Adding "quick and dirty" workaround for possible bug in libcurl for windows.

Perry Werneck
1 parent 1c05e713
Showing 5 changed files with 140 additions and 77 deletions Show diff stats
.gitignore
src/lib3270/ssl/linux/getcrl.c
src/lib3270/ssl/windows/getcrl.c
src/lib3270/testprogram/testprogram.c
src/lib3270/trace_ds.c
@@ -24,7 +24,8 @@ versions
 ChangeLog*
 Makefile
 aclocal.m4
-configure
+configure*
+*.trace
 autom4te.cache
 makegtkruntime.sh
 copydeps.sh
@@ -252,71 +252,40 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 	}
 #ifdef HAVE_LDAP
-	else if(strncasecmp(consturl,"ldap",4) == 0)
+	else if(strncasecmp(consturl,"ldap://",7) == 0 && strlen(consturl) > 8)
 	{
 		int	rc;
 		lib3270_autoptr(char) url = strdup(consturl);
-
+		char * base = strchr(url+7,'/');
 		char * attrs[] = { NULL, NULL };
-		char * base = NULL;
-		const struct _args
+        if(!base)
 		{
-			const char	*  name;
-			char 		** value;
+			message->error = hSession->ssl.error = 0;
+			message->title = N_( "Security error" );
+			message->text = N_( "No DN of the entry at which to start the search on the URL" );
+			message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
+			return NULL;
 		}
-		args[] =
-		{
-			{ "attr",	&attrs[0]	},
-			{ "base",	&base		}
-		};
-
-		// Get arguments
-		size_t arg;
-		char 	*  ptr = strchr(url,'?');
-		while(ptr)
-		{
-            *(ptr++) = 0;
-            char *value = strchr(ptr,'=');
-            if(!value)
-			{
-				message->error = hSession->ssl.error = 0;
-				message->title = N_( "Security error" );
-				message->text = N_( "Invalid argument format" );
-				message->description = "The URL argument should be in the format name=value";
-				return NULL;
-			}
-
-			*(value++) = 0;
-
-			debug("%s=%s",ptr,value);
-			for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++)
-			{
-                if(!strcasecmp(ptr,args[arg].name))
-				{
-					*args[arg].value = value;
-					debug("%s=\"%s\"",args[arg].name,*args[arg].value);
-				}
-			}
-
-            ptr = strchr(value,'&');
-		}
+		*(base++) = 0;
+        attrs[0] = strchr(base,'?');
-		// Do we get all the required arguments?
-		for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++)
+        if(!base)
 		{
-			if(!*args[arg].value)
-			{
-				message->error = hSession->ssl.error = 0;
-				message->title = N_( "Security error" );
-				message->text = N_( "Can't set LDAP query" );
-				message->description = N_("Insuficient arguments");
-				lib3270_write_log(hSession,"ssl","%s: Required argument \"%s\" is missing",url, args[arg].name);
-				return NULL;
-			}
+			message->error = hSession->ssl.error = 0;
+			message->title = N_( "Security error" );
+			message->text = N_( "No LDAP attribute on the URL" );
+			message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
+			return NULL;
 		}
+        *(attrs[0]++) = 0;
+
+        debug("host: \"%s\"",url);
+        debug("Base: \"%s\"",base);
+        debug("Attr: \"%s\"",attrs[0]);
+
 		// Do LDAP Query
 		LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;
 		BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;
@@ -401,6 +370,16 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 			return NULL;
 		}
+		if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+		{
+			lib3270_trace_data(
+				hSession,
+				"CRL Data received from LDAP server",
+				(const char *) value[0]->bv_val,
+				value[0]->bv_len
+			);
+		}
+
 		// Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.
 		const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;
@@ -485,7 +464,18 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 				return NULL;
 			}
-			debug("content-type: %s",ct);
+			/*
+			if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+			{
+				lib3270_autoptr(char) msg = lib3270_strdup_printf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
+				lib3270_trace_data(
+					hSession,
+					msg,
+					(const char *) crl_data->contents,
+					crl_data->length
+				);
+			}
+			*/
 			if(ct)
 			{
@@ -526,8 +516,6 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 				}
 				data += 3;
-				debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));
-
 				lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
 				BIO * b64 = BIO_new(BIO_f_base64());
@@ -292,6 +292,19 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 				return NULL;
 			}
+			/*
+			if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
+			{
+				lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
+				lib3270_trace_data(
+					data->hSession,
+					msg,
+					(const char *) crl_data->contents,
+					crl_data->length
+				);
+			}
+			*/
+
 			if(ct)
 			{
 				const unsigned char * data = crl_data->contents;
@@ -321,35 +334,76 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 			}
 			else if(strncasecmp(consturl,"ldap://",7) == 0)
 			{
-				// It's an LDAP query, assumes a base64 data.
-				trace_ssl(crl_data->hSession, "No mime-type, assuming LDAP/BASE64");
+				// LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.
+				char * attr = strchr(consturl,'?');
+				if(!attr)
+				{
+					message->error = hSession->ssl.error = 0;
+					message->title = N_( "Security error" );
+					message->text = N_( "No attribute in LDAP search URL" );
+					return NULL;
+				}
+
+				attr++;
+
+				//
+				// There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to
+				// base64, because of this I've to extract the BER directly.
+				//
+				// This is an ugly solution, I know!
+				//
+
+				lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
+				trace_ssl(crl_data->hSession, text);
+
+				lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
+				char *ptr = strstr((char *) crl_data->contents, key);
+
+				debug("key=\"%s\" ptr=%p",key,ptr)
-				char * data = strstr((char *) crl_data->contents,":: ");
-				if(!data)
+				if(!ptr)
 				{
-					message->error = hSession->ssl.error = ERR_get_error();
+					message->error = hSession->ssl.error = 0;
 					message->title = N_( "Security error" );
-					message->text = N_( "Got an invalid CRL from LDAP server" );
+					message->text = N_( "Can't find attribute in LDAP response" );
 					return NULL;
 				}
-				data += 3;
-				debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));
+				ptr += strlen(key);
+				size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));
+				size_t ix;
-				lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
+				for(ix = 0; ix < (length-1); ix++)
+				{
+					if(ptr[ix] == '\n' && ptr[ix+1] == '\n')
+						break;
+				}
-				BIO * b64 = BIO_new(BIO_f_base64());
-				bio = BIO_push(b64, bio);
+				debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix);
-				BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+				if(ix >= length)
+				{
+					message->error = hSession->ssl.error = 0;
+					message->title = N_( "Security error" );
+					message->text = N_( "Can't find attribute end in LDAP response" );
+					return NULL;
+				}
+
+				length = ix;
+
+				lib3270_trace_data(
+					hSession,
+					"CRL Data received from LDAP server",
+					(const char *) ptr,
+					length
+				);
-				if(!d2i_X509_CRL_bio(bio, &crl))
+				if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))
 				{
 					message->error = hSession->ssl.error = ERR_get_error();
 					message->title = N_( "Security error" );
-					message->text = N_( "Got an invalid CRL from server" );
+					message->text = N_( "Can't get CRL from LDAP Search" );
 					lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
-					return NULL;
 				}
 			}
@@ -6,9 +6,22 @@
 #include <lib3270.h>
 #include <lib3270/actions.h>
+#include <lib3270/trace.h>
 #define MAX_ARGS 10
+const char *trace_file = "test.trace";
+
+static void write_trace(H3270 *session, void *userdata, const char *fmt, va_list args)
+{
+	FILE *out = fopen(trace_file,"a");
+	if(out)
+	{
+		vfprintf(out,fmt,args);
+		fclose(out);
+	}
+}
+
 int main(int argc, char *argv[])
 {
 //	#pragma GCC diagnostic push
@@ -16,6 +29,7 @@ int main(int argc, char *argv[])
 	static struct option options[] = {
 		{ "crl",		required_argument,	0,	'C' },
 		{ "url",		required_argument,	0,	'U' },
+		{ "tracefile",	required_argument,	0,	't' },
 		{ 0, 0, 0, 0}
@@ -32,7 +46,7 @@ int main(int argc, char *argv[])
 	int long_index =0;
 	int opt;
-	while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
+	while((opt = getopt_long(argc, argv, "C:U:t:", options, &long_index )) != -1) {
 		switch(opt) {
 		case 'U':
 			lib3270_set_url(h,optarg);
@@ -41,6 +55,11 @@ int main(int argc, char *argv[])
 		case 'C':
 			lib3270_set_crl_url(h,optarg);
 			break;
+
+		case 't':
+			trace_file = optarg;
+			lib3270_set_trace_handler(h,write_trace,NULL);
+			break;
 		}
 	}
@@ -31,9 +31,8 @@
  */
-/*
- *	trace_ds.c
- *		3270 data stream tracing.
+/**
+ * @brief 3270 data stream tracing.
  *
  */
@@ -193,7 +192,9 @@ void trace_ssl(H3270 *session, const char *fmt, ...)
 }
-/* Write to the trace file. */
+/**
+ * @brief Write to the trace file.
+ */
 static void wtrace(H3270 *session, const char *fmt, ...)
 {
 	va_list args;
	@@ -292,6 +292,19 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)		@@ -292,6 +292,19 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)
292	return NULL;	292	return NULL;
293	}	293	}
294		294
		295	+ /*
		296	+ if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
		297	+ {
		298	+ lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
		299	+ lib3270_trace_data(
		300	+ data->hSession,
		301	+ msg,
		302	+ (const char *) crl_data->contents,
		303	+ crl_data->length
		304	+ );
		305	+ }
		306	+ */
		307	+
295	if(ct)	308	if(ct)
296	{	309	{
297	const unsigned char * data = crl_data->contents;	310	const unsigned char * data = crl_data->contents;
	@@ -321,35 +334,76 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)		@@ -321,35 +334,76 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)
321	}	334	}
322	else if(strncasecmp(consturl,"ldap://",7) == 0)	335	else if(strncasecmp(consturl,"ldap://",7) == 0)
323	{	336	{
324	- // It's an LDAP query, assumes a base64 data.
325	- trace_ssl(crl_data->hSession, "No mime-type, assuming LDAP/BASE64");	337	+ // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.
		338	+ char * attr = strchr(consturl,'?');
		339	+ if(!attr)
		340	+ {
		341	+ message->error = hSession->ssl.error = 0;
		342	+ message->title = N_( "Security error" );
		343	+ message->text = N_( "No attribute in LDAP search URL" );
		344	+ return NULL;
		345	+ }
		346	+
		347	+ attr++;
		348	+
		349	+ //
		350	+ // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to
		351	+ // base64, because of this I've to extract the BER directly.
		352	+ //
		353	+ // This is an ugly solution, I know!
		354	+ //
		355	+
		356	+ lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
		357	+ trace_ssl(crl_data->hSession, text);
		358	+
		359	+ lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
		360	+ char ptr = strstr((char ) crl_data->contents, key);
		361	+
		362	+ debug("key=\"%s\" ptr=%p",key,ptr)
326		363
327	- char * data = strstr((char *) crl_data->contents,":: ");
328	- if(!data)	364	+ if(!ptr)
329	{	365	{
330	- message->error = hSession->ssl.error = ERR_get_error();	366	+ message->error = hSession->ssl.error = 0;
331	message->title = N_( "Security error" );	367	message->title = N_( "Security error" );
332	- message->text = N_( "Got an invalid CRL from LDAP server" );	368	+ message->text = N_( "Can't find attribute in LDAP response" );
333	return NULL;	369	return NULL;
334	}	370	}
335	- data += 3;
336		371
337	- debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));	372	+ ptr += strlen(key);
		373	+ size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));
		374	+ size_t ix;
338		375
339	- lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);	376	+ for(ix = 0; ix < (length-1); ix++)
		377	+ {
		378	+ if(ptr[ix] == '\n' && ptr[ix+1] == '\n')
		379	+ break;
		380	+ }
340		381
341	- BIO * b64 = BIO_new(BIO_f_base64());
342	- bio = BIO_push(b64, bio);	382	+ debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix);
343		383
344	- BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);	384	+ if(ix >= length)
		385	+ {
		386	+ message->error = hSession->ssl.error = 0;
		387	+ message->title = N_( "Security error" );
		388	+ message->text = N_( "Can't find attribute end in LDAP response" );
		389	+ return NULL;
		390	+ }
		391	+
		392	+ length = ix;
		393	+
		394	+ lib3270_trace_data(
		395	+ hSession,
		396	+ "CRL Data received from LDAP server",
		397	+ (const char *) ptr,
		398	+ length
		399	+ );
345		400
346	- if(!d2i_X509_CRL_bio(bio, &crl))	401	+ if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))
347	{	402	{
348	message->error = hSession->ssl.error = ERR_get_error();	403	message->error = hSession->ssl.error = ERR_get_error();
349	message->title = N_( "Security error" );	404	message->title = N_( "Security error" );
350	- message->text = N_( "Got an invalid CRL from server" );	405	+ message->text = N_( "Can't get CRL from LDAP Search" );
351	lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);	406	lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
352	- return NULL;
353	}	407	}
354		408
355	}	409	}