1 /*
2  * Copyright 2001-2003 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #pragma ident	"%Z%%M%	%I%	%E% SMI"
7 
8 
9 /*
10  * The contents of this file are subject to the Netscape Public
11  * License Version 1.1 (the "License"); you may not use this file
12  * except in compliance with the License. You may obtain a copy of
13  * the License at http://www.mozilla.org/NPL/
14  *
15  * Software distributed under the License is distributed on an "AS
16  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17  * implied. See the License for the specific language governing
18  * rights and limitations under the License.
19  *
20  * The Original Code is Mozilla Communicator client code, released
21  * March 31, 1998.
22  *
23  * The Initial Developer of the Original Code is Netscape
24  * Communications Corporation. Portions created by Netscape are
25  * Copyright (C) 1998-1999 Netscape Communications Corporation. All
26  * Rights Reserved.
27  *
28  * Contributor(s):
29  */
30 /*
31  *  Copyright (c) 1996 Regents of the University of Michigan.
32  *  All rights reserved.
33  *
34  */
35 /*  LIBLDAP url.c -- LDAP URL related routines
36  *
37  *  LDAP URLs look like this:
38  *    l d a p : / / hostport / dn [ ? attributes [ ? scope [ ? filter ] ] ]
39  *
40  *  where:
41  *   attributes is a comma separated list
42  *   scope is one of these three strings:  base one sub (default=base)
43  *   filter is an string-represented filter as in RFC 1558
44  *
45  *  e.g.,  ldap://ldap.itd.umich.edu/c=US?o,description?one?o=umich
46  *
47  *  We also tolerate URLs that look like: <ldapurl> and <URL:ldapurl>
48  */
49 
50 #if 0
51 #ifndef lint
52 static char copyright[] = "@(#) Copyright (c) 1996 Regents of the University of Michigan.\nAll rights reserved.\n";
53 #endif
54 #endif
55 
56 #include "ldap-int.h"
57 
58 
59 static int skip_url_prefix( const char **urlp, int *enclosedp, int *securep );
60 
61 
62 int
63 LDAP_CALL
ldap_is_ldap_url(const char * url)64 ldap_is_ldap_url( const char *url )
65 {
66 	int	enclosed, secure;
67 
68 	return( url != NULL
69 	    && skip_url_prefix( &url, &enclosed, &secure ));
70 }
71 
72 
73 static int
skip_url_prefix(const char ** urlp,int * enclosedp,int * securep)74 skip_url_prefix( const char **urlp, int *enclosedp, int *securep )
75 {
76 /*
77  * return non-zero if this looks like a LDAP URL; zero if not
78  * if non-zero returned, *urlp will be moved past "ldap://" part of URL
79  * The data that *urlp points to is not changed by this function.
80  */
81 	if ( *urlp == NULL ) {
82 		return( 0 );
83 	}
84 
85 	/* skip leading '<' (if any) */
86 	if ( **urlp == '<' ) {
87 		*enclosedp = 1;
88 		++*urlp;
89 	} else {
90 		*enclosedp = 0;
91 	}
92 
93 	/* skip leading "URL:" (if any) */
94 	if ( strlen( *urlp ) >= LDAP_URL_URLCOLON_LEN && strncasecmp(
95 	    *urlp, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
96 		*urlp += LDAP_URL_URLCOLON_LEN;
97 	}
98 
99 	/* check for an "ldap://" prefix */
100 	if ( strlen( *urlp ) >= LDAP_URL_PREFIX_LEN && strncasecmp( *urlp,
101 	    LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
102 		/* skip over URL prefix and return success */
103 		*urlp += LDAP_URL_PREFIX_LEN;
104 		*securep = 0;
105 		return( 1 );
106 	}
107 
108 	/* check for an "ldaps://" prefix */
109 	if ( strlen( *urlp ) >= LDAPS_URL_PREFIX_LEN && strncasecmp( *urlp,
110 	    LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
111 		/* skip over URL prefix and return success */
112 		*urlp += LDAPS_URL_PREFIX_LEN;
113 		*securep = 1;
114 		return( 1 );
115 	}
116 
117 	return( 0 );	/* not an LDAP URL */
118 }
119 
120 
121 int
122 LDAP_CALL
ldap_url_parse(const char * url,LDAPURLDesc ** ludpp)123 ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
124 {
125 /*
126  *  Pick apart the pieces of an LDAP URL.
127  */
128 	int	rc;
129 
130 	if (( rc = nsldapi_url_parse( url, ludpp, 1 )) == 0 ) {
131 		if ( (*ludpp)->lud_scope == -1 ) {
132 			(*ludpp)->lud_scope = LDAP_SCOPE_BASE;
133 		}
134 		if ( (*ludpp)->lud_filter == NULL ) {
135 			(*ludpp)->lud_filter = "(objectclass=*)";
136 		}
137 		if ( *((*ludpp)->lud_dn) == '\0' ) {
138 			(*ludpp)->lud_dn = NULL;
139 		}
140 	}
141 
142 	return( rc );
143 }
144 
145 /* same as ldap_url_parse(), but dn is not require */
146 int
147 LDAP_CALL
ldap_url_parse_nodn(const char * url,LDAPURLDesc ** ludpp)148 ldap_url_parse_nodn(const char *url, LDAPURLDesc **ludpp)
149 {
150 /*
151  *  Pick apart the pieces of an LDAP URL.
152  */
153 	int	rc;
154 
155 	if ((rc = nsldapi_url_parse(url, ludpp, 0)) == 0) {
156 		if ((*ludpp)->lud_scope == -1) {
157 			(*ludpp)->lud_scope = LDAP_SCOPE_BASE;
158 		}
159 		if ((*ludpp)->lud_filter == NULL) {
160 			(*ludpp)->lud_filter = "(objectclass=*)";
161 		}
162 		if ((*ludpp)->lud_dn && *((*ludpp)->lud_dn) == '\0') {
163 			(*ludpp)->lud_dn = NULL;
164 		}
165 	}
166 
167 	return (rc);
168 }
169 
170 
171 /*
172  * like ldap_url_parse() with a few exceptions:
173  *   1) if dn_required is zero, a missing DN does not generate an error
174  *	(we just leave the lud_dn field NULL)
175  *   2) no defaults are set for lud_scope and lud_filter (they are set to -1
176  *	and NULL respectively if no SCOPE or FILTER are present in the URL).
177  *   3) when there is a zero-length DN in a URL we do not set lud_dn to NULL.
178  *   4) if an LDAPv3 URL extensions are included,
179  */
180 int
nsldapi_url_parse(const char * url,LDAPURLDesc ** ludpp,int dn_required)181 nsldapi_url_parse( const char *url, LDAPURLDesc **ludpp, int dn_required )
182 {
183 
184 	LDAPURLDesc	*ludp;
185 	char		*urlcopy, *attrs, *scope, *extensions = NULL, *p, *q;
186 	int		enclosed, secure, i, nattrs, at_start;
187 
188 	LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_url_parse(%s)\n", url, 0, 0 );
189 
190 	if ( url == NULL || ludpp == NULL ) {
191 		return( LDAP_URL_ERR_PARAM );
192 	}
193 
194 	*ludpp = NULL;	/* pessimistic */
195 
196 	if ( !skip_url_prefix( &url, &enclosed, &secure )) {
197 		return( LDAP_URL_ERR_NOTLDAP );
198 	}
199 
200 	/* allocate return struct */
201 	if (( ludp = (LDAPURLDesc *)NSLDAPI_CALLOC( 1, sizeof( LDAPURLDesc )))
202 	    == NULLLDAPURLDESC ) {
203 		return( LDAP_URL_ERR_MEM );
204 	}
205 
206 	if ( secure ) {
207 		ludp->lud_options |= LDAP_URL_OPT_SECURE;
208 	}
209 
210 	/* make working copy of the remainder of the URL */
211 	if (( urlcopy = nsldapi_strdup( url )) == NULL ) {
212 		ldap_free_urldesc( ludp );
213 		return( LDAP_URL_ERR_MEM );
214 	}
215 
216 	if ( enclosed && *((p = urlcopy + strlen( urlcopy ) - 1)) == '>' ) {
217 		*p = '\0';
218 	}
219 
220 	/* initialize scope and filter */
221 	ludp->lud_scope = -1;
222 	ludp->lud_filter = NULL;
223 
224 	/* lud_string is the only malloc'd string space we use */
225 	ludp->lud_string = urlcopy;
226 
227 	/* scan forward for '/' that marks end of hostport and begin. of dn */
228 	if (( ludp->lud_dn = strchr( urlcopy, '/' )) == NULL ) {
229 		if ( dn_required ) {
230 			ldap_free_urldesc( ludp );
231 			return( LDAP_URL_ERR_NODN );
232 		}
233 	} else {
234 		/* terminate hostport; point to start of dn */
235 		*ludp->lud_dn++ = '\0';
236 	}
237 
238 
239 	if ( *urlcopy == '\0' ) {
240 		ludp->lud_host = NULL;
241 	} else {
242 		ludp->lud_host = urlcopy;
243 		nsldapi_hex_unescape( ludp->lud_host );
244 
245 		/*
246 		 * Locate and strip off optional port number (:#) in host
247 		 * portion of URL.
248 		 *
249 		 * If more than one space-separated host is listed, we only
250 		 * look for a port number within the right-most one since
251 		 * ldap_init() will handle host parameters that look like
252 		 * host:port anyway.
253 		 */
254 		if (( p = strrchr( ludp->lud_host, ' ' )) == NULL ) {
255 			p = ludp->lud_host;
256 		} else {
257 			++p;
258 		}
259                 if ( *p == '[' && ( q = strchr( p, ']' )) != NULL ) {
260                          /* square brackets present -- skip past them */
261                         p = q++;
262                 }
263 		if (( p = strchr( p, ':' )) != NULL ) {
264 			*p++ = '\0';
265 			ludp->lud_port = atoi( p );
266 			if ( *ludp->lud_host == '\0' ) {
267 				/*
268 				 * no hostname and a port: invalid hostcode
269 				 * according to RFC 1738
270 				 */
271 				ldap_free_urldesc(ludp);
272 				return (LDAP_URL_ERR_HOSTPORT);
273 			}
274 		}
275 	}
276 
277 	/* scan for '?' that marks end of dn and beginning of attributes */
278 	attrs = NULL;
279 	if ( ludp->lud_dn != NULL &&
280 	    ( attrs = strchr( ludp->lud_dn, '?' )) != NULL ) {
281 		/* terminate dn; point to start of attrs. */
282 		*attrs++ = '\0';
283 
284 		/* scan for '?' that marks end of attrs and begin. of scope */
285 		if (( p = strchr( attrs, '?' )) != NULL ) {
286 			/*
287 			 * terminate attrs; point to start of scope and scan for
288 			 * '?' that marks end of scope and begin. of filter
289 			 */
290 			*p++ = '\0';
291                         scope = p;
292 
293                         if (( p = strchr( scope, '?' )) != NULL ) {
294                                 /* terminate scope; point to start of filter */
295                                 *p++ = '\0';
296                                 if ( *p != '\0' ) {
297                                         ludp->lud_filter = p;
298                                         /*
299                                          * scan for the '?' that marks the end
300                                          * of the filter and the start of any
301                                          * extensions
302                                          */
303                                         if (( p = strchr( ludp->lud_filter, '?' ))
304                                             != NULL ) {
305                                                 *p++ = '\0'; /* term. filter */
306                                                 extensions = p;
307                                         }
308                                         if ( *ludp->lud_filter == '\0' ) {
309                                                 ludp->lud_filter = NULL;
310                                         } else {
311                                                 nsldapi_hex_unescape( ludp->lud_filter );
312                                         }
313                                 }
314                         }
315 
316 
317                         if ( strcasecmp( scope, "one" ) == 0 ) {
318                                 ludp->lud_scope = LDAP_SCOPE_ONELEVEL;
319                         } else if ( strcasecmp( scope, "base" ) == 0 ) {
320                                 ludp->lud_scope = LDAP_SCOPE_BASE;
321                         } else if ( strcasecmp( scope, "sub" ) == 0 ) {
322                                 ludp->lud_scope = LDAP_SCOPE_SUBTREE;
323                         } else if ( *scope != '\0' ) {
324                                 ldap_free_urldesc( ludp );
325                                 return( LDAP_URL_ERR_BADSCOPE );
326                         }
327 		}
328 	}
329 
330 	if ( ludp->lud_dn != NULL ) {
331 		nsldapi_hex_unescape( ludp->lud_dn );
332 	}
333 
334 	/*
335 	 * if attrs list was included, turn it into a null-terminated array
336 	 */
337 	if ( attrs != NULL && *attrs != '\0' ) {
338 		nsldapi_hex_unescape( attrs );
339 		for ( nattrs = 1, p = attrs; *p != '\0'; ++p ) {
340 		    if ( *p == ',' ) {
341 			    ++nattrs;
342 		    }
343 		}
344 
345 		if (( ludp->lud_attrs = (char **)NSLDAPI_CALLOC( nattrs + 1,
346 		    sizeof( char * ))) == NULL ) {
347 			ldap_free_urldesc( ludp );
348 			return( LDAP_URL_ERR_MEM );
349 		}
350 
351 		for ( i = 0, p = attrs; i < nattrs; ++i ) {
352 			ludp->lud_attrs[ i ] = p;
353 			if (( p = strchr( p, ',' )) != NULL ) {
354 				*p++ ='\0';
355 			}
356 			nsldapi_hex_unescape( ludp->lud_attrs[ i ] );
357 		}
358 	}
359 
360         /* if extensions list was included, check for critical ones */
361         if ( extensions != NULL && *extensions != '\0' ) {
362                 /* Note: at present, we do not recognize ANY extensions */
363                 at_start = 1;
364                 for ( p = extensions; *p != '\0'; ++p ) {
365                         if ( at_start ) {
366                                 if ( *p == '!' ) {      /* critical extension */
367                                         ldap_free_urldesc( ludp );
368                                         /* this is what iplanet did *
369                                         return( LDAP_URL_UNRECOGNIZED_CRITICAL_EXTENSION );
370                                          * and this is what we do */
371                                         return( LDAP_URL_ERR_PARAM );
372                                 }
373                                 at_start = 0;
374                         } else if ( *p == ',' ) {
375                                 at_start = 1;
376                         }
377                 }
378         }
379 
380 
381 	*ludpp = ludp;
382 
383 	return( 0 );
384 }
385 
386 
387 void
388 LDAP_CALL
ldap_free_urldesc(LDAPURLDesc * ludp)389 ldap_free_urldesc( LDAPURLDesc *ludp )
390 {
391 	if ( ludp != NULLLDAPURLDESC ) {
392 		if ( ludp->lud_string != NULL ) {
393 			NSLDAPI_FREE( ludp->lud_string );
394 		}
395 		if ( ludp->lud_attrs != NULL ) {
396 			NSLDAPI_FREE( ludp->lud_attrs );
397 		}
398 		NSLDAPI_FREE( ludp );
399 	}
400 }
401 
402 
403 int
404 LDAP_CALL
ldap_url_search(LDAP * ld,const char * url,int attrsonly)405 ldap_url_search( LDAP *ld, const char *url, int attrsonly )
406 {
407 	int		err, msgid;
408 	LDAPURLDesc	*ludp;
409 	BerElement	*ber;
410 	LDAPServer	*srv;
411 	char		*host;
412 
413 	if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
414 		return( -1 );		/* punt */
415 	}
416 
417 	if ( ldap_url_parse( url, &ludp ) != 0 ) {
418 		LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
419 		return( -1 );
420 	}
421 
422 	LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
423 	msgid = ++ld->ld_msgid;
424 	LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
425 
426 	if ( nsldapi_build_search_req( ld, ludp->lud_dn, ludp->lud_scope,
427 	    ludp->lud_filter, ludp->lud_attrs, attrsonly, NULL, NULL,
428 	    -1, -1, msgid, &ber ) != LDAP_SUCCESS ) {
429 		return( -1 );
430 	}
431 
432 	err = 0;
433 
434 	if ( ludp->lud_host == NULL ) {
435 		host = ld->ld_defhost;
436 	} else {
437 		host = ludp->lud_host;
438 	}
439 
440 	if (( srv = (LDAPServer *)NSLDAPI_CALLOC( 1, sizeof( LDAPServer )))
441 	    == NULL || ( host != NULL &&
442 	    ( srv->lsrv_host = nsldapi_strdup( host )) == NULL )) {
443 		if ( srv != NULL ) {
444 			NSLDAPI_FREE( srv );
445 		}
446 		LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
447 		err = -1;
448 	} else {
449                 if ( ludp->lud_port != 0 ) {
450                         /* URL includes a port - use it */
451                          srv->lsrv_port = ludp->lud_port;
452                 } else if ( ludp->lud_host == NULL ) {
453                         /* URL has no port or host - use port from ld */
454                         srv->lsrv_port = ld->ld_defport;
455                 } else if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) == 0 ) {
456                         /* ldap URL has a host but no port - use std. port */
457                         srv->lsrv_port = LDAP_PORT;
458                 } else {
459                         /* ldaps URL has a host but no port - use std. port */
460                         srv->lsrv_port = LDAPS_PORT;
461                 }
462 	}
463 
464 	if (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ) {
465 		srv->lsrv_options |= LDAP_SRV_OPT_SECURE;
466 	}
467 
468 	if ( err != 0 ) {
469 		ber_free( ber, 1 );
470 	} else {
471 		err = nsldapi_send_server_request( ld, ber, msgid, NULL, srv,
472 		    NULL, NULL, 1 );
473 	}
474 
475 	ldap_free_urldesc( ludp );
476 	return( err );
477 }
478 
479 
480 int
481 LDAP_CALL
ldap_url_search_st(LDAP * ld,const char * url,int attrsonly,struct timeval * timeout,LDAPMessage ** res)482 ldap_url_search_st( LDAP *ld, const char *url, int attrsonly,
483 	struct timeval *timeout, LDAPMessage **res )
484 {
485 	int	msgid;
486 
487 	/*
488 	 * It is an error to pass in a zero'd timeval.
489 	 */
490 	if ( timeout != NULL && timeout->tv_sec == 0 &&
491 	    timeout->tv_usec == 0 ) {
492 		if ( ld != NULL ) {
493 			LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
494 		}
495 		if ( res != NULL ) {
496 			*res = NULL;
497 		}
498                 return( LDAP_PARAM_ERROR );
499         }
500 
501 	if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
502 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
503 	}
504 
505 	if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) {
506 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
507 	}
508 
509 	if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
510 		(void) ldap_abandon( ld, msgid );
511 		LDAP_SET_LDERRNO( ld, LDAP_TIMEOUT, NULL, NULL );
512 		return( LDAP_TIMEOUT );
513 	}
514 
515 	return( ldap_result2error( ld, *res, 0 ));
516 }
517 
518 
519 int
520 LDAP_CALL
ldap_url_search_s(LDAP * ld,const char * url,int attrsonly,LDAPMessage ** res)521 ldap_url_search_s( LDAP *ld, const char *url, int attrsonly, LDAPMessage **res )
522 {
523 	int	msgid;
524 
525 	if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
526 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
527 	}
528 
529 	if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, res ) == -1 ) {
530 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
531 	}
532 
533 	return( ldap_result2error( ld, *res, 0 ));
534 }
535 
536 #ifdef _SOLARIS_SDK
537 /*
538  * Locate the LDAP URL associated with a DNS domain name.
539  *
540  * The supplied DNS domain name is converted into a distinguished
541  * name. The directory entry specified by that distinguished name
542  * is searched for a labeledURI attribute. If successful then the
543  * LDAP URL is returned. If unsuccessful then that entry's parent
544  * is searched and so on until the target distinguished name is
545  * reduced to only two nameparts.
546  *
547  * For example, if 'ny.eng.wiz.com' is the DNS domain then the
548  * following entries are searched until one succeeds:
549  *              dc=ny,dc=eng,dc=wiz,dc=com
550  *              dc=eng,dc=wiz,dc=com
551  *              dc=wiz,dc=com
552  *
553  * If dns_name is NULL then the environment variable LOCALDOMAIN is used.
554  * If attrs is not NULL then it is appended to the URL's attribute list.
555  * If scope is not NULL then it overrides the URL's scope.
556  * If filter is not NULL then it is merged with the URL's filter.
557  *
558  * If an error is encountered then zero is returned, otherwise a string
559  * URL is returned. The caller should free the returned string if it is
560  * non-zero.
561  */
562 
563 char *
ldap_dns_to_url(LDAP * ld,char * dns_name,char * attrs,char * scope,char * filter)564 ldap_dns_to_url(
565         LDAP    *ld,
566         char    *dns_name,
567         char    *attrs,
568         char    *scope,
569         char    *filter
570 )
571 {
572         char            *dn;
573         char            *url = 0;
574         char            *url2 = 0;
575         LDAPURLDesc     *urldesc;
576         char            *cp;
577         char            *cp2;
578         size_t          attrs_len = 0;
579         size_t          scope_len = 0;
580         size_t          filter_len = 0;
581         int             nameparts;
582         int             no_attrs = 0;
583         int             no_scope = 0;
584 
585         if (dns_name == 0) {
586                 dns_name = (char *)getenv("LOCALDOMAIN");
587         }
588 
589         if ((ld == NULL) || ((dn = ldap_dns_to_dn(dns_name, &nameparts)) ==
590             NULL))
591                 return (0);
592 
593         if ((url = ldap_dn_to_url(ld, dn, nameparts)) == NULL) {
594                 free(dn);
595                 return (0);
596         }
597         free(dn);
598 
599         /* merge filter and/or scope and/or attributes with URL */
600         if (attrs || scope || filter) {
601 
602                 if (attrs)
603                         attrs_len = strlen(attrs) + 2; /* for comma and NULL */
604 
605                 if (scope)
606                         scope_len = strlen(scope) + 1; /* for NULL */
607 
608                 if (filter)
609                         filter_len = strlen(filter) + 4;
610                             /* for ampersand, parentheses and NULL */
611 
612                 if (ldap_is_ldap_url(url)) {
613 
614                         if ((url2 = (char *)malloc(attrs_len + scope_len +
615                             filter_len + strlen(url) + 1)) == NULL) {
616                                 return (0);
617                         }
618                         cp = url;
619                         cp2 = url2;
620 
621                         /* copy URL scheme, hostname, port number and DN */
622                         while (*cp && (*cp != '?')) {
623                                 *cp2++ = *cp++;
624                         }
625 
626                         /* handle URL attributes */
627 
628                         if (*cp == '?') {       /* test first '?' */
629                                 *cp2++ = *cp++; /* copy first '?' */
630 
631                                 if (*cp == '?') {       /* test second '?' */
632 
633                                         /* insert supplied attributes */
634                                         if (attrs) {
635                                                 while (*attrs) {
636                                                         *cp2++ = *attrs++;
637                                                 }
638                                         } else {
639                                                 no_attrs = 1;
640                                         }
641 
642                                 } else {
643 
644                                         /* copy URL attributes */
645                                         while (*cp && (*cp != '?')) {
646                                                 *cp2++ = *cp++;
647                                         }
648 
649                                         /* append supplied attributes */
650                                         if (attrs) {
651                                                 *cp2++ = ',';
652                                                 while (*attrs) {
653                                                         *cp2++ = *attrs++;
654                                                 }
655                                         }
656                                 }
657 
658                         } else {
659                                 /* append supplied attributes */
660                                 if (attrs) {
661                                         *cp2++ = '?';
662                                         while (*attrs) {
663                                                 *cp2++ = *attrs++;
664                                        }
665                                 } else {
666                                         no_attrs = 1;
667                                 }
668                         }
669 
670                         /* handle URL scope */
671 
672                         if (*cp == '?') {       /* test second '?' */
673                                 *cp2++ = *cp++; /* copy second '?' */
674 
675                                 if (*cp == '?') {       /* test third '?' */
676 
677                                         /* insert supplied scope */
678                                         if (scope) {
679                                                 while (*scope) {
680                                                         *cp2++ = *scope++;
681                                                 }
682                                         } else {
683                                                 no_scope = 1;
684                                         }
685 
686                                 } else {
687 
688                                         if (scope) {
689                                                 /* skip over URL scope */
690                                                 while (*cp && (*cp != '?')) {
691                                                         *cp++;
692                                                 }
693                                                 /* insert supplied scope */
694                                                 while (*scope) {
695                                                         *cp2++ = *scope++;
696                                                 }
697                                         } else {
698 
699                                                 /* copy URL scope */
700                                                 while (*cp && (*cp != '?')) {
701                                                         *cp2++ = *cp++;
702                                                 }
703                                         }
704                                 }
705 
706                         } else {
707                                 /* append supplied scope */
708                                 if (scope) {
709                                         if (no_attrs) {
710                                                 *cp2++ = '?';
711                                         }
712                                         *cp2++ = '?';
713                                         while (*scope) {
714                                                 *cp2++ = *scope++;
715                                         }
716                                 } else {
717                                         no_scope = 1;
718                                 }
719                         }
720 
721                         /* handle URL filter */
722 
723                         if (*cp == '?') {       /* test third '?' */
724                                 *cp2++ = *cp++; /* copy third '?' */
725 
726                                 if (filter) {
727 
728                                         /* merge URL and supplied filters */
729 
730                                         *cp2++ = '(';
731                                         *cp2++ = '&';
732                                         /* copy URL filter */
733                                         while (*cp) {
734                                                 *cp2++ = *cp++;
735                                         }
736                                         /* append supplied filter */
737                                         while (*filter) {
738                                                 *cp2++ = *filter++;
739                                         }
740                                         *cp2++ = ')';
741                                 } else {
742 
743                                         /* copy URL filter */
744                                         while (*cp) {
745                                                 *cp2++ = *cp++;
746                                         }
747                                 }
748 
749                         } else {
750                                 /* append supplied filter */
751                                 if (filter) {
752                                         if (no_scope) {
753                                                 if (no_attrs) {
754                                                         *cp2++ = '?';
755                                                 }
756                                                 *cp2++ = '?';
757                                         }
758                                         *cp2++ = '?';
759                                         while (*filter) {
760                                                 *cp2++ = *filter++;
761                                         }
762                                 }
763                         }
764 
765                         *cp2++ = '\0';
766                         free (url);
767                         url = url2;
768 
769                 } else {
770                         return (0);     /* not an LDAP URL */
771                 }
772         }
773         return (url);
774 }
775 
776 /*
777  * Locate the LDAP URL associated with a distinguished name.
778  *
779  * The number of nameparts in the supplied distinguished name must be
780  * provided. The specified directory entry is searched for a labeledURI
781  * attribute. If successful then the LDAP URL is returned. If unsuccessful
782  * then that entry's parent is searched and so on until the target
783  * distinguished name is reduced to only two nameparts.
784  *
785  * For example, if 'l=ny,ou=eng,o=wiz,c=us' is the distinguished name
786  * then the following entries are searched until one succeeds:
787  *              l=ny,ou=eng,o=wiz,c=us
788  *              ou=eng,o=wiz,c=us
789  *              o=wiz,c=us
790  *
791  * If an error is encountered then zero is returned, otherwise a string
792  * URL is returned. The caller should free the returned string if it is
793  * non-zero.
794  */
795 
796 char *
ldap_dn_to_url(LDAP * ld,char * dn,int nameparts)797 ldap_dn_to_url(
798         LDAP    *ld,
799         char    *dn,
800         int     nameparts
801 )
802 {
803         char            *next_dn = dn;
804         char            *url = 0;
805         char            *attrs[2] = {"labeledURI", 0};
806         LDAPMessage     *res, *e;
807         char            **vals;
808 
809         /*
810          * Search for a URL in the named entry or its parent entry.
811          * Continue until only 2 nameparts remain.
812          */
813         while (dn && (nameparts > 1) && (! url)) {
814 
815                 /* search for the labeledURI attribute */
816                 if (ldap_search_s(ld, dn, LDAP_SCOPE_BASE,
817                     "(objectClass=*)", attrs, 0, &res) == LDAP_SUCCESS) {
818 
819                         /* locate the first entry returned */
820                         if ((e = ldap_first_entry(ld, res)) != NULL) {
821 
822                                 /* locate the labeledURI attribute */
823                                 if ((vals =
824                                     ldap_get_values(ld, e, "labeledURI")) !=
825                                     NULL) {
826 
827                                         /* copy the attribute value */
828                                         if ((url = strdup((char *)vals[0])) !=
829                                             NULL) {
830                                                 ldap_value_free(vals);
831                                         }
832                                 }
833                         }
834                         /* free the search results */
835 			if (res != NULL) {
836                         	ldap_msgfree(res);
837 			}
838                 }
839 
840                 if (! url) {
841                         /* advance along the DN by one namepart */
842                         if (next_dn = strchr(dn, ',')) {
843                                 next_dn++;
844                                 dn = next_dn;
845                                 nameparts--;
846                         }
847                 }
848         }
849 
850         return (url);
851 }
852 
853 #endif /* _SOLARIS_SDK */
854