[thirdparty/sarg.git] / usertab.c

/*
 * SARG Squid Analysis Report Generator      http://sarg.sourceforge.net
 *                                                            1998, 2015
 *
 * SARG donations:
 *      please look at http://sarg.sourceforge.net/donations.php
 * Support:
 *     http://sourceforge.net/projects/sarg/forums/forum/363374
 * ---------------------------------------------------------------------
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "include/conf.h"
#include "include/defs.h"

#ifdef HAVE_LDAP_H
#define LDAP_DEPRECATED 1

#include <ldap.h>
#include <ldap_cdefs.h>
#include <ldap_features.h>

#if defined(HAVE_ICONV_H)
#include <iconv.h>
#define USE_ICONV 1
#endif //HAVE_ICONV_H

#endif //HAVE_LDAP_H

enum UserTabEnum
{
	//! Users matched against the ::UserTabFile file.
	UTT_File,
	//! Users matched agains a LDAP.
	UTT_Ldap,
	//! No user matching performed.
	UTT_None
};

enum UserTabEnum which_usertab=UTT_None;

static char *userfile=NULL;

#ifdef HAVE_LDAP_H
static LDAP *ldap_handle=NULL;
#endif //HAVE_LDAP_H

#ifdef USE_ICONV
//! iconv conversion descriptor to convert the string returned by LDAP.
static iconv_t ldapiconv=(iconv_t)-1;
//! Buffer to store the converted string.
static char *ldapconvbuffer=NULL;
//! Size of the converted string buffer.
static int ldapconvbuffersize=0;
#endif

static void init_file_usertab(const char *UserTabFile)
{
	FILE *fp_usr;
	long int nreg;
	char buf[MAXLEN];
	int z1, z2;

	if((fp_usr=fopen(UserTabFile,"r"))==NULL) {
		debuga(_("Cannot open file \"%s\": %s\n"),UserTabFile,strerror(errno));
		exit(EXIT_FAILURE);
	}
	if (fseek(fp_usr, 0, SEEK_END)==-1) {
		debuga(_("Failed to move till the end of file \"%s\": %s\n"),UserTabFile,strerror(errno));
		exit(EXIT_FAILURE);
	}
	nreg = ftell(fp_usr);
	if (nreg<0) {
		debuga(_("Cannot get the size of file %s\n"),UserTabFile);
		exit(EXIT_FAILURE);
	}
	nreg += 100;
	if (fseek(fp_usr, 0, SEEK_SET)==-1) {
		debuga(_("Failed to rewind file \"%s\": %s\n"),UserTabFile,strerror(errno));
		exit(EXIT_FAILURE);
	}
	if((userfile=(char *) malloc(nreg))==NULL){
		debuga(_("ERROR: Cannot load. Memory fault\n"));
		exit(EXIT_FAILURE);
	}
	userfile[0]='\t';
	z2=1;
	while(fgets(buf,sizeof(buf),fp_usr)!=NULL) {
		if (buf[0]=='#') continue;
		fixendofline(buf);
		z1=0;
		while(buf[z1] && (unsigned char)buf[z1]>' ') {
			if (z2+3>=nreg) { //need at least 3 additional bytes for the minimum string "\n\t\0"
				debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile);
				exit(EXIT_FAILURE);
			}
			userfile[z2++]=buf[z1++];
		}
		while(buf[z1] && (unsigned char)buf[z1]<=' ') z1++;
		userfile[z2++]='\n';
		while(buf[z1] && (unsigned char)buf[z1]>=' ') {
			if (z2+2>=nreg) { //need at least 2 additional bytes for "\t\0"
				debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile);
				exit(EXIT_FAILURE);
			}
			userfile[z2++]=buf[z1++];
		}
		while(userfile[z2-1]==' ') z2--;
		userfile[z2++]='\t';
	}
	userfile[z2]='\0';
	if (fclose(fp_usr)==EOF) {
		debuga(_("Read error in \"%s\": %s\n"),UserTabFile,strerror(errno));
		exit(EXIT_FAILURE);
	}
}

static void get_usertab_name(const char *user,char *name,int namelen)
{
	char warea[MAXLEN];
	char *str;

	sprintf(warea,"\t%s\n",user);
	if((str=(char *) strstr(userfile,warea)) == (char *) NULL ) {
		safe_strcpy(name,user,namelen);
	} else {
		str=strchr(str+1,'\n');
		str++;
		namelen--;
		for(z1=0; *str != '\t' && z1<namelen ; z1++) {
			name[z1]=*str++;
		}
		name[z1]='\0';
	}
}

#ifdef HAVE_LDAP_H
static void init_ldap_usertab(void) {
	char *ldapuri;
	LDAPURLDesc url;
	int rc;

	ldap_handle = NULL;

	/* Setting LDAP connection and initializing cache */
	memset(&url,0,sizeof(url));
	url.lud_scheme = "ldap";
	url.lud_host = LDAPHost;
	url.lud_port = LDAPPort;
	url.lud_scope = LDAP_SCOPE_DEFAULT;
	ldapuri = ldap_url_desc2str(&url);
	if (ldapuri==NULL) {
		debuga(_("Cannot prepare ldap URI for server %s on port %d\n"),LDAPHost,LDAPPort);
		exit(EXIT_FAILURE);
	}

	rc = ldap_initialize(&ldap_handle, ldapuri);
	if (rc != LDAP_SUCCESS) {
		debuga(_("Unable to connect to LDAP server %s on port %d: %d (%s)\n"), LDAPHost, LDAPPort, rc, ldap_err2string(rc));
		exit(EXIT_FAILURE);
	}
	ldap_memfree(ldapuri);

	if (ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) {
		debuga(_("Could not disable LDAP_OPT_REFERRALS\n"));
		exit(EXIT_FAILURE);
	}
	int ldap_protocol_version = LDAPProtocolVersion;
	if (ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version) != LDAP_SUCCESS) {
		debuga(_("Could not set LDAP protocol version %d\n"), ldap_protocol_version);
		exit(EXIT_FAILURE);
	}

	/* Bind to the LDAP server. */
	rc = ldap_simple_bind_s( ldap_handle, LDAPBindDN, LDAPBindPW );
	if ( rc != LDAP_SUCCESS ) {
		debuga(_("Cannot bind to LDAP server: %s\n"), ldap_err2string(rc));
		exit(EXIT_FAILURE);
	}

#ifdef USE_ICONV
	// prepare for the string conversion
	if (LDAPNativeCharset[0]!='\0') {
		ldapiconv = iconv_open( LDAPNativeCharset, "UTF-8" );
		if (ldapiconv==(iconv_t)-1) {
			debuga(_("iconv cannot convert from UTF-8 to %s: %s\n"),LDAPNativeCharset,strerror(errno));
			exit(EXIT_FAILURE);
		}
	}
	ldapconvbuffer=NULL;
	ldapconvbuffersize=0;
#endif

	/* Initializing cache */

	init_cache();
}

const char * charset_convert( const char * str_in, const char * charset_to )
{
#ifdef USE_ICONV
	size_t return_value;
	const char * str_in_orig;
	char * str_out;
	size_t str_in_len;
	size_t str_out_len;

	str_in_len = strlen( str_in ) + 1;//process the terminating NUL too
	str_out_len = ( 2 * str_in_len );
	if (ldapconvbuffer==NULL || ldapconvbuffersize<str_out_len) {
		ldapconvbuffersize=str_out_len;
		str_out = realloc(ldapconvbuffer,ldapconvbuffersize);
		if (!str_out) {
			debuga(_("Not enough memory to convert a LDAP returned string: %lu bytes required\n"),(unsigned long int)str_out_len);
			exit(EXIT_FAILURE);
		}
		ldapconvbuffer = str_out;
	} else {
		str_out = ldapconvbuffer;
		str_out_len = ldapconvbuffersize;
	}
	str_in_orig = str_in;
	return_value = iconv(ldapiconv, (ICONV_CONST char **)&str_in, &str_in_len, &str_out, &str_out_len );
	if ( return_value == ( size_t ) -1 ) {
		debuga(_("iconv failed in string \"%s\":\n"),str_in_orig);
		switch ( errno ) {
			/* See "man 3 iconv" for an explanation. */
			case EILSEQ:
				debuga(_("Invalid multibyte sequence.\n"));
				break;
			case EINVAL:
				debuga(_("Incomplete multibyte sequence.\n"));
				break;
			case E2BIG:
				debuga(_("No more room.\n"));
				break;
			default:
				debuga(_("Error: %s.\n"),strerror( errno ));
		}
		exit(EXIT_FAILURE);
	}
	return(ldapconvbuffer);
#else //USE_ICONV
	return(str_in);
#endif //USE_ICONV
}

static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
{
	/* Start searching username in cache */
	// According to rfc2254 section 4, only *()\ and NUL must be escaped. This list is rather conservative !
	const char strictchars[] = " ~!@^&(){}|<>?:;\"\'\\[]`,\r\n\0";
	char filtersearch[256], *searched_in_cache;
	char searchloginname[3*MAX_USER_LEN];
	char *attr, **vals;
	const char *attr_out;
	const char *ptr;
	LDAPMessage *result, *e;
	BerElement *ber;
	int i;
	int slen;
	int rc;
	char *attrs[2];

	searched_in_cache = search_in_cache(userlogin);
	if (searched_in_cache!=NULL) {
		safe_strcpy(mappedname, searched_in_cache,namelen);
		return;
	}

	// escape characters according to rfc2254 section 4
	for (slen=0 , ptr=userlogin ; slen<sizeof(searchloginname)-1 && *ptr ; ptr++) {
		if (strchr(strictchars,*ptr)) {
			if (slen+3>=sizeof(searchloginname)-1) break;
			slen+=sprintf(searchloginname+slen,"\\%02X",*ptr);
		} else {
			searchloginname[slen++]=*ptr;
		}
	}
	searchloginname[slen]='\0';

	i=0;
	ptr=LDAPFilterSearch;
	while (i<sizeof(filtersearch)-1 && *ptr) {
		if (ptr[0]=='%' && ptr[1]=='s') {
			if (i+slen>=sizeof(filtersearch)) break;
			memcpy(filtersearch+i,searchloginname,slen);
			i+=slen;
			ptr+=2;
		} else {
			filtersearch[i++]=*ptr++;
		}
	}
	filtersearch[i]='\0';

	/* Search record(s) in LDAP base */
	attrs[0]=LDAPTargetAttr;
	attrs[1]=NULL;
	rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
	if (rc != LDAP_SUCCESS) {
		debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
		debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
		safe_strcpy(mappedname,userlogin,namelen);
		return;
	}

	if (!(e = ldap_first_entry(ldap_handle, result))) {
		insert_to_cache(userlogin, userlogin);
		safe_strcpy(mappedname, userlogin,namelen);
		return;
	}

	for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
		if (!strcasecmp(attr, LDAPTargetAttr)) {
			if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
				attr_out = charset_convert( vals[0], LDAPNativeCharset );
				insert_to_cache(userlogin, attr_out);
				safe_strcpy(mappedname, attr_out, namelen);
				ldap_memfree(vals);
			}
			ldap_memfree(attr);
			break;
		}
		ldap_memfree(attr);
	}
	ldap_msgfree(result);
}
#endif //HAVE_LDAP_H

void init_usertab(const char *UserTabFile)
{
	if (strcmp(UserTabFile, "ldap") == 0) {
		if(debug)
			debuga(_("Loading User table: %s\n"),UserTabFile);
#ifdef HAVE_LDAP_H
		which_usertab=UTT_Ldap;
		init_ldap_usertab();
#else
		debuga(_("LDAP module not compiled in sarg\n"));
		exit(EXIT_FAILURE);
#endif //HAVE_LDAP_H
	} else if (UserTabFile[0] != '\0') {
		if(debug)
			debuga(_("Loading User table: %s\n"),UserTabFile);
		which_usertab=UTT_File;
		init_file_usertab(UserTabFile);
	} else {
		which_usertab=UTT_None;
	}
}

void user_find(char *mappedname, int namelen, const char *userlogin)
{
	if (which_usertab==UTT_File) {
		get_usertab_name(userlogin,mappedname,namelen);
	}
#ifdef HAVE_LDAP_H
	else if (which_usertab==UTT_Ldap) {
		get_ldap_name(userlogin,mappedname,namelen);
	}
#endif //HAVE_LDAP_H
	else {
		safe_strcpy(mappedname,userlogin,namelen);
	}
}

void close_usertab(void)
{
#ifdef HAVE_LDAP_H
	if (ldap_handle) {
		destroy_cache();
		ldap_unbind(ldap_handle);
		ldap_handle=NULL;
	}
#endif //HAVE_LDAP_H
#ifdef USE_ICONV
	if (ldapiconv!=(iconv_t)-1) {
		iconv_close (ldapiconv);
		ldapiconv=(iconv_t)-1;
	}
	if (ldapconvbuffer) {
		free(ldapconvbuffer);
		ldapconvbuffer=NULL;
	}
#endif // USE_ICONV
	if(userfile) {
		free(userfile);
		userfile=NULL;
	}
}
Commit	Line	Data
7179962a	1	/*
7179962a	2	* SARG Squid Analysis Report Generator http://sarg.sourceforge.net
110ce984	3	* 1998, 2015
7179962a PO	4	*
	5	* SARG donations:
	6	* please look at http://sarg.sourceforge.net/donations.php
ac422f9b FM	7	* Support:
ac422f9b FM	8	* http://sourceforge.net/projects/sarg/forums/forum/363374
7179962a PO	9	* ---------------------------------------------------------------------
	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with this program; if not, write to the Free Software
	23	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	24	*
	25	*/
	26
	27	#include "include/conf.h"
	28	#include "include/defs.h"
	29
965c4a6f FM	30	#ifdef HAVE_LDAP_H
	31	#define LDAP_DEPRECATED 1
	32
7179962a PO	33	#include <ldap.h>
	34	#include <ldap_cdefs.h>
	35	#include <ldap_features.h>
fd75cd90 FM	36
	37	#if defined(HAVE_ICONV_H)
	38	#include <iconv.h>
	39	#define USE_ICONV 1
	40	#endif //HAVE_ICONV_H
	41
965c4a6f	42	#endif //HAVE_LDAP_H
7179962a	43
965c4a6f FM	44	enum UserTabEnum
965c4a6f FM	45	{
9bd92830 FM	46	//! Users matched against the ::UserTabFile file.
	47	UTT_File,
	48	//! Users matched agains a LDAP.
	49	UTT_Ldap,
	50	//! No user matching performed.
	51	UTT_None
965c4a6f FM	52	};
	53
	54	enum UserTabEnum which_usertab=UTT_None;
7179962a	55
965c4a6f	56	static char *userfile=NULL;
7179962a	57
965c4a6f FM	58	#ifdef HAVE_LDAP_H
	59	static LDAP *ldap_handle=NULL;
	60	#endif //HAVE_LDAP_H
	61
fd75cd90 FM	62	#ifdef USE_ICONV
	63	//! iconv conversion descriptor to convert the string returned by LDAP.
	64	static iconv_t ldapiconv=(iconv_t)-1;
	65	//! Buffer to store the converted string.
	66	static char *ldapconvbuffer=NULL;
	67	//! Size of the converted string buffer.
	68	static int ldapconvbuffersize=0;
	69	#endif
	70
965c4a6f FM	71	static void init_file_usertab(const char *UserTabFile)
965c4a6f FM	72	{
9bd92830 FM	73	FILE *fp_usr;
	74	long int nreg;
	75	char buf[MAXLEN];
	76	int z1, z2;
965c4a6f	77
9bd92830	78	if((fp_usr=fopen(UserTabFile,"r"))==NULL) {
96dadc9f	79	debuga(_("Cannot open file \"%s\": %s\n"),UserTabFile,strerror(errno));
9bd92830 FM	80	exit(EXIT_FAILURE);
	81	}
	82	if (fseek(fp_usr, 0, SEEK_END)==-1) {
f02fbd92	83	debuga(_("Failed to move till the end of file \"%s\": %s\n"),UserTabFile,strerror(errno));
9bd92830 FM	84	exit(EXIT_FAILURE);
	85	}
	86	nreg = ftell(fp_usr);
	87	if (nreg<0) {
c4633554	88	debuga(_("Cannot get the size of file %s\n"),UserTabFile);
9bd92830 FM	89	exit(EXIT_FAILURE);
	90	}
	91	nreg += 100;
	92	if (fseek(fp_usr, 0, SEEK_SET)==-1) {
f02fbd92	93	debuga(_("Failed to rewind file \"%s\": %s\n"),UserTabFile,strerror(errno));
9bd92830 FM	94	exit(EXIT_FAILURE);
	95	}
	96	if((userfile=(char *) malloc(nreg))==NULL){
c4633554	97	debuga(_("ERROR: Cannot load. Memory fault\n"));
9bd92830 FM	98	exit(EXIT_FAILURE);
	99	}
	100	userfile[0]='\t';
	101	z2=1;
	102	while(fgets(buf,sizeof(buf),fp_usr)!=NULL) {
	103	if (buf[0]=='#') continue;
	104	fixendofline(buf);
	105	z1=0;
	106	while(buf[z1] && (unsigned char)buf[z1]>' ') {
	107	if (z2+3>=nreg) { //need at least 3 additional bytes for the minimum string "\n\t\0"
	108	debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile);
	109	exit(EXIT_FAILURE);
	110	}
	111	userfile[z2++]=buf[z1++];
	112	}
	113	while(buf[z1] && (unsigned char)buf[z1]<=' ') z1++;
	114	userfile[z2++]='\n';
	115	while(buf[z1] && (unsigned char)buf[z1]>=' ') {
	116	if (z2+2>=nreg) { //need at least 2 additional bytes for "\t\0"
	117	debuga(_("The list of the users is too long in your %s file.\n"),UserTabFile);
	118	exit(EXIT_FAILURE);
	119	}
	120	userfile[z2++]=buf[z1++];
	121	}
	122	while(userfile[z2-1]==' ') z2--;
	123	userfile[z2++]='\t';
	124	}
	125	userfile[z2]='\0';
204781f4 FM	126	if (fclose(fp_usr)==EOF) {
	127	debuga(_("Read error in \"%s\": %s\n"),UserTabFile,strerror(errno));
	128	exit(EXIT_FAILURE);
	129	}
965c4a6f FM	130	}
	131
	132	static void get_usertab_name(const char user,char name,int namelen)
	133	{
9bd92830 FM	134	char warea[MAXLEN];
9bd92830 FM	135	char *str;
965c4a6f	136
9bd92830 FM	137	sprintf(warea,"\t%s\n",user);
9bd92830 FM	138	if((str=(char ) strstr(userfile,warea)) == (char ) NULL ) {
a87d4d11	139	safe_strcpy(name,user,namelen);
9bd92830 FM	140	} else {
	141	str=strchr(str+1,'\n');
	142	str++;
a87d4d11	143	namelen--;
9bd92830 FM	144	for(z1=0; *str != '\t' && z1<namelen ; z1++) {
	145	name[z1]=*str++;
	146	}
a87d4d11	147	name[z1]='\0';
9bd92830	148	}
965c4a6f FM	149	}
	150
	151	#ifdef HAVE_LDAP_H
	152	static void init_ldap_usertab(void) {
0ee7618e FM	153	char *ldapuri;
	154	LDAPURLDesc url;
	155	int rc;
	156
9bd92830	157	ldap_handle = NULL;
0ee7618e FM	158
	159	/* Setting LDAP connection and initializing cache */
	160	memset(&url,0,sizeof(url));
	161	url.lud_scheme = "ldap";
	162	url.lud_host = LDAPHost;
	163	url.lud_port = LDAPPort;
	164	url.lud_scope = LDAP_SCOPE_DEFAULT;
	165	ldapuri = ldap_url_desc2str(&url);
	166	if (ldapuri==NULL) {
	167	debuga(_("Cannot prepare ldap URI for server %s on port %d\n"),LDAPHost,LDAPPort);
9bd92830 FM	168	exit(EXIT_FAILURE);
9bd92830 FM	169	}
7179962a	170
0ee7618e FM	171	rc = ldap_initialize(&ldap_handle, ldapuri);
	172	if (rc != LDAP_SUCCESS) {
	173	debuga(_("Unable to connect to LDAP server %s on port %d: %d (%s)\n"), LDAPHost, LDAPPort, rc, ldap_err2string(rc));
	174	exit(EXIT_FAILURE);
	175	}
	176	ldap_memfree(ldapuri);
	177
52fe76a6 FM	178	if (ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) {
	179	debuga(_("Could not disable LDAP_OPT_REFERRALS\n"));
	180	exit(EXIT_FAILURE);
	181	}
9bd92830 FM	182	int ldap_protocol_version = LDAPProtocolVersion;
	183	if (ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version) != LDAP_SUCCESS) {
	184	debuga(_("Could not set LDAP protocol version %d\n"), ldap_protocol_version);
	185	exit(EXIT_FAILURE);
	186	}
7179962a	187
9bd92830	188	/* Bind to the LDAP server. */
9bd92830 FM	189	rc = ldap_simple_bind_s( ldap_handle, LDAPBindDN, LDAPBindPW );
	190	if ( rc != LDAP_SUCCESS ) {
	191	debuga(_("Cannot bind to LDAP server: %s\n"), ldap_err2string(rc));
	192	exit(EXIT_FAILURE);
	193	}
965c4a6f	194
fd75cd90 FM	195	#ifdef USE_ICONV
	196	// prepare for the string conversion
	197	if (LDAPNativeCharset[0]!='\0') {
	198	ldapiconv = iconv_open( LDAPNativeCharset, "UTF-8" );
	199	if (ldapiconv==(iconv_t)-1) {
	200	debuga(_("iconv cannot convert from UTF-8 to %s: %s\n"),LDAPNativeCharset,strerror(errno));
	201	exit(EXIT_FAILURE);
	202	}
	203	}
	204	ldapconvbuffer=NULL;
	205	ldapconvbuffersize=0;
	206	#endif
	207
9bd92830	208	/* Initializing cache */
7179962a	209
9bd92830	210	init_cache();
7179962a PO	211	}
7179962a PO	212
fd75cd90 FM	213	const char * charset_convert( const char * str_in, const char * charset_to )
	214	{
	215	#ifdef USE_ICONV
	216	size_t return_value;
	217	const char * str_in_orig;
	218	char * str_out;
	219	size_t str_in_len;
	220	size_t str_out_len;
	221
26ed86a9	222	str_in_len = strlen( str_in ) + 1;//process the terminating NUL too
fd75cd90 FM	223	str_out_len = ( 2 * str_in_len );
	224	if (ldapconvbuffer==NULL \|\| ldapconvbuffersize<str_out_len) {
	225	ldapconvbuffersize=str_out_len;
26ed86a9	226	str_out = realloc(ldapconvbuffer,ldapconvbuffersize);
fd75cd90 FM	227	if (!str_out) {
	228	debuga(_("Not enough memory to convert a LDAP returned string: %lu bytes required\n"),(unsigned long int)str_out_len);
	229	exit(EXIT_FAILURE);
	230	}
	231	ldapconvbuffer = str_out;
	232	} else {
	233	str_out = ldapconvbuffer;
26ed86a9	234	str_out_len = ldapconvbuffersize;
fd75cd90 FM	235	}
	236	str_in_orig = str_in;
	237	return_value = iconv(ldapiconv, (ICONV_CONST char **)&str_in, &str_in_len, &str_out, &str_out_len );
	238	if ( return_value == ( size_t ) -1 ) {
96dadc9f	239	debuga(_("iconv failed in string \"%s\":\n"),str_in_orig);
fd75cd90 FM	240	switch ( errno ) {
	241	/* See "man 3 iconv" for an explanation. */
	242	case EILSEQ:
	243	debuga(_("Invalid multibyte sequence.\n"));
	244	break;
	245	case EINVAL:
	246	debuga(_("Incomplete multibyte sequence.\n"));
	247	break;
	248	case E2BIG:
	249	debuga(_("No more room.\n"));
	250	break;
	251	default:
	252	debuga(_("Error: %s.\n"),strerror( errno ));
	253	}
	254	exit(EXIT_FAILURE);
	255	}
	256	return(ldapconvbuffer);
	257	#else //USE_ICONV
	258	return(str_in);
	259	#endif //USE_ICONV
	260	}
	261
965c4a6f FM	262	static void get_ldap_name(const char userlogin,char mappedname,int namelen)
965c4a6f FM	263	{
9bd92830 FM	264	/* Start searching username in cache */
	265	// According to rfc2254 section 4, only *()\ and NUL must be escaped. This list is rather conservative !
	266	const char strictchars[] = " ~!@^&(){}\|<>?:;\"\'\\[]`,\r\n\0";
	267	char filtersearch[256], *searched_in_cache;
	268	char searchloginname[3*MAX_USER_LEN];
	269	char attr, *vals;
fd75cd90	270	const char *attr_out;
0ee7618e	271	const char *ptr;
9bd92830 FM	272	LDAPMessage result, e;
	273	BerElement *ber;
	274	int i;
d1d8390c FM	275	int slen;
d1d8390c FM	276	int rc;
0bfbafc0	277	char *attrs[2];
0ee7618e FM	278
	279	searched_in_cache = search_in_cache(userlogin);
	280	if (searched_in_cache!=NULL) {
a87d4d11	281	safe_strcpy(mappedname, searched_in_cache,namelen);
0ee7618e FM	282	return;
0ee7618e FM	283	}
1b048c43	284
0ee7618e	285	// escape characters according to rfc2254 section 4
d1d8390c	286	for (slen=0 , ptr=userlogin ; slen<sizeof(searchloginname)-1 && *ptr ; ptr++) {
0ee7618e	287	if (strchr(strictchars,*ptr)) {
d1d8390c	288	if (slen+3>=sizeof(searchloginname)-1) break;
63413116	289	slen+=sprintf(searchloginname+slen,"\\%02X",*ptr);
9bd92830	290	} else {
d1d8390c	291	searchloginname[slen++]=*ptr;
9bd92830 FM	292	}
9bd92830 FM	293	}
d1d8390c FM	294	searchloginname[slen]='\0';
	295
	296	i=0;
	297	ptr=LDAPFilterSearch;
	298	while (i<sizeof(filtersearch)-1 && *ptr) {
	299	if (ptr[0]=='%' && ptr[1]=='s') {
	300	if (i+slen>=sizeof(filtersearch)) break;
	301	memcpy(filtersearch+i,searchloginname,slen);
	302	i+=slen;
	303	ptr+=2;
	304	} else {
	305	filtersearch[i++]=*ptr++;
	306	}
	307	}
	308	filtersearch[i]='\0';
965c4a6f	309
0ee7618e FM	310	/* Search record(s) in LDAP base */
0ee7618e FM	311	attrs[0]=LDAPTargetAttr;
0bfbafc0	312	attrs[1]=NULL;
d1d8390c	313	rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
0ee7618e FM	314	if (rc != LDAP_SUCCESS) {
	315	debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
	316	debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
a87d4d11	317	safe_strcpy(mappedname,userlogin,namelen);
0ee7618e FM	318	return;
0ee7618e FM	319	}
965c4a6f	320
0ee7618e FM	321	if (!(e = ldap_first_entry(ldap_handle, result))) {
0ee7618e FM	322	insert_to_cache(userlogin, userlogin);
a87d4d11	323	safe_strcpy(mappedname, userlogin,namelen);
0ee7618e FM	324	return;
0ee7618e FM	325	}
965c4a6f	326
0ee7618e FM	327	for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
	328	if (!strcasecmp(attr, LDAPTargetAttr)) {
	329	if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
fd75cd90 FM	330	attr_out = charset_convert( vals[0], LDAPNativeCharset );
	331	insert_to_cache(userlogin, attr_out);
	332	safe_strcpy(mappedname, attr_out, namelen);
0ee7618e	333	ldap_memfree(vals);
9bd92830	334	}
0ee7618e FM	335	ldap_memfree(attr);
	336	break;
	337	}
	338	ldap_memfree(attr);
9bd92830	339	}
0ee7618e	340	ldap_msgfree(result);
965c4a6f FM	341	}
	342	#endif //HAVE_LDAP_H
	343
	344	void init_usertab(const char *UserTabFile)
	345	{
9bd92830 FM	346	if (strcmp(UserTabFile, "ldap") == 0) {
	347	if(debug)
	348	debuga(_("Loading User table: %s\n"),UserTabFile);
965c4a6f	349	#ifdef HAVE_LDAP_H
9bd92830 FM	350	which_usertab=UTT_Ldap;
9bd92830 FM	351	init_ldap_usertab();
965c4a6f	352	#else
9bd92830 FM	353	debuga(_("LDAP module not compiled in sarg\n"));
9bd92830 FM	354	exit(EXIT_FAILURE);
965c4a6f	355	#endif //HAVE_LDAP_H
9bd92830 FM	356	} else if (UserTabFile[0] != '\0') {
	357	if(debug)
	358	debuga(_("Loading User table: %s\n"),UserTabFile);
	359	which_usertab=UTT_File;
	360	init_file_usertab(UserTabFile);
	361	} else {
	362	which_usertab=UTT_None;
	363	}
965c4a6f FM	364	}
	365
	366	void user_find(char mappedname, int namelen, const char userlogin)
	367	{
9bd92830 FM	368	if (which_usertab==UTT_File) {
	369	get_usertab_name(userlogin,mappedname,namelen);
	370	}
965c4a6f	371	#ifdef HAVE_LDAP_H
9bd92830 FM	372	else if (which_usertab==UTT_Ldap) {
	373	get_ldap_name(userlogin,mappedname,namelen);
	374	}
965c4a6f	375	#endif //HAVE_LDAP_H
9bd92830	376	else {
a87d4d11	377	safe_strcpy(mappedname,userlogin,namelen);
9bd92830	378	}
7179962a PO	379	}
7179962a PO	380
965c4a6f FM	381	void close_usertab(void)
	382	{
	383	#ifdef HAVE_LDAP_H
9bd92830 FM	384	if (ldap_handle) {
	385	destroy_cache();
	386	ldap_unbind(ldap_handle);
	387	ldap_handle=NULL;
	388	}
965c4a6f	389	#endif //HAVE_LDAP_H
fd75cd90 FM	390	#ifdef USE_ICONV
	391	if (ldapiconv!=(iconv_t)-1) {
	392	iconv_close (ldapiconv);
	393	ldapiconv=(iconv_t)-1;
	394	}
	395	if (ldapconvbuffer) {
	396	free(ldapconvbuffer);
	397	ldapconvbuffer=NULL;
	398	}
	399	#endif // USE_ICONV
9bd92830 FM	400	if(userfile) {
	401	free(userfile);
	402	userfile=NULL;
	403	}
7179962a PO	404	}
7179962a PO	405