Lines Matching +full:- +full:- +full:disable +full:- +full:ldap
21 * SPDX-License-Identifier: curl
31 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
38 * compiled is the code from ldap.c.
57 #ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
60 # pragma warning(disable:4201)
68 # error Your Platform SDK is NOT sufficient for LDAP support! \
69 Update your Platform SDK, or disable LDAP support!
78 # include <ldap.h>
169 * LDAP protocol handler.
173 "ldap", /* scheme */
231 static int ldap_win_bind_auth(LDAP *server, const char *user, in ldap_win_bind_auth()
279 static int ldap_win_bind(struct Curl_easy *data, LDAP *server, in ldap_win_bind()
287 if(user && passwd && (data->set.httpauth & CURLAUTH_BASIC)) { in ldap_win_bind()
298 rc = (int)ldap_win_bind_auth(server, user, passwd, data->set.httpauth); in ldap_win_bind()
319 LDAP *server = NULL; in ldap_do()
324 struct connectdata *conn = data->conn; in ldap_do()
341 infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d", in ldap_do()
343 infof(data, "LDAP local: %s", data->state.url); in ldap_do()
346 rc = ldap_url_parse(data->state.url, &ludp); in ldap_do()
351 failf(data, "Bad LDAP URL: %s", ldap_err2string((curl_ldap_num_t)rc)); in ldap_do()
356 /* Get the URL scheme (either ldap or ldaps) */ in ldap_do()
359 infof(data, "LDAP local: trying to establish %s connection", in ldap_do()
363 host = curlx_convert_UTF8_to_tchar(conn->host.name); in ldap_do()
370 host = conn->host.name; in ldap_do()
373 if(data->state.aptr.user) { in ldap_do()
374 user = conn->user; in ldap_do()
375 passwd = conn->passwd; in ldap_do()
386 /* Win32 LDAP SDK does not support insecure mode without CA! */ in ldap_do()
387 server = ldap_sslinit(host, (curl_ldap_num_t)conn->primary.remote_port, 1); in ldap_do()
391 char *ldap_ca = conn->ssl_config.CAfile; in ldap_do()
395 failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc)); in ldap_do()
399 if(conn->ssl_config.verifypeer) { in ldap_do()
402 if((data->set.ssl.cert_type) && in ldap_do()
403 (strcasecompare(data->set.ssl.cert_type, "DER"))) in ldap_do()
406 failf(data, "LDAP local: ERROR %s CA cert not set", in ldap_do()
411 infof(data, "LDAP local: using %s CA cert '%s'", in ldap_do()
416 failf(data, "LDAP local: ERROR setting %s CA cert: %s", in ldap_do()
428 failf(data, "LDAP local: ERROR setting cert verify mode: %s", in ldap_do()
433 server = ldapssl_init(host, conn->primary.remote_port, 1); in ldap_do()
435 failf(data, "LDAP local: Cannot connect to %s:%u", in ldap_do()
436 conn->host.dispname, conn->primary.remote_port); in ldap_do()
441 if(conn->ssl_config.verifypeer) { in ldap_do()
443 if((data->set.ssl.cert_type) && in ldap_do()
444 (!strcasecompare(data->set.ssl.cert_type, "PEM"))) { in ldap_do()
445 failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type"); in ldap_do()
450 failf(data, "LDAP local: ERROR PEM CA cert not set"); in ldap_do()
454 infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca); in ldap_do()
457 failf(data, "LDAP local: ERROR setting PEM CA cert: %s", in ldap_do()
469 failf(data, "LDAP local: ERROR setting cert verify mode: %s", in ldap_do()
474 server = ldap_init(host, conn->primary.remote_port); in ldap_do()
476 failf(data, "LDAP local: Cannot connect to %s:%u", in ldap_do()
477 conn->host.dispname, conn->primary.remote_port); in ldap_do()
484 failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s", in ldap_do()
492 failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s", in ldap_do()
502 should check in first place if we can support LDAP SSL/TLS */ in ldap_do()
503 failf(data, "LDAP local: SSL/TLS not supported with this version " in ldap_do()
511 else if(data->set.use_ssl > CURLUSESSL_TRY) { in ldap_do()
512 failf(data, "LDAP local: explicit TLS not supported"); in ldap_do()
517 server = ldap_init(host, (curl_ldap_num_t)conn->primary.remote_port); in ldap_do()
519 failf(data, "LDAP local: Cannot connect to %s:%u", in ldap_do()
520 conn->host.dispname, conn->primary.remote_port); in ldap_do()
542 failf(data, "LDAP local: bind via ldap_win_bind %s", in ldap_do()
545 failf(data, "LDAP local: bind via ldap_simple_bind_s %s", in ldap_do()
553 rc = (int)ldap_search_s(server, ludp->lud_dn, in ldap_do()
554 (curl_ldap_num_t)ludp->lud_scope, in ldap_do()
555 ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg); in ldap_do()
558 failf(data, "LDAP remote: %s", ldap_err2string((curl_ldap_num_t)rc)); in ldap_do()
678 (strcmp(";binary", attr + (attr_len - 7)) == 0)) { in ldap_do()
680 result = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len, in ldap_do()
708 result = Curl_client_write(data, CLIENTWRITE_BODY, vals[i]->bv_val, in ldap_do()
709 vals[i]->bv_len); in ldap_do()
770 connclose(conn, "LDAP connection always disable reuse"); in ldap_do()
778 static int do_trace = -1; in _ldap_trace()
781 if(do_trace == -1) { in _ldap_trace()
797 * Return scope-value for a scope-string.
811 return -1; in str2scope()
847 * Break apart the pieces of an LDAP URL.
849 * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
851 * <hostname> already known from 'conn->host.name'.
852 * <port> already known from 'conn->remote_port'.
853 * extract the rest from 'data->state.path+1'. All fields are optional.
855 * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
856 * yields ludp->lud_dn = "".
871 !data->state.up.path || in _ldap_url_parse2()
872 data->state.up.path[0] != '/' || in _ldap_url_parse2()
873 !strncasecompare("LDAP", data->state.up.scheme, 4)) in _ldap_url_parse2()
876 ludp->lud_scope = LDAP_SCOPE_BASE; in _ldap_url_parse2()
877 ludp->lud_port = conn->remote_port; in _ldap_url_parse2()
878 ludp->lud_host = conn->host.name; in _ldap_url_parse2()
881 p = path = strdup(data->state.up.path + 1); in _ldap_url_parse2()
886 if(data->state.up.query) { in _ldap_url_parse2()
887 q = query = strdup(data->state.up.query); in _ldap_url_parse2()
912 ludp->lud_dn = curlx_convert_UTF8_to_tchar(unescaped); in _ldap_url_parse2()
917 if(!ludp->lud_dn) { in _ldap_url_parse2()
923 ludp->lud_dn = unescaped; in _ldap_url_parse2()
949 ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *)); in _ldap_url_parse2()
951 ludp->lud_attrs = calloc(count + 1, sizeof(char *)); in _ldap_url_parse2()
953 if(!ludp->lud_attrs) { in _ldap_url_parse2()
980 ludp->lud_attrs[i] = curlx_convert_UTF8_to_tchar(unescaped); in _ldap_url_parse2()
985 if(!ludp->lud_attrs[i]) { in _ldap_url_parse2()
993 ludp->lud_attrs[i] = unescaped; in _ldap_url_parse2()
996 ludp->lud_attrs_dups++; in _ldap_url_parse2()
1012 ludp->lud_scope = str2scope(p); in _ldap_url_parse2()
1013 if(ludp->lud_scope == -1) { in _ldap_url_parse2()
1018 LDAP_TRACE(("scope %d\n", ludp->lud_scope)); in _ldap_url_parse2()
1047 ludp->lud_filter = curlx_convert_UTF8_to_tchar(unescaped); in _ldap_url_parse2()
1052 if(!ludp->lud_filter) { in _ldap_url_parse2()
1058 ludp->lud_filter = unescaped; in _ldap_url_parse2()
1102 curlx_unicodefree(ludp->lud_dn); in _ldap_free_urldesc()
1103 curlx_unicodefree(ludp->lud_filter); in _ldap_free_urldesc()
1105 free(ludp->lud_dn); in _ldap_free_urldesc()
1106 free(ludp->lud_filter); in _ldap_free_urldesc()
1109 if(ludp->lud_attrs) { in _ldap_free_urldesc()
1111 for(i = 0; i < ludp->lud_attrs_dups; i++) { in _ldap_free_urldesc()
1113 curlx_unicodefree(ludp->lud_attrs[i]); in _ldap_free_urldesc()
1115 free(ludp->lud_attrs[i]); in _ldap_free_urldesc()
1118 free(ludp->lud_attrs); in _ldap_free_urldesc()