diff options
| author |   tb <tb@openbsd.org> | 2019-10-24 12:39:26 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2019-10-24 12:39:26 +0000 |
| commit | 696b58997f75587bd78112ed0b6cdec94a718911 (patch) | |
| tree | 113a47b65d3d84619d15dd5ba9050be9ee77cc1b /usr.sbin/ldapd | |
| parent | Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid (diff) | |
| download | wireguard-openbsd-696b58997f75587bd78112ed0b6cdec94a718911.tar.xz wireguard-openbsd-696b58997f75587bd78112ed0b6cdec94a718911.zip | |
The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
Diffstat (limited to 'usr.sbin/ldapd')
| -rw-r--r-- | usr.sbin/ldapd/attributes.c | 40 | ||||
| -rw-r--r-- | usr.sbin/ldapd/auth.c | 10 | ||||
| -rw-r--r-- | usr.sbin/ldapd/conn.c | 14 | ||||
| -rw-r--r-- | usr.sbin/ldapd/filter.c | 10 | ||||
| -rw-r--r-- | usr.sbin/ldapd/index.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 44 | ||||
| -rw-r--r-- | usr.sbin/ldapd/logmsg.c | 16 | ||||
| -rw-r--r-- | usr.sbin/ldapd/modify.c | 42 | ||||
| -rw-r--r-- | usr.sbin/ldapd/schema.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ldapd/search.c | 162 | ||||
| -rw-r--r-- | usr.sbin/ldapd/util.c | 20 | ||||
| -rw-r--r-- | usr.sbin/ldapd/validate.c | 8 |
12 files changed, 188 insertions, 188 deletions
diff --git a/usr.sbin/ldapd/attributes.c b/usr.sbin/ldapd/attributes.c index b9547e420c2..2ed3a8b4fb7 100644 --- a/usr.sbin/ldapd/attributes.c +++ b/usr.sbin/ldapd/attributes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: attributes.c,v 1.5 2017/02/11 20:40:03 guenther Exp $ */ +/* $OpenBSD: attributes.c,v 1.6 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009 Martin Hedenfalk <martin@bzero.se> @@ -39,7 +39,7 @@ ldap_get_attribute(struct ber_element *entry, const char *attr) for (elm = entry->be_sub; elm != NULL; elm = elm->be_next) { a = elm->be_sub; - if (a && ber_get_string(a, &s) == 0 && strcasecmp(s, attr) == 0) + if (a && ober_get_string(a, &s) == 0 && strcasecmp(s, attr) == 0) return a; } @@ -72,7 +72,7 @@ ldap_find_value(struct ber_element *elm, const char *value) return NULL; for (a = elm->be_sub; a != NULL; a = a->be_next) { - if (ber_get_string(a, &s) == 0 && strcasecmp(s, value) == 0) + if (ober_get_string(a, &s) == 0 && strcasecmp(s, value) == 0) return a; } @@ -105,13 +105,13 @@ ldap_add_attribute(struct ber_element *entry, const char *attr, else while (last != NULL && last->be_next != NULL) last = last->be_next; - if ((elm = ber_add_sequence(last)) == NULL) + if ((elm = ober_add_sequence(last)) == NULL) return NULL; - if ((a = ber_add_string(elm, attr)) == NULL) { - ber_free_elements(elm); + if ((a = ober_add_string(elm, attr)) == NULL) { + ober_free_elements(elm); return NULL; } - ber_link_elements(a, value_set); + ober_link_elements(a, value_set); return elm; } @@ -126,17 +126,17 @@ ldap_set_values(struct ber_element *elm, struct ber_element *vals) assert(vals); assert(vals->be_sub); - if (ber_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { + if (ober_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { log_warnx("failed to parse element"); return -1; } - ber_free_elements(old_vals->be_sub); + ober_free_elements(old_vals->be_sub); old_vals->be_sub = NULL; - ber_link_elements(old_vals, vals->be_sub); + ober_link_elements(old_vals, vals->be_sub); vals->be_sub = NULL; - ber_free_elements(vals); + ober_free_elements(vals); return 0; } @@ -152,7 +152,7 @@ ldap_merge_values(struct ber_element *elm, struct ber_element *vals) assert(vals->be_type == BER_TYPE_SET); assert(vals->be_sub); - if (ber_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { + if (ober_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { log_warnx("failed to parse element"); return -1; } @@ -161,10 +161,10 @@ ldap_merge_values(struct ber_element *elm, struct ber_element *vals) while (last && last->be_next) last = last->be_next; - ber_link_elements(last, vals->be_sub); + ober_link_elements(last, vals->be_sub); vals->be_sub = NULL; - ber_free_elements(vals); + ober_free_elements(vals); return 0; } @@ -181,7 +181,7 @@ ldap_del_attribute(struct ber_element *entry, const char *attrdesc) attr = entry->be_sub; while (attr) { - if (ber_scanf_elements(attr, "{s(", &s) != 0) { + if (ober_scanf_elements(attr, "{s(", &s) != 0) { log_warnx("failed to parse attribute"); return -1; } @@ -192,7 +192,7 @@ ldap_del_attribute(struct ber_element *entry, const char *attrdesc) else prev->be_next = attr->be_next; attr->be_next = NULL; - ber_free_elements(attr); + ober_free_elements(attr); break; } @@ -214,7 +214,7 @@ ldap_del_values(struct ber_element *elm, struct ber_element *vals) assert(vals); assert(vals->be_sub); - if (ber_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { + if (ober_scanf_elements(elm, "se(", &attr, &old_vals) != 0) { log_warnx("failed to parse element"); return -1; } @@ -227,9 +227,9 @@ ldap_del_values(struct ber_element *elm, struct ber_element *vals) for (x = vals->be_sub; x; x = x->be_next) { if (x && v->be_len == x->be_len && memcmp(v->be_val, x->be_val, x->be_len) == 0) { - removed = ber_unlink_elements(prev); - ber_link_elements(prev, removed->be_next); - ber_free_element(removed); + removed = ober_unlink_elements(prev); + ober_link_elements(prev, removed->be_next); + ober_free_element(removed); removed_p = 1; break; } diff --git a/usr.sbin/ldapd/auth.c b/usr.sbin/ldapd/auth.c index b61cb9c5bce..f8debff7a2d 100644 --- a/usr.sbin/ldapd/auth.c +++ b/usr.sbin/ldapd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.13 2018/05/14 07:53:47 reyk Exp $ */ +/* $OpenBSD: auth.c,v 1.14 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -259,7 +259,7 @@ ldap_auth_sasl(struct request *req, char *binddn, struct ber_element *params) char *creds; size_t len; - if (ber_scanf_elements(params, "{sx", &method, &creds, &len) != 0) + if (ober_scanf_elements(params, "{sx", &method, &creds, &len) != 0) return LDAP_PROTOCOL_ERROR; if (strcmp(method, "PLAIN") != 0) @@ -315,7 +315,7 @@ ldap_auth_simple(struct request *req, char *binddn, struct ber_element *auth) return LDAP_CONFIDENTIALITY_REQUIRED; } - if (ber_scanf_elements(auth, "s", &password) != 0) + if (ober_scanf_elements(auth, "s", &password) != 0) return LDAP_PROTOCOL_ERROR; if (*password == '\0') { @@ -349,7 +349,7 @@ ldap_auth_simple(struct request *req, char *binddn, struct ber_element *auth) if (pw != NULL) { for (elm = pw->be_next->be_sub; elm; elm = elm->be_next) { - if (ber_get_string(elm, &user_password) != 0) + if (ober_get_string(elm, &user_password) != 0) continue; pwret = check_password(req, user_password, password); if (pwret >= 1) @@ -406,7 +406,7 @@ ldap_bind(struct request *req) ++stats.req_bind; - if (ber_scanf_elements(req->op, "{ise", &ver, &binddn, &auth) != 0) { + if (ober_scanf_elements(req->op, "{ise", &ver, &binddn, &auth) != 0) { rc = LDAP_PROTOCOL_ERROR; goto done; } diff --git a/usr.sbin/ldapd/conn.c b/usr.sbin/ldapd/conn.c index 8c3ffc1daf8..adcd34aa9d0 100644 --- a/usr.sbin/ldapd/conn.c +++ b/usr.sbin/ldapd/conn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conn.c,v 1.17 2018/07/31 11:01:00 claudio Exp $ */ +/* $OpenBSD: conn.c,v 1.18 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -42,7 +42,7 @@ void request_free(struct request *req) { if (req->root != NULL) - ber_free_elements(req->root); + ober_free_elements(req->root); free(req); } @@ -66,7 +66,7 @@ conn_close(struct conn *conn) tls_free(conn->tls); TAILQ_REMOVE(&conn_list, conn, next); - ber_free(&conn->ber); + ober_free(&conn->ber); if (conn->bev != NULL) bufferevent_free(conn->bev); close(conn->fd); @@ -155,7 +155,7 @@ conn_dispatch(struct conn *conn) req->conn = conn; rptr = conn->ber.br_rptr; /* save where we start reading */ - if ((req->root = ber_read_elements(&conn->ber, NULL)) == NULL) { + if ((req->root = ober_read_elements(&conn->ber, NULL)) == NULL) { if (errno != ECANCELED) { log_warnx("protocol error"); hexdump(rptr, conn->ber.br_rend - rptr, @@ -170,7 +170,7 @@ conn_dispatch(struct conn *conn) /* Read message id and request type. */ - if (ber_scanf_elements(req->root, "{ite", + if (ober_scanf_elements(req->root, "{ite", &req->msgid, &class, &req->type, &req->op) != 0) { log_warnx("protocol error"); ldap_debug_elements(req->root, -1, @@ -196,7 +196,7 @@ conn_read(struct bufferevent *bev, void *data) struct evbuffer *input; input = EVBUFFER_INPUT(bev); - ber_set_readbuf(&conn->ber, + ober_set_readbuf(&conn->ber, EVBUFFER_DATA(input), EVBUFFER_LENGTH(input)); while (conn->ber.br_rend - conn->ber.br_rptr > 0) { @@ -296,7 +296,7 @@ conn_accept(int fd, short event, void *data) log_warn("malloc"); goto giveup; } - ber_set_application(&conn->ber, ldap_application); + ober_set_application(&conn->ber, ldap_application); conn->fd = afd; conn->listener = l; diff --git a/usr.sbin/ldapd/filter.c b/usr.sbin/ldapd/filter.c index 2aeae4b1d15..98da39c6876 100644 --- a/usr.sbin/ldapd/filter.c +++ b/usr.sbin/ldapd/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.8 2018/08/27 12:15:20 claudio Exp $ */ +/* $OpenBSD: filter.c,v 1.9 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martinh@openbsd.org> @@ -54,7 +54,7 @@ ldap_filt_eq(struct ber_element *root, struct plan *plan) return -1; for (v = vals->be_sub; v; v = v->be_next) { - if (ber_get_string(v, &vs) != 0) + if (ober_get_string(v, &vs) != 0) continue; if (strcasecmp(plan->assert.value, vs) == 0) return 0; @@ -71,11 +71,11 @@ ldap_filt_subs_value(struct ber_element *v, struct ber_element *sub) const char *cmpval; char *vs, *p, *end; - if (ber_get_string(v, &vs) != 0) + if (ober_get_string(v, &vs) != 0) return -1; for (; sub; sub = sub->be_next) { - if (ber_scanf_elements(sub, "ts", &class, &type, &cmpval) != 0) + if (ober_scanf_elements(sub, "ts", &class, &type, &cmpval) != 0) return -1; if (class != BER_CLASS_CONTEXT) @@ -130,7 +130,7 @@ ldap_filt_subs(struct ber_element *root, struct plan *plan) return -1; } - if (ber_scanf_elements(a, "s(e", &attr, &v) != 0) + if (ober_scanf_elements(a, "s(e", &attr, &v) != 0) return -1; /* internal failure, false or undefined? */ /* Loop through all values, stop if any matches. diff --git a/usr.sbin/ldapd/index.c b/usr.sbin/ldapd/index.c index 16408aed415..29bea2ceb33 100644 --- a/usr.sbin/ldapd/index.c +++ b/usr.sbin/ldapd/index.c @@ -1,4 +1,4 @@ -/* $OpenBSD: index.c,v 1.12 2018/06/28 02:41:49 gsoares Exp $ */ +/* $OpenBSD: index.c,v 1.13 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009 Martin Hedenfalk <martin@bzero.se> @@ -103,7 +103,7 @@ index_attribute(struct namespace *ns, char *attr, struct btval *dn, dnsz = dn->size - strlen(ns->suffix); for (v = a->be_next->be_sub; v; v = v->be_next) { - if (ber_get_string(v, &s) != 0) + if (ober_get_string(v, &s) != 0) continue; memset(&key, 0, sizeof(key)); key.size = asprintf(&t, "%s=%s,%.*s", attr, s, dnsz, @@ -202,7 +202,7 @@ unindex_attribute(struct namespace *ns, char *attr, struct btval *dn, dnsz = dn->size - strlen(ns->suffix); for (v = a->be_next->be_sub; v; v = v->be_next) { - if (ber_get_string(v, &s) != 0) + if (ober_get_string(v, &s) != 0) continue; memset(&key, 0, sizeof(key)); key.size = asprintf(&t, "%s=%s,%.*s", attr, s, dnsz, diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index a494d304b27..aeab0f8e997 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.31 2019/06/28 13:32:48 deraadt Exp $ */ +/* $OpenBSD: ldape.c,v 1.32 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -78,27 +78,27 @@ send_ldap_extended_response(struct conn *conn, int msgid, unsigned int type, log_debug("sending response %u with result %lld", type, result_code); - if ((root = ber_add_sequence(NULL)) == NULL) + if ((root = ober_add_sequence(NULL)) == NULL) goto fail; - elm = ber_printf_elements(root, "d{tEss", + elm = ober_printf_elements(root, "d{tEss", msgid, BER_CLASS_APP, type, result_code, "", ""); if (elm == NULL) goto fail; if (extended_oid) - if (ber_add_string(elm, extended_oid) == NULL) + if (ober_add_string(elm, extended_oid) == NULL) goto fail; ldap_debug_elements(root, type, "sending response on fd %d", conn->fd); - rc = ber_write_elements(&conn->ber, root); - ber_free_elements(root); + rc = ober_write_elements(&conn->ber, root); + ober_free_elements(root); if (rc < 0) log_warn("failed to create ldap result"); else { - ber_get_writebuf(&conn->ber, &buf); + ober_get_writebuf(&conn->ber, &buf); if (bufferevent_write(conn->bev, buf, rc) != 0) log_warn("failed to send ldap result"); } @@ -106,7 +106,7 @@ send_ldap_extended_response(struct conn *conn, int msgid, unsigned int type, return; fail: if (root) - ber_free_elements(root); + ober_free_elements(root); } int @@ -136,12 +136,12 @@ ldap_refer(struct request *req, const char *basedn, struct search *search, log_debug("sending referral in response %u on msgid %lld", type, req->msgid); - if ((root = ber_add_sequence(NULL)) == NULL) + if ((root = ober_add_sequence(NULL)) == NULL) goto fail; - if ((elm = ref_root = ber_add_sequence(NULL)) == NULL) + if ((elm = ref_root = ober_add_sequence(NULL)) == NULL) goto fail; - ber_set_header(ref_root, BER_CLASS_CONTEXT, LDAP_REQ_SEARCH); + ober_set_header(ref_root, BER_CLASS_CONTEXT, LDAP_REQ_SEARCH); SLIST_FOREACH(ref, refs, next) { if (search != NULL) rc = asprintf(&url, "%s/%s??%s", ref->url, basedn, @@ -153,25 +153,25 @@ ldap_refer(struct request *req, const char *basedn, struct search *search, goto fail; } log_debug("adding referral '%s'", url); - elm = ber_add_string(elm, url); + elm = ober_add_string(elm, url); free(url); if (elm == NULL) goto fail; } - elm = ber_printf_elements(root, "d{tEsse", + elm = ober_printf_elements(root, "d{tEsse", req->msgid, BER_CLASS_APP, type, result_code, "", "", ref_root); if (elm == NULL) goto fail; ref_root = NULL; - rc = ber_write_elements(&req->conn->ber, root); - ber_free_elements(root); + rc = ober_write_elements(&req->conn->ber, root); + ober_free_elements(root); if (rc < 0) log_warn("failed to create ldap result"); else { - ber_get_writebuf(&req->conn->ber, &buf); + ober_get_writebuf(&req->conn->ber, &buf); if (bufferevent_write(req->conn->bev, buf, rc) != 0) log_warn("failed to send ldap result"); } @@ -181,9 +181,9 @@ ldap_refer(struct request *req, const char *basedn, struct search *search, fail: if (root != NULL) - ber_free_elements(root); + ober_free_elements(root); if (ref_root != NULL) - ber_free_elements(ref_root); + ober_free_elements(ref_root); request_free(req); return LDAP_REFERRAL; } @@ -210,7 +210,7 @@ ldap_abandon(struct request *req) long long msgid; struct search *search; - if (ber_scanf_elements(req->op, "i", &msgid) != 0) { + if (ober_scanf_elements(req->op, "i", &msgid) != 0) { request_free(req); return -1; /* protocol error, but don't respond */ } @@ -245,7 +245,7 @@ ldap_compare(struct request *req) struct attr_type *at; char *dn, *aname, *value, *s; - if (ber_scanf_elements(req->op, "{s{ss", &dn, &aname, &value) != 0) { + if (ober_scanf_elements(req->op, "{s{ss", &dn, &aname, &value) != 0) { log_debug("%s: protocol error", __func__); request_free(req); return -1; @@ -272,7 +272,7 @@ ldap_compare(struct request *req) return ldap_respond(req, LDAP_OTHER); for (elm = attr->be_sub; elm != NULL; elm = elm->be_next) { - if (ber_get_string(elm, &s) != 0) + if (ober_get_string(elm, &s) != 0) return ldap_respond(req, LDAP_OTHER); if (strcasecmp(value, s) == 0) return ldap_respond(req, LDAP_COMPARE_TRUE); @@ -307,7 +307,7 @@ ldap_extended(struct request *req) { NULL } }; - if (ber_scanf_elements(req->op, "{se", &oid, &ext_val) != 0) + if (ober_scanf_elements(req->op, "{se", &oid, &ext_val) != 0) goto done; log_debug("got extended operation %s", oid); diff --git a/usr.sbin/ldapd/logmsg.c b/usr.sbin/ldapd/logmsg.c index ccf7d54a3de..1dc8f68f4e2 100644 --- a/usr.sbin/ldapd/logmsg.c +++ b/usr.sbin/ldapd/logmsg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logmsg.c,v 1.3 2018/07/31 11:01:00 claudio Exp $ */ +/* $OpenBSD: logmsg.c,v 1.4 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -108,7 +108,7 @@ ldap_debug_elements(struct ber_element *root, int context, const char *fmt, ...) } /* calculate lengths */ - ber_calc_len(root); + ober_calc_len(root); switch (root->be_encoding) { case BER_TYPE_SEQUENCE: @@ -265,28 +265,28 @@ ldap_debug_elements(struct ber_element *root, int context, const char *fmt, ...) switch (root->be_encoding) { case BER_TYPE_BOOLEAN: - if (ber_get_boolean(root, &d) == -1) { + if (ober_get_boolean(root, &d) == -1) { fprintf(stderr, "<INVALID>\n"); break; } fprintf(stderr, "%s(%d)\n", d ? "true" : "false", d); break; case BER_TYPE_INTEGER: - if (ber_get_integer(root, &v) == -1) { + if (ober_get_integer(root, &v) == -1) { fprintf(stderr, "<INVALID>\n"); break; } fprintf(stderr, "value %lld\n", v); break; case BER_TYPE_ENUMERATED: - if (ber_get_enumerated(root, &v) == -1) { + if (ober_get_enumerated(root, &v) == -1) { fprintf(stderr, "<INVALID>\n"); break; } fprintf(stderr, "value %lld\n", v); break; case BER_TYPE_BITSTRING: - if (ber_get_bitstring(root, (void *)&buf, &len) == -1) { + if (ober_get_bitstring(root, (void *)&buf, &len) == -1) { fprintf(stderr, "<INVALID>\n"); break; } @@ -296,14 +296,14 @@ ldap_debug_elements(struct ber_element *root, int context, const char *fmt, ...) fprintf(stderr, "\n"); break; case BER_TYPE_OBJECT: - if (ber_get_oid(root, &o) == -1) { + if (ober_get_oid(root, &o) == -1) { fprintf(stderr, "<INVALID>\n"); break; } fprintf(stderr, "\n"); break; case BER_TYPE_OCTETSTRING: - if (ber_get_nstring(root, (void *)&buf, &len) == -1) { + if (ober_get_nstring(root, (void *)&buf, &len) == -1) { fprintf(stderr, "<INVALID>\n"); break; } diff --git a/usr.sbin/ldapd/modify.c b/usr.sbin/ldapd/modify.c index f1c9873c978..d2961063926 100644 --- a/usr.sbin/ldapd/modify.c +++ b/usr.sbin/ldapd/modify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: modify.c,v 1.22 2019/05/18 18:45:53 rob Exp $ */ +/* $OpenBSD: modify.c,v 1.23 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -41,7 +41,7 @@ ldap_delete(struct request *req) ++stats.req_mod; - if (ber_scanf_elements(req->op, "s", &dn) != 0) + if (ober_scanf_elements(req->op, "s", &dn) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); normalize_dn(dn); @@ -102,7 +102,7 @@ ldap_delete(struct request *req) goto done; for (elm = entry->be_sub; elm != NULL; elm = elm->be_next) { a = elm->be_sub; - if (a && ber_get_string(a, &s) == 0 && + if (a && ober_get_string(a, &s) == 0 && !authorized(req->conn, ns, ACI_WRITE, dn, s, LDAP_SCOPE_BASE)) { rc = LDAP_INSUFFICIENT_ACCESS; @@ -134,7 +134,7 @@ ldap_add(struct request *req) ++stats.req_mod; - if (ber_scanf_elements(req->op, "{se", &dn, &attrs) != 0) + if (ober_scanf_elements(req->op, "{se", &dn, &attrs) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); normalize_dn(dn); @@ -158,7 +158,7 @@ ldap_add(struct request *req) */ for (elm = attrs->be_sub; elm != NULL; elm = elm->be_next) { attr = elm->be_sub; - if (attr == NULL || ber_get_string(attr, &s) != 0) + if (attr == NULL || ober_get_string(attr, &s) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); if (!authorized(req->conn, ns, ACI_WRITE, dn, s, LDAP_SCOPE_BASE)) @@ -190,25 +190,25 @@ ldap_add(struct request *req) /* add operational attributes */ - if ((set = ber_add_set(NULL)) == NULL) + if ((set = ober_add_set(NULL)) == NULL) goto fail; - if (ber_add_string(set, req->conn->binddn ? req->conn->binddn : "") == NULL) + if (ober_add_string(set, req->conn->binddn ? req->conn->binddn : "") == NULL) goto fail; if (ldap_add_attribute(attrs, "creatorsName", set) == NULL) goto fail; - if ((set = ber_add_set(NULL)) == NULL) + if ((set = ober_add_set(NULL)) == NULL) goto fail; - if (ber_add_string(set, ldap_now()) == NULL) + if (ober_add_string(set, ldap_now()) == NULL) goto fail; if (ldap_add_attribute(attrs, "createTimestamp", set) == NULL) goto fail; uuid_create(&uuid); uuid_to_string(&uuid, uuid_str, sizeof(uuid_str)); - if ((set = ber_add_set(NULL)) == NULL) + if ((set = ober_add_set(NULL)) == NULL) goto fail; - if (ber_add_string(set, uuid_str) == NULL) + if (ober_add_string(set, uuid_str) == NULL) goto fail; if (ldap_add_attribute(attrs, "entryUUID", set) == NULL) goto fail; @@ -227,7 +227,7 @@ ldap_add(struct request *req) fail: if (set != NULL) - ber_free_elements(set); + ober_free_elements(set); namespace_abort(ns); return ldap_respond(req, LDAP_OTHER); } @@ -247,7 +247,7 @@ ldap_modify(struct request *req) ++stats.req_mod; - if (ber_scanf_elements(req->op, "{se", &dn, &mods) != 0) + if (ober_scanf_elements(req->op, "{se", &dn, &mods) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); normalize_dn(dn); @@ -266,7 +266,7 @@ ldap_modify(struct request *req) /* Check authorization for each mod to consider attributes */ for (mod = mods->be_sub; mod; mod = mod->be_next) { - if (ber_scanf_elements(mod, "{E{es", &op, &prev, &attr) != 0) + if (ober_scanf_elements(mod, "{E{es", &op, &prev, &attr) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); if (!authorized(req->conn, ns, ACI_WRITE, dn, attr, LDAP_SCOPE_BASE)) @@ -288,7 +288,7 @@ ldap_modify(struct request *req) } for (mod = mods->be_sub; mod; mod = mod->be_next) { - if (ber_scanf_elements(mod, "{E{ese(", &op, &prev, &attr, &vals) != 0) { + if (ober_scanf_elements(mod, "{E{ese(", &op, &prev, &attr, &vals) != 0) { rc = LDAP_PROTOCOL_ERROR; vals = NULL; goto done; @@ -355,7 +355,7 @@ ldap_modify(struct request *req) } if (vals != NULL) { - ber_free_elements(vals); + ober_free_elements(vals); vals = NULL; } } @@ -363,15 +363,15 @@ ldap_modify(struct request *req) if ((rc = validate_entry(dn, entry, ns->relax)) != LDAP_SUCCESS) goto done; - set = ber_add_set(NULL); - ber_add_string(set, req->conn->binddn ? req->conn->binddn : ""); + set = ober_add_set(NULL); + ober_add_string(set, req->conn->binddn ? req->conn->binddn : ""); if ((a = ldap_get_attribute(entry, "modifiersName")) != NULL) ldap_set_values(a, set); else ldap_add_attribute(entry, "modifiersName", set); - set = ber_add_set(NULL); - ber_add_string(set, ldap_now()); + set = ober_add_set(NULL); + ober_add_string(set, ldap_now()); if ((a = ldap_get_attribute(entry, "modifyTimestamp")) != NULL) ldap_set_values(a, set); else @@ -384,7 +384,7 @@ ldap_modify(struct request *req) done: if (vals != NULL) - ber_free_elements(vals); + ober_free_elements(vals); namespace_abort(ns); return ldap_respond(req, rc); } diff --git a/usr.sbin/ldapd/schema.c b/usr.sbin/ldapd/schema.c index 448a5b24521..263596095cf 100644 --- a/usr.sbin/ldapd/schema.c +++ b/usr.sbin/ldapd/schema.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schema.c,v 1.18 2019/02/13 22:57:08 deraadt Exp $ */ +/* $OpenBSD: schema.c,v 1.19 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2010 Martin Hedenfalk <martinh@openbsd.org> @@ -251,7 +251,7 @@ int is_oidstr(const char *oidstr) { struct ber_oid oid; - return (ber_string2oid(oidstr, &oid) == 0); + return (ober_string2oid(oidstr, &oid) == 0); } static struct name_list * diff --git a/usr.sbin/ldapd/search.c b/usr.sbin/ldapd/search.c index 8aed3a50245..3033823eb18 100644 --- a/usr.sbin/ldapd/search.c +++ b/usr.sbin/ldapd/search.c @@ -1,4 +1,4 @@ -/* $OpenBSD: search.c,v 1.24 2018/12/05 06:44:09 claudio Exp $ */ +/* $OpenBSD: search.c,v 1.25 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -79,7 +79,7 @@ should_include_attribute(char *adesc, struct search *search, int explicit) } for (elm = search->attrlist->be_sub; elm; elm = elm->be_next) { - if (ber_get_string(elm, &fdesc) != 0) + if (ober_get_string(elm, &fdesc) != 0) continue; if (strcasecmp(fdesc, adesc) == 0) return 1; @@ -104,10 +104,10 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, char *adesc; void *buf, *searchdn = NULL; - if ((root = ber_add_sequence(NULL)) == NULL) + if ((root = ober_add_sequence(NULL)) == NULL) goto fail; - if ((filtered_attrs = ber_add_sequence(NULL)) == NULL) + if ((filtered_attrs = ober_add_sequence(NULL)) == NULL) goto fail; link = filtered_attrs; @@ -115,7 +115,7 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, goto fail; for (prev = NULL, a = attrs->be_sub; a; a = next) { - if (ber_get_string(a->be_sub, &adesc) != 0) + if (ober_get_string(a->be_sub, &adesc) != 0) goto fail; /* * Check if read access to the attribute is allowed and if it @@ -131,7 +131,7 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, else attrs->be_sub = a->be_next; a->be_next = NULL; /* break chain*/ - ber_link_elements(link, a); + ober_link_elements(link, a); link = a; } else { prev = a; @@ -139,7 +139,7 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, } } - elm = ber_printf_elements(root, "i{txe", search->req->msgid, + elm = ober_printf_elements(root, "i{txe", search->req->msgid, BER_CLASS_APP, LDAP_RES_SEARCH_ENTRY, dn, dnlen, filtered_attrs); if (elm == NULL) @@ -148,15 +148,15 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, ldap_debug_elements(root, LDAP_RES_SEARCH_ENTRY, "sending search entry on fd %d", conn->fd); - rc = ber_write_elements(&conn->ber, root); - ber_free_elements(root); + rc = ober_write_elements(&conn->ber, root); + ober_free_elements(root); if (rc < 0) { log_warn("failed to create search-entry response"); return -1; } - ber_get_writebuf(&conn->ber, &buf); + ober_get_writebuf(&conn->ber, &buf); if (bufferevent_write(conn->bev, buf, rc) != 0) { log_warn("failed to send ldap result"); return -1; @@ -167,7 +167,7 @@ search_result(const char *dn, size_t dnlen, struct ber_element *attrs, fail: log_warn("search result"); if (root) - ber_free_elements(root); + ober_free_elements(root); free(searchdn); return -1; } @@ -248,12 +248,12 @@ check_search_entry(struct btval *key, struct btval *val, struct search *search) } if (ldap_matches_filter(elm, search->plan) != 0) { - ber_free_elements(elm); + ober_free_elements(elm); return 0; } rc = search_result(key->data, key->size, elm, search); - ber_free_elements(elm); + ober_free_elements(elm); if (rc == 0) search->nmatched++; @@ -492,51 +492,51 @@ ldap_search_root_dse(struct search *search) struct namespace *ns; struct ber_element *root, *elm, *key, *val; - if ((root = ber_add_sequence(NULL)) == NULL) { + if ((root = ober_add_sequence(NULL)) == NULL) { return; } - elm = ber_add_sequence(root); - key = ber_add_string(elm, "objectClass"); - val = ber_add_set(key); - ber_add_string(val, "top"); + elm = ober_add_sequence(root); + key = ober_add_string(elm, "objectClass"); + val = ober_add_set(key); + ober_add_string(val, "top"); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "supportedLDAPVersion"); - val = ber_add_set(key); - ber_add_string(val, "3"); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "supportedLDAPVersion"); + val = ober_add_set(key); + ober_add_string(val, "3"); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "namingContexts"); - val = ber_add_set(key); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "namingContexts"); + val = ober_add_set(key); TAILQ_FOREACH(ns, &conf->namespaces, next) - val = ber_add_string(val, ns->suffix); + val = ober_add_string(val, ns->suffix); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "supportedExtension"); - val = ber_add_set(key); - ber_add_string(val, "1.3.6.1.4.1.1466.20037"); /* StartTLS */ + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "supportedExtension"); + val = ober_add_set(key); + ober_add_string(val, "1.3.6.1.4.1.1466.20037"); /* StartTLS */ - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "supportedFeatures"); - val = ber_add_set(key); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "supportedFeatures"); + val = ober_add_set(key); /* All Operational Attributes (RFC 3673) */ - ber_add_string(val, "1.3.6.1.4.1.4203.1.5.1"); + ober_add_string(val, "1.3.6.1.4.1.4203.1.5.1"); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "subschemaSubentry"); - val = ber_add_set(key); - ber_add_string(val, "cn=schema"); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "subschemaSubentry"); + val = ober_add_set(key); + ober_add_string(val, "cn=schema"); if ((search->conn->s_flags & F_SECURE) == F_SECURE) { - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "supportedSASLMechanisms"); - val = ber_add_set(key); - ber_add_string(val, "PLAIN"); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "supportedSASLMechanisms"); + val = ober_add_set(key); + ober_add_string(val, "PLAIN"); } search_result("", 0, root, search); - ber_free_elements(root); + ober_free_elements(root); send_ldap_result(search->conn, search->req->msgid, LDAP_RES_SEARCH_RESULT, LDAP_SUCCESS); search_close(search); @@ -551,63 +551,63 @@ ldap_search_subschema(struct search *search) struct attr_type *at; int rc, i; - if ((root = ber_add_sequence(NULL)) == NULL) { + if ((root = ober_add_sequence(NULL)) == NULL) { return; } - elm = ber_add_sequence(root); - key = ber_add_string(elm, "objectClass"); - val = ber_add_set(key); - val = ber_add_string(val, "top"); - ber_add_string(val, "subschema"); + elm = ober_add_sequence(root); + key = ober_add_string(elm, "objectClass"); + val = ober_add_set(key); + val = ober_add_string(val, "top"); + ober_add_string(val, "subschema"); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "createTimestamp"); - val = ber_add_set(key); - ber_add_string(val, ldap_strftime(stats.started_at)); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "createTimestamp"); + val = ober_add_set(key); + ober_add_string(val, ldap_strftime(stats.started_at)); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "modifyTimestamp"); - val = ber_add_set(key); - ber_add_string(val, ldap_strftime(stats.started_at)); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "modifyTimestamp"); + val = ober_add_set(key); + ober_add_string(val, ldap_strftime(stats.started_at)); - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "subschemaSubentry"); - val = ber_add_set(key); - ber_add_string(val, "cn=schema"); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "subschemaSubentry"); + val = ober_add_set(key); + ober_add_string(val, "cn=schema"); if (should_include_attribute("objectClasses", search, 1)) { - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "objectClasses"); - val = ber_add_set(key); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "objectClasses"); + val = ober_add_set(key); RB_FOREACH(obj, object_tree, &conf->schema->objects) { if (schema_dump_object(obj, buf, sizeof(buf)) != 0) { rc = LDAP_OTHER; goto done; } - val = ber_add_string(val, buf); + val = ober_add_string(val, buf); } } if (should_include_attribute("attributeTypes", search, 1)) { - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "attributeTypes"); - val = ber_add_set(key); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "attributeTypes"); + val = ober_add_set(key); RB_FOREACH(at, attr_type_tree, &conf->schema->attr_types) { if (schema_dump_attribute(at, buf, sizeof(buf)) != 0) { rc = LDAP_OTHER; goto done; } - val = ber_add_string(val, buf); + val = ober_add_string(val, buf); } } if (should_include_attribute("matchingRules", search, 1)) { - elm = ber_add_sequence(elm); - key = ber_add_string(elm, "matchingRules"); - val = ber_add_set(key); + elm = ober_add_sequence(elm); + key = ober_add_string(elm, "matchingRules"); + val = ober_add_set(key); for (i = 0; i < num_match_rules; i++) { if (schema_dump_match_rule(&match_rules[i], buf, @@ -615,7 +615,7 @@ ldap_search_subschema(struct search *search) rc = LDAP_OTHER; goto done; } - val = ber_add_string(val, buf); + val = ober_add_string(val, buf); } } @@ -623,7 +623,7 @@ ldap_search_subschema(struct search *search) rc = LDAP_SUCCESS; done: - ber_free_elements(root); + ober_free_elements(root); send_ldap_result(search->conn, search->req->msgid, LDAP_RES_SEARCH_RESULT, rc); search_close(search); @@ -703,7 +703,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) switch (filter->be_type) { case LDAP_FILT_EQ: case LDAP_FILT_APPR: - if (ber_scanf_elements(filter, "{ss", &attr, &s) != 0) + if (ober_scanf_elements(filter, "{ss", &attr, &s) != 0) goto fail; if (plan_get_attr(plan, ns, attr) == -1) plan->undefined = 1; @@ -718,7 +718,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) } break; case LDAP_FILT_SUBS: - if (ber_scanf_elements(filter, "{s{ets", + if (ober_scanf_elements(filter, "{s{ets", &attr, &plan->assert.substring, &class, &type, &s) != 0) goto fail; if (plan_get_attr(plan, ns, attr) == -1) @@ -735,7 +735,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) } break; case LDAP_FILT_PRES: - if (ber_scanf_elements(filter, "s", &attr) != 0) + if (ober_scanf_elements(filter, "s", &attr) != 0) goto fail; if (plan_get_attr(plan, ns, attr) == -1) plan->undefined = 1; @@ -745,7 +745,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) } break; case LDAP_FILT_AND: - if (ber_scanf_elements(filter, "(e", &elm) != 0) + if (ober_scanf_elements(filter, "(e", &elm) != 0) goto fail; for (; elm; elm = elm->be_next) { if ((arg = search_planner(ns, elm)) == NULL) @@ -775,7 +775,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) } break; case LDAP_FILT_OR: - if (ber_scanf_elements(filter, "(e", &elm) != 0) + if (ober_scanf_elements(filter, "(e", &elm) != 0) goto fail; for (; elm; elm = elm->be_next) { if ((arg = search_planner(ns, elm)) == NULL) @@ -804,7 +804,7 @@ search_planner(struct namespace *ns, struct ber_element *filter) } break; case LDAP_FILT_NOT: - if (ber_scanf_elements(filter, "{e", &elm) != 0) + if (ober_scanf_elements(filter, "{e", &elm) != 0) goto fail; if ((arg = search_planner(ns, elm)) == NULL) goto fail; @@ -875,7 +875,7 @@ ldap_search(struct request *req) TAILQ_INSERT_HEAD(&req->conn->searches, search, next); RB_INIT(&search->uniqdns); - if (ber_scanf_elements(req->op, "{sEEiibeSeS", + if (ober_scanf_elements(req->op, "{sEEiibeSeS", &search->basedn, &search->scope, &search->deref, diff --git a/usr.sbin/ldapd/util.c b/usr.sbin/ldapd/util.c index cc94ebf74d2..3f5d74d0a3c 100644 --- a/usr.sbin/ldapd/util.c +++ b/usr.sbin/ldapd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.11 2019/07/03 03:24:03 deraadt Exp $ */ +/* $OpenBSD: util.c,v 1.12 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2009 Martin Hedenfalk <martin@bzero.se> @@ -113,9 +113,9 @@ ber2db(struct ber_element *root, struct btval *val, int compression_level) memset(val, 0, sizeof(*val)); memset(&ber, 0, sizeof(ber)); - ber_write_elements(&ber, root); + ober_write_elements(&ber, root); - if ((len = ber_get_writebuf(&ber, &buf)) == -1) + if ((len = ober_get_writebuf(&ber, &buf)) == -1) return -1; if (compression_level > 0) { @@ -123,7 +123,7 @@ ber2db(struct ber_element *root, struct btval *val, int compression_level) val->data = malloc(val->size + sizeof(uint32_t)); if (val->data == NULL) { log_warn("malloc(%zu)", val->size + sizeof(uint32_t)); - ber_free(&ber); + ober_free(&ber); return -1; } dest = (char *)val->data + sizeof(uint32_t); @@ -132,7 +132,7 @@ ber2db(struct ber_element *root, struct btval *val, int compression_level) compression_level)) != Z_OK) { log_warn("compress returned %d", rc); free(val->data); - ber_free(&ber); + ober_free(&ber); return -1; } log_debug("compressed entry from %zd -> %lu byte", @@ -148,7 +148,7 @@ ber2db(struct ber_element *root, struct btval *val, int compression_level) ber.br_wbuf = NULL; } - ber_free(&ber); + ober_free(&ber); return 0; } @@ -190,13 +190,13 @@ db2ber(struct btval *val, int compression_level) log_debug("uncompressed entry from %zu -> %lu byte", val->size, len); - ber_set_readbuf(&ber, buf, len); - elm = ber_read_elements(&ber, NULL); + ober_set_readbuf(&ber, buf, len); + elm = ober_read_elements(&ber, NULL); free(buf); return elm; } else { - ber_set_readbuf(&ber, val->data, val->size); - return ber_read_elements(&ber, NULL); + ober_set_readbuf(&ber, val->data, val->size); + return ober_read_elements(&ber, NULL); } } diff --git a/usr.sbin/ldapd/validate.c b/usr.sbin/ldapd/validate.c index 45b02e7207c..441a5c6779e 100644 --- a/usr.sbin/ldapd/validate.c +++ b/usr.sbin/ldapd/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.11 2018/05/15 11:19:21 reyk Exp $ */ +/* $OpenBSD: validate.c,v 1.12 2019/10/24 12:39:26 tb Exp $ */ /* * Copyright (c) 2010 Martin Hedenfalk <martin@bzero.se> @@ -65,7 +65,7 @@ validate_attribute(struct attr_type *at, struct ber_element *vals) } for (elm = vals->be_sub; elm != NULL; elm = elm->be_next) { - if (ber_get_string(elm, &val) == -1) { + if (ober_get_string(elm, &val) == -1) { log_debug("attribute value not an octet-string"); return LDAP_PROTOCOL_ERROR; } @@ -312,7 +312,7 @@ validate_entry(const char *dn, struct ber_element *entry, int relax) */ objclass = objclass->be_next; /* skip attribute description */ for (a = objclass->be_sub; a != NULL; a = a->be_next) { - if (ber_get_string(a, &s) != 0) { + if (ober_get_string(a, &s) != 0) { rc = LDAP_INVALID_SYNTAX; goto done; } @@ -395,7 +395,7 @@ validate_entry(const char *dn, struct ber_element *entry, int relax) /* Check all attributes against schema. */ for (a = entry->be_sub; a != NULL; a = a->be_next) { - if (ber_scanf_elements(a, "{se{", &s, &vals) != 0) { + if (ober_scanf_elements(a, "{se{", &s, &vals) != 0) { rc = LDAP_INVALID_SYNTAX; goto done; } |