Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : LDAP protocol helper functions for SAMBA
4 :
5 : Copyright (C) Andrew Tridgell 2004
6 : Copyright (C) Volker Lendecke 2004
7 : Copyright (C) Stefan Metzmacher 2004
8 : Copyright (C) Simo Sorce 2004
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 :
23 : */
24 :
25 : #include "includes.h"
26 : #include "../lib/util/asn1.h"
27 : #include "../libcli/ldap/ldap_message.h"
28 :
29 604732 : _PUBLIC_ struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx)
30 : {
31 604732 : return talloc_zero(mem_ctx, struct ldap_message);
32 : }
33 :
34 :
35 3810730 : static bool add_value_to_attrib(TALLOC_CTX *mem_ctx, struct ldb_val *value,
36 : struct ldb_message_element *attrib)
37 : {
38 3810730 : attrib->values = talloc_realloc(mem_ctx,
39 : attrib->values,
40 : DATA_BLOB,
41 : attrib->num_values+1);
42 3810730 : if (attrib->values == NULL)
43 0 : return false;
44 :
45 3810730 : attrib->values[attrib->num_values].data = talloc_steal(attrib->values,
46 : value->data);
47 3810730 : attrib->values[attrib->num_values].length = value->length;
48 3810730 : attrib->num_values += 1;
49 3810730 : return true;
50 : }
51 :
52 3241314 : static bool add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx,
53 : const struct ldb_message_element *attrib,
54 : struct ldb_message_element **attribs,
55 : int *num_attribs)
56 : {
57 3241314 : *attribs = talloc_realloc(mem_ctx,
58 : *attribs,
59 : struct ldb_message_element,
60 : *num_attribs+1);
61 :
62 3241314 : if (*attribs == NULL)
63 0 : return false;
64 :
65 3241314 : (*attribs)[*num_attribs] = *attrib;
66 3241314 : talloc_steal(*attribs, attrib->values);
67 3241314 : talloc_steal(*attribs, attrib->name);
68 3241314 : *num_attribs += 1;
69 3241314 : return true;
70 : }
71 :
72 113495 : static bool add_mod_to_array_talloc(TALLOC_CTX *mem_ctx,
73 : struct ldap_mod *mod,
74 : struct ldap_mod **mods,
75 : int *num_mods)
76 : {
77 113495 : *mods = talloc_realloc(mem_ctx, *mods, struct ldap_mod, (*num_mods)+1);
78 :
79 113495 : if (*mods == NULL)
80 0 : return false;
81 :
82 113495 : (*mods)[*num_mods] = *mod;
83 113495 : *num_mods += 1;
84 113495 : return true;
85 : }
86 :
87 401810 : static bool ldap_decode_control_value(void *mem_ctx, DATA_BLOB value,
88 : const struct ldap_control_handler *handlers,
89 : struct ldb_control *ctrl)
90 : {
91 0 : int i;
92 :
93 401810 : if (!handlers) {
94 0 : return true;
95 : }
96 :
97 3188020 : for (i = 0; handlers[i].oid != NULL; i++) {
98 3188020 : if (strcmp(handlers[i].oid, ctrl->oid) == 0) {
99 401810 : if (!handlers[i].decode || !handlers[i].decode(mem_ctx, value, &ctrl->data)) {
100 0 : return false;
101 : }
102 401810 : break;
103 : }
104 : }
105 401810 : if (handlers[i].oid == NULL) {
106 0 : return false;
107 : }
108 :
109 401810 : return true;
110 : }
111 :
112 401810 : static bool ldap_decode_control_wrapper(void *mem_ctx, struct asn1_data *data,
113 : struct ldb_control *ctrl, DATA_BLOB *value)
114 : {
115 0 : DATA_BLOB oid;
116 :
117 401810 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
118 0 : return false;
119 : }
120 :
121 401810 : if (!asn1_read_OctetString(data, mem_ctx, &oid)) {
122 0 : return false;
123 : }
124 401810 : ctrl->oid = talloc_strndup(mem_ctx, (char *)oid.data, oid.length);
125 401810 : if (!ctrl->oid) {
126 0 : return false;
127 : }
128 :
129 401810 : if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
130 0 : bool critical;
131 264645 : if (!asn1_read_BOOLEAN(data, &critical)) {
132 0 : return false;
133 : }
134 264645 : ctrl->critical = critical;
135 : } else {
136 137165 : ctrl->critical = false;
137 : }
138 :
139 401810 : ctrl->data = NULL;
140 :
141 401810 : if (!asn1_peek_tag(data, ASN1_OCTET_STRING)) {
142 68196 : *value = data_blob(NULL, 0);
143 68196 : goto end_tag;
144 : }
145 :
146 333614 : if (!asn1_read_OctetString(data, mem_ctx, value)) {
147 0 : return false;
148 : }
149 :
150 333614 : end_tag:
151 401810 : if (!asn1_end_tag(data)) {
152 0 : return false;
153 : }
154 :
155 401810 : return true;
156 : }
157 :
158 401603 : static bool ldap_encode_control(void *mem_ctx, struct asn1_data *data,
159 : const struct ldap_control_handler *handlers,
160 : struct ldb_control *ctrl)
161 : {
162 0 : DATA_BLOB value;
163 0 : int i;
164 :
165 401603 : if (!handlers) {
166 0 : return false;
167 : }
168 :
169 3192245 : for (i = 0; handlers[i].oid != NULL; i++) {
170 3192245 : if (!ctrl->oid) {
171 : /* not encoding this control, the OID has been
172 : * set to NULL indicating it isn't really
173 : * here */
174 0 : return true;
175 : }
176 3192245 : if (strcmp(handlers[i].oid, ctrl->oid) == 0) {
177 401603 : if (!handlers[i].encode) {
178 194 : if (ctrl->critical) {
179 0 : return false;
180 : } else {
181 : /* not encoding this control */
182 194 : return true;
183 : }
184 : }
185 401409 : if (!handlers[i].encode(mem_ctx, ctrl->data, &value)) {
186 0 : return false;
187 : }
188 401409 : break;
189 : }
190 : }
191 401409 : if (handlers[i].oid == NULL) {
192 0 : return false;
193 : }
194 :
195 401409 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
196 0 : return false;
197 : }
198 :
199 401409 : if (!asn1_write_OctetString(data, ctrl->oid, strlen(ctrl->oid))) {
200 0 : return false;
201 : }
202 :
203 401409 : if (ctrl->critical) {
204 263892 : if (!asn1_write_BOOLEAN(data, ctrl->critical)) {
205 0 : return false;
206 : }
207 : }
208 :
209 401409 : if (!ctrl->data) {
210 67990 : goto pop_tag;
211 : }
212 :
213 333419 : if (!asn1_write_OctetString(data, value.data, value.length)) {
214 0 : return false;
215 : }
216 :
217 333419 : pop_tag:
218 401409 : if (!asn1_pop_tag(data)) {
219 0 : return false;
220 : }
221 :
222 401409 : return true;
223 : }
224 :
225 930030 : static bool ldap_push_filter(struct asn1_data *data, struct ldb_parse_tree *tree)
226 : {
227 547 : int i;
228 :
229 930030 : switch (tree->operation) {
230 262865 : case LDB_OP_AND:
231 : case LDB_OP_OR:
232 262901 : if (!asn1_push_tag(data, ASN1_CONTEXT(tree->operation==LDB_OP_AND?0:1))) return false;
233 836712 : for (i=0; i<tree->u.list.num_elements; i++) {
234 573847 : if (!ldap_push_filter(data, tree->u.list.elements[i])) {
235 0 : return false;
236 : }
237 : }
238 262865 : if (!asn1_pop_tag(data)) return false;
239 262716 : break;
240 :
241 15018 : case LDB_OP_NOT:
242 15018 : if (!asn1_push_tag(data, ASN1_CONTEXT(2))) return false;
243 15018 : if (!ldap_push_filter(data, tree->u.isnot.child)) {
244 0 : return false;
245 : }
246 15018 : if (!asn1_pop_tag(data)) return false;
247 15018 : break;
248 :
249 161050 : case LDB_OP_EQUALITY:
250 : /* equality test */
251 161050 : if (!asn1_push_tag(data, ASN1_CONTEXT(3))) return false;
252 161050 : if (!asn1_write_OctetString(data, tree->u.equality.attr,
253 0 : strlen(tree->u.equality.attr))) return false;
254 161050 : if (!asn1_write_OctetString(data, tree->u.equality.value.data,
255 0 : tree->u.equality.value.length)) return false;
256 161050 : if (!asn1_pop_tag(data)) return false;
257 161002 : break;
258 :
259 14980 : case LDB_OP_SUBSTRING:
260 : /*
261 : SubstringFilter ::= SEQUENCE {
262 : type AttributeDescription,
263 : -- at least one must be present
264 : substrings SEQUENCE OF CHOICE {
265 : initial [0] LDAPString,
266 : any [1] LDAPString,
267 : final [2] LDAPString } }
268 : */
269 14980 : if (!asn1_push_tag(data, ASN1_CONTEXT(4))) return false;
270 14980 : if (!asn1_write_OctetString(data, tree->u.substring.attr, strlen(tree->u.substring.attr))) return false;
271 14980 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
272 :
273 14980 : if (tree->u.substring.chunks && tree->u.substring.chunks[0]) {
274 14978 : i = 0;
275 14978 : if (!tree->u.substring.start_with_wildcard) {
276 4247 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0))) return false;
277 4247 : if (!asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i])) return false;
278 4247 : if (!asn1_pop_tag(data)) return false;
279 4247 : i++;
280 : }
281 25710 : while (tree->u.substring.chunks[i]) {
282 0 : int ctx;
283 :
284 10732 : if (( ! tree->u.substring.chunks[i + 1]) &&
285 10732 : (tree->u.substring.end_with_wildcard == 0)) {
286 476 : ctx = 2;
287 : } else {
288 10256 : ctx = 1;
289 : }
290 10732 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx))) return false;
291 10732 : if (!asn1_write_DATA_BLOB_LDAPString(data, tree->u.substring.chunks[i])) return false;
292 10732 : if (!asn1_pop_tag(data)) return false;
293 10732 : i++;
294 : }
295 : }
296 14980 : if (!asn1_pop_tag(data)) return false;
297 14980 : if (!asn1_pop_tag(data)) return false;
298 14980 : break;
299 :
300 271 : case LDB_OP_GREATER:
301 : /* greaterOrEqual test */
302 271 : if (!asn1_push_tag(data, ASN1_CONTEXT(5))) return false;
303 271 : if (!asn1_write_OctetString(data, tree->u.comparison.attr,
304 0 : strlen(tree->u.comparison.attr))) return false;
305 271 : if (!asn1_write_OctetString(data, tree->u.comparison.value.data,
306 0 : tree->u.comparison.value.length)) return false;
307 271 : if (!asn1_pop_tag(data)) return false;
308 271 : break;
309 :
310 279 : case LDB_OP_LESS:
311 : /* lessOrEqual test */
312 279 : if (!asn1_push_tag(data, ASN1_CONTEXT(6))) return false;
313 279 : if (!asn1_write_OctetString(data, tree->u.comparison.attr,
314 0 : strlen(tree->u.comparison.attr))) return false;
315 279 : if (!asn1_write_OctetString(data, tree->u.comparison.value.data,
316 0 : tree->u.comparison.value.length)) return false;
317 279 : if (!asn1_pop_tag(data)) return false;
318 279 : break;
319 :
320 457751 : case LDB_OP_PRESENT:
321 : /* present test */
322 457751 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(7))) return false;
323 457751 : if (!asn1_write_LDAPString(data, tree->u.present.attr)) return false;
324 457751 : if (!asn1_pop_tag(data)) return false;
325 457751 : return !asn1_has_error(data);
326 :
327 0 : case LDB_OP_APPROX:
328 : /* approx test */
329 0 : if (!asn1_push_tag(data, ASN1_CONTEXT(8))) return false;
330 0 : if (!asn1_write_OctetString(data, tree->u.comparison.attr,
331 0 : strlen(tree->u.comparison.attr))) return false;
332 0 : if (!asn1_write_OctetString(data, tree->u.comparison.value.data,
333 0 : tree->u.comparison.value.length)) return false;
334 0 : if (!asn1_pop_tag(data)) return false;
335 0 : break;
336 :
337 17816 : case LDB_OP_EXTENDED:
338 : /*
339 : MatchingRuleAssertion ::= SEQUENCE {
340 : matchingRule [1] MatchingRuleID OPTIONAL,
341 : type [2] AttributeDescription OPTIONAL,
342 : matchValue [3] AssertionValue,
343 : dnAttributes [4] BOOLEAN DEFAULT FALSE
344 : }
345 : */
346 17816 : if (!asn1_push_tag(data, ASN1_CONTEXT(9))) return false;
347 17816 : if (tree->u.extended.rule_id) {
348 17816 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) return false;
349 17816 : if (!asn1_write_LDAPString(data, tree->u.extended.rule_id)) return false;
350 17816 : if (!asn1_pop_tag(data)) return false;
351 : }
352 17816 : if (tree->u.extended.attr) {
353 17816 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2))) return false;
354 17816 : if (!asn1_write_LDAPString(data, tree->u.extended.attr)) return false;
355 17816 : if (!asn1_pop_tag(data)) return false;
356 : }
357 17816 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3))) return false;
358 17816 : if (!asn1_write_DATA_BLOB_LDAPString(data, &tree->u.extended.value)) return false;
359 17816 : if (!asn1_pop_tag(data)) return false;
360 17816 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4))) return false;
361 17816 : if (!asn1_write_uint8(data, tree->u.extended.dnAttributes)) return false;
362 17816 : if (!asn1_pop_tag(data)) return false;
363 17816 : if (!asn1_pop_tag(data)) return false;
364 17816 : break;
365 :
366 0 : default:
367 0 : return false;
368 : }
369 472279 : return !asn1_has_error(data);
370 : }
371 :
372 610504 : static bool ldap_encode_response(struct asn1_data *data, struct ldap_Result *result)
373 : {
374 610504 : if (!asn1_write_enumerated(data, result->resultcode)) return false;
375 610504 : if (!asn1_write_OctetString(data, result->dn,
376 610504 : (result->dn) ? strlen(result->dn) : 0)) return false;
377 610504 : if (!asn1_write_OctetString(data, result->errormessage,
378 610504 : (result->errormessage) ?
379 239239 : strlen(result->errormessage) : 0)) return false;
380 610504 : if (result->referral) {
381 8 : if (!asn1_push_tag(data, ASN1_CONTEXT(3))) return false;
382 8 : if (!asn1_write_OctetString(data, result->referral,
383 0 : strlen(result->referral))) return false;
384 8 : if (!asn1_pop_tag(data)) return false;
385 : }
386 609881 : return true;
387 : }
388 :
389 1967025 : _PUBLIC_ bool ldap_encode(struct ldap_message *msg,
390 : const struct ldap_control_handler *control_handlers,
391 : DATA_BLOB *result, TALLOC_CTX *mem_ctx)
392 : {
393 1967025 : struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
394 1567 : int i, j;
395 :
396 1967025 : if (!data) return false;
397 :
398 1967025 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
399 1967025 : if (!asn1_write_Integer(data, msg->messageid)) goto err;
400 :
401 1967025 : switch (msg->type) {
402 35762 : case LDAP_TAG_BindRequest: {
403 35762 : struct ldap_BindRequest *r = &msg->r.BindRequest;
404 35762 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
405 35762 : if (!asn1_write_Integer(data, r->version)) goto err;
406 35762 : if (!asn1_write_OctetString(data, r->dn,
407 35762 : (r->dn != NULL) ? strlen(r->dn) : 0)) goto err;
408 :
409 35762 : switch (r->mechanism) {
410 448 : case LDAP_AUTH_MECH_SIMPLE:
411 : /* context, primitive */
412 448 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0))) goto err;
413 448 : if (!asn1_write(data, r->creds.password,
414 448 : strlen(r->creds.password))) goto err;
415 448 : if (!asn1_pop_tag(data)) goto err;
416 448 : break;
417 35314 : case LDAP_AUTH_MECH_SASL:
418 : /* context, constructed */
419 35314 : if (!asn1_push_tag(data, ASN1_CONTEXT(3))) goto err;
420 35314 : if (!asn1_write_OctetString(data, r->creds.SASL.mechanism,
421 0 : strlen(r->creds.SASL.mechanism))) goto err;
422 35314 : if (r->creds.SASL.secblob) {
423 35314 : if (!asn1_write_OctetString(data, r->creds.SASL.secblob->data,
424 35192 : r->creds.SASL.secblob->length)) goto err;
425 : }
426 35314 : if (!asn1_pop_tag(data)) goto err;
427 35192 : break;
428 0 : default:
429 0 : goto err;
430 : }
431 :
432 35762 : if (!asn1_pop_tag(data)) goto err;
433 35640 : break;
434 : }
435 36353 : case LDAP_TAG_BindResponse: {
436 36353 : struct ldap_BindResponse *r = &msg->r.BindResponse;
437 36353 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
438 36353 : if (!ldap_encode_response(data, &r->response)) goto err;
439 36353 : if (r->SASL.secblob) {
440 35878 : if (!asn1_write_ContextSimple(data, 7, r->SASL.secblob)) goto err;
441 : }
442 36353 : if (!asn1_pop_tag(data)) goto err;
443 36231 : break;
444 : }
445 1 : case LDAP_TAG_UnbindRequest: {
446 : /* struct ldap_UnbindRequest *r = &msg->r.UnbindRequest; */
447 1 : if (!asn1_push_tag(data, ASN1_APPLICATION_SIMPLE(msg->type))) goto err;
448 1 : if (!asn1_pop_tag(data)) goto err;
449 1 : break;
450 : }
451 341165 : case LDAP_TAG_SearchRequest: {
452 341165 : struct ldap_SearchRequest *r = &msg->r.SearchRequest;
453 341165 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
454 341165 : if (!asn1_write_OctetString(data, r->basedn, strlen(r->basedn))) goto err;
455 341165 : if (!asn1_write_enumerated(data, r->scope)) goto err;
456 341165 : if (!asn1_write_enumerated(data, r->deref)) goto err;
457 341165 : if (!asn1_write_Integer(data, r->sizelimit)) goto err;
458 341165 : if (!asn1_write_Integer(data, r->timelimit)) goto err;
459 341165 : if (!asn1_write_BOOLEAN(data, r->attributesonly)) goto err;
460 :
461 341165 : if (!ldap_push_filter(data, r->tree)) {
462 0 : goto err;
463 : }
464 :
465 341165 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
466 938872 : for (i=0; i<r->num_attributes; i++) {
467 597707 : if (!asn1_write_OctetString(data, r->attributes[i],
468 597707 : strlen(r->attributes[i]))) goto err;
469 : }
470 341165 : if (!asn1_pop_tag(data)) goto err;
471 341165 : if (!asn1_pop_tag(data)) goto err;
472 340880 : break;
473 : }
474 613731 : case LDAP_TAG_SearchResultEntry: {
475 613731 : struct ldap_SearchResEntry *r = &msg->r.SearchResultEntry;
476 613731 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
477 613731 : if (!asn1_write_OctetString(data, r->dn, strlen(r->dn))) goto err;
478 613731 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
479 3704094 : for (i=0; i<r->num_attributes; i++) {
480 3090363 : struct ldb_message_element *attr = &r->attributes[i];
481 3090363 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
482 3090363 : if (!asn1_write_OctetString(data, attr->name,
483 0 : strlen(attr->name))) goto err;
484 3090363 : if (!asn1_push_tag(data, ASN1_SEQUENCE(1))) goto err;
485 6638728 : for (j=0; j<attr->num_values; j++) {
486 3548365 : if (!asn1_write_OctetString(data,
487 3548365 : attr->values[j].data,
488 3548365 : attr->values[j].length)) goto err;
489 : }
490 3090363 : if (!asn1_pop_tag(data)) goto err;
491 3090363 : if (!asn1_pop_tag(data)) goto err;
492 : }
493 613731 : if (!asn1_pop_tag(data)) goto err;
494 613731 : if (!asn1_pop_tag(data)) goto err;
495 613446 : break;
496 : }
497 343698 : case LDAP_TAG_SearchResultDone: {
498 343698 : struct ldap_Result *r = &msg->r.SearchResultDone;
499 343698 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
500 343698 : if (!ldap_encode_response(data, r)) goto err;
501 343698 : if (!asn1_pop_tag(data)) goto err;
502 343413 : break;
503 : }
504 86608 : case LDAP_TAG_ModifyRequest: {
505 86608 : struct ldap_ModifyRequest *r = &msg->r.ModifyRequest;
506 86608 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
507 86608 : if (!asn1_write_OctetString(data, r->dn, strlen(r->dn))) goto err;
508 86608 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
509 :
510 199871 : for (i=0; i<r->num_mods; i++) {
511 113263 : struct ldb_message_element *attrib = &r->mods[i].attrib;
512 113263 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
513 113263 : if (!asn1_write_enumerated(data, r->mods[i].type)) goto err;
514 113263 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
515 113263 : if (!asn1_write_OctetString(data, attrib->name,
516 0 : strlen(attrib->name))) goto err;
517 113263 : if (!asn1_push_tag(data, ASN1_SET)) goto err;
518 227800 : for (j=0; j<attrib->num_values; j++) {
519 114537 : if (!asn1_write_OctetString(data,
520 114537 : attrib->values[j].data,
521 114537 : attrib->values[j].length)) goto err;
522 :
523 : }
524 113263 : if (!asn1_pop_tag(data)) goto err;
525 113263 : if (!asn1_pop_tag(data)) goto err;
526 113263 : if (!asn1_pop_tag(data)) goto err;
527 : }
528 :
529 86608 : if (!asn1_pop_tag(data)) goto err;
530 86608 : if (!asn1_pop_tag(data)) goto err;
531 86464 : break;
532 : }
533 86760 : case LDAP_TAG_ModifyResponse: {
534 86760 : struct ldap_Result *r = &msg->r.ModifyResponse;
535 86760 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
536 86760 : if (!ldap_encode_response(data, r)) goto err;
537 86760 : if (!asn1_pop_tag(data)) goto err;
538 86616 : break;
539 : }
540 67735 : case LDAP_TAG_AddRequest: {
541 67735 : struct ldap_AddRequest *r = &msg->r.AddRequest;
542 67735 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
543 67735 : if (!asn1_write_OctetString(data, r->dn, strlen(r->dn))) goto err;
544 67735 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
545 :
546 254074 : for (i=0; i<r->num_attributes; i++) {
547 186339 : struct ldb_message_element *attrib = &r->attributes[i];
548 186339 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
549 186339 : if (attrib->name == NULL) {
550 0 : goto err;
551 : }
552 186339 : if (!asn1_write_OctetString(data, attrib->name,
553 0 : strlen(attrib->name))) goto err;
554 186339 : if (!asn1_push_tag(data, ASN1_SET)) goto err;
555 377719 : for (j=0; j<r->attributes[i].num_values; j++) {
556 191380 : if (!asn1_write_OctetString(data,
557 191380 : attrib->values[j].data,
558 191380 : attrib->values[j].length)) goto err;
559 : }
560 186339 : if (!asn1_pop_tag(data)) goto err;
561 186339 : if (!asn1_pop_tag(data)) goto err;
562 : }
563 67735 : if (!asn1_pop_tag(data)) goto err;
564 67735 : if (!asn1_pop_tag(data)) goto err;
565 67699 : break;
566 : }
567 67795 : case LDAP_TAG_AddResponse: {
568 67795 : struct ldap_Result *r = &msg->r.AddResponse;
569 67795 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
570 67795 : if (!ldap_encode_response(data, r)) goto err;
571 67795 : if (!asn1_pop_tag(data)) goto err;
572 67759 : break;
573 : }
574 75075 : case LDAP_TAG_DelRequest: {
575 75075 : struct ldap_DelRequest *r = &msg->r.DelRequest;
576 75075 : if (!asn1_push_tag(data, ASN1_APPLICATION_SIMPLE(msg->type))) goto err;
577 75075 : if (!asn1_write(data, r->dn, strlen(r->dn))) goto err;
578 75075 : if (!asn1_pop_tag(data)) goto err;
579 75039 : break;
580 : }
581 75115 : case LDAP_TAG_DelResponse: {
582 75115 : struct ldap_Result *r = &msg->r.DelResponse;
583 75115 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
584 75115 : if (!ldap_encode_response(data, r)) goto err;
585 75115 : if (!asn1_pop_tag(data)) goto err;
586 75079 : break;
587 : }
588 388 : case LDAP_TAG_ModifyDNRequest: {
589 388 : struct ldap_ModifyDNRequest *r = &msg->r.ModifyDNRequest;
590 388 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
591 388 : if (!asn1_write_OctetString(data, r->dn, strlen(r->dn))) goto err;
592 388 : if (!asn1_write_OctetString(data, r->newrdn, strlen(r->newrdn))) goto err;
593 388 : if (!asn1_write_BOOLEAN(data, r->deleteolddn)) goto err;
594 388 : if (r->newsuperior) {
595 384 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0))) goto err;
596 384 : if (!asn1_write(data, r->newsuperior,
597 384 : strlen(r->newsuperior))) goto err;
598 384 : if (!asn1_pop_tag(data)) goto err;
599 : }
600 388 : if (!asn1_pop_tag(data)) goto err;
601 388 : break;
602 : }
603 388 : case LDAP_TAG_ModifyDNResponse: {
604 388 : struct ldap_Result *r = &msg->r.ModifyDNResponse;
605 388 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
606 388 : if (!ldap_encode_response(data, r)) goto err;
607 388 : if (!asn1_pop_tag(data)) goto err;
608 388 : break;
609 : }
610 1 : case LDAP_TAG_CompareRequest: {
611 1 : struct ldap_CompareRequest *r = &msg->r.CompareRequest;
612 1 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
613 1 : if (!asn1_write_OctetString(data, r->dn, strlen(r->dn))) goto err;
614 1 : if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) goto err;
615 1 : if (!asn1_write_OctetString(data, r->attribute,
616 0 : strlen(r->attribute))) goto err;
617 1 : if (!asn1_write_OctetString(data, r->value.data,
618 0 : r->value.length)) goto err;
619 1 : if (!asn1_pop_tag(data)) goto err;
620 1 : if (!asn1_pop_tag(data)) goto err;
621 1 : break;
622 : }
623 1 : case LDAP_TAG_CompareResponse: {
624 1 : struct ldap_Result *r = &msg->r.ModifyDNResponse;
625 1 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
626 1 : if (!ldap_encode_response(data, r)) goto err;
627 1 : if (!asn1_pop_tag(data)) goto err;
628 1 : break;
629 : }
630 80 : case LDAP_TAG_AbandonRequest: {
631 80 : struct ldap_AbandonRequest *r = &msg->r.AbandonRequest;
632 80 : if (!asn1_push_tag(data, ASN1_APPLICATION_SIMPLE(msg->type))) goto err;
633 80 : if (!asn1_write_implicit_Integer(data, r->messageid)) goto err;
634 80 : if (!asn1_pop_tag(data)) goto err;
635 80 : break;
636 : }
637 135599 : case LDAP_TAG_SearchResultReference: {
638 135599 : struct ldap_SearchResRef *r = &msg->r.SearchResultReference;
639 135599 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
640 135599 : if (!asn1_write_OctetString(data, r->referral, strlen(r->referral))) goto err;
641 135599 : if (!asn1_pop_tag(data)) goto err;
642 135563 : break;
643 : }
644 376 : case LDAP_TAG_ExtendedRequest: {
645 376 : struct ldap_ExtendedRequest *r = &msg->r.ExtendedRequest;
646 376 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
647 376 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0))) goto err;
648 376 : if (!asn1_write(data, r->oid, strlen(r->oid))) goto err;
649 376 : if (!asn1_pop_tag(data)) goto err;
650 376 : if (r->value) {
651 315 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) goto err;
652 315 : if (!asn1_write(data, r->value->data, r->value->length)) goto err;
653 315 : if (!asn1_pop_tag(data)) goto err;
654 : }
655 376 : if (!asn1_pop_tag(data)) goto err;
656 376 : break;
657 : }
658 394 : case LDAP_TAG_ExtendedResponse: {
659 394 : struct ldap_ExtendedResponse *r = &msg->r.ExtendedResponse;
660 394 : if (!asn1_push_tag(data, ASN1_APPLICATION(msg->type))) goto err;
661 394 : if (!ldap_encode_response(data, &r->response)) goto err;
662 394 : if (r->oid) {
663 394 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(10))) goto err;
664 394 : if (!asn1_write(data, r->oid, strlen(r->oid))) goto err;
665 394 : if (!asn1_pop_tag(data)) goto err;
666 : }
667 394 : if (r->value) {
668 1 : if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(11))) goto err;
669 1 : if (!asn1_write(data, r->value->data, r->value->length)) goto err;
670 1 : if (!asn1_pop_tag(data)) goto err;
671 : }
672 394 : if (!asn1_pop_tag(data)) goto err;
673 394 : break;
674 : }
675 0 : default:
676 0 : goto err;
677 : }
678 :
679 1967025 : if (msg->controls != NULL) {
680 297247 : if (!asn1_push_tag(data, ASN1_CONTEXT(0))) goto err;
681 :
682 698850 : for (i = 0; msg->controls[i] != NULL; i++) {
683 401603 : if (!ldap_encode_control(mem_ctx, data,
684 : control_handlers,
685 401603 : msg->controls[i])) {
686 0 : DEBUG(0,("Unable to encode control %s\n",
687 : msg->controls[i]->oid));
688 0 : goto err;
689 : }
690 : }
691 :
692 297247 : if (!asn1_pop_tag(data)) goto err;
693 : }
694 :
695 1967025 : if (!asn1_pop_tag(data)) goto err;
696 :
697 1967025 : if (!asn1_extract_blob(data, mem_ctx, result)) {
698 0 : goto err;
699 : }
700 :
701 1967025 : asn1_free(data);
702 :
703 1967025 : return true;
704 :
705 0 : err:
706 :
707 0 : asn1_free(data);
708 0 : return false;
709 : }
710 :
711 6656022 : static const char *blob2string_talloc(TALLOC_CTX *mem_ctx,
712 : DATA_BLOB blob)
713 : {
714 6656022 : char *result = talloc_array(mem_ctx, char, blob.length+1);
715 6656022 : if (result == NULL) {
716 0 : return NULL;
717 : }
718 6656022 : memcpy(result, blob.data, blob.length);
719 6656022 : result[blob.length] = '\0';
720 6656022 : return result;
721 : }
722 :
723 6655254 : bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
724 : struct asn1_data *data,
725 : const char **result)
726 : {
727 4425 : DATA_BLOB string;
728 6655254 : if (!asn1_read_OctetString(data, mem_ctx, &string))
729 0 : return false;
730 6655254 : *result = blob2string_talloc(mem_ctx, string);
731 6655254 : data_blob_free(&string);
732 6655254 : return *result ? true : false;
733 : }
734 :
735 607028 : static bool ldap_decode_response(TALLOC_CTX *mem_ctx,
736 : struct asn1_data *data,
737 : struct ldap_Result *result)
738 : {
739 607028 : if (!asn1_read_enumerated(data, &result->resultcode)) return false;
740 607028 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &result->dn)) return false;
741 607028 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &result->errormessage)) return false;
742 607028 : if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
743 8 : if (!asn1_start_tag(data, ASN1_CONTEXT(3))) return false;
744 8 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &result->referral)) return false;
745 8 : if (!asn1_end_tag(data)) return false;
746 : } else {
747 607020 : result->referral = NULL;
748 : }
749 606404 : return true;
750 : }
751 :
752 15011 : static struct ldb_val **ldap_decode_substring(TALLOC_CTX *mem_ctx, struct ldb_val **chunks, int chunk_num, char *value)
753 : {
754 :
755 15011 : chunks = talloc_realloc(mem_ctx, chunks, struct ldb_val *, chunk_num + 2);
756 15011 : if (chunks == NULL) {
757 0 : return NULL;
758 : }
759 :
760 15011 : chunks[chunk_num] = talloc(mem_ctx, struct ldb_val);
761 15011 : if (chunks[chunk_num] == NULL) {
762 0 : return NULL;
763 : }
764 :
765 15011 : chunks[chunk_num]->data = (uint8_t *)talloc_strdup(mem_ctx, value);
766 15011 : if (chunks[chunk_num]->data == NULL) {
767 0 : return NULL;
768 : }
769 15011 : chunks[chunk_num]->length = strlen(value);
770 :
771 15011 : chunks[chunk_num + 1] = NULL;
772 :
773 15011 : return chunks;
774 : }
775 :
776 :
777 : /*
778 : parse the ASN.1 formatted search string into a ldb_parse_tree
779 : */
780 934886 : static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
781 : struct asn1_data *data)
782 : {
783 1063 : uint8_t filter_tag;
784 1063 : struct ldb_parse_tree *ret;
785 :
786 934886 : if (!asn1_peek_uint8(data, &filter_tag)) {
787 0 : return NULL;
788 : }
789 :
790 934886 : filter_tag &= 0x1f; /* strip off the asn1 stuff */
791 :
792 934886 : ret = talloc(mem_ctx, struct ldb_parse_tree);
793 934886 : if (ret == NULL) return NULL;
794 :
795 934886 : switch(filter_tag) {
796 263993 : case 0:
797 : case 1:
798 : /* AND or OR of one or more filters */
799 263993 : ret->operation = (filter_tag == 0)?LDB_OP_AND:LDB_OP_OR;
800 263993 : ret->u.list.num_elements = 0;
801 263993 : ret->u.list.elements = NULL;
802 :
803 263993 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
804 1 : goto failed;
805 : }
806 :
807 839531 : while (asn1_tag_remaining(data) > 0) {
808 775 : struct ldb_parse_tree *subtree;
809 576050 : subtree = ldap_decode_filter_tree(ret, data);
810 576050 : if (subtree == NULL) {
811 511 : goto failed;
812 : }
813 575803 : ret->u.list.elements =
814 575539 : talloc_realloc(ret, ret->u.list.elements,
815 : struct ldb_parse_tree *,
816 : ret->u.list.num_elements+1);
817 575539 : if (ret->u.list.elements == NULL) {
818 0 : goto failed;
819 : }
820 575539 : talloc_steal(ret->u.list.elements, subtree);
821 575539 : ret->u.list.elements[ret->u.list.num_elements] = subtree;
822 575539 : ret->u.list.num_elements++;
823 : }
824 263481 : if (!asn1_end_tag(data)) {
825 0 : goto failed;
826 : }
827 263331 : break;
828 :
829 15052 : case 2:
830 : /* 'not' operation */
831 15052 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
832 0 : goto failed;
833 : }
834 :
835 15052 : ret->operation = LDB_OP_NOT;
836 15052 : ret->u.isnot.child = ldap_decode_filter_tree(ret, data);
837 15052 : if (ret->u.isnot.child == NULL) {
838 0 : goto failed;
839 : }
840 15052 : if (!asn1_end_tag(data)) {
841 0 : goto failed;
842 : }
843 15052 : break;
844 :
845 163033 : case 3: {
846 : /* equalityMatch */
847 48 : const char *attrib;
848 48 : DATA_BLOB value;
849 :
850 163033 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) goto failed;
851 163033 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &attrib)) goto failed;
852 163033 : if (!asn1_read_OctetString(data, mem_ctx, &value)) goto failed;
853 163033 : if (!asn1_end_tag(data)) goto failed;
854 163033 : if (asn1_has_error(data) || (attrib == NULL) ||
855 163033 : (value.data == NULL)) {
856 0 : goto failed;
857 : }
858 :
859 163033 : ret->operation = LDB_OP_EQUALITY;
860 163033 : ret->u.equality.attr = talloc_steal(ret, attrib);
861 163033 : ret->u.equality.value.data = talloc_steal(ret, value.data);
862 163033 : ret->u.equality.value.length = value.length;
863 163033 : break;
864 : }
865 14996 : case 4: {
866 : /* substrings */
867 0 : DATA_BLOB attr;
868 0 : uint8_t subs_tag;
869 0 : char *value;
870 14996 : int chunk_num = 0;
871 :
872 14996 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
873 0 : goto failed;
874 : }
875 14996 : if (!asn1_read_OctetString(data, mem_ctx, &attr)) {
876 0 : goto failed;
877 : }
878 :
879 14996 : ret->operation = LDB_OP_SUBSTRING;
880 14996 : ret->u.substring.attr = talloc_strndup(ret, (char *)attr.data, attr.length);
881 14996 : if (ret->u.substring.attr == NULL) {
882 0 : goto failed;
883 : }
884 14996 : ret->u.substring.chunks = NULL;
885 14996 : ret->u.substring.start_with_wildcard = 1;
886 14996 : ret->u.substring.end_with_wildcard = 1;
887 :
888 14996 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
889 0 : goto failed;
890 : }
891 :
892 30007 : while (asn1_tag_remaining(data) > 0) {
893 15011 : if (!asn1_peek_uint8(data, &subs_tag)) goto failed;
894 15011 : subs_tag &= 0x1f; /* strip off the asn1 stuff */
895 15011 : if (subs_tag > 2) goto failed;
896 :
897 15011 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(subs_tag))) goto failed;
898 15011 : if (!asn1_read_LDAPString(data, mem_ctx, &value)) goto failed;
899 15011 : if (!asn1_end_tag(data)) goto failed;
900 :
901 15011 : switch (subs_tag) {
902 4255 : case 0:
903 4255 : if (ret->u.substring.chunks != NULL) {
904 : /* initial value found in the middle */
905 0 : goto failed;
906 : }
907 :
908 4255 : ret->u.substring.chunks = ldap_decode_substring(ret, NULL, 0, value);
909 4255 : if (ret->u.substring.chunks == NULL) {
910 0 : goto failed;
911 : }
912 :
913 4255 : ret->u.substring.start_with_wildcard = 0;
914 4255 : chunk_num = 1;
915 4255 : break;
916 :
917 10264 : case 1:
918 10264 : if (ret->u.substring.end_with_wildcard == 0) {
919 : /* "any" value found after a "final" value */
920 0 : goto failed;
921 : }
922 :
923 10264 : ret->u.substring.chunks = ldap_decode_substring(ret,
924 : ret->u.substring.chunks,
925 : chunk_num,
926 : value);
927 10264 : if (ret->u.substring.chunks == NULL) {
928 0 : goto failed;
929 : }
930 :
931 10264 : chunk_num++;
932 10264 : break;
933 :
934 492 : case 2:
935 492 : ret->u.substring.chunks = ldap_decode_substring(ret,
936 : ret->u.substring.chunks,
937 : chunk_num,
938 : value);
939 492 : if (ret->u.substring.chunks == NULL) {
940 0 : goto failed;
941 : }
942 :
943 492 : ret->u.substring.end_with_wildcard = 0;
944 492 : break;
945 :
946 0 : default:
947 0 : goto failed;
948 : }
949 :
950 : }
951 :
952 14996 : if (!asn1_end_tag(data)) { /* SEQUENCE */
953 0 : goto failed;
954 : }
955 :
956 14996 : if (!asn1_end_tag(data)) {
957 0 : goto failed;
958 : }
959 14996 : break;
960 : }
961 279 : case 5: {
962 : /* greaterOrEqual */
963 0 : const char *attrib;
964 0 : DATA_BLOB value;
965 :
966 279 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) goto failed;
967 279 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &attrib)) goto failed;
968 279 : if (!asn1_read_OctetString(data, mem_ctx, &value)) goto failed;
969 279 : if (!asn1_end_tag(data)) goto failed;
970 279 : if (asn1_has_error(data) || (attrib == NULL) ||
971 279 : (value.data == NULL)) {
972 0 : goto failed;
973 : }
974 :
975 279 : ret->operation = LDB_OP_GREATER;
976 279 : ret->u.comparison.attr = talloc_steal(ret, attrib);
977 279 : ret->u.comparison.value.data = talloc_steal(ret, value.data);
978 279 : ret->u.comparison.value.length = value.length;
979 279 : break;
980 : }
981 287 : case 6: {
982 : /* lessOrEqual */
983 0 : const char *attrib;
984 0 : DATA_BLOB value;
985 :
986 287 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) goto failed;
987 287 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &attrib)) goto failed;
988 287 : if (!asn1_read_OctetString(data, mem_ctx, &value)) goto failed;
989 287 : if (!asn1_end_tag(data)) goto failed;
990 287 : if (asn1_has_error(data) || (attrib == NULL) ||
991 287 : (value.data == NULL)) {
992 0 : goto failed;
993 : }
994 :
995 287 : ret->operation = LDB_OP_LESS;
996 287 : ret->u.comparison.attr = talloc_steal(ret, attrib);
997 287 : ret->u.comparison.value.data = talloc_steal(ret, value.data);
998 287 : ret->u.comparison.value.length = value.length;
999 287 : break;
1000 : }
1001 459382 : case 7: {
1002 : /* Normal presence, "attribute=*" */
1003 353 : char *attr;
1004 :
1005 459382 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(filter_tag))) {
1006 1 : goto failed;
1007 : }
1008 459381 : if (!asn1_read_LDAPString(data, ret, &attr)) {
1009 0 : goto failed;
1010 : }
1011 :
1012 459381 : ret->operation = LDB_OP_PRESENT;
1013 459381 : ret->u.present.attr = talloc_steal(ret, attr);
1014 :
1015 459381 : if (!asn1_end_tag(data)) {
1016 0 : goto failed;
1017 : }
1018 459381 : break;
1019 : }
1020 8 : case 8: {
1021 : /* approx */
1022 0 : const char *attrib;
1023 0 : DATA_BLOB value;
1024 :
1025 8 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) goto failed;
1026 8 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &attrib)) goto failed;
1027 8 : if (!asn1_read_OctetString(data, mem_ctx, &value)) goto failed;
1028 8 : if (!asn1_end_tag(data)) goto failed;
1029 8 : if (asn1_has_error(data) || (attrib == NULL) ||
1030 8 : (value.data == NULL)) {
1031 0 : goto failed;
1032 : }
1033 :
1034 8 : ret->operation = LDB_OP_APPROX;
1035 8 : ret->u.comparison.attr = talloc_steal(ret, attrib);
1036 8 : ret->u.comparison.value.data = talloc_steal(ret, value.data);
1037 8 : ret->u.comparison.value.length = value.length;
1038 8 : break;
1039 : }
1040 17856 : case 9: {
1041 17856 : char *oid = NULL, *attr = NULL, *value;
1042 0 : uint8_t dnAttributes;
1043 : /* an extended search */
1044 17856 : if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
1045 0 : goto failed;
1046 : }
1047 :
1048 : /* FIXME: read carefully rfc2251.txt there are a number of 'MUST's
1049 : we need to check we properly implement --SSS */
1050 : /* either oid or type must be defined */
1051 17856 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) { /* optional */
1052 17848 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1))) goto failed;
1053 17848 : if (!asn1_read_LDAPString(data, ret, &oid)) goto failed;
1054 17848 : if (!asn1_end_tag(data)) goto failed;
1055 : }
1056 17856 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(2))) { /* optional */
1057 17848 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(2))) goto failed;
1058 17848 : if (!asn1_read_LDAPString(data, ret, &attr)) goto failed;
1059 17848 : if (!asn1_end_tag(data)) goto failed;
1060 : }
1061 17856 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(3))) goto failed;
1062 17856 : if (!asn1_read_LDAPString(data, ret, &value)) goto failed;
1063 17856 : if (!asn1_end_tag(data)) goto failed;
1064 : /* dnAttributes is marked as BOOLEAN DEFAULT FALSE
1065 : it is not marked as OPTIONAL but openldap tools
1066 : do not set this unless it is to be set as TRUE
1067 : NOTE: openldap tools do not work with AD as it
1068 : seems that AD always requires the dnAttributes
1069 : boolean value to be set */
1070 17856 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(4))) {
1071 17856 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(4))) goto failed;
1072 17856 : if (!asn1_read_uint8(data, &dnAttributes)) goto failed;
1073 17856 : if (!asn1_end_tag(data)) goto failed;
1074 : } else {
1075 0 : dnAttributes = 0;
1076 : }
1077 17856 : if ((oid == NULL && attr == NULL) || (value == NULL)) {
1078 0 : goto failed;
1079 : }
1080 :
1081 17856 : if (oid) {
1082 17848 : ret->operation = LDB_OP_EXTENDED;
1083 :
1084 : /* From the RFC2251: If the type field is
1085 : absent and matchingRule is present, the matchValue is compared
1086 : against all attributes in an entry which support that matchingRule
1087 : */
1088 17848 : if (attr) {
1089 17840 : ret->u.extended.attr = talloc_steal(ret, attr);
1090 : } else {
1091 8 : ret->u.extended.attr = talloc_strdup(ret, "*");
1092 8 : if (ret->u.extended.attr == NULL) {
1093 0 : goto failed;
1094 : }
1095 : }
1096 17848 : ret->u.extended.rule_id = talloc_steal(ret, oid);
1097 17848 : ret->u.extended.value.data = (uint8_t *)talloc_steal(ret, value);
1098 17848 : ret->u.extended.value.length = strlen(value);
1099 17848 : ret->u.extended.dnAttributes = dnAttributes;
1100 : } else {
1101 8 : ret->operation = LDB_OP_EQUALITY;
1102 8 : ret->u.equality.attr = talloc_steal(ret, attr);
1103 8 : ret->u.equality.value.data = (uint8_t *)talloc_steal(ret, value);
1104 8 : ret->u.equality.value.length = strlen(value);
1105 : }
1106 17856 : if (!asn1_end_tag(data)) {
1107 0 : goto failed;
1108 : }
1109 17856 : break;
1110 : }
1111 :
1112 0 : default:
1113 0 : goto failed;
1114 : }
1115 :
1116 933823 : return ret;
1117 :
1118 513 : failed:
1119 513 : talloc_free(ret);
1120 513 : return NULL;
1121 : }
1122 :
1123 : /* Decode a single LDAP attribute, possibly containing multiple values */
1124 3354809 : static bool ldap_decode_attrib(TALLOC_CTX *mem_ctx, struct asn1_data *data,
1125 : struct ldb_message_element *attrib)
1126 : {
1127 3354809 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) return false;
1128 3354809 : if (!asn1_read_OctetString_talloc(mem_ctx, data, &attrib->name)) return false;
1129 3354809 : if (!asn1_start_tag(data, ASN1_SET)) return false;
1130 7165539 : while (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
1131 1232 : DATA_BLOB blob;
1132 3810730 : if (!asn1_read_OctetString(data, mem_ctx, &blob)) return false;
1133 3810730 : add_value_to_attrib(mem_ctx, &blob, attrib);
1134 : }
1135 3354809 : if (!asn1_end_tag(data)) return false;
1136 3354809 : return asn1_end_tag(data);
1137 : }
1138 :
1139 : /* Decode a set of LDAP attributes, as found in the dereference control */
1140 679357 : bool ldap_decode_attribs_bare(TALLOC_CTX *mem_ctx, struct asn1_data *data,
1141 : struct ldb_message_element **attributes,
1142 : int *num_attributes)
1143 : {
1144 3920671 : while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
1145 930 : struct ldb_message_element attrib;
1146 3241314 : ZERO_STRUCT(attrib);
1147 3241314 : if (!ldap_decode_attrib(mem_ctx, data, &attrib)) return false;
1148 3241314 : add_attrib_to_array_talloc(mem_ctx, &attrib,
1149 : attributes, num_attributes);
1150 : }
1151 679000 : return true;
1152 : }
1153 :
1154 : /* Decode a set of LDAP attributes, as found in a search entry */
1155 679357 : static bool ldap_decode_attribs(TALLOC_CTX *mem_ctx, struct asn1_data *data,
1156 : struct ldb_message_element **attributes,
1157 : int *num_attributes)
1158 : {
1159 679357 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) return false;
1160 679357 : if (!ldap_decode_attribs_bare(mem_ctx, data,
1161 0 : attributes, num_attributes)) return false;
1162 679357 : return asn1_end_tag(data);
1163 : }
1164 :
1165 : /* This routine returns LDAP status codes */
1166 :
1167 1962515 : _PUBLIC_ NTSTATUS ldap_decode(struct asn1_data *data,
1168 : const struct ldap_request_limits *limits,
1169 : const struct ldap_control_handler *control_handlers,
1170 : struct ldap_message *msg)
1171 : {
1172 1608 : uint8_t tag;
1173 :
1174 1962515 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto prot_err;
1175 1962514 : if (!asn1_read_Integer(data, &msg->messageid)) goto prot_err;
1176 :
1177 1962514 : if (!asn1_peek_uint8(data, &tag)) goto prot_err;
1178 :
1179 1962514 : switch(tag) {
1180 :
1181 36353 : case ASN1_APPLICATION(LDAP_TAG_BindRequest): {
1182 36353 : struct ldap_BindRequest *r = &msg->r.BindRequest;
1183 36353 : msg->type = LDAP_TAG_BindRequest;
1184 36353 : if (!asn1_start_tag(data, tag)) goto prot_err;
1185 36353 : if (!asn1_read_Integer(data, &r->version)) goto prot_err;
1186 36353 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1187 36353 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(0))) {
1188 0 : int pwlen;
1189 475 : r->creds.password = "";
1190 475 : r->mechanism = LDAP_AUTH_MECH_SIMPLE;
1191 475 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0))) goto prot_err;
1192 475 : pwlen = asn1_tag_remaining(data);
1193 475 : if (pwlen == -1) {
1194 0 : goto prot_err;
1195 : }
1196 475 : if (pwlen != 0) {
1197 455 : char *pw = talloc_array(msg, char, pwlen+1);
1198 455 : if (!pw) {
1199 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1200 : }
1201 455 : if (!asn1_read(data, pw, pwlen)) goto prot_err;
1202 455 : pw[pwlen] = '\0';
1203 455 : r->creds.password = pw;
1204 : }
1205 475 : if (!asn1_end_tag(data)) goto prot_err;
1206 35878 : } else if (asn1_peek_tag(data, ASN1_CONTEXT(3))){
1207 35878 : if (!asn1_start_tag(data, ASN1_CONTEXT(3))) goto prot_err;
1208 35878 : r->mechanism = LDAP_AUTH_MECH_SASL;
1209 35878 : if (!asn1_read_OctetString_talloc(msg, data, &r->creds.SASL.mechanism)) goto prot_err;
1210 35878 : if (asn1_peek_tag(data, ASN1_OCTET_STRING)) { /* optional */
1211 35878 : DATA_BLOB tmp_blob = data_blob(NULL, 0);
1212 35878 : if (!asn1_read_OctetString(data, msg, &tmp_blob)) goto prot_err;
1213 35878 : r->creds.SASL.secblob = talloc(msg, DATA_BLOB);
1214 35878 : if (!r->creds.SASL.secblob) {
1215 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1216 : }
1217 35878 : *r->creds.SASL.secblob = data_blob_talloc(r->creds.SASL.secblob,
1218 : tmp_blob.data, tmp_blob.length);
1219 35878 : data_blob_free(&tmp_blob);
1220 : } else {
1221 0 : r->creds.SASL.secblob = NULL;
1222 : }
1223 35878 : if (!asn1_end_tag(data)) goto prot_err;
1224 : } else {
1225 : /* Neither Simple nor SASL bind */
1226 0 : goto prot_err;
1227 : }
1228 36353 : if (!asn1_end_tag(data)) goto prot_err;
1229 36231 : break;
1230 : }
1231 :
1232 35762 : case ASN1_APPLICATION(LDAP_TAG_BindResponse): {
1233 35762 : struct ldap_BindResponse *r = &msg->r.BindResponse;
1234 35762 : msg->type = LDAP_TAG_BindResponse;
1235 35762 : if (!asn1_start_tag(data, tag)) goto prot_err;
1236 35762 : if (!ldap_decode_response(msg, data, &r->response)) goto prot_err;
1237 35762 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(7))) {
1238 35314 : DATA_BLOB tmp_blob = data_blob(NULL, 0);
1239 35314 : if (!asn1_read_ContextSimple(data, msg, 7, &tmp_blob)) goto prot_err;
1240 35314 : r->SASL.secblob = talloc(msg, DATA_BLOB);
1241 35314 : if (!r->SASL.secblob) {
1242 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1243 : }
1244 35314 : *r->SASL.secblob = data_blob_talloc(r->SASL.secblob,
1245 : tmp_blob.data, tmp_blob.length);
1246 35314 : data_blob_free(&tmp_blob);
1247 : } else {
1248 448 : r->SASL.secblob = NULL;
1249 : }
1250 35762 : if (!asn1_end_tag(data)) goto prot_err;
1251 35640 : break;
1252 : }
1253 :
1254 23 : case ASN1_APPLICATION_SIMPLE(LDAP_TAG_UnbindRequest): {
1255 23 : msg->type = LDAP_TAG_UnbindRequest;
1256 23 : if (!asn1_start_tag(data, tag)) goto prot_err;
1257 23 : if (!asn1_end_tag(data)) goto prot_err;
1258 23 : break;
1259 : }
1260 :
1261 343788 : case ASN1_APPLICATION(LDAP_TAG_SearchRequest): {
1262 343788 : struct ldap_SearchRequest *r = &msg->r.SearchRequest;
1263 288 : int sizelimit, timelimit;
1264 343788 : const char **attrs = NULL;
1265 343788 : size_t request_size = asn1_get_length(data);
1266 343788 : msg->type = LDAP_TAG_SearchRequest;
1267 343788 : if (request_size > limits->max_search_size) {
1268 6 : goto prot_err;
1269 : }
1270 343784 : if (!asn1_start_tag(data, tag)) goto prot_err;
1271 343784 : if (!asn1_read_OctetString_talloc(msg, data, &r->basedn)) goto prot_err;
1272 343784 : if (!asn1_read_enumerated(data, (int *)(void *)&(r->scope))) goto prot_err;
1273 343784 : if (!asn1_read_enumerated(data, (int *)(void *)&(r->deref))) goto prot_err;
1274 343784 : if (!asn1_read_Integer(data, &sizelimit)) goto prot_err;
1275 343784 : r->sizelimit = sizelimit;
1276 343784 : if (!asn1_read_Integer(data, &timelimit)) goto prot_err;
1277 343784 : r->timelimit = timelimit;
1278 343784 : if (!asn1_read_BOOLEAN(data, &r->attributesonly)) goto prot_err;
1279 :
1280 343784 : r->tree = ldap_decode_filter_tree(msg, data);
1281 343784 : if (r->tree == NULL) {
1282 2 : goto prot_err;
1283 : }
1284 :
1285 343782 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto prot_err;
1286 :
1287 343782 : r->num_attributes = 0;
1288 343782 : r->attributes = NULL;
1289 :
1290 950415 : while (asn1_tag_remaining(data) > 0) {
1291 :
1292 914 : const char *attr;
1293 606633 : if (!asn1_read_OctetString_talloc(msg, data,
1294 : &attr))
1295 0 : goto prot_err;
1296 606633 : if (!add_string_to_array(msg, attr,
1297 : &attrs,
1298 : &r->num_attributes))
1299 0 : goto prot_err;
1300 : }
1301 343782 : r->attributes = attrs;
1302 :
1303 343782 : if (!asn1_end_tag(data)) goto prot_err;
1304 343782 : if (!asn1_end_tag(data)) goto prot_err;
1305 343782 : break;
1306 : }
1307 :
1308 611562 : case ASN1_APPLICATION(LDAP_TAG_SearchResultEntry): {
1309 611562 : struct ldap_SearchResEntry *r = &msg->r.SearchResultEntry;
1310 611562 : msg->type = LDAP_TAG_SearchResultEntry;
1311 611562 : r->attributes = NULL;
1312 611562 : r->num_attributes = 0;
1313 611562 : if (!asn1_start_tag(data, tag)) goto prot_err;
1314 611562 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1315 611562 : if (!ldap_decode_attribs(msg, data, &r->attributes,
1316 0 : &r->num_attributes)) goto prot_err;
1317 611562 : if (!asn1_end_tag(data)) goto prot_err;
1318 611241 : break;
1319 : }
1320 :
1321 341081 : case ASN1_APPLICATION(LDAP_TAG_SearchResultDone): {
1322 341081 : struct ldap_Result *r = &msg->r.SearchResultDone;
1323 341081 : msg->type = LDAP_TAG_SearchResultDone;
1324 341081 : if (!asn1_start_tag(data, tag)) goto prot_err;
1325 341081 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1326 341081 : if (!asn1_end_tag(data)) goto prot_err;
1327 340796 : break;
1328 : }
1329 :
1330 133231 : case ASN1_APPLICATION(LDAP_TAG_SearchResultReference): {
1331 133231 : struct ldap_SearchResRef *r = &msg->r.SearchResultReference;
1332 133231 : msg->type = LDAP_TAG_SearchResultReference;
1333 133231 : if (!asn1_start_tag(data, tag)) goto prot_err;
1334 133231 : if (!asn1_read_OctetString_talloc(msg, data, &r->referral)) goto prot_err;
1335 133231 : if (!asn1_end_tag(data)) goto prot_err;
1336 133195 : break;
1337 : }
1338 :
1339 86760 : case ASN1_APPLICATION(LDAP_TAG_ModifyRequest): {
1340 86760 : struct ldap_ModifyRequest *r = &msg->r.ModifyRequest;
1341 86760 : msg->type = LDAP_TAG_ModifyRequest;
1342 86760 : if (!asn1_start_tag(data, ASN1_APPLICATION(LDAP_TAG_ModifyRequest))) goto prot_err;
1343 86760 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1344 86760 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto prot_err;
1345 :
1346 86760 : r->num_mods = 0;
1347 86760 : r->mods = NULL;
1348 :
1349 200255 : while (asn1_tag_remaining(data) > 0) {
1350 216 : struct ldap_mod mod;
1351 216 : int v;
1352 113495 : ZERO_STRUCT(mod);
1353 113495 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto prot_err;
1354 113495 : if (!asn1_read_enumerated(data, &v)) goto prot_err;
1355 113495 : mod.type = v;
1356 113495 : if (!ldap_decode_attrib(msg, data, &mod.attrib)) goto prot_err;
1357 113495 : if (!asn1_end_tag(data)) goto prot_err;
1358 113495 : if (!add_mod_to_array_talloc(msg, &mod,
1359 : &r->mods, &r->num_mods)) {
1360 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1361 : }
1362 : }
1363 :
1364 86760 : if (!asn1_end_tag(data)) goto prot_err;
1365 86760 : if (!asn1_end_tag(data)) goto prot_err;
1366 86616 : break;
1367 : }
1368 :
1369 86608 : case ASN1_APPLICATION(LDAP_TAG_ModifyResponse): {
1370 86608 : struct ldap_Result *r = &msg->r.ModifyResponse;
1371 86608 : msg->type = LDAP_TAG_ModifyResponse;
1372 86608 : if (!asn1_start_tag(data, tag)) goto prot_err;
1373 86608 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1374 86608 : if (!asn1_end_tag(data)) goto prot_err;
1375 86464 : break;
1376 : }
1377 :
1378 67795 : case ASN1_APPLICATION(LDAP_TAG_AddRequest): {
1379 67795 : struct ldap_AddRequest *r = &msg->r.AddRequest;
1380 67795 : msg->type = LDAP_TAG_AddRequest;
1381 67795 : if (!asn1_start_tag(data, tag)) goto prot_err;
1382 67795 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1383 :
1384 67795 : r->attributes = NULL;
1385 67795 : r->num_attributes = 0;
1386 67795 : if (!ldap_decode_attribs(msg, data, &r->attributes,
1387 0 : &r->num_attributes)) goto prot_err;
1388 :
1389 67795 : if (!asn1_end_tag(data)) goto prot_err;
1390 67759 : break;
1391 : }
1392 :
1393 67735 : case ASN1_APPLICATION(LDAP_TAG_AddResponse): {
1394 67735 : struct ldap_Result *r = &msg->r.AddResponse;
1395 67735 : msg->type = LDAP_TAG_AddResponse;
1396 67735 : if (!asn1_start_tag(data, tag)) goto prot_err;
1397 67735 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1398 67735 : if (!asn1_end_tag(data)) goto prot_err;
1399 67699 : break;
1400 : }
1401 :
1402 75115 : case ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest): {
1403 75115 : struct ldap_DelRequest *r = &msg->r.DelRequest;
1404 36 : int len;
1405 36 : char *dn;
1406 75115 : msg->type = LDAP_TAG_DelRequest;
1407 75115 : if (!asn1_start_tag(data,
1408 0 : ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest))) goto prot_err;
1409 75115 : len = asn1_tag_remaining(data);
1410 75115 : if (len == -1) {
1411 0 : goto prot_err;
1412 : }
1413 75115 : dn = talloc_array(msg, char, len+1);
1414 75115 : if (dn == NULL)
1415 0 : break;
1416 75115 : if (!asn1_read(data, dn, len)) goto prot_err;
1417 75115 : dn[len] = '\0';
1418 75115 : r->dn = dn;
1419 75115 : if (!asn1_end_tag(data)) goto prot_err;
1420 75079 : break;
1421 : }
1422 :
1423 75075 : case ASN1_APPLICATION(LDAP_TAG_DelResponse): {
1424 75075 : struct ldap_Result *r = &msg->r.DelResponse;
1425 75075 : msg->type = LDAP_TAG_DelResponse;
1426 75075 : if (!asn1_start_tag(data, tag)) goto prot_err;
1427 75075 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1428 75075 : if (!asn1_end_tag(data)) goto prot_err;
1429 75039 : break;
1430 : }
1431 :
1432 388 : case ASN1_APPLICATION(LDAP_TAG_ModifyDNRequest): {
1433 388 : struct ldap_ModifyDNRequest *r = &msg->r.ModifyDNRequest;
1434 388 : msg->type = LDAP_TAG_ModifyDNRequest;
1435 388 : if (!asn1_start_tag(data,
1436 0 : ASN1_APPLICATION(LDAP_TAG_ModifyDNRequest))) goto prot_err;
1437 388 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1438 388 : if (!asn1_read_OctetString_talloc(msg, data, &r->newrdn)) goto prot_err;
1439 388 : if (!asn1_read_BOOLEAN(data, &r->deleteolddn)) goto prot_err;
1440 388 : r->newsuperior = NULL;
1441 388 : if (asn1_tag_remaining(data) > 0) {
1442 0 : int len;
1443 0 : char *newsup;
1444 384 : if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0))) goto prot_err;
1445 384 : len = asn1_tag_remaining(data);
1446 384 : if (len == -1) {
1447 0 : goto prot_err;
1448 : }
1449 384 : newsup = talloc_array(msg, char, len+1);
1450 384 : if (newsup == NULL) {
1451 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1452 : }
1453 384 : if (!asn1_read(data, newsup, len)) goto prot_err;
1454 384 : newsup[len] = '\0';
1455 384 : r->newsuperior = newsup;
1456 384 : if (!asn1_end_tag(data)) goto prot_err;
1457 : }
1458 388 : if (!asn1_end_tag(data)) goto prot_err;
1459 388 : break;
1460 : }
1461 :
1462 388 : case ASN1_APPLICATION(LDAP_TAG_ModifyDNResponse): {
1463 388 : struct ldap_Result *r = &msg->r.ModifyDNResponse;
1464 388 : msg->type = LDAP_TAG_ModifyDNResponse;
1465 388 : if (!asn1_start_tag(data, tag)) goto prot_err;
1466 388 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1467 388 : if (!asn1_end_tag(data)) goto prot_err;
1468 388 : break;
1469 : }
1470 :
1471 1 : case ASN1_APPLICATION(LDAP_TAG_CompareRequest): {
1472 1 : struct ldap_CompareRequest *r = &msg->r.CompareRequest;
1473 1 : msg->type = LDAP_TAG_CompareRequest;
1474 1 : if (!asn1_start_tag(data,
1475 0 : ASN1_APPLICATION(LDAP_TAG_CompareRequest))) goto prot_err;
1476 1 : if (!asn1_read_OctetString_talloc(msg, data, &r->dn)) goto prot_err;
1477 1 : if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto prot_err;
1478 1 : if (!asn1_read_OctetString_talloc(msg, data, &r->attribute)) goto prot_err;
1479 1 : if (!asn1_read_OctetString(data, msg, &r->value)) goto prot_err;
1480 1 : if (r->value.data) {
1481 1 : talloc_steal(msg, r->value.data);
1482 : }
1483 1 : if (!asn1_end_tag(data)) goto prot_err;
1484 1 : if (!asn1_end_tag(data)) goto prot_err;
1485 1 : break;
1486 : }
1487 :
1488 1 : case ASN1_APPLICATION(LDAP_TAG_CompareResponse): {
1489 1 : struct ldap_Result *r = &msg->r.CompareResponse;
1490 1 : msg->type = LDAP_TAG_CompareResponse;
1491 1 : if (!asn1_start_tag(data, tag)) goto prot_err;
1492 1 : if (!ldap_decode_response(msg, data, r)) goto prot_err;
1493 1 : if (!asn1_end_tag(data)) goto prot_err;
1494 1 : break;
1495 : }
1496 :
1497 80 : case ASN1_APPLICATION_SIMPLE(LDAP_TAG_AbandonRequest): {
1498 80 : struct ldap_AbandonRequest *r = &msg->r.AbandonRequest;
1499 80 : msg->type = LDAP_TAG_AbandonRequest;
1500 80 : if (!asn1_start_tag(data, tag)) goto prot_err;
1501 80 : if (!asn1_read_implicit_Integer(data, &r->messageid)) goto prot_err;
1502 80 : if (!asn1_end_tag(data)) goto prot_err;
1503 80 : break;
1504 : }
1505 :
1506 390 : case ASN1_APPLICATION(LDAP_TAG_ExtendedRequest): {
1507 390 : struct ldap_ExtendedRequest *r = &msg->r.ExtendedRequest;
1508 390 : DATA_BLOB tmp_blob = data_blob(NULL, 0);
1509 :
1510 390 : msg->type = LDAP_TAG_ExtendedRequest;
1511 390 : if (!asn1_start_tag(data,tag)) goto prot_err;
1512 390 : if (!asn1_read_ContextSimple(data, msg, 0, &tmp_blob)) {
1513 0 : goto prot_err;
1514 : }
1515 390 : r->oid = blob2string_talloc(msg, tmp_blob);
1516 390 : data_blob_free(&tmp_blob);
1517 390 : if (!r->oid) {
1518 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1519 : }
1520 :
1521 390 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
1522 315 : if (!asn1_read_ContextSimple(data, msg, 1, &tmp_blob)) goto prot_err;
1523 315 : r->value = talloc(msg, DATA_BLOB);
1524 315 : if (!r->value) {
1525 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1526 : }
1527 315 : *r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
1528 315 : data_blob_free(&tmp_blob);
1529 : } else {
1530 75 : r->value = NULL;
1531 : }
1532 :
1533 390 : if (!asn1_end_tag(data)) goto prot_err;
1534 390 : break;
1535 : }
1536 :
1537 378 : case ASN1_APPLICATION(LDAP_TAG_ExtendedResponse): {
1538 378 : struct ldap_ExtendedResponse *r = &msg->r.ExtendedResponse;
1539 378 : DATA_BLOB tmp_blob = data_blob(NULL, 0);
1540 :
1541 378 : msg->type = LDAP_TAG_ExtendedResponse;
1542 378 : if (!asn1_start_tag(data, tag)) goto prot_err;
1543 378 : if (!ldap_decode_response(msg, data, &r->response)) goto prot_err;
1544 :
1545 378 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(10))) {
1546 378 : if (!asn1_read_ContextSimple(data, msg, 10, &tmp_blob))
1547 0 : goto prot_err;
1548 378 : r->oid = blob2string_talloc(msg, tmp_blob);
1549 378 : data_blob_free(&tmp_blob);
1550 378 : if (!r->oid) {
1551 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1552 : }
1553 : } else {
1554 0 : r->oid = NULL;
1555 : }
1556 :
1557 378 : if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(11))) {
1558 1 : if (!asn1_read_ContextSimple(data, msg, 11, &tmp_blob))
1559 0 : goto prot_err;
1560 1 : r->value = talloc(msg, DATA_BLOB);
1561 1 : if (!r->value) {
1562 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1563 : }
1564 1 : *r->value = data_blob_talloc(r->value, tmp_blob.data, tmp_blob.length);
1565 1 : data_blob_free(&tmp_blob);
1566 : } else {
1567 377 : r->value = NULL;
1568 : }
1569 :
1570 378 : if (!asn1_end_tag(data)) goto prot_err;
1571 378 : break;
1572 : }
1573 0 : default:
1574 0 : goto prot_err;
1575 : }
1576 :
1577 1962508 : msg->controls = NULL;
1578 1962508 : msg->controls_decoded = NULL;
1579 :
1580 1962508 : if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
1581 297443 : int i = 0;
1582 297443 : struct ldb_control **ctrl = NULL;
1583 297443 : bool *decoded = NULL;
1584 :
1585 297443 : if (!asn1_start_tag(data, ASN1_CONTEXT(0))) goto prot_err;
1586 :
1587 699253 : while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
1588 0 : DATA_BLOB value;
1589 : /* asn1_start_tag(data, ASN1_SEQUENCE(0)); */
1590 :
1591 401810 : ctrl = talloc_realloc(msg, ctrl, struct ldb_control *, i+2);
1592 401810 : if (!ctrl) {
1593 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1594 : }
1595 :
1596 401810 : decoded = talloc_realloc(msg, decoded, bool, i+1);
1597 401810 : if (!decoded) {
1598 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1599 : }
1600 :
1601 401810 : ctrl[i] = talloc(ctrl, struct ldb_control);
1602 401810 : if (!ctrl[i]) {
1603 0 : return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
1604 : }
1605 :
1606 401810 : if (!ldap_decode_control_wrapper(ctrl[i], data, ctrl[i], &value)) {
1607 0 : goto prot_err;
1608 : }
1609 :
1610 401810 : if (!ldap_decode_control_value(ctrl[i], value,
1611 : control_handlers,
1612 401810 : ctrl[i])) {
1613 0 : if (ctrl[i]->critical) {
1614 0 : ctrl[i]->data = NULL;
1615 0 : decoded[i] = false;
1616 0 : i++;
1617 : } else {
1618 0 : talloc_free(ctrl[i]);
1619 0 : ctrl[i] = NULL;
1620 : }
1621 : } else {
1622 401810 : decoded[i] = true;
1623 401810 : i++;
1624 : }
1625 : }
1626 :
1627 297443 : if (ctrl != NULL) {
1628 297441 : ctrl[i] = NULL;
1629 : }
1630 :
1631 297443 : msg->controls = ctrl;
1632 297443 : msg->controls_decoded = decoded;
1633 :
1634 297443 : if (!asn1_end_tag(data)) goto prot_err;
1635 : }
1636 :
1637 1962508 : if (!asn1_end_tag(data)) goto prot_err;
1638 1962508 : if (asn1_has_error(data) || asn1_has_nesting(data)) {
1639 0 : return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
1640 : }
1641 1962508 : return NT_STATUS_OK;
1642 :
1643 7 : prot_err:
1644 :
1645 7 : return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
1646 : }
1647 :
1648 :
1649 : /*
1650 : return NT_STATUS_OK if a blob has enough bytes in it to be a full
1651 : ldap packet. Set packet_size if true.
1652 : */
1653 3906114 : NTSTATUS ldap_full_packet(struct tstream_context *stream,
1654 : void *private_data,
1655 : DATA_BLOB blob,
1656 : size_t *packet_size)
1657 : {
1658 2918 : int ret;
1659 :
1660 3906114 : if (blob.length < 6) {
1661 : /*
1662 : * We need at least 6 bytes to workout the length
1663 : * of the pdu.
1664 : */
1665 0 : return STATUS_MORE_ENTRIES;
1666 : }
1667 :
1668 3906114 : ret = asn1_peek_full_tag(blob, ASN1_SEQUENCE(0), packet_size);
1669 3906114 : if (ret != 0) {
1670 1953045 : return map_nt_error_from_unix_common(ret);
1671 : }
1672 1953069 : return NT_STATUS_OK;
1673 : }
|