xref: /illumos-gate/usr/src/lib/libldap5/sources/ldap/common/request.c (revision 7c478bd9)

/*
 * Copyright 2001-2003 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

/*
 * The contents of this file are subject to the Netscape Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/NPL/
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code is Mozilla Communicator client code, released
 * March 31, 1998.
 *
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation. Portions created by Netscape are
 * Copyright (C) 1998-1999 Netscape Communications Corporation. All
 * Rights Reserved.
 *
 * Contributor(s):
 */
/*
 *  Copyright (c) 1995 Regents of the University of Michigan.
 *  All rights reserved.
 */
/*
 *  request.c - sending of ldap requests; handling of referrals
 */

#if 0
#ifndef lint
static char copyright[] = "@(#) Copyright (c) 1995 Regents of the University of Michigan.\nAll rights reserved.\n";
#endif
#endif

#include "ldap-int.h"

static LDAPConn *find_connection( LDAP *ld, LDAPServer *srv, int any );
static void use_connection( LDAP *ld, LDAPConn *lc );
static void free_servers( LDAPServer *srvlist );
static int chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq,
    char *refurl, char *desc, int *unknownp );
static int re_encode_request( LDAP *ld, BerElement *origber,
    int msgid, LDAPURLDesc *ludp, BerElement **berp );

#ifdef LDAP_DNS
static LDAPServer *dn2servers( LDAP *ld, char *dn );
#endif /* LDAP_DNS */


/* returns an LDAP error code and also sets error inside LDAP * */
int
nsldapi_alloc_ber_with_options( LDAP *ld, BerElement **berp )
{
	int	err;

	LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
    	if (( *berp = ber_alloc_t( ld->ld_lberoptions )) == NULLBER ) {
		err = LDAP_NO_MEMORY;
		LDAP_SET_LDERRNO( ld, err, NULL, NULL );
	} else {
		err = LDAP_SUCCESS;
#ifdef STR_TRANSLATION
		nsldapi_set_ber_options( ld, *berp );
#endif /* STR_TRANSLATION */
	}
	LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );

	return( err );
}


void
nsldapi_set_ber_options( LDAP *ld, BerElement *ber )
{
	ber->ber_options = ld->ld_lberoptions;
#ifdef STR_TRANSLATION
	if (( ld->ld_lberoptions & LBER_OPT_TRANSLATE_STRINGS ) != 0 ) {
		ber_set_string_translators( ber,
		    ld->ld_lber_encode_translate_proc,
		    ld->ld_lber_decode_translate_proc );
	}
#endif /* STR_TRANSLATION */
}


/* returns the message id of the request or -1 if an error occurs */
int
nsldapi_send_initial_request( LDAP *ld, int msgid, unsigned long msgtype,
	char *dn, BerElement *ber )
{
	LDAPServer	*servers;

	LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_initial_request\n", 0,0,0 );

#ifdef LDAP_DNS
	LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
	if (( ld->ld_options & LDAP_BITOPT_DNS ) != 0 && ldap_is_dns_dn( dn )) {
		if (( servers = dn2servers( ld, dn )) == NULL ) {
			ber_free( ber, 1 );
			LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
			return( -1 );
		}

#ifdef LDAP_DEBUG
		if ( ldap_debug & LDAP_DEBUG_TRACE ) {
			LDAPServer	*srv;
			char    msg[256];

			for ( srv = servers; srv != NULL;
			    srv = srv->lsrv_next ) {
				sprintf( msg,
				    "LDAP server %s:  dn %s, port %d\n",
				    srv->lsrv_host, ( srv->lsrv_dn == NULL ) ?
				    "(default)" : srv->lsrv_dn,
				    srv->lsrv_port );
				ber_err_print( msg );
			}
		}
#endif /* LDAP_DEBUG */
	} else {
#endif /* LDAP_DNS */
		/*
		 * use of DNS is turned off or this is an LDAP DN...
		 * use our default connection
		 */
		servers = NULL;
#ifdef LDAP_DNS
	}
	LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
#endif /* LDAP_DNS */

	return( nsldapi_send_server_request( ld, ber, msgid, NULL,
	    servers, NULL, ( msgtype == LDAP_REQ_BIND ) ? dn : NULL, 0 ));
}


/* returns the message id of the request or -1 if an error occurs */
int
nsldapi_send_server_request(
    LDAP *ld,			/* session handle */
    BerElement *ber,		/* message to send */
    int msgid,			/* ID of message to send */
    LDAPRequest *parentreq,	/* non-NULL for referred requests */
    LDAPServer *srvlist,	/* servers to connect to (NULL for default) */
    LDAPConn *lc,		/* connection to use (NULL for default) */
    char *bindreqdn,		/* non-NULL for bind requests */
    int bind			/* perform a bind after opening new conn.? */
)
{
	LDAPRequest	*lr;
	int		err;
	int		incparent;	/* did we bump parent's ref count? */

	LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_send_server_request\n", 0, 0, 0 );

	incparent = 0;
	LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
	if ( lc == NULL ) {
		if ( srvlist == NULL ) {
			if ( ld->ld_defconn == NULL ) {
				LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
				if ( bindreqdn == NULL && ( ld->ld_options
				    & LDAP_BITOPT_RECONNECT ) != 0 ) {
					LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN,
					    NULL, NULL );
					ber_free( ber, 1 );
					LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
					LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
					return( -1 );
				}
				LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );

				if ( nsldapi_open_ldap_defconn( ld ) < 0 ) {
					ber_free( ber, 1 );
					LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
					return( -1 );
				}
			}
			lc = ld->ld_defconn;
		} else {
			if (( lc = find_connection( ld, srvlist, 1 )) ==
			    NULL ) {
				if ( bind && (parentreq != NULL) ) {
					/* Remember the bind in the parent */
					incparent = 1;
					++parentreq->lr_outrefcnt;
				}

				lc = nsldapi_new_connection( ld, &srvlist, 0,
					1, bind );
			}
			free_servers( srvlist );
		}
	}


    /*
     * the logic here is:
     * if
     * 1. no connections exists,
     * or
     * 2. if the connection is either not in the connected
     *     or connecting state in an async io model
     * or
     * 3. the connection is notin a connected state with normal (non async io)
     */
	if (   lc == NULL
		|| (  (ld->ld_options & LDAP_BITOPT_ASYNC
               && lc->lconn_status != LDAP_CONNST_CONNECTING
		    && lc->lconn_status != LDAP_CONNST_CONNECTED)
              || (!(ld->ld_options & LDAP_BITOPT_ASYNC )
		    && lc->lconn_status != LDAP_CONNST_CONNECTED) ) ) {

		ber_free( ber, 1 );
		if ( lc != NULL ) {
			LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
		}
		if ( incparent ) {
			/* Forget about the bind */
			--parentreq->lr_outrefcnt;
		}
		LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
		return( -1 );
	}

	use_connection( ld, lc );
	if (( lr = (LDAPRequest *)NSLDAPI_CALLOC( 1, sizeof( LDAPRequest ))) ==
	    NULL || ( bindreqdn != NULL && ( bindreqdn =
	    nsldapi_strdup( bindreqdn )) == NULL )) {
		if ( lr != NULL ) {
			NSLDAPI_FREE( lr );
		}
		LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
		nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
		ber_free( ber, 1 );
		if ( incparent ) {
			/* Forget about the bind */
			--parentreq->lr_outrefcnt;
		}
		LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
		return( -1 );
	}
	lr->lr_binddn = bindreqdn;
	lr->lr_msgid = msgid;
	lr->lr_status = LDAP_REQST_INPROGRESS;
	lr->lr_res_errno = LDAP_SUCCESS;	/* optimistic */
	lr->lr_ber = ber;
	lr->lr_conn = lc;

	if ( parentreq != NULL ) {	/* sub-request */
		if ( !incparent ) {
			/* Increment if we didn't do it before the bind */
			++parentreq->lr_outrefcnt;
		}
		lr->lr_origid = parentreq->lr_origid;
		lr->lr_parentcnt = parentreq->lr_parentcnt + 1;
		lr->lr_parent = parentreq;
		if ( parentreq->lr_child != NULL ) {
			lr->lr_sibling = parentreq->lr_child;
		}
		parentreq->lr_child = lr;
	} else {			/* original request */
		lr->lr_origid = lr->lr_msgid;
	}

	LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK );
	if (( lr->lr_next = ld->ld_requests ) != NULL ) {
		lr->lr_next->lr_prev = lr;
	}
	ld->ld_requests = lr;
	lr->lr_prev = NULL;

	if (( err = nsldapi_ber_flush( ld, lc->lconn_sb, ber, 0, 1 )) != 0 ) {

		/* need to continue write later */
		if (ld->ld_options & LDAP_BITOPT_ASYNC && err == -2 ) {
			lr->lr_status = LDAP_REQST_WRITING;
			nsldapi_iostatus_interest_write( ld, lc->lconn_sb );
		} else {

			LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
			nsldapi_free_request( ld, lr, 0 );
			nsldapi_free_connection( ld, lc, NULL, NULL, 0, 0 );
			LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
			LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
			return( -1 );
		}

	} else {
		if ( parentreq == NULL ) {
			ber->ber_end = ber->ber_ptr;
			ber->ber_ptr = ber->ber_buf;
		}

		/* sent -- waiting for a response */
		if (ld->ld_options & LDAP_BITOPT_ASYNC) {
			lc->lconn_status = LDAP_CONNST_CONNECTED;
		}

		nsldapi_iostatus_interest_read( ld, lc->lconn_sb );
	}
	LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );
	LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );

	LDAP_SET_LDERRNO( ld, LDAP_SUCCESS, NULL, NULL );
	return( msgid );
}


/*
 * returns -1 if a fatal error occurs.  If async is non-zero and the flush
 * would block, -2 is returned.
 */
int
nsldapi_ber_flush( LDAP *ld, Sockbuf *sb, BerElement *ber, int freeit,
	int async )
{
	int	terrno;

	for ( ;; ) {
		 /*
		  * ber_flush() doesn't set errno on EOF, so we pre-set it to
		  * zero to avoid getting tricked by leftover "EAGAIN" errors
		  */
		LDAP_SET_ERRNO( ld, 0 );

		if ( ber_flush( sb, ber, freeit ) == 0 ) {
			return( 0 );	/* success */
		}

		terrno = LDAP_GET_ERRNO( ld );

        if (ld->ld_options & LDAP_BITOPT_ASYNC) {
            if ( terrno != 0 && !NSLDAPI_ERRNO_IO_INPROGRESS( terrno )) {
                nsldapi_connection_lost_nolock( ld, sb );
                return( -1 );	/* fatal error */
            }
        }
        else if ( !NSLDAPI_ERRNO_IO_INPROGRESS( terrno )) {

			nsldapi_connection_lost_nolock( ld, sb );
			return( -1 );	/* fatal error */
		}

		if ( async ) {
			return( -2 );	/* would block */
		}
	}
}

LDAPConn *
nsldapi_new_connection( LDAP *ld, LDAPServer **srvlistp, int use_ldsb,
	int connect, int bind )
{
    int	rc;

	LDAPConn	*lc;
	LDAPServer	*prevsrv, *srv;
	Sockbuf		*sb = NULL;

	/*
	 * make a new LDAP server connection
	 */
	if (( lc = (LDAPConn *)NSLDAPI_CALLOC( 1, sizeof( LDAPConn ))) == NULL
	    || ( !use_ldsb && ( sb = ber_sockbuf_alloc()) == NULL )) {
		if ( lc != NULL ) {
			NSLDAPI_FREE( (char *)lc );
		}
		LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
		return( NULL );
	}

	LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
	if ( !use_ldsb ) {
		/*
		 * we have allocated a new sockbuf
		 * set I/O routines to match those in default LDAP sockbuf
		 */
		IFP				sb_fn;
		struct lber_x_ext_io_fns	extiofns;

		extiofns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE;

		if ( ber_sockbuf_get_option( ld->ld_sbp,
		    LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns ) == 0 ) {
			ber_sockbuf_set_option( sb,
			    LBER_SOCKBUF_OPT_EXT_IO_FNS, &extiofns );
		}
		if ( ber_sockbuf_get_option( ld->ld_sbp,
		    LBER_SOCKBUF_OPT_READ_FN, (void *)&sb_fn ) == 0
		    && sb_fn != NULL ) {
			ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_READ_FN,
			    (void *)sb_fn );
		}
		if ( ber_sockbuf_get_option( ld->ld_sbp,
		    LBER_SOCKBUF_OPT_WRITE_FN, (void *)&sb_fn ) == 0
		    && sb_fn != NULL ) {
			ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_WRITE_FN,
			    (void *)sb_fn );
		}
	}

	lc->lconn_sb = ( use_ldsb ) ? ld->ld_sbp : sb;
	lc->lconn_version = ld->ld_version;	/* inherited */
	LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );

	if ( connect ) {
		prevsrv = NULL;
        /*
         * save the return code for later
         */
		for ( srv = *srvlistp; srv != NULL; srv = srv->lsrv_next ) {
			rc = nsldapi_connect_to_host( ld, lc->lconn_sb,
				   srv->lsrv_host, srv->lsrv_port,
			       (  srv->lsrv_options & LDAP_SRV_OPT_SECURE ) != 0,
					&lc->lconn_krbinstance );
			if (rc != -1) {
				break;
			}
			prevsrv = srv;
		}

		if ( srv == NULL ) {
		    if ( !use_ldsb ) {
			NSLDAPI_FREE( (char *)lc->lconn_sb );
		    }
		    NSLDAPI_FREE( (char *)lc );
		    /* nsldapi_open_ldap_connection has already set ld_errno */
		    return( NULL );
		}

		if ( prevsrv == NULL ) {
		    *srvlistp = srv->lsrv_next;
		} else {
		    prevsrv->lsrv_next = srv->lsrv_next;
		}
		lc->lconn_server = srv;
	}

	if (ld->ld_options & LDAP_BITOPT_ASYNC && rc == -2)
    {
        lc->lconn_status = LDAP_CONNST_CONNECTING;
    }
    else {
        lc->lconn_status = LDAP_CONNST_CONNECTED;
    }

	lc->lconn_next = ld->ld_conns;
	ld->ld_conns = lc;

	/*
	 * XXX for now, we always do a synchronous bind.  This will have
	 * to change in the long run...
	 */
	if ( bind ) {
		int		err, lderr, freepasswd, authmethod;
		char		*binddn, *passwd;
		LDAPConn	*savedefconn;

		freepasswd = err = 0;

		if ( ld->ld_rebind_fn == NULL ) {
			binddn = passwd = "";
			authmethod = LDAP_AUTH_SIMPLE;
		} else {
			if (( lderr = (*ld->ld_rebind_fn)( ld, &binddn, &passwd,
			    &authmethod, 0, ld->ld_rebind_arg ))
			    == LDAP_SUCCESS ) {
				freepasswd = 1;
			} else {
				LDAP_SET_LDERRNO( ld, lderr, NULL, NULL );
				err = -1;
			}
		}


		if ( err == 0 ) {
			savedefconn = ld->ld_defconn;
			ld->ld_defconn = lc;
			++lc->lconn_refcnt;	/* avoid premature free */

			/*
			 * when binding, we will back down as low as LDAPv2
			 * if we get back "protocol error" from bind attempts
			 */
			for ( ;; ) {
				/* LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); */
				if (( lderr = ldap_bind_s( ld, binddn, passwd,
				    authmethod )) == LDAP_SUCCESS ) {
					/* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
					break;
				}
				/* LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); */
				if ( lc->lconn_version <= LDAP_VERSION2
				    || lderr != LDAP_PROTOCOL_ERROR ) {
					err = -1;
					break;
				}
				--lc->lconn_version;	/* try lower version */
			}
			--lc->lconn_refcnt;
			ld->ld_defconn = savedefconn;
		}

		if ( freepasswd ) {
			(*ld->ld_rebind_fn)( ld, &binddn, &passwd,
				&authmethod, 1, ld->ld_rebind_arg );
		}

		if ( err != 0 ) {
			nsldapi_free_connection( ld, lc, NULL, NULL, 1, 0 );
			lc = NULL;
		}
	}

	return( lc );
}


#define LDAP_CONN_SAMEHOST( h1, h2 ) \
	(( (h1) == NULL && (h2) == NULL ) || \
	( (h1) != NULL && (h2) != NULL && strcasecmp( (h1), (h2) ) == 0 ))

static LDAPConn *
find_connection( LDAP *ld, LDAPServer *srv, int any )
/*
 * return an existing connection (if any) to the server srv
 * if "any" is non-zero, check for any server in the "srv" chain
 */
{
	LDAPConn	*lc;
	LDAPServer	*ls;

	for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
		for ( ls = srv; ls != NULL; ls = ls->lsrv_next ) {
			if ( LDAP_CONN_SAMEHOST( ls->lsrv_host,
			    lc->lconn_server->lsrv_host )
			    && ls->lsrv_port == lc->lconn_server->lsrv_port
			    && ls->lsrv_options ==
			    lc->lconn_server->lsrv_options ) {
				return( lc );
			}
			if ( !any ) {
				break;
			}
		}
	}

	return( NULL );
}



static void
use_connection( LDAP *ld, LDAPConn *lc )
{
	++lc->lconn_refcnt;
	lc->lconn_lastused = time( 0 );
}


void
nsldapi_free_connection( LDAP *ld, LDAPConn *lc, LDAPControl **serverctrls,
    LDAPControl **clientctrls, int force, int unbind )
{
	LDAPConn	*tmplc, *prevlc;

	LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection\n", 0, 0, 0 );

	if ( force || --lc->lconn_refcnt <= 0 ) {
		if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) {
			nsldapi_iostatus_interest_clear( ld, lc->lconn_sb );
			if ( unbind ) {
				nsldapi_send_unbind( ld, lc->lconn_sb,
				    serverctrls, clientctrls );
			}
		}
		nsldapi_close_connection( ld, lc->lconn_sb );
		prevlc = NULL;
		for ( tmplc = ld->ld_conns; tmplc != NULL;
		    tmplc = tmplc->lconn_next ) {
			if ( tmplc == lc ) {
				if ( prevlc == NULL ) {
				    ld->ld_conns = tmplc->lconn_next;
				} else {
				    prevlc->lconn_next = tmplc->lconn_next;
				}
				break;
			}
			prevlc = tmplc;
		}
		free_servers( lc->lconn_server );
		if ( lc->lconn_krbinstance != NULL ) {
			NSLDAPI_FREE( lc->lconn_krbinstance );
		}
		/*
		 * if this is the default connection (lc->lconn_sb==ld->ld_sbp)
		 * we do not free the Sockbuf here since it will be freed
		 * later inside ldap_unbind().
		 */
		if ( lc->lconn_sb != ld->ld_sbp ) {
			ber_sockbuf_free( lc->lconn_sb );
			lc->lconn_sb = NULL;
		}
		if ( lc->lconn_ber != NULLBER ) {
			ber_free( lc->lconn_ber, 1 );
		}
		if ( lc->lconn_binddn != NULL ) {
			NSLDAPI_FREE( lc->lconn_binddn );
		}
		NSLDAPI_FREE( lc );
		LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: actually freed\n",
		    0, 0, 0 );
	} else {
		lc->lconn_lastused = time( 0 );
		LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_free_connection: refcnt %d\n",
		    lc->lconn_refcnt, 0, 0 );
	}
}


#ifdef LDAP_DEBUG
void
nsldapi_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
{
	LDAPConn	*lc;
	char        msg[256];
/* CTIME for this platform doesn't use this. */
#if !defined(SUNOS4) && !defined(_WIN32) && !defined(LINUX)
	char		buf[26];
#endif

	sprintf( msg, "** Connection%s:\n", all ? "s" : "" );
	ber_err_print( msg );
	for ( lc = lconns; lc != NULL; lc = lc->lconn_next ) {
		if ( lc->lconn_server != NULL ) {
			sprintf( msg, "* host: %s  port: %d  secure: %s%s\n",
			    ( lc->lconn_server->lsrv_host == NULL ) ? "(null)"
			    : lc->lconn_server->lsrv_host,
			    lc->lconn_server->lsrv_port,
			    ( lc->lconn_server->lsrv_options &
			    LDAP_SRV_OPT_SECURE ) ? "Yes" :
			    "No", ( lc->lconn_sb == ld->ld_sbp ) ?
			    "  (default)" : "" );
			ber_err_print( msg );
		}
		sprintf( msg, "  refcnt: %d  status: %s\n", lc->lconn_refcnt,
		    ( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) ?
		    "NeedSocket" : ( lc->lconn_status ==
		    LDAP_CONNST_CONNECTING ) ? "Connecting" :
		    ( lc->lconn_status == LDAP_CONNST_DEAD ) ? "Dead" :
		    "Connected" );
		ber_err_print( msg );
		sprintf( msg, "  last used: %s",
		    NSLDAPI_CTIME( (time_t *) &lc->lconn_lastused, buf,
				sizeof(buf) ));
		ber_err_print( msg );
		if ( lc->lconn_ber != NULLBER ) {
			ber_err_print( "  partial response has been received:\n" );
			ber_dump( lc->lconn_ber, 1 );
		}
		ber_err_print( "\n" );

		if ( !all ) {
			break;
		}
	}
}


void
nsldapi_dump_requests_and_responses( LDAP *ld )
{
	LDAPRequest	*lr;
	LDAPMessage	*lm, *l;
	char        msg[256];

	ber_err_print( "** Outstanding Requests:\n" );
	LDAP_MUTEX_LOCK( ld, LDAP_REQ_LOCK );
	if (( lr = ld->ld_requests ) == NULL ) {
		ber_err_print( "   Empty\n" );
	}
	for ( ; lr != NULL; lr = lr->lr_next ) {
	    sprintf( msg, " * msgid %d,  origid %d, status %s\n",
		lr->lr_msgid, lr->lr_origid, ( lr->lr_status ==
		LDAP_REQST_INPROGRESS ) ? "InProgress" :
		( lr->lr_status == LDAP_REQST_CHASINGREFS ) ? "ChasingRefs" :
		( lr->lr_status == LDAP_REQST_NOTCONNECTED ) ? "NotConnected" :
		( lr->lr_status == LDAP_REQST_CONNDEAD ) ? "Dead" :
		"Writing" );
	    ber_err_print( msg );
	    sprintf( msg, "   outstanding referrals %d, parent count %d\n",
		    lr->lr_outrefcnt, lr->lr_parentcnt );
	    ber_err_print( msg );
	    if ( lr->lr_binddn != NULL ) {
		    sprintf( msg, "   pending bind DN: <%s>\n", lr->lr_binddn );
		    ber_err_print( msg );
	    }
	}
	LDAP_MUTEX_UNLOCK( ld, LDAP_REQ_LOCK );

	ber_err_print( "** Response Queue:\n" );
	LDAP_MUTEX_LOCK( ld, LDAP_RESP_LOCK );
	if (( lm = ld->ld_responses ) == NULLMSG ) {
		ber_err_print( "   Empty\n" );
	}
	for ( ; lm != NULLMSG; lm = lm->lm_next ) {
		sprintf( msg, " * msgid %d,  type %d\n",
		    lm->lm_msgid, lm->lm_msgtype );
		ber_err_print( msg );
		if (( l = lm->lm_chain ) != NULL ) {
			ber_err_print( "   chained responses:\n" );
			for ( ; l != NULLMSG; l = l->lm_chain ) {
				sprintf( msg,
				    "  * msgid %d,  type %d\n",
				    l->lm_msgid, l->lm_msgtype );
				ber_err_print( msg );
			}
		}
	}
	LDAP_MUTEX_UNLOCK( ld, LDAP_RESP_LOCK );
}
#endif /* LDAP_DEBUG */


void
nsldapi_free_request( LDAP *ld, LDAPRequest *lr, int free_conn )
{
	LDAPRequest	*tmplr, *nextlr;

	LDAPDebug( LDAP_DEBUG_TRACE,
		"nsldapi_free_request 0x%x (origid %d, msgid %d)\n",
		lr, lr->lr_origid, lr->lr_msgid );

	if ( lr->lr_parent != NULL ) {
		--lr->lr_parent->lr_outrefcnt;
	}

	/* free all of our spawned referrals (child requests) */
	for ( tmplr = lr->lr_child; tmplr != NULL; tmplr = nextlr ) {
		nextlr = tmplr->lr_sibling;
		nsldapi_free_request( ld, tmplr, free_conn );
	}

	if ( free_conn ) {
		nsldapi_free_connection( ld, lr->lr_conn, NULL, NULL, 0, 1 );
	}

	if ( lr->lr_prev == NULL ) {
		ld->ld_requests = lr->lr_next;
	} else {
		lr->lr_prev->lr_next = lr->lr_next;
	}

	if ( lr->lr_next != NULL ) {
		lr->lr_next->lr_prev = lr->lr_prev;
	}

	if ( lr->lr_ber != NULL ) {
		ber_free( lr->lr_ber, 1 );
	}

	if ( lr->lr_res_error != NULL ) {
		NSLDAPI_FREE( lr->lr_res_error );
	}

	if ( lr->lr_res_matched != NULL ) {
		NSLDAPI_FREE( lr->lr_res_matched );
	}

	if ( lr->lr_binddn != NULL ) {
		NSLDAPI_FREE( lr->lr_binddn );
	}
	NSLDAPI_FREE( lr );
}


static void
free_servers( LDAPServer *srvlist )
{
    LDAPServer	*nextsrv;

    while ( srvlist != NULL ) {
	nextsrv = srvlist->lsrv_next;
	if ( srvlist->lsrv_dn != NULL ) {
		NSLDAPI_FREE( srvlist->lsrv_dn );
	}
	if ( srvlist->lsrv_host != NULL ) {
		NSLDAPI_FREE( srvlist->lsrv_host );
	}
	NSLDAPI_FREE( srvlist );
	srvlist = nextsrv;
    }
}


/*
 * Initiate chasing of LDAPv2+ (Umich extension) referrals.
 *
 * Returns an LDAP error code.
 *
 * Note that *hadrefp will be set to 1 if one or more referrals were found in
 * "*errstrp" (even if we can't chase them) and zero if none were found.
 *
 * XXX merging of errors in this routine needs to be improved.
 */
int
nsldapi_chase_v2_referrals( LDAP *ld, LDAPRequest *lr, char **errstrp,
    int *totalcountp, int *chasingcountp )
{
	char		*p, *ref, *unfollowed;
	LDAPRequest	*origreq;
	int		rc, tmprc, len, unknown;

	LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_chase_v2_referrals\n", 0, 0, 0 );

	*totalcountp = *chasingcountp = 0;

	if ( *errstrp == NULL ) {
		return( LDAP_SUCCESS );
	}

	len = strlen( *errstrp );
	for ( p = *errstrp; len >= LDAP_REF_STR_LEN; ++p, --len ) {
		if (( *p == 'R' || *p == 'r' ) && strncasecmp( p,
		    LDAP_REF_STR, LDAP_REF_STR_LEN ) == 0 ) {
			*p = '\0';
			p += LDAP_REF_STR_LEN;
			break;
		}
	}

	if ( len < LDAP_REF_STR_LEN ) {
		return( LDAP_SUCCESS );
	}

	if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
		LDAPDebug( LDAP_DEBUG_TRACE,
		    "more than %d referral hops (dropping)\n",
		    ld->ld_refhoplimit, 0, 0 );
		return( LDAP_REFERRAL_LIMIT_EXCEEDED );
	}

	/* find original request */
	for ( origreq = lr; origreq->lr_parent != NULL;
	     origreq = origreq->lr_parent ) {
		;
	}

	unfollowed = NULL;
	rc = LDAP_SUCCESS;

	/* parse out & follow referrals */
	for ( ref = p; rc == LDAP_SUCCESS && ref != NULL; ref = p ) {
		if (( p = strchr( ref, '\n' )) != NULL ) {
			*p++ = '\0';
		} else {
			p = NULL;
		}

		++*totalcountp;

		rc = chase_one_referral( ld, lr, origreq, ref, "v2 referral",
		    &unknown );

		if ( rc != LDAP_SUCCESS || unknown ) {
			if (( tmprc = nsldapi_append_referral( ld, &unfollowed,
			    ref )) != LDAP_SUCCESS ) {
				rc = tmprc;
			}
		} else {
			++*chasingcountp;
		}
	}

	NSLDAPI_FREE( *errstrp );
	*errstrp = unfollowed;

	return( rc );
}


/* returns an LDAP error code */
int
nsldapi_chase_v3_refs( LDAP *ld, LDAPRequest *lr, char **v3refs,
    int is_reference, int *totalcountp, int *chasingcountp )
{
	int		i, rc, unknown;
	LDAPRequest	*origreq;

	*totalcountp = *chasingcountp = 0;

	if ( v3refs == NULL || v3refs[0] == NULL ) {
		return( LDAP_SUCCESS );
	}

	*totalcountp = 1;

	if ( lr->lr_parentcnt >= ld->ld_refhoplimit ) {
		LDAPDebug( LDAP_DEBUG_TRACE,
		    "more than %d referral hops (dropping)\n",
		    ld->ld_refhoplimit, 0, 0 );
		return( LDAP_REFERRAL_LIMIT_EXCEEDED );
	}

	/* find original request */
	for ( origreq = lr; origreq->lr_parent != NULL;
	    origreq = origreq->lr_parent ) {
		;
	}

	/*
	 * in LDAPv3, we just need to follow one referral in the set.
	 * we dp this by stopping as soon as we succeed in initiating a
	 * chase on any referral (basically this means we were able to connect
	 * to the server and bind).
	 */
	for ( i = 0; v3refs[i] != NULL; ++i ) {
		rc = chase_one_referral( ld, lr, origreq, v3refs[i],
		    is_reference ? "v3 reference" : "v3 referral", &unknown );
		if ( rc == LDAP_SUCCESS && !unknown ) {
			*chasingcountp = 1;
			break;
		}
	}

	/* XXXmcs: should we save unfollowed referrals somewhere? */

	return( rc );	/* last error is as good as any other I guess... */
}

/*
 * returns an LDAP error code
 *
 * XXXmcs: this function used to have #ifdef LDAP_DNS code in it but I
 *	removed it when I improved the parsing (we don't define LDAP_DNS
 *	here at Netscape).
 */
static int
chase_one_referral( LDAP *ld, LDAPRequest *lr, LDAPRequest *origreq,
    char *refurl, char *desc, int *unknownp )
{
	int		rc, tmprc, secure, msgid;
	LDAPServer	*srv;
	BerElement	*ber;
	LDAPURLDesc	*ludp;

	*unknownp = 0;
	ludp = NULLLDAPURLDESC;

	if ( nsldapi_url_parse( refurl, &ludp, 0 ) != 0 ) {
		LDAPDebug( LDAP_DEBUG_TRACE,
		    "ignoring unknown %s <%s>\n", desc, refurl, 0 );
		*unknownp = 1;
		rc = LDAP_SUCCESS;
		goto cleanup_and_return;
	}

	secure = (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 );

/* XXXmcs: can't tell if secure is supported by connect callback */
	if ( secure && ld->ld_extconnect_fn == NULL ) {
		LDAPDebug( LDAP_DEBUG_TRACE,
		    "ignoring LDAPS %s <%s>\n", desc, refurl, 0 );
		*unknownp = 1;
		rc = LDAP_SUCCESS;
		goto cleanup_and_return;
	}

	LDAPDebug( LDAP_DEBUG_TRACE, "chasing LDAP%s %s: <%s>\n",
	    secure ? "S" : "", desc, refurl );

	LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
	msgid = ++ld->ld_msgid;
	LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );

	if (( tmprc = re_encode_request( ld, origreq->lr_ber, msgid,
	    ludp, &ber )) != LDAP_SUCCESS ) {
		rc = tmprc;
		goto cleanup_and_return;
	}

	if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
	    == NULL ) {
		ber_free( ber, 1 );
		rc = LDAP_NO_MEMORY;
		goto cleanup_and_return;
	}

	if (ludp->lud_host == NULL && ld->ld_defhost == NULL) {
		srv->lsrv_host = NULL;
	} else {
		if (ludp->lud_host == NULL) {
			srv->lsrv_host =
			    nsldapi_strdup( origreq->lr_conn->lconn_server->lsrv_host );
			LDAPDebug(LDAP_DEBUG_TRACE,
			    "chase_one_referral: using hostname '%s' from original "
			    "request on new request\n",
			    srv->lsrv_host, 0, 0);
		} else {
			srv->lsrv_host = nsldapi_strdup(ludp->lud_host);
			LDAPDebug(LDAP_DEBUG_TRACE,
			    "chase_one_referral: using hostname '%s' as specified "
			    "on new request\n",
			    srv->lsrv_host, 0, 0);
		}

		if (srv->lsrv_host == NULL) {
			NSLDAPI_FREE((char *)srv);
			ber_free(ber, 1);
			rc = LDAP_NO_MEMORY;
			goto cleanup_and_return;
		}
	}

	/*
	 * According to our reading of RFCs 2255 and 1738, the
	 * following algorithm applies:
	 * - no hostport (no host, no port) provided in LDAP URL, use those
	 *   of previous request
	 * - no port but a host, use default LDAP port
	 * - else use given hostport
	 */
	if (ludp->lud_port == 0 && ludp->lud_host == NULL) {
		srv->lsrv_port = origreq->lr_conn->lconn_server->lsrv_port;
		LDAPDebug(LDAP_DEBUG_TRACE,
		    "chase_one_referral: using port (%d) from original "
		    "request on new request\n",
		    srv->lsrv_port, 0, 0);
	} else if (ludp->lud_port == 0 && ludp->lud_host != NULL) {
		srv->lsrv_port = (secure) ? LDAPS_PORT : LDAP_PORT;
		LDAPDebug(LDAP_DEBUG_TRACE,
		    "chase_one_referral: using default port (%d) \n",
		    srv->lsrv_port, 0, 0);
	} else {
		srv->lsrv_port = ludp->lud_port;
		LDAPDebug(LDAP_DEBUG_TRACE,
		    "chase_one_referral: using port (%d) as specified on "
		    "new request\n",
		    srv->lsrv_port, 0, 0);
	}

	if ( secure ) {
		srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
	}

	if ( nsldapi_send_server_request( ld, ber, msgid,
	    lr, srv, NULL, NULL, 1 ) < 0 ) {
		rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
		LDAPDebug( LDAP_DEBUG_ANY, "Unable to chase %s %s (%s)\n",
		    desc, refurl, ldap_err2string( rc ));
	} else {
		rc = LDAP_SUCCESS;
	}

cleanup_and_return:
	if ( ludp != NULLLDAPURLDESC ) {
		ldap_free_urldesc( ludp );
	}

	return( rc );
}


/* returns an LDAP error code */
int
nsldapi_append_referral( LDAP *ld, char **referralsp, char *s )
{
	int	first;

	if ( *referralsp == NULL ) {
		first = 1;
		*referralsp = (char *)NSLDAPI_MALLOC( strlen( s ) +
		    LDAP_REF_STR_LEN + 1 );
	} else {
		first = 0;
		*referralsp = (char *)NSLDAPI_REALLOC( *referralsp,
		    strlen( *referralsp ) + strlen( s ) + 2 );
	}

	if ( *referralsp == NULL ) {
		return( LDAP_NO_MEMORY );
	}

	if ( first ) {
		strcpy( *referralsp, LDAP_REF_STR );
	} else {
		strcat( *referralsp, "\n" );
	}
	strcat( *referralsp, s );

	return( LDAP_SUCCESS );
}



/* returns an LDAP error code */
static int
re_encode_request( LDAP *ld, BerElement *origber, int msgid, LDAPURLDesc *ludp,
    BerElement **berp )
{
/*
 * XXX this routine knows way too much about how the lber library works!
 */
	ber_uint_t		along;
	ber_tag_t		tag;
	ber_int_t		ver;
	int			rc;
	BerElement		*ber;
	struct berelement	tmpber;
	char			*dn, *orig_dn;

	LDAPDebug( LDAP_DEBUG_TRACE,
	    "re_encode_request: new msgid %d, new dn <%s>\n",
	    msgid, ( ludp->lud_dn == NULL ) ? "NONE" : ludp->lud_dn, 0 );

	tmpber = *origber;

	/*
	 * All LDAP requests are sequences that start with a message id.  For
	 * everything except delete requests, this is followed by a sequence
	 * that is tagged with the operation code.  For deletes, there is just
	 * a DN that is tagged with the operation code.
	 */

	/* skip past msgid and get operation tag */
	if ( ber_scanf( &tmpber, "{it", &along, &tag ) == LBER_ERROR ) {
		return( LDAP_DECODING_ERROR );
	}

	/*
	 * XXXmcs: we don't support scope or filters in search referrals yet,
	 * so if either were present we return an error which is probably
	 * better than just ignoring the extra info.
	 */
	if ( tag == LDAP_REQ_SEARCH &&
	    ( ludp->lud_scope != -1 || ludp->lud_filter != NULL )) {
		return( LDAP_LOCAL_ERROR );
	}

	if ( tag == LDAP_REQ_BIND ) {
		/* bind requests have a version number before the DN */
		rc = ber_scanf( &tmpber, "{ia", &ver, &orig_dn );
	} else if ( tag == LDAP_REQ_DELETE ) {
		/* delete requests DNs are not within a sequence */
		rc = ber_scanf( &tmpber, "a", &orig_dn );
	} else {
		rc = ber_scanf( &tmpber, "{a", &orig_dn );
	}

	if ( rc == LBER_ERROR ) {
		return( LDAP_DECODING_ERROR );
	}

	if ( ludp->lud_dn == NULL ) {
		dn = orig_dn;
	} else {
		dn = ludp->lud_dn;
		NSLDAPI_FREE( orig_dn );
		orig_dn = NULL;
	}

	/* allocate and build the new request */
        if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
	    != LDAP_SUCCESS ) {
		if ( orig_dn != NULL ) {
			NSLDAPI_FREE( orig_dn );
		}
                return( rc );
        }

	if ( tag == LDAP_REQ_BIND ) {
		rc = ber_printf( ber, "{it{is", msgid, tag,
		    (int)ver /* XXX lossy cast */, dn );
	} else if ( tag == LDAP_REQ_DELETE ) {
		rc = ber_printf( ber, "{its}", msgid, tag, dn );
	} else {
		rc = ber_printf( ber, "{it{s", msgid, tag, dn );
	}

	if ( orig_dn != NULL ) {
		NSLDAPI_FREE( orig_dn );
	}
/*
 * can't use "dn" or "orig_dn" from this point on (they've been freed)
 */

	if ( rc == -1 ) {
		ber_free( ber, 1 );
		return( LDAP_ENCODING_ERROR );
	}

	if ( tag != LDAP_REQ_DELETE &&
	    ( ber_write( ber, tmpber.ber_ptr, ( tmpber.ber_end -
	    tmpber.ber_ptr ), 0 ) != ( tmpber.ber_end - tmpber.ber_ptr )
	    || ber_printf( ber, "}}" ) == -1 )) {
		ber_free( ber, 1 );
		return( LDAP_ENCODING_ERROR );
	}

#ifdef LDAP_DEBUG
	if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
		LDAPDebug( LDAP_DEBUG_ANY, "re_encode_request new request is:\n",
		    0, 0, 0 );
		ber_dump( ber, 0 );
	}
#endif /* LDAP_DEBUG */

	*berp = ber;
	return( LDAP_SUCCESS );
}


LDAPRequest *
nsldapi_find_request_by_msgid( LDAP *ld, int msgid )
{
    	LDAPRequest	*lr;

	for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
		if ( msgid == lr->lr_msgid ) {
			break;
		}
	}

	return( lr );
}


/*
 * nsldapi_connection_lost_nolock() resets "ld" to a non-connected, known
 * state.  It should be called whenever a fatal error occurs on the
 * Sockbuf "sb."  sb == NULL means we don't know specifically where
 * the problem was so we assume all connections are bad.
 */
void
nsldapi_connection_lost_nolock( LDAP *ld, Sockbuf *sb )
{
	LDAPRequest	*lr;

	/*
	 * change status of all pending requests that are associated with "sb
	 *	to "connection dead."
	 * also change the connection status to "dead" and remove it from
	 *	the list of sockets we are interested in.
	 */
	for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
		if ( sb == NULL ||
		    ( lr->lr_conn != NULL && lr->lr_conn->lconn_sb == sb )) {
			lr->lr_status = LDAP_REQST_CONNDEAD;
			if ( lr->lr_conn != NULL ) {
				lr->lr_conn->lconn_status = LDAP_CONNST_DEAD;
				nsldapi_iostatus_interest_clear( ld,
				    lr->lr_conn->lconn_sb );
			}
		}
	}
}


#ifdef LDAP_DNS
static LDAPServer *
dn2servers( LDAP *ld, char *dn )	/* dn can also be a domain.... */
{
	char		*p, *domain, *host, *server_dn, **dxs;
	int		i, port;
	LDAPServer	*srvlist, *prevsrv, *srv;

	if (( domain = strrchr( dn, '@' )) != NULL ) {
		++domain;
	} else {
		domain = dn;
	}

	if (( dxs = nsldapi_getdxbyname( domain )) == NULL ) {
		LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
		return( NULL );
	}

	srvlist = NULL;

	for ( i = 0; dxs[ i ] != NULL; ++i ) {
		port = LDAP_PORT;
		server_dn = NULL;
		if ( strchr( dxs[ i ], ':' ) == NULL ) {
			host = dxs[ i ];
		} else if ( strlen( dxs[ i ] ) >= 7 &&
		    strncmp( dxs[ i ], "ldap://", 7 ) == 0 ) {
			host = dxs[ i ] + 7;
			if (( p = strchr( host, ':' )) == NULL ) {
				p = host;
			} else {
				*p++ = '\0';
				port = atoi( p );
			}
			if (( p = strchr( p, '/' )) != NULL ) {
				server_dn = ++p;
				if ( *server_dn == '\0' ) {
					server_dn = NULL;
				}
			}
		} else {
			host = NULL;
		}

		if ( host != NULL ) {	/* found a server we can use */
			if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1,
			    sizeof( LDAPServer ))) == NULL ) {
				free_servers( srvlist );
				srvlist = NULL;
				break;		/* exit loop & return */
			}

			/* add to end of list of servers */
			if ( srvlist == NULL ) {
				srvlist = srv;
			} else {
				prevsrv->lsrv_next = srv;
			}
			prevsrv = srv;

			/* copy in info. */
			if (( srv->lsrv_host = nsldapi_strdup( host )) == NULL
			    || ( server_dn != NULL && ( srv->lsrv_dn =
			    nsldapi_strdup( server_dn )) == NULL )) {
				free_servers( srvlist );
				srvlist = NULL;
				break;		/* exit loop & return */
			}
			srv->lsrv_port = port;
		}
	}

	ldap_value_free( dxs );

	if ( srvlist == NULL ) {
		LDAP_SET_LDERRNO( ld, LDAP_SERVER_DOWN, NULL, NULL );
	}

	return( srvlist );
}
#endif /* LDAP_DNS */