/* $NetBSD: ldif.c,v 1.1.1.3.6.1 2019/08/10 06:17:14 martin Exp $ */
/* ldif.c - routines for dealing with LDIF files */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2019 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission. This
* software is provided ``as is'' without express or implied warranty.
*/
/* This work was originally developed by the University of Michigan
* and distributed as part of U-MICH LDAP.
*/
#include
__RCSID("$NetBSD: ldif.c,v 1.1.1.3.6.1 2019/08/10 06:17:14 martin Exp $");
#include "portable.h"
#include
#include
#include
#include
#include
#include
int ldif_debug = 0;
#include "ldap_log.h"
#include "lber_pvt.h"
#include "ldif.h"
#define RIGHT2 0x03
#define RIGHT4 0x0f
#define CONTINUED_LINE_MARKER '\r'
#ifdef CSRIMALLOC
#define ber_memalloc malloc
#define ber_memcalloc calloc
#define ber_memrealloc realloc
#define ber_strdup strdup
#endif
static const char nib2b64[0x40] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const unsigned char b642nib[0x80] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
};
/*
* ldif_parse_line - takes a line of the form "type:[:] value" and splits it
* into components "type" and "value". if a double colon separates type from
* value, then value is encoded in base 64, and parse_line un-decodes it
* (in place) before returning. The type and value are stored in malloc'd
* memory which must be freed by the caller.
*
* ldif_parse_line2 - operates in-place on input buffer, returning type
* in-place. Will return value in-place if possible, (must malloc for
* fetched URLs). If freeval is NULL, all return data will be malloc'd
* and the input line will be unmodified. Otherwise freeval is set to
* True if the value was malloc'd.
*/
int
ldif_parse_line(
LDAP_CONST char *line,
char **typep,
char **valuep,
ber_len_t *vlenp
)
{
struct berval type, value;
int rc = ldif_parse_line2( (char *)line, &type, &value, NULL );
*typep = type.bv_val;
*valuep = value.bv_val;
*vlenp = value.bv_len;
return rc;
}
int
ldif_parse_line2(
char *line,
struct berval *type,
struct berval *value,
int *freeval
)
{
char *s, *p, *d;
char nib;
int b64, url;
BER_BVZERO( type );
BER_BVZERO( value );
/* skip any leading space */
while ( isspace( (unsigned char) *line ) ) {
line++;
}
if ( freeval ) {
*freeval = 0;
} else {
line = ber_strdup( line );
if( line == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: line malloc failed\n"));
return( -1 );
}
}
type->bv_val = line;
s = strchr( type->bv_val, ':' );
if ( s == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: missing ':' after %s\n"),
type->bv_val );
if ( !freeval ) ber_memfree( line );
return( -1 );
}
/* trim any space between type and : */
for ( p = &s[-1]; p > type->bv_val && isspace( * (unsigned char *) p ); p-- ) {
*p = '\0';
}
*s++ = '\0';
type->bv_len = s - type->bv_val - 1;
url = 0;
b64 = 0;
if ( *s == '<' ) {
s++;
url = 1;
} else if ( *s == ':' ) {
/* base 64 encoded value */
s++;
b64 = 1;
}
/* skip space between : and value */
while ( isspace( (unsigned char) *s ) ) {
s++;
}
/* check for continued line markers that should be deleted */
for ( p = s, d = s; *p; p++ ) {
if ( *p != CONTINUED_LINE_MARKER )
*d++ = *p;
}
*d = '\0';
if ( b64 ) {
char *byte = s;
if ( *s == '\0' ) {
/* no value is present, error out */
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: %s missing base64 value\n"),
type->bv_val );
if ( !freeval ) ber_memfree( line );
return( -1 );
}
byte = value->bv_val = s;
for ( p = s, value->bv_len = 0; p < d; p += 4, value->bv_len += 3 ) {
int i;
for ( i = 0; i < 4; i++ ) {
if ( p[i] != '=' && (p[i] & 0x80 ||
b642nib[ p[i] & 0x7f ] > 0x3f) ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: %s: invalid base64 encoding"
" char (%c) 0x%x\n"),
type->bv_val, p[i], p[i] );
if ( !freeval ) ber_memfree( line );
return( -1 );
}
}
/* first digit */
nib = b642nib[ p[0] & 0x7f ];
byte[0] = nib << 2;
/* second digit */
nib = b642nib[ p[1] & 0x7f ];
byte[0] |= nib >> 4;
byte[1] = (nib & RIGHT4) << 4;
/* third digit */
if ( p[2] == '=' ) {
value->bv_len += 1;
break;
}
nib = b642nib[ p[2] & 0x7f ];
byte[1] |= nib >> 2;
byte[2] = (nib & RIGHT2) << 6;
/* fourth digit */
if ( p[3] == '=' ) {
value->bv_len += 2;
break;
}
nib = b642nib[ p[3] & 0x7f ];
byte[2] |= nib;
byte += 3;
}
s[ value->bv_len ] = '\0';
} else if ( url ) {
if ( *s == '\0' ) {
/* no value is present, error out */
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
_("ldif_parse_line: %s missing URL value\n"),
type->bv_val );
if ( !freeval ) ber_memfree( line );
return( -1 );
}
if( ldif_fetch_url( s, &value->bv_val, &value->bv_len ) ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: %s: URL \"%s\" fetch failed\n"),
type->bv_val, s );
if ( !freeval ) ber_memfree( line );
return( -1 );
}
if ( freeval ) *freeval = 1;
} else {
value->bv_val = s;
value->bv_len = (int) (d - s);
}
if ( !freeval ) {
struct berval bv = *type;
ber_dupbv( type, &bv );
if( BER_BVISNULL( type )) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: type malloc failed\n"));
if( url ) ber_memfree( value->bv_val );
ber_memfree( line );
return( -1 );
}
if( !url ) {
bv = *value;
ber_dupbv( value, &bv );
if( BER_BVISNULL( value )) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_parse_line: value malloc failed\n"));
ber_memfree( type->bv_val );
ber_memfree( line );
return( -1 );
}
}
ber_memfree( line );
}
return( 0 );
}
/*
* ldif_getline - return the next "line" (minus newline) of input from a
* string buffer of lines separated by newlines, terminated by \n\n
* or \0. this routine handles continued lines, bundling them into
* a single big line before returning. if a line begins with a white
* space character, it is a continuation of the previous line. the white
* space character (nb: only one char), and preceeding newline are changed
* into CONTINUED_LINE_MARKER chars, to be deleted later by the
* ldif_parse_line() routine above.
*
* ldif_getline will skip over any line which starts '#'.
*
* ldif_getline takes a pointer to a pointer to the buffer on the first call,
* which it updates and must be supplied on subsequent calls.
*/
int
ldif_countlines( LDAP_CONST char *buf )
{
char *nl;
int ret = 0;
if ( !buf ) return ret;
for ( nl = strchr(buf, '\n'); nl; nl = strchr(nl, '\n') ) {
nl++;
if ( *nl != ' ' ) ret++;
}
return ret;
}
char *
ldif_getline( char **next )
{
char *line;
do {
if ( *next == NULL || **next == '\n' || **next == '\0' ) {
return( NULL );
}
line = *next;
while ( (*next = strchr( *next, '\n' )) != NULL ) {
#if CONTINUED_LINE_MARKER != '\r'
if ( (*next)[-1] == '\r' ) {
(*next)[-1] = CONTINUED_LINE_MARKER;
}
#endif
if ( (*next)[1] != ' ' ) {
if ( (*next)[1] == '\r' && (*next)[2] == '\n' ) {
*(*next)++ = '\0';
}
*(*next)++ = '\0';
break;
}
**next = CONTINUED_LINE_MARKER;
(*next)[1] = CONTINUED_LINE_MARKER;
(*next)++;
}
} while( *line == '#' );
return( line );
}
/*
* name and OID of attributeTypes that must be base64 encoded in any case
*/
typedef struct must_b64_encode_s {
struct berval name;
struct berval oid;
} must_b64_encode_s;
static must_b64_encode_s default_must_b64_encode[] = {
{ BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
{ BER_BVNULL, BER_BVNULL }
};
static must_b64_encode_s *must_b64_encode = default_must_b64_encode;
/*
* register name and OID of attributeTypes that must always be base64
* encoded
*
* NOTE: this routine mallocs memory in a static struct which must
* be explicitly freed when no longer required
*/
int
ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid )
{
int i;
ber_len_t len;
assert( must_b64_encode != NULL );
assert( name != NULL );
assert( oid != NULL );
len = strlen( name );
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
if ( len != must_b64_encode[i].name.bv_len ) {
continue;
}
if ( strcasecmp( name, must_b64_encode[i].name.bv_val ) == 0 ) {
break;
}
}
if ( !BER_BVISNULL( &must_b64_encode[i].name ) ) {
return 1;
}
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ )
/* just count */ ;
if ( must_b64_encode == default_must_b64_encode ) {
must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) );
for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) {
ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name );
ber_dupbv( &must_b64_encode[i].oid, &default_must_b64_encode[i].oid );
}
} else {
must_b64_encode_s *tmp;
tmp = ber_memrealloc( must_b64_encode,
sizeof( must_b64_encode_s ) * ( i + 2 ) );
if ( tmp == NULL ) {
return 1;
}
must_b64_encode = tmp;
}
ber_str2bv( name, len, 1, &must_b64_encode[i].name );
ber_str2bv( oid, 0, 1, &must_b64_encode[i].oid );
BER_BVZERO( &must_b64_encode[i + 1].name );
return 0;
}
void
ldif_must_b64_encode_release( void )
{
int i;
assert( must_b64_encode != NULL );
if ( must_b64_encode == default_must_b64_encode ) {
return;
}
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
ber_memfree( must_b64_encode[i].name.bv_val );
ber_memfree( must_b64_encode[i].oid.bv_val );
}
ber_memfree( must_b64_encode );
must_b64_encode = default_must_b64_encode;
}
/*
* returns 1 iff the string corresponds to the name or the OID of any
* of the attributeTypes listed in must_b64_encode
*/
static int
ldif_must_b64_encode( LDAP_CONST char *s )
{
int i;
struct berval bv;
assert( must_b64_encode != NULL );
assert( s != NULL );
ber_str2bv( s, 0, 0, &bv );
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
if ( ber_bvstrcasecmp( &must_b64_encode[i].name, &bv ) == 0
|| ber_bvcmp( &must_b64_encode[i].oid, &bv ) == 0 )
{
return 1;
}
}
return 0;
}
/* compatibility with U-Mich off by two bug */
#define LDIF_KLUDGE 2
/* NOTE: only preserved for binary compatibility */
void
ldif_sput(
char **out,
int type,
LDAP_CONST char *name,
LDAP_CONST char *val,
ber_len_t vlen )
{
ldif_sput_wrap( out, type, name, val, vlen, LDIF_LINE_WIDTH+LDIF_KLUDGE );
}
void
ldif_sput_wrap(
char **out,
int type,
LDAP_CONST char *name,
LDAP_CONST char *val,
ber_len_t vlen,
ber_len_t wrap )
{
const unsigned char *byte, *stop;
unsigned char buf[3];
unsigned long bits;
char *save;
int pad;
int namelen = 0;
ber_len_t savelen;
ber_len_t len=0;
ber_len_t i;
if ( !wrap )
wrap = LDIF_LINE_WIDTH+LDIF_KLUDGE;
/* prefix */
switch( type ) {
case LDIF_PUT_COMMENT:
*(*out)++ = '#';
len++;
if( vlen ) {
*(*out)++ = ' ';
len++;
}
break;
case LDIF_PUT_SEP:
*(*out)++ = '\n';
return;
}
/* name (attribute type) */
if( name != NULL ) {
/* put the name + ":" */
namelen = strlen(name);
strcpy(*out, name);
*out += namelen;
len += namelen;
if( type != LDIF_PUT_COMMENT ) {
*(*out)++ = ':';
len++;
}
}
#ifdef LDAP_DEBUG
else {
assert( type == LDIF_PUT_COMMENT );
}
#endif
if( vlen == 0 ) {
*(*out)++ = '\n';
return;
}
switch( type ) {
case LDIF_PUT_NOVALUE:
*(*out)++ = '\n';
return;
case LDIF_PUT_URL: /* url value */
*(*out)++ = '<';
len++;
break;
case LDIF_PUT_B64: /* base64 value */
*(*out)++ = ':';
len++;
break;
}
switch( type ) {
case LDIF_PUT_TEXT:
case LDIF_PUT_URL:
case LDIF_PUT_B64:
*(*out)++ = ' ';
len++;
/* fall-thru */
case LDIF_PUT_COMMENT:
/* pre-encoded names */
for ( i=0; i < vlen; i++ ) {
if ( len > wrap ) {
*(*out)++ = '\n';
*(*out)++ = ' ';
len = 1;
}
*(*out)++ = val[i];
len++;
}
*(*out)++ = '\n';
return;
}
save = *out;
savelen = len;
*(*out)++ = ' ';
len++;
stop = (const unsigned char *) (val + vlen);
if ( type == LDIF_PUT_VALUE
&& isgraph( (unsigned char) val[0] ) && val[0] != ':' && val[0] != '<'
&& isgraph( (unsigned char) val[vlen-1] )
#ifndef LDAP_BINARY_DEBUG
&& strstr( name, ";binary" ) == NULL
#endif
#ifndef LDAP_PASSWD_DEBUG
&& !ldif_must_b64_encode( name )
#endif
) {
int b64 = 0;
for ( byte = (const unsigned char *) val; byte < stop;
byte++, len++ )
{
if ( !isascii( *byte ) || !isprint( *byte ) ) {
b64 = 1;
break;
}
if ( len >= wrap ) {
*(*out)++ = '\n';
*(*out)++ = ' ';
len = 1;
}
*(*out)++ = *byte;
}
if( !b64 ) {
*(*out)++ = '\n';
return;
}
}
*out = save;
*(*out)++ = ':';
*(*out)++ = ' ';
len = savelen + 2;
/* convert to base 64 (3 bytes => 4 base 64 digits) */
for ( byte = (const unsigned char *) val;
byte < stop - 2;
byte += 3 )
{
bits = (byte[0] & 0xff) << 16;
bits |= (byte[1] & 0xff) << 8;
bits |= (byte[2] & 0xff);
for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
if ( len >= wrap ) {
*(*out)++ = '\n';
*(*out)++ = ' ';
len = 1;
}
/* get b64 digit from high order 6 bits */
*(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
}
}
/* add padding if necessary */
if ( byte < stop ) {
for ( i = 0; byte + i < stop; i++ ) {
buf[i] = byte[i];
}
for ( pad = 0; i < 3; i++, pad++ ) {
buf[i] = '\0';
}
byte = buf;
bits = (byte[0] & 0xff) << 16;
bits |= (byte[1] & 0xff) << 8;
bits |= (byte[2] & 0xff);
for ( i = 0; i < 4; i++, len++, bits <<= 6 ) {
if ( len >= wrap ) {
*(*out)++ = '\n';
*(*out)++ = ' ';
len = 1;
}
if( i + pad < 4 ) {
/* get b64 digit from low order 6 bits */
*(*out)++ = nib2b64[ (bits & 0xfc0000L) >> 18 ];
} else {
*(*out)++ = '=';
}
}
}
*(*out)++ = '\n';
}
/*
* ldif_type_and_value return BER malloc'd, zero-terminated LDIF line
*/
/* NOTE: only preserved for binary compatibility */
char *
ldif_put(
int type,
LDAP_CONST char *name,
LDAP_CONST char *val,
ber_len_t vlen )
{
return ldif_put_wrap( type, name, val, vlen, LDIF_LINE_WIDTH );
}
char *
ldif_put_wrap(
int type,
LDAP_CONST char *name,
LDAP_CONST char *val,
ber_len_t vlen,
ber_len_t wrap )
{
char *buf, *p;
ber_len_t nlen;
nlen = ( name != NULL ) ? strlen( name ) : 0;
buf = (char *) ber_memalloc( LDIF_SIZE_NEEDED_WRAP( nlen, vlen, wrap ) + 1 );
if ( buf == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_type_and_value: malloc failed!"));
return NULL;
}
p = buf;
ldif_sput_wrap( &p, type, name, val, vlen, wrap );
*p = '\0';
return( buf );
}
int ldif_is_not_printable(
LDAP_CONST char *val,
ber_len_t vlen )
{
if( vlen == 0 || val == NULL ) {
return -1;
}
if( isgraph( (unsigned char) val[0] ) && val[0] != ':' && val[0] != '<' &&
isgraph( (unsigned char) val[vlen-1] ) )
{
ber_len_t i;
for ( i = 0; val[i]; i++ ) {
if ( !isascii( val[i] ) || !isprint( (unsigned char) val[i] ) ) {
return 1;
}
}
return 0;
}
return 1;
}
LDIFFP *
ldif_open(
LDAP_CONST char *file,
LDAP_CONST char *mode
)
{
FILE *fp = fopen( file, mode );
LDIFFP *lfp = NULL;
if ( fp ) {
lfp = ber_memalloc( sizeof( LDIFFP ));
lfp->fp = fp;
lfp->prev = NULL;
}
return lfp;
}
void
ldif_close(
LDIFFP *lfp
)
{
LDIFFP *prev;
while ( lfp ) {
fclose( lfp->fp );
prev = lfp->prev;
ber_memfree( lfp );
lfp = prev;
}
}
#define LDIF_MAXLINE 4096
/*
* ldif_read_record - read an ldif record. Return 1 for success, 0 for EOF,
* -1 for error.
*/
int
ldif_read_record(
LDIFFP *lfp,
unsigned long *lno, /* ptr to line number counter */
char **bufp, /* ptr to malloced output buffer */
int *buflenp ) /* ptr to length of *bufp */
{
char line[LDIF_MAXLINE], *nbufp;
ber_len_t lcur = 0, len;
int last_ch = '\n', found_entry = 0, stop, top_comment = 0;
for ( stop = 0; !stop; last_ch = line[len-1] ) {
/* If we're at the end of this file, see if we should pop
* back to a previous file. (return from an include)
*/
while ( feof( lfp->fp )) {
if ( lfp->prev ) {
LDIFFP *tmp = lfp->prev;
fclose( lfp->fp );
*lfp = *tmp;
ber_memfree( tmp );
} else {
stop = 1;
break;
}
}
if ( !stop ) {
if ( fgets( line, sizeof( line ), lfp->fp ) == NULL ) {
stop = 1;
len = 0;
} else {
len = strlen( line );
}
}
if ( stop ) {
/* Add \n in case the file does not end with newline */
if (last_ch != '\n') {
len = 1;
line[0] = '\n';
line[1] = '\0';
goto last;
}
break;
}
/* Squash \r\n to \n */
if ( len > 1 && line[len-2] == '\r' ) {
len--;
line[len-1] = '\n';
}
if ( last_ch == '\n' ) {
(*lno)++;
if ( line[0] == '\n' ) {
if ( !found_entry ) {
lcur = 0;
top_comment = 0;
continue;
}
break;
}
if ( !found_entry ) {
if ( line[0] == '#' ) {
top_comment = 1;
} else if ( ! ( top_comment && line[0] == ' ' ) ) {
/* Found a new entry */
found_entry = 1;
if ( isdigit( (unsigned char) line[0] ) ) {
/* skip index */
continue;
}
if ( !strncasecmp( line, "include:",
STRLENOF("include:"))) {
FILE *fp2;
char *ptr;
found_entry = 0;
if ( line[len-1] == '\n' ) {
len--;
line[len] = '\0';
}
ptr = line + STRLENOF("include:");
while (isspace((unsigned char) *ptr)) ptr++;
fp2 = ldif_open_url( ptr );
if ( fp2 ) {
LDIFFP *lnew = ber_memalloc( sizeof( LDIFFP ));
if ( lnew == NULL ) {
fclose( fp2 );
return 0;
}
lnew->prev = lfp->prev;
lnew->fp = lfp->fp;
lfp->prev = lnew;
lfp->fp = fp2;
line[len] = '\n';
len++;
continue;
} else {
/* We failed to open the file, this should
* be reported as an error somehow.
*/
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
_("ldif_read_record: include %s failed\n"), ptr );
return -1;
}
}
}
}
}
last:
if ( *buflenp - lcur <= len ) {
*buflenp += len + LDIF_MAXLINE;
nbufp = ber_memrealloc( *bufp, *buflenp );
if( nbufp == NULL ) {
return 0;
}
*bufp = nbufp;
}
strcpy( *bufp + lcur, line );
lcur += len;
}
return( found_entry );
}