that previously succeeded + */ + if ( rc ) { + ldaplist *l2; + for (l2 = lo->ldo_conn_cbs; l2 != ll; l2 = l2->ll_next) { + cb = l2->ll_data; + cb->lc_del( ld, sb, cb ); + } + /* a failure might have implicitly closed the fd */ + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, s ); + return rc; + } + } + lo = LDAP_INT_GLOBAL_OPT(); + for (ll = lo->ldo_conn_cbs; ll; ll = ll->ll_next) { + cb = ll->ll_data; + rc = cb->lc_add( ld, sb, srv, addr, cb ); + if ( rc ) { + ldaplist *l2; + for (l2 = lo->ldo_conn_cbs; l2 != ll; l2 = l2->ll_next) { + cb = l2->ll_data; + cb->lc_del( ld, sb, cb ); + } + lo = &ld->ld_options; + for (l2 = lo->ldo_conn_cbs; l2; l2 = l2->ll_next) { + cb = l2->ll_data; + cb->lc_del( ld, sb, cb ); + } + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, s ); + return rc; + } + } + return 0; +} + +int +ldap_connect_to_host(LDAP *ld, Sockbuf *sb, + int proto, LDAPURLDesc *srv, + int async ) +{ + int rc; + int socktype, port; + ber_socket_t s = AC_SOCKET_INVALID; + char *host; + +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + char serv[7]; + int err; + struct addrinfo hints, *res, *sai; +#else + int i; + int use_hp = 0; + struct hostent *hp = NULL; + struct hostent he_buf; + struct in_addr in; + char *ha_buf=NULL; +#endif + + if ( srv->lud_host == NULL || *srv->lud_host == 0 ) { + host = "localhost"; + } else { + host = srv->lud_host; + } + + port = srv->lud_port; + + if( !port ) { + if( strcmp(srv->lud_scheme, "ldaps") == 0 ) { + port = LDAPS_PORT; + } else { + port = LDAP_PORT; + } + } + + switch(proto) { + case LDAP_PROTO_TCP: socktype = SOCK_STREAM; + Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: TCP %s:%d\n", + host, port ); + break; + case LDAP_PROTO_UDP: socktype = SOCK_DGRAM; + Debug2(LDAP_DEBUG_TRACE, "ldap_connect_to_host: UDP %s:%d\n", + host, port ); + break; + default: + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: unknown proto: %d\n", + proto ); + return -1; + } + +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + memset( &hints, '\0', sizeof(hints) ); +#ifdef USE_AI_ADDRCONFIG /* FIXME: configure test needed */ + /* Use AI_ADDRCONFIG only on systems where its known to be needed. */ + hints.ai_flags = AI_ADDRCONFIG; +#endif + hints.ai_family = ldap_int_inet4or6; + hints.ai_socktype = socktype; + snprintf(serv, sizeof serv, "%d", port ); + + /* most getaddrinfo(3) use non-threadsafe resolver libraries */ + LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); + + err = getaddrinfo( host, serv, &hints, &res ); + + LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); + + if ( err != 0 ) { + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo failed: %s\n", + AC_GAI_STRERROR(err) ); + return -1; + } + rc = -1; + + for( sai=res; sai != NULL; sai=sai->ai_next) { + unsigned short bind_success = 1; + if( sai->ai_addr == NULL ) { + Debug0(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo " + "ai_addr is NULL?\n" ); + continue; + } + +#ifndef LDAP_PF_INET6 + if ( sai->ai_family == AF_INET6 ) continue; +#endif + /* we assume AF_x and PF_x are equal for all x */ + s = ldap_int_socket( ld, sai->ai_family, socktype ); + if ( s == AC_SOCKET_INVALID ) { + continue; + } + + if ( ldap_int_prepare_socket(ld, s, proto ) == -1 ) { + ldap_pvt_close_socket(ld, s); + break; + } + + switch (sai->ai_family) { +#ifdef LDAP_PF_INET6 + case AF_INET6: { + char addr[INET6_ADDRSTRLEN]; + inet_ntop( AF_INET6, + &((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr, + addr, sizeof addr); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s %s\n", + addr, serv ); + if( ld->ld_options.ldo_local_ip_addrs.has_ipv6 ) { + struct sockaddr_in6 ip6addr; + char bind_addr[INET6_ADDRSTRLEN]; + ip6addr.sin6_family = AF_INET6; + ip6addr.sin6_port = 0; + ip6addr.sin6_addr = ld->ld_options.ldo_local_ip_addrs.ip6_addr; + inet_ntop( AF_INET6, + &(ip6addr.sin6_addr), + bind_addr, sizeof bind_addr ); + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: From source address %s\n", + bind_addr ); + if ( bind( s, ( struct sockaddr* ) &ip6addr, sizeof ip6addr ) != 0 ) { + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Failed to bind source address %s\n", + bind_addr ); + bind_success = 0; + } + } + } break; +#endif + case AF_INET: { + char addr[INET_ADDRSTRLEN]; + inet_ntop( AF_INET, + &((struct sockaddr_in *)sai->ai_addr)->sin_addr, + addr, sizeof addr); + Debug2(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s:%s\n", + addr, serv ); + if( ld->ld_options.ldo_local_ip_addrs.has_ipv4 ) { + struct sockaddr_in ip4addr; + char bind_addr[INET_ADDRSTRLEN]; + ip4addr.sin_family = AF_INET; + ip4addr.sin_port = 0; + ip4addr.sin_addr = ld->ld_options.ldo_local_ip_addrs.ip4_addr; + inet_ntop( AF_INET, + &(ip4addr.sin_addr), + bind_addr, sizeof bind_addr ); + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: From source address %s\n", + bind_addr ); + if ( bind(s, ( struct sockaddr* )&ip4addr, sizeof ip4addr ) != 0 ) { + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Failed to bind source address %s\n", + bind_addr ); + bind_success = 0; + } + } + } break; + } + if ( bind_success ) { + rc = ldap_pvt_connect( ld, s, + sai->ai_addr, sai->ai_addrlen, async ); + if ( rc == 0 || rc == -2 ) { + err = ldap_int_connect_cbs( ld, sb, &s, srv, sai->ai_addr ); + if ( err ) + rc = err; + else + break; + } + } + ldap_pvt_close_socket(ld, s); + } + freeaddrinfo(res); + +#else + if (! inet_aton( host, &in ) ) { + int local_h_errno; + rc = ldap_pvt_gethostbyname_a( host, &he_buf, &ha_buf, + &hp, &local_h_errno ); + + if ( (rc < 0) || (hp == NULL) ) { +#ifdef HAVE_WINSOCK + ldap_pvt_set_errno( WSAGetLastError() ); +#else + /* not exactly right, but... */ + ldap_pvt_set_errno( EHOSTUNREACH ); +#endif + if (ha_buf) LDAP_FREE(ha_buf); + return -1; + } + + use_hp = 1; + } + + rc = s = -1; + for ( i = 0; !use_hp || (hp->h_addr_list[i] != 0); ++i, rc = -1 ) { + struct sockaddr_in sin; + unsigned short bind_success = 1; +#ifdef HAVE_INET_NTOA_B + char address[INET_ADDR_LEN]; + char bind_addr[INET_ADDR_LEN]; +#else + char *address; + char *bind_addr; +#endif + s = ldap_int_socket( ld, PF_INET, socktype ); + if ( s == AC_SOCKET_INVALID ) { + /* use_hp ? continue : break; */ + break; + } + + if ( ldap_int_prepare_socket( ld, s, proto ) == -1 ) { + ldap_pvt_close_socket(ld, s); + break; + } + + (void)memset((char *)&sin, '\0', sizeof sin); + sin.sin_family = AF_INET; + sin.sin_port = htons((unsigned short) port); + + if( use_hp ) { + AC_MEMCPY( &sin.sin_addr, hp->h_addr_list[i], + sizeof(sin.sin_addr) ); + } else { + AC_MEMCPY( &sin.sin_addr, &in.s_addr, + sizeof(sin.sin_addr) ); + } + +#ifdef HAVE_INET_NTOA_B + /* for VxWorks */ + inet_ntoa_b( sin.sin_address, address ); +#else + address = inet_ntoa( sin.sin_addr ); +#endif + Debug2( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Trying %s:%d\n", + address, port ); + if( ld->ld_options.ldo_local_ip_addrs.has_ipv4 ) { + struct sockaddr_in ip4addr; + ip4addr.sin_family = AF_INET; + ip4addr.sin_addr = ld->ld_options.ldo_local_ip_addrs.ip4_addr; +#ifdef HAVE_INET_NTOA_B + inet_ntoa_b( ip4addr.sin_address, bind_addr ); +#else + bind_addr = inet_ntoa( ip4addr.sin_addr ); +#endif + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: From source address %s\n", + bind_addr ); + if ( bind( s, (struct sockaddr*)&ip4addr, sizeof ip4addr ) != 0 ) { + Debug1( LDAP_DEBUG_TRACE, + "ldap_connect_to_host: Failed to bind source address %s\n", + bind_addr ); + bind_success = 0; + } + } + if ( bind_success ) { + rc = ldap_pvt_connect(ld, s, + (struct sockaddr *)&sin, sizeof(sin), + async); + + if ( (rc == 0) || (rc == -2) ) { + int err = ldap_int_connect_cbs( ld, sb, &s, srv, (struct sockaddr *)&sin ); + if ( err ) + rc = err; + else + break; + } + } + + ldap_pvt_close_socket(ld, s); + + if (!use_hp) break; + } + if (ha_buf) LDAP_FREE(ha_buf); +#endif + + return rc; +} + +#if defined( HAVE_CYRUS_SASL ) +char * +ldap_host_connected_to( Sockbuf *sb, const char *host ) +{ + ber_socklen_t len; +#ifdef LDAP_PF_INET6 + struct sockaddr_storage sabuf; +#else + struct sockaddr sabuf; +#endif + struct sockaddr *sa = (struct sockaddr *) &sabuf; + ber_socket_t sd; + + (void)memset( (char *)sa, '\0', sizeof sabuf ); + len = sizeof sabuf; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + if ( getpeername( sd, sa, &len ) == -1 ) { + return( NULL ); + } + + /* + * do a reverse lookup on the addr to get the official hostname. + * this is necessary for kerberos to work right, since the official + * hostname is used as the kerberos instance. + */ + + switch (sa->sa_family) { +#ifdef LDAP_PF_LOCAL + case AF_LOCAL: + return LDAP_STRDUP( ldap_int_hostname ); +#endif +#ifdef LDAP_PF_INET6 + case AF_INET6: + { + struct in6_addr localhost = IN6ADDR_LOOPBACK_INIT; + if( memcmp ( &((struct sockaddr_in6 *)sa)->sin6_addr, + &localhost, sizeof(localhost)) == 0 ) + { + return LDAP_STRDUP( ldap_int_hostname ); + } + } + break; +#endif + case AF_INET: + { + struct in_addr localhost; + localhost.s_addr = htonl( INADDR_ANY ); + + if( memcmp ( &((struct sockaddr_in *)sa)->sin_addr, + &localhost, sizeof(localhost) ) == 0 ) + { + return LDAP_STRDUP( ldap_int_hostname ); + } + +#ifdef INADDR_LOOPBACK + localhost.s_addr = htonl( INADDR_LOOPBACK ); + + if( memcmp ( &((struct sockaddr_in *)sa)->sin_addr, + &localhost, sizeof(localhost) ) == 0 ) + { + return LDAP_STRDUP( ldap_int_hostname ); + } +#endif + } + break; + + default: + return( NULL ); + break; + } + + { + char *herr; +#ifdef NI_MAXHOST + char hbuf[NI_MAXHOST]; +#elif defined( MAXHOSTNAMELEN ) + char hbuf[MAXHOSTNAMELEN]; +#else + char hbuf[256]; +#endif + hbuf[0] = 0; + + if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 + && hbuf[0] ) + { + return LDAP_STRDUP( hbuf ); + } + } + + return host ? LDAP_STRDUP( host ) : NULL; +} +#endif + + +struct selectinfo { +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + int si_maxfd; + struct pollfd si_fds[FD_SETSIZE]; +#else + /* for UNIX select(2) */ + fd_set si_readfds; + fd_set si_writefds; + fd_set si_use_readfds; + fd_set si_use_writefds; +#endif +}; + +void +ldap_mark_select_write( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int empty=-1; + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + sip->si_fds[i].events |= POLL_WRITE; + return; + } + if( empty==-1 && sip->si_fds[i].fd == -1 ) { + empty=i; + } + } + + if( empty == -1 ) { + if( sip->si_maxfd >= FD_SETSIZE ) { + /* FIXME */ + return; + } + empty = sip->si_maxfd++; + } + + sip->si_fds[empty].fd = sd; + sip->si_fds[empty].events = POLL_WRITE; + } +#else + /* for UNIX select(2) */ + if ( !FD_ISSET( sd, &sip->si_writefds )) { + FD_SET( sd, &sip->si_writefds ); + } +#endif +} + + +void +ldap_mark_select_read( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int empty=-1; + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + sip->si_fds[i].events |= POLL_READ; + return; + } + if( empty==-1 && sip->si_fds[i].fd == -1 ) { + empty=i; + } + } + + if( empty == -1 ) { + if( sip->si_maxfd >= FD_SETSIZE ) { + /* FIXME */ + return; + } + empty = sip->si_maxfd++; + } + + sip->si_fds[empty].fd = sd; + sip->si_fds[empty].events = POLL_READ; + } +#else + /* for UNIX select(2) */ + if ( !FD_ISSET( sd, &sip->si_readfds )) { + FD_SET( sd, &sip->si_readfds ); + } +#endif +} + + +void +ldap_mark_select_clear( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + sip->si_fds[i].fd = -1; + } + } + } +#else + /* for UNIX select(2) */ + FD_CLR( sd, &sip->si_writefds ); + FD_CLR( sd, &sip->si_readfds ); +#endif +} + +void +ldap_clear_select_write( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + sip->si_fds[i].events &= ~POLL_WRITE; + } + } + } +#else + /* for UNIX select(2) */ + FD_CLR( sd, &sip->si_writefds ); +#endif +} + + +int +ldap_is_write_ready( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + return sip->si_fds[i].revents & POLL_WRITE; + } + } + + return 0; + } +#else + /* for UNIX select(2) */ + return( FD_ISSET( sd, &sip->si_use_writefds )); +#endif +} + + +int +ldap_is_read_ready( LDAP *ld, Sockbuf *sb ) +{ + struct selectinfo *sip; + ber_socket_t sd; + + sip = (struct selectinfo *)ld->ld_selectinfo; + + if (ber_sockbuf_ctrl( sb, LBER_SB_OPT_DATA_READY, NULL )) + return 1; + + ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd ); + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + { + int i; + for(i=0; i < sip->si_maxfd; i++) { + if( sip->si_fds[i].fd == sd ) { + return sip->si_fds[i].revents & POLL_READ; + } + } + + return 0; + } +#else + /* for UNIX select(2) */ + return( FD_ISSET( sd, &sip->si_use_readfds )); +#endif +} + + +void * +ldap_new_select_info( void ) +{ + struct selectinfo *sip; + + sip = (struct selectinfo *)LDAP_CALLOC( 1, sizeof( struct selectinfo )); + + if ( sip == NULL ) return NULL; + +#ifdef HAVE_POLL + /* for UNIX poll(2) */ + /* sip->si_maxfd=0 */ +#else + /* for UNIX select(2) */ + FD_ZERO( &sip->si_readfds ); + FD_ZERO( &sip->si_writefds ); +#endif + + return( (void *)sip ); +} + + +void +ldap_free_select_info( void *sip ) +{ + LDAP_FREE( sip ); +} + + +#ifndef HAVE_POLL +int ldap_int_tblsize = 0; + +void +ldap_int_ip_init( void ) +{ +#if defined( HAVE_SYSCONF ) + long tblsize = sysconf( _SC_OPEN_MAX ); + if( tblsize > INT_MAX ) tblsize = INT_MAX; + +#elif defined( HAVE_GETDTABLESIZE ) + int tblsize = getdtablesize(); +#else + int tblsize = FD_SETSIZE; +#endif /* !USE_SYSCONF */ + +#ifdef FD_SETSIZE + if( tblsize > FD_SETSIZE ) tblsize = FD_SETSIZE; +#endif /* FD_SETSIZE */ + + ldap_int_tblsize = tblsize; +} +#endif + + +int +ldap_int_select( LDAP *ld, struct timeval *timeout ) +{ + int rc; + struct selectinfo *sip; + + Debug0( LDAP_DEBUG_TRACE, "ldap_int_select\n" ); + +#ifndef HAVE_POLL + if ( ldap_int_tblsize == 0 ) ldap_int_ip_init(); +#endif + + sip = (struct selectinfo *)ld->ld_selectinfo; + assert( sip != NULL ); + +#ifdef HAVE_POLL + { + int to = timeout ? TV2MILLISEC( timeout ) : INFTIM; + rc = poll( sip->si_fds, sip->si_maxfd, to ); + } +#else + sip->si_use_readfds = sip->si_readfds; + sip->si_use_writefds = sip->si_writefds; + + rc = select( ldap_int_tblsize, + &sip->si_use_readfds, &sip->si_use_writefds, + NULL, timeout ); +#endif + + return rc; +} |