mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 15:23:51 +00:00
Bug 357668: merging Sun and Mozilla libldap: bring new srcs unique to Sun branch
This commit is contained in:
parent
e80d3b3302
commit
4dede094f4
@ -46,8 +46,7 @@ extern "C" {
|
|||||||
|
|
||||||
#define LDAP_PORT_MAX 65535 /* API extension */
|
#define LDAP_PORT_MAX 65535 /* API extension */
|
||||||
#define LDAP_VERSION1 1 /* API extension */
|
#define LDAP_VERSION1 1 /* API extension */
|
||||||
#define LDAP_VERSION LDAP_VERSION2 /* API extension */
|
#define LDAP_VERSION LDAP_VERSION3 /* API extension */
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* C LDAP features we support that are not (yet) part of the LDAP C API
|
* C LDAP features we support that are not (yet) part of the LDAP C API
|
||||||
@ -105,20 +104,29 @@ extern "C" {
|
|||||||
#define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18" /* version 2
|
#define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18" /* version 2
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* Authorization Identity Request and Response Controls */
|
||||||
|
#define LDAP_CONTROL_AUTHZID_REQ "2.16.840.1.113730.3.4.16"
|
||||||
|
#define LDAP_CONTROL_AUTHZID_RES "2.16.840.1.113730.3.4.15"
|
||||||
|
|
||||||
/* Authentication request and response controls */
|
/* Authentication request and response controls */
|
||||||
#define LDAP_CONTROL_AUTH_REQUEST "2.16.840.1.113730.3.4.16"
|
#define LDAP_CONTROL_AUTH_REQUEST LDAP_CONTROL_AUTHZID_REQ
|
||||||
#define LDAP_CONTROL_AUTH_RESPONSE "2.16.840.1.113730.3.4.15"
|
#define LDAP_CONTROL_AUTH_RESPONSE LDAP_CONTROL_AUTHZID_RES
|
||||||
|
|
||||||
/* Password information sent back to client */
|
/* Password information sent back to client */
|
||||||
#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
|
#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
|
||||||
#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
|
#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
|
||||||
|
|
||||||
/* Proposed standard password policy controls */
|
/* Password Policy Control */
|
||||||
#define LDAP_X_CONTROL_PWPOLICY_REQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
|
#define LDAP_CONTROL_PASSWD_POLICY "1.3.6.1.4.1.42.2.27.8.5.1"
|
||||||
#define LDAP_X_CONTROL_PWPOLICY_RESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
|
|
||||||
|
/* Password Policy Control compatibility macros */
|
||||||
|
#define LDAP_X_CONTROL_PWPOLICY_REQUEST LDAP_CONTROL_PASSWD_POLICY
|
||||||
|
#define LDAP_X_CONTROL_PWPOLICY_RESPONSE LDAP_CONTROL_PASSWD_POLICY
|
||||||
|
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST LDAP_CONTROL_PASSWD_POLICY
|
||||||
|
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE LDAP_CONTROL_PASSWD_POLICY
|
||||||
|
|
||||||
/* Password Modify Extended Operation */
|
/* Password Modify Extended Operation */
|
||||||
#define LDAP_CONTROL_EXT_PASSWD_MODIFY "1.3.6.1.4.1.4203.1.11.1"
|
#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
|
||||||
|
|
||||||
/* Suppress virtual/inherited attribute values */
|
/* Suppress virtual/inherited attribute values */
|
||||||
#define LDAP_CONTROL_REAL_ATTRS_ONLY "2.16.840.1.113730.3.4.17"
|
#define LDAP_CONTROL_REAL_ATTRS_ONLY "2.16.840.1.113730.3.4.17"
|
||||||
@ -126,9 +134,20 @@ extern "C" {
|
|||||||
/* Only return virtual/inherited attribute values */
|
/* Only return virtual/inherited attribute values */
|
||||||
#define LDAP_CONTROL_VIRTUAL_ATTRS_ONLY "2.16.840.1.113730.3.4.19"
|
#define LDAP_CONTROL_VIRTUAL_ATTRS_ONLY "2.16.840.1.113730.3.4.19"
|
||||||
|
|
||||||
|
/* getEffectiveRights request */
|
||||||
|
#define LDAP_CONTROL_GETEFFECTIVERIGHTS_REQUEST "1.3.6.1.4.1.42.2.27.9.5.2"
|
||||||
|
|
||||||
|
/* Password Policy Control to get account availability */
|
||||||
|
#define LDAP_CONTROL_ACCOUNT_USABLE "1.3.6.1.4.1.42.2.27.9.5.8"
|
||||||
|
|
||||||
|
/* "Who am I?" Extended Operation */
|
||||||
|
#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
|
||||||
|
|
||||||
LDAP_API(void) LDAP_CALL ldap_ber_free( BerElement *ber, int freebuf );
|
LDAP_API(void) LDAP_CALL ldap_ber_free( BerElement *ber, int freebuf );
|
||||||
|
|
||||||
|
LDAP_API(LDAPControl *) LDAP_CALL ldap_find_control( const char *oid,
|
||||||
|
LDAPControl **ctrls );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Server side sorting of search results (an LDAPv3 extension --
|
* Server side sorting of search results (an LDAPv3 extension --
|
||||||
* LDAP_API_FEATURE_SERVER_SIDE_SORT)
|
* LDAP_API_FEATURE_SERVER_SIDE_SORT)
|
||||||
@ -139,6 +158,39 @@ typedef struct LDAPsortkey { /* structure for a sort-key */
|
|||||||
int sk_reverseorder;
|
int sk_reverseorder;
|
||||||
} LDAPsortkey;
|
} LDAPsortkey;
|
||||||
|
|
||||||
|
/* where LDAP_CONTROL_ACCOUNT_USABLE control parse results */
|
||||||
|
typedef struct LDAPuserstatus { /* user account availability */
|
||||||
|
unsigned int us_available; /* availability status */
|
||||||
|
#define LDAP_US_ACCOUNT_USABLE 1
|
||||||
|
#define LDAP_US_ACCOUNT_NOT_USABLE 0
|
||||||
|
int us_expire; /* will expire in seconds */
|
||||||
|
int us_inactive; /* boolean inactivation status */
|
||||||
|
#define LDAP_US_ACCOUNT_ACTIVE 0
|
||||||
|
#define LDAP_US_ACCOUNT_INACTIVE 1
|
||||||
|
int us_reset; /* boolean password reset */
|
||||||
|
#define LDAP_US_ACCOUNT_NOT_RESET 0
|
||||||
|
#define LDAP_US_ACCOUNT_RESET 1
|
||||||
|
int us_expired; /* boolean password expired */
|
||||||
|
#define LDAP_US_ACCOUNT_NOT_EXPIRED 0
|
||||||
|
#define LDAP_US_ACCOUNT_EXPIRED 1
|
||||||
|
int us_remaining; /* remaining logins */
|
||||||
|
int us_seconds; /* will unlock in seconds */
|
||||||
|
} LDAPuserstatus;
|
||||||
|
|
||||||
|
/* LDAP_CONTROL_PASSWD_POLICY results */
|
||||||
|
typedef enum passpolicyerror_enum {
|
||||||
|
PP_passwordExpired = 0,
|
||||||
|
PP_accountLocked = 1,
|
||||||
|
PP_changeAfterReset = 2,
|
||||||
|
PP_passwordModNotAllowed = 3,
|
||||||
|
PP_mustSupplyOldPassword = 4,
|
||||||
|
PP_insufficientPasswordQuality = 5,
|
||||||
|
PP_passwordTooShort = 6,
|
||||||
|
PP_passwordTooYoung = 7,
|
||||||
|
PP_passwordInHistory = 8,
|
||||||
|
PP_noError = 65535
|
||||||
|
} LDAPPasswordPolicyError;
|
||||||
|
|
||||||
LDAP_API(int) LDAP_CALL ldap_create_sort_control( LDAP *ld,
|
LDAP_API(int) LDAP_CALL ldap_create_sort_control( LDAP *ld,
|
||||||
LDAPsortkey **sortKeyList, const char ctl_iscritical,
|
LDAPsortkey **sortKeyList, const char ctl_iscritical,
|
||||||
LDAPControl **ctrlp );
|
LDAPControl **ctrlp );
|
||||||
@ -149,6 +201,39 @@ LDAP_API(void) LDAP_CALL ldap_free_sort_keylist( LDAPsortkey **sortKeyList );
|
|||||||
LDAP_API(int) LDAP_CALL ldap_create_sort_keylist( LDAPsortkey ***sortKeyList,
|
LDAP_API(int) LDAP_CALL ldap_create_sort_keylist( LDAPsortkey ***sortKeyList,
|
||||||
const char *string_rep );
|
const char *string_rep );
|
||||||
|
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_create_userstatus_control(
|
||||||
|
LDAP *ld, const char ctl_iscritical, LDAPControl **ctrlp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_parse_userstatus_control( LDAP *ld,
|
||||||
|
LDAPControl **ctrlp, LDAPuserstatus *us );
|
||||||
|
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_create_passwordpolicy_control( LDAP *ld,
|
||||||
|
LDAPControl **ctrlp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_create_passwordpolicy_control_ext( LDAP *ld,
|
||||||
|
const char ctl_iscritical, LDAPControl **ctrlp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_parse_passwordpolicy_control( LDAP *ld,
|
||||||
|
LDAPControl *ctrlp, ber_int_t *expirep, ber_int_t *gracep,
|
||||||
|
LDAPPasswordPolicyError *errorp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_parse_passwordpolicy_control_ext ( LDAP *ld,
|
||||||
|
LDAPControl **ctrlp, ber_int_t *expirep, ber_int_t *gracep,
|
||||||
|
LDAPPasswordPolicyError *errorp );
|
||||||
|
LDAP_API(const char *) LDAP_CALL ldap_passwordpolicy_err2txt(
|
||||||
|
LDAPPasswordPolicyError err );
|
||||||
|
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_create_authzid_control( LDAP *ld,
|
||||||
|
const char ctl_iscritical, LDAPControl **ctrlp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_parse_authzid_control( LDAP *ld,
|
||||||
|
LDAPControl **ctrlp, char **authzid );
|
||||||
|
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_whoami( LDAP *ld, LDAPControl **serverctrls,
|
||||||
|
LDAPControl **clientctrls, int *msgidp );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_whoami_s( LDAP *ld, struct berval **authzid,
|
||||||
|
LDAPControl **serverctrls, LDAPControl **clientctrls );
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_parse_whoami( LDAP *ld, LDAPMessage *result,
|
||||||
|
struct berval **authzid );
|
||||||
|
|
||||||
|
LDAP_API(int) LDAP_CALL ldap_create_geteffectiveRights_control( LDAP *ld,
|
||||||
|
const char *authzid, const char **attrlist, const char ctl_iscritical,
|
||||||
|
LDAPControl **ctrlp );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)
|
* Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)
|
||||||
|
@ -45,7 +45,7 @@ extern "C" {
|
|||||||
#define LDAP_VERSION1 1
|
#define LDAP_VERSION1 1
|
||||||
#define LDAP_VERSION2 2
|
#define LDAP_VERSION2 2
|
||||||
#define LDAP_VERSION3 3
|
#define LDAP_VERSION3 3
|
||||||
#define LDAP_VERSION LDAP_VERSION2
|
#define LDAP_VERSION LDAP_VERSION3
|
||||||
|
|
||||||
#define COMPAT20
|
#define COMPAT20
|
||||||
#define COMPAT30
|
#define COMPAT30
|
||||||
|
@ -177,6 +177,10 @@
|
|||||||
150 ber_sockbuf_free
|
150 ber_sockbuf_free
|
||||||
151 ber_get_next_buffer_ext
|
151 ber_get_next_buffer_ext
|
||||||
152 ber_svecfree
|
152 ber_svecfree
|
||||||
|
153 ber_get_buf_datalen
|
||||||
|
154 ber_get_buf_databegin
|
||||||
|
155 ber_stack_init
|
||||||
|
156 ber_sockbuf_free_data
|
||||||
|
|
||||||
200 ldap_memfree
|
200 ldap_memfree
|
||||||
201 ldap_ber_free
|
201 ldap_ber_free
|
||||||
@ -297,8 +301,22 @@
|
|||||||
533 ldap_x_calloc
|
533 ldap_x_calloc
|
||||||
534 ldap_x_realloc
|
534 ldap_x_realloc
|
||||||
535 ldap_x_free
|
535 ldap_x_free
|
||||||
|
#
|
||||||
536 ldap_create_proxiedauth_control
|
536 ldap_create_proxiedauth_control
|
||||||
#
|
#
|
||||||
|
537 ldap_create_geteffectiveRights_control
|
||||||
|
#
|
||||||
|
538 ldap_find_control
|
||||||
|
#
|
||||||
|
550 ldap_create_userstatus_control
|
||||||
|
551 ldap_parse_userstatus_control
|
||||||
|
#
|
||||||
|
560 ldap_create_passwordpolicy_control
|
||||||
|
561 ldap_create_passwordpolicy_control_ext
|
||||||
|
562 ldap_parse_passwordpolicy_control
|
||||||
|
563 ldap_parse_passwordpolicy_control_ext
|
||||||
|
564 ldap_passwordpolicy_err2txt
|
||||||
|
#
|
||||||
570 ldap_passwd
|
570 ldap_passwd
|
||||||
571 ldap_parse_passwd
|
571 ldap_parse_passwd
|
||||||
573 ldap_passwd_s
|
573 ldap_passwd_s
|
||||||
@ -306,6 +324,13 @@
|
|||||||
580 ldap_delete_result_entry
|
580 ldap_delete_result_entry
|
||||||
581 ldap_add_result_entry
|
581 ldap_add_result_entry
|
||||||
#
|
#
|
||||||
|
590 ldap_whoami
|
||||||
|
591 ldap_parse_whoami
|
||||||
|
592 ldap_whoami_s
|
||||||
|
#
|
||||||
|
600 ldap_create_authzid_control
|
||||||
|
601 ldap_parse_authzid_control
|
||||||
|
#
|
||||||
1000 ldap_memcache_init
|
1000 ldap_memcache_init
|
||||||
1001 ldap_memcache_set
|
1001 ldap_memcache_set
|
||||||
1002 ldap_memcache_get
|
1002 ldap_memcache_get
|
||||||
|
@ -47,6 +47,7 @@ include $(topsrcdir)/build.mk
|
|||||||
|
|
||||||
SRCS = abandon.c \
|
SRCS = abandon.c \
|
||||||
add.c \
|
add.c \
|
||||||
|
authzidctrl.c \
|
||||||
bind.c \
|
bind.c \
|
||||||
cache.c \
|
cache.c \
|
||||||
charray.c \
|
charray.c \
|
||||||
@ -66,6 +67,7 @@ SRCS = abandon.c \
|
|||||||
getattr.c \
|
getattr.c \
|
||||||
getdn.c \
|
getdn.c \
|
||||||
getdxbyname.c \
|
getdxbyname.c \
|
||||||
|
geteffectiverightsctrl.c \
|
||||||
getentry.c \
|
getentry.c \
|
||||||
getfilter.c \
|
getfilter.c \
|
||||||
getoption.c \
|
getoption.c \
|
||||||
@ -78,6 +80,7 @@ SRCS = abandon.c \
|
|||||||
proxyauthctrl.c \
|
proxyauthctrl.c \
|
||||||
psearch.c \
|
psearch.c \
|
||||||
pwmodext.c \
|
pwmodext.c \
|
||||||
|
pwpctrl.c \
|
||||||
referral.c \
|
referral.c \
|
||||||
regex.c \
|
regex.c \
|
||||||
rename.c \
|
rename.c \
|
||||||
@ -96,8 +99,10 @@ SRCS = abandon.c \
|
|||||||
unbind.c \
|
unbind.c \
|
||||||
unescape.c \
|
unescape.c \
|
||||||
url.c \
|
url.c \
|
||||||
|
userstatusctrl.c \
|
||||||
utf8.c \
|
utf8.c \
|
||||||
vlistctrl.c
|
vlistctrl.c \
|
||||||
|
whoami.c
|
||||||
|
|
||||||
ifeq ($(HAVE_SASL), 1)
|
ifeq ($(HAVE_SASL), 1)
|
||||||
SRCS += saslio.c
|
SRCS += saslio.c
|
||||||
|
157
directory/c-sdk/ldap/libraries/libldap/authzidctrl.c
Normal file
157
directory/c-sdk/ldap/libraries/libldap/authzidctrl.c
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
/* ***** BEGIN LICENSE BLOCK *****
|
||||||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
*
|
||||||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
* http://www.mozilla.org/MPL/
|
||||||
|
*
|
||||||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
* for the specific language governing rights and limitations under the
|
||||||
|
* License.
|
||||||
|
*
|
||||||
|
* The Original Code is Sun LDAP C SDK.
|
||||||
|
*
|
||||||
|
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
|
||||||
|
*
|
||||||
|
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
|
||||||
|
* Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Contributor(s): abobrov@sun.com
|
||||||
|
*
|
||||||
|
* Alternatively, the contents of this file may be used under the terms of
|
||||||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
* of those above. If you wish to allow use of your version of this file only
|
||||||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
* use your version of this file under the terms of the MPL, indicate your
|
||||||
|
* decision by deleting the provisions above and replace them with the notice
|
||||||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
* the provisions above, a recipient may use your version of this file under
|
||||||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
*
|
||||||
|
* ***** END LICENSE BLOCK ***** */
|
||||||
|
|
||||||
|
#include "ldap-int.h"
|
||||||
|
|
||||||
|
/* ldap_create_authzid_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctl_iscritical Indicates whether the control is critical of not.
|
||||||
|
If this field is non-zero, the operation will only be
|
||||||
|
carried out if the control is recognized by the server
|
||||||
|
and/or client
|
||||||
|
|
||||||
|
ctrlp the address of a place to put the constructed control
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_create_authzid_control (
|
||||||
|
LDAP *ld,
|
||||||
|
const char ctl_iscritical,
|
||||||
|
LDAPControl **ctrlp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return ( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = nsldapi_build_control( LDAP_CONTROL_AUTHZID_REQ,
|
||||||
|
NULL, NULL, ctl_iscritical, ctrlp );
|
||||||
|
|
||||||
|
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_parse_authzid_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctrlp An array of controls obtained from calling
|
||||||
|
ldap_parse_result on the set of results
|
||||||
|
returned by the server
|
||||||
|
|
||||||
|
authzid authorization identity, as defined in
|
||||||
|
RFC 2829, section 9.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_parse_authzid_control (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl **ctrlp,
|
||||||
|
char **authzid
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int i, foundAUTHZIDControl;
|
||||||
|
char *authzidp = NULL;
|
||||||
|
LDAPControl *AUTHZIDCtrlp = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* find the control in the list of controls if it exists */
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
}
|
||||||
|
foundAUTHZIDControl = 0;
|
||||||
|
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundAUTHZIDControl )); i++ ) {
|
||||||
|
foundAUTHZIDControl = !strcmp( ctrlp[i]->ldctl_oid,
|
||||||
|
LDAP_CONTROL_AUTHZID_RES );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The control is only included in a bind response if the resultCode
|
||||||
|
* for the bind operation is success.
|
||||||
|
*/
|
||||||
|
if ( !foundAUTHZIDControl ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
} else {
|
||||||
|
/* let local var point to the control */
|
||||||
|
AUTHZIDCtrlp = ctrlp[i-1];
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the bind request succeeded and resulted in an identity (not anonymous),
|
||||||
|
* the controlValue contains the authorization identity (authzid), as
|
||||||
|
* defined in [AUTH] section 9, granted to the requestor. If the bind
|
||||||
|
* request resulted in an anonymous association, the controlValue field
|
||||||
|
* is a string of zero length. If the bind request resulted in more
|
||||||
|
* than one authzid, the primary authzid is returned in the controlValue
|
||||||
|
* field.
|
||||||
|
*/
|
||||||
|
if ( AUTHZIDCtrlp && AUTHZIDCtrlp->ldctl_value.bv_val &&
|
||||||
|
AUTHZIDCtrlp->ldctl_value.bv_len ) {
|
||||||
|
authzidp = ( (char *)NSLDAPI_MALLOC(
|
||||||
|
( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) ) );
|
||||||
|
if ( authzidp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
|
||||||
|
return( LDAP_NO_MEMORY );
|
||||||
|
}
|
||||||
|
STRLCPY( authzidp, AUTHZIDCtrlp->ldctl_value.bv_val,
|
||||||
|
( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) );
|
||||||
|
*authzid = authzidp;
|
||||||
|
} else {
|
||||||
|
authzid = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return( LDAP_SUCCESS );
|
||||||
|
}
|
@ -152,7 +152,7 @@ cldap_open( char *host, int port )
|
|||||||
}
|
}
|
||||||
ld->ld_sbp->sb_sd = s;
|
ld->ld_sbp->sb_sd = s;
|
||||||
ld->ld_sbp->sb_naddr = 0;
|
ld->ld_sbp->sb_naddr = 0;
|
||||||
ld->ld_version = LDAP_VERSION;
|
ld->ld_version = LDAP_VERSION2;
|
||||||
|
|
||||||
sock.sin_family = AF_INET;
|
sock.sin_family = AF_INET;
|
||||||
sock.sin_port = htons( port );
|
sock.sin_port = htons( port );
|
||||||
|
@ -303,7 +303,30 @@ ldap_controls_free( LDAPControl **ctrls )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
LDAPControl *
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_find_control( const char *oid, LDAPControl **ctrls )
|
||||||
|
{
|
||||||
|
int i, foundControl;
|
||||||
|
LDAPControl *Ctrlp = NULL;
|
||||||
|
|
||||||
|
/* find the control in the list of controls if it exists */
|
||||||
|
if ( ctrls == NULL ) {
|
||||||
|
return ( NULL );
|
||||||
|
}
|
||||||
|
foundControl = 0;
|
||||||
|
for ( i = 0; (( ctrls[i] != NULL ) && ( !foundControl )); i++ ) {
|
||||||
|
foundControl = !strcmp( ctrls[i]->ldctl_oid, oid );
|
||||||
|
}
|
||||||
|
if ( !foundControl ) {
|
||||||
|
return ( NULL );
|
||||||
|
} else {
|
||||||
|
/* let local var point to the control */
|
||||||
|
Ctrlp = ctrls[i-1];
|
||||||
|
}
|
||||||
|
|
||||||
|
return( Ctrlp );
|
||||||
|
}
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
LDAPControl **
|
LDAPControl **
|
||||||
|
109
directory/c-sdk/ldap/libraries/libldap/geteffectiverightsctrl.c
Normal file
109
directory/c-sdk/ldap/libraries/libldap/geteffectiverightsctrl.c
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
/* ***** BEGIN LICENSE BLOCK *****
|
||||||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
*
|
||||||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
* http://www.mozilla.org/MPL/
|
||||||
|
*
|
||||||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
* for the specific language governing rights and limitations under the
|
||||||
|
* License.
|
||||||
|
*
|
||||||
|
* The Original Code is Sun LDAP C SDK.
|
||||||
|
*
|
||||||
|
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
|
||||||
|
*
|
||||||
|
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
|
||||||
|
* Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Contributor(s):
|
||||||
|
*
|
||||||
|
* Alternatively, the contents of this file may be used under the terms of
|
||||||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
* of those above. If you wish to allow use of your version of this file only
|
||||||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
* use your version of this file under the terms of the MPL, indicate your
|
||||||
|
* decision by deleting the provisions above and replace them with the notice
|
||||||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
* the provisions above, a recipient may use your version of this file under
|
||||||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
*
|
||||||
|
* ***** END LICENSE BLOCK ***** */
|
||||||
|
|
||||||
|
#include "ldap-int.h"
|
||||||
|
|
||||||
|
/* ldap_create_geteffectiveRights_control
|
||||||
|
|
||||||
|
Create Effective Rights control.
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
authzid RFC2829 section 9, eg "dn:<DN>".
|
||||||
|
NULL or empty string means get bound user's rights,
|
||||||
|
just "dn:" means get anonymous user's rights.
|
||||||
|
|
||||||
|
attrlist additional attributes for which rights info is
|
||||||
|
requrested. NULL means "just the ones returned
|
||||||
|
with the search operation".
|
||||||
|
|
||||||
|
ctl_iscritical Indicates whether the control is critical of not. If
|
||||||
|
this field is non-zero, the operation will only be car-
|
||||||
|
ried out if the control is recognized by the server
|
||||||
|
and/or client
|
||||||
|
|
||||||
|
ctrlp the address of a place to put the constructed control
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_create_geteffectiveRights_control (
|
||||||
|
LDAP *ld,
|
||||||
|
const char *authzid,
|
||||||
|
const char **attrlist,
|
||||||
|
const char ctl_iscritical,
|
||||||
|
LDAPControl **ctrlp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
BerElement *ber;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return ( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
if (NULL == authzid)
|
||||||
|
{
|
||||||
|
authzid = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* create a ber package to hold the controlValue */
|
||||||
|
if ( ( nsldapi_alloc_ber_with_options( ld, &ber ) ) != LDAP_SUCCESS ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
|
||||||
|
return( LDAP_NO_MEMORY );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( LBER_ERROR == ber_printf( ber, "{s{v}}", authzid, attrlist ) ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_ENCODING_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = nsldapi_build_control( LDAP_CONTROL_GETEFFECTIVERIGHTS_REQUEST, ber, 1,
|
||||||
|
ctl_iscritical, ctrlp );
|
||||||
|
|
||||||
|
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
|
||||||
|
return( rc );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -398,7 +398,7 @@ nsldapi_initialize_defaults( void )
|
|||||||
memset( &nsldapi_memalloc_fns, 0, sizeof( nsldapi_memalloc_fns ));
|
memset( &nsldapi_memalloc_fns, 0, sizeof( nsldapi_memalloc_fns ));
|
||||||
memset( &nsldapi_ld_defaults, 0, sizeof( nsldapi_ld_defaults ));
|
memset( &nsldapi_ld_defaults, 0, sizeof( nsldapi_ld_defaults ));
|
||||||
nsldapi_ld_defaults.ld_options = LDAP_BITOPT_REFERRALS;
|
nsldapi_ld_defaults.ld_options = LDAP_BITOPT_REFERRALS;
|
||||||
nsldapi_ld_defaults.ld_version = LDAP_VERSION2;
|
nsldapi_ld_defaults.ld_version = LDAP_VERSION3;
|
||||||
nsldapi_ld_defaults.ld_lberoptions = LBER_OPT_USE_DER;
|
nsldapi_ld_defaults.ld_lberoptions = LBER_OPT_USE_DER;
|
||||||
nsldapi_ld_defaults.ld_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;
|
nsldapi_ld_defaults.ld_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;
|
||||||
|
|
||||||
|
@ -130,8 +130,8 @@ ldap_passwd (
|
|||||||
requestdata = NULL;
|
requestdata = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = ldap_extended_operation( ld, LDAP_CONTROL_EXT_PASSWD_MODIFY,
|
rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, requestdata,
|
||||||
requestdata, serverctrls, clientctrls, msgidp );
|
serverctrls, clientctrls, msgidp );
|
||||||
|
|
||||||
/* the ber encoding is no longer needed */
|
/* the ber encoding is no longer needed */
|
||||||
if ( requestdata ) {
|
if ( requestdata ) {
|
||||||
|
315
directory/c-sdk/ldap/libraries/libldap/pwpctrl.c
Normal file
315
directory/c-sdk/ldap/libraries/libldap/pwpctrl.c
Normal file
@ -0,0 +1,315 @@
|
|||||||
|
/* ***** BEGIN LICENSE BLOCK *****
|
||||||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
*
|
||||||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
* http://www.mozilla.org/MPL/
|
||||||
|
*
|
||||||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
* for the specific language governing rights and limitations under the
|
||||||
|
* License.
|
||||||
|
*
|
||||||
|
* The Original Code is Sun LDAP C SDK.
|
||||||
|
*
|
||||||
|
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
|
||||||
|
*
|
||||||
|
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
|
||||||
|
* Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Contributor(s): abobrov@sun.com
|
||||||
|
*
|
||||||
|
* Alternatively, the contents of this file may be used under the terms of
|
||||||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
* of those above. If you wish to allow use of your version of this file only
|
||||||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
* use your version of this file under the terms of the MPL, indicate your
|
||||||
|
* decision by deleting the provisions above and replace them with the notice
|
||||||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
* the provisions above, a recipient may use your version of this file under
|
||||||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
*
|
||||||
|
* ***** END LICENSE BLOCK ***** */
|
||||||
|
|
||||||
|
#include "ldap-int.h"
|
||||||
|
|
||||||
|
/* ldap_create_passwordpolicy_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctrlp the address of a place to put the constructed control
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_create_passwordpolicy_control (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl **ctrlp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return ( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = nsldapi_build_control( LDAP_CONTROL_PASSWD_POLICY,
|
||||||
|
NULL, NULL, 0, ctrlp );
|
||||||
|
|
||||||
|
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_create_passwordpolicy_control_ext:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctl_iscritical Indicates whether the control is critical of not. If
|
||||||
|
this field is non-zero, the operation will only be car-
|
||||||
|
ried out if the control is recognized by the server
|
||||||
|
and/or client
|
||||||
|
|
||||||
|
ctrlp the address of a place to put the constructed control
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_create_passwordpolicy_control_ext (
|
||||||
|
LDAP *ld,
|
||||||
|
const char ctl_iscritical,
|
||||||
|
LDAPControl **ctrlp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return ( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = nsldapi_build_control( LDAP_CONTROL_PASSWD_POLICY,
|
||||||
|
NULL, NULL, ctl_iscritical, ctrlp );
|
||||||
|
|
||||||
|
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_parse_passwordpolicy_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctrlp pointer to LDAPControl structure, obtained from
|
||||||
|
calling ldap_find_control() or by other means.
|
||||||
|
|
||||||
|
exptimep result parameter is filled in with the number of seconds before
|
||||||
|
the password will expire.
|
||||||
|
|
||||||
|
gracep result parameter is filled in with the number of grace logins
|
||||||
|
after the password has expired.
|
||||||
|
|
||||||
|
errorcodep result parameter is filled in with the error code of the
|
||||||
|
password operation.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_parse_passwordpolicy_control (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl *ctrlp,
|
||||||
|
ber_int_t *expirep,
|
||||||
|
ber_int_t *gracep,
|
||||||
|
LDAPPasswordPolicyError *errorp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
ber_len_t len;
|
||||||
|
ber_tag_t tag;
|
||||||
|
ber_int_t pp_exp = -1;
|
||||||
|
ber_int_t pp_grace = -1;
|
||||||
|
ber_int_t pp_warning = -1;
|
||||||
|
ber_int_t pp_err = PP_noError;
|
||||||
|
BerElement *ber = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* allocate a Ber element with the contents of the control's struct berval */
|
||||||
|
if ( ( ber = ber_init( &ctrlp->ldctl_value ) ) == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
|
||||||
|
return( LDAP_NO_MEMORY );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The control value should look like this:
|
||||||
|
*
|
||||||
|
* PasswordPolicyResponseValue ::= SEQUENCE {
|
||||||
|
* warning [0] CHOICE {
|
||||||
|
* timeBeforeExpiration [0] INTEGER (0 .. maxInt),
|
||||||
|
* graceLoginsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL
|
||||||
|
* error [1] ENUMERATED {
|
||||||
|
* passwordExpired (0),
|
||||||
|
* accountLocked (1),
|
||||||
|
* changeAfterReset (2),
|
||||||
|
* passwordModNotAllowed (3),
|
||||||
|
* mustSupplyOldPassword (4),
|
||||||
|
* insufficientPasswordQuality (5),
|
||||||
|
* passwordTooShort (6),
|
||||||
|
* passwordTooYoung (7),
|
||||||
|
* passwordInHistory (8) } OPTIONAL }
|
||||||
|
*/
|
||||||
|
|
||||||
|
if ( ber_scanf( ber, "{" ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
tag = ber_peek_tag( ber, &len );
|
||||||
|
|
||||||
|
while ( (tag != LBER_ERROR) && (tag != LBER_END_OF_SEQORSET) ) {
|
||||||
|
if ( tag == ( LBER_CONSTRUCTED | LBER_CLASS_CONTEXT ) ) {
|
||||||
|
ber_skip_tag( ber, &len );
|
||||||
|
if ( ber_scanf( ber, "ti", &tag, &pp_warning ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
if ( tag == ( LBER_CLASS_CONTEXT | 0x01 ) ) {
|
||||||
|
pp_exp = pp_warning;
|
||||||
|
} else if ( tag == ( LBER_CLASS_CONTEXT | 0x02 ) ) {
|
||||||
|
pp_grace = pp_warning;
|
||||||
|
}
|
||||||
|
} else if ( tag == ( LBER_CLASS_CONTEXT | 0x01 ) ) {
|
||||||
|
if ( ber_scanf( ber, "ti", &tag, &pp_err ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ( tag == LBER_DEFAULT ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
tag = ber_skip_tag( ber, &len );
|
||||||
|
}
|
||||||
|
|
||||||
|
if (expirep) *expirep = pp_exp;
|
||||||
|
if (gracep) *gracep = pp_grace;
|
||||||
|
if (errorp) *errorp = pp_err;
|
||||||
|
|
||||||
|
/* the ber encoding is no longer needed */
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_SUCCESS );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_parse_passwordpolicy_control_ext:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctrlp An array of controls obtained from calling
|
||||||
|
ldap_parse_result on the set of results
|
||||||
|
returned by the server
|
||||||
|
|
||||||
|
exptimep result parameter is filled in with the number of seconds before
|
||||||
|
the password will expire.
|
||||||
|
|
||||||
|
gracep result parameter is filled in with the number of grace logins
|
||||||
|
after the password has expired.
|
||||||
|
|
||||||
|
errorcodep result parameter is filled in with the error code of the
|
||||||
|
password operation.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_parse_passwordpolicy_control_ext (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl **ctrlp,
|
||||||
|
ber_int_t *expirep,
|
||||||
|
ber_int_t *gracep,
|
||||||
|
LDAPPasswordPolicyError *errorp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int i, foundPPControl;
|
||||||
|
LDAPControl *PPCtrlp = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) || pp == NULL ) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* find the control in the list of controls if it exists */
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
}
|
||||||
|
foundPPControl = 0;
|
||||||
|
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundPPControl )); i++ ) {
|
||||||
|
foundPPControl = !strcmp( ctrlp[i]->ldctl_oid, LDAP_CONTROL_PASSWD_POLICY );
|
||||||
|
}
|
||||||
|
if ( !foundPPControl ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
} else {
|
||||||
|
/* let local var point to the control */
|
||||||
|
PPCtrlp = ctrlp[i-1];
|
||||||
|
}
|
||||||
|
|
||||||
|
return (
|
||||||
|
ldap_parse_passwordpolicy_control( ld, PPCtrlp, expirep, gracep, errorp ));
|
||||||
|
}
|
||||||
|
|
||||||
|
const char *
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_passwordpolicy_err2txt( LDAPPasswordPolicyError err )
|
||||||
|
{
|
||||||
|
switch(err) {
|
||||||
|
case PP_passwordExpired:
|
||||||
|
return "Password expired";
|
||||||
|
case PP_accountLocked:
|
||||||
|
return "Account locked";
|
||||||
|
case PP_changeAfterReset:
|
||||||
|
return "Password must be changed";
|
||||||
|
case PP_passwordModNotAllowed:
|
||||||
|
return "Policy prevents password modification";
|
||||||
|
case PP_mustSupplyOldPassword:
|
||||||
|
return "Policy requires old password in order to change password";
|
||||||
|
case PP_insufficientPasswordQuality:
|
||||||
|
return "Password fails quality checks";
|
||||||
|
case PP_passwordTooShort:
|
||||||
|
return "Password is too short for policy";
|
||||||
|
case PP_passwordTooYoung:
|
||||||
|
return "Password has been changed too recently";
|
||||||
|
case PP_passwordInHistory:
|
||||||
|
return "New password is in list of old passwords";
|
||||||
|
case PP_noError:
|
||||||
|
return "No error";
|
||||||
|
default:
|
||||||
|
return "Unknown error code";
|
||||||
|
}
|
||||||
|
}
|
229
directory/c-sdk/ldap/libraries/libldap/userstatusctrl.c
Normal file
229
directory/c-sdk/ldap/libraries/libldap/userstatusctrl.c
Normal file
@ -0,0 +1,229 @@
|
|||||||
|
/* ***** BEGIN LICENSE BLOCK *****
|
||||||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
*
|
||||||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
* http://www.mozilla.org/MPL/
|
||||||
|
*
|
||||||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
* for the specific language governing rights and limitations under the
|
||||||
|
* License.
|
||||||
|
*
|
||||||
|
* The Original Code is Sun LDAP C SDK.
|
||||||
|
*
|
||||||
|
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
|
||||||
|
*
|
||||||
|
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
|
||||||
|
* Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Contributor(s): abobrov@sun.com
|
||||||
|
*
|
||||||
|
* Alternatively, the contents of this file may be used under the terms of
|
||||||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
* of those above. If you wish to allow use of your version of this file only
|
||||||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
* use your version of this file under the terms of the MPL, indicate your
|
||||||
|
* decision by deleting the provisions above and replace them with the notice
|
||||||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
* the provisions above, a recipient may use your version of this file under
|
||||||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
*
|
||||||
|
* ***** END LICENSE BLOCK ***** */
|
||||||
|
|
||||||
|
#include "ldap-int.h"
|
||||||
|
|
||||||
|
/* ldap_create_userstatus_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctl_iscritical Indicates whether the control is critical of not. If
|
||||||
|
this field is non-zero, the operation will only be car-
|
||||||
|
ried out if the control is recognized by the server
|
||||||
|
and/or client
|
||||||
|
|
||||||
|
ctrlp the address of a place to put the constructed control
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_create_userstatus_control (
|
||||||
|
LDAP *ld,
|
||||||
|
const char ctl_iscritical,
|
||||||
|
LDAPControl **ctrlp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return ( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = nsldapi_build_control( LDAP_CONTROL_ACCOUNT_USABLE,
|
||||||
|
NULL, NULL, ctl_iscritical, ctrlp );
|
||||||
|
|
||||||
|
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_parse_userstatus_control:
|
||||||
|
|
||||||
|
Parameters are
|
||||||
|
|
||||||
|
ld LDAP pointer to the desired connection
|
||||||
|
|
||||||
|
ctrlp An array of controls obtained from calling
|
||||||
|
ldap_parse_result on the set of results
|
||||||
|
returned by the server
|
||||||
|
|
||||||
|
us the address of struct LDAPuserstatus
|
||||||
|
to parse control results to
|
||||||
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_parse_userstatus_control (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl **ctrlp,
|
||||||
|
LDAPuserstatus *us
|
||||||
|
)
|
||||||
|
{
|
||||||
|
BerElement *ber = NULL;
|
||||||
|
int i, foundUSControl;
|
||||||
|
LDAPControl *USCtrlp = NULL;
|
||||||
|
ber_len_t len;
|
||||||
|
ber_tag_t tag;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) || us == NULL ) {
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* find the control in the list of controls if it exists */
|
||||||
|
if ( ctrlp == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
}
|
||||||
|
foundUSControl = 0;
|
||||||
|
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundUSControl )); i++ ) {
|
||||||
|
foundUSControl = !strcmp( ctrlp[i]->ldctl_oid, LDAP_CONTROL_ACCOUNT_USABLE );
|
||||||
|
}
|
||||||
|
if ( !foundUSControl ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
|
||||||
|
return ( LDAP_CONTROL_NOT_FOUND );
|
||||||
|
} else {
|
||||||
|
/* let local var point to the control */
|
||||||
|
USCtrlp = ctrlp[i-1];
|
||||||
|
}
|
||||||
|
|
||||||
|
/* allocate a Ber element with the contents of the control's struct berval */
|
||||||
|
if ( ( ber = ber_init( &USCtrlp->ldctl_value ) ) == NULL ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
|
||||||
|
return( LDAP_NO_MEMORY );
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( us, 0, sizeof(struct LDAPuserstatus) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The control value should look like this:
|
||||||
|
*
|
||||||
|
* ACCOUNT_USABLE_RESPONSE::= CHOICE {
|
||||||
|
* is_available [0] INTEGER, ** seconds before expiration **
|
||||||
|
* is_not_available [1] More_info
|
||||||
|
* }
|
||||||
|
* More_info::= SEQUENCE {
|
||||||
|
* inactive [0] BOOLEAN DEFAULT FALSE,
|
||||||
|
* reset [1] BOOLEAN DEFAULT FALSE,
|
||||||
|
* expired [2] BOOLEAN DEFAULT FALSE,
|
||||||
|
* remaining_grace [3] INTEGER OPTIONAL,
|
||||||
|
* seconds_before_unlock [4] INTEGER OPTIONAL
|
||||||
|
* }
|
||||||
|
*/
|
||||||
|
|
||||||
|
if ( ( ber_scanf( ber, "t", &tag ) ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
tag = (( tag & LBER_CONSTRUCTED ) == LBER_CONSTRUCTED ) ? 1 : 0;
|
||||||
|
|
||||||
|
if ( !tag ) {
|
||||||
|
us->us_available = 1;
|
||||||
|
if ( ber_scanf( ber, "i", &us->us_expire ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
us->us_available = 0;
|
||||||
|
tag = 0;
|
||||||
|
if ( ( ber_scanf( ber, "{t", &tag ) ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
while ( tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET ) {
|
||||||
|
tag = tag & (~LBER_CLASS_CONTEXT);
|
||||||
|
switch (tag)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
if ( ber_scanf( ber, "b", &us->us_inactive ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
us->us_inactive = ( us->us_inactive != 0 ) ? 1 : 0;
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
if ( ber_scanf( ber, "b", &us->us_reset ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
us->us_reset = ( us->us_reset != 0 ) ? 1 : 0;
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
if ( ber_scanf( ber, "b", &us->us_expired ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
us->us_expired = ( us->us_expired != 0 ) ? 1 : 0;
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
if ( ber_scanf( ber, "i", &us->us_remaining ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
if ( ber_scanf( ber, "i", &us->us_seconds ) == LBER_ERROR ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_DECODING_ERROR );
|
||||||
|
}
|
||||||
|
ber_scanf( ber, "t", &tag );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* the ber encoding is no longer needed */
|
||||||
|
ber_free( ber, 1 );
|
||||||
|
return( LDAP_SUCCESS );
|
||||||
|
}
|
132
directory/c-sdk/ldap/libraries/libldap/whoami.c
Normal file
132
directory/c-sdk/ldap/libraries/libldap/whoami.c
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
/* ***** BEGIN LICENSE BLOCK *****
|
||||||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
*
|
||||||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
* http://www.mozilla.org/MPL/
|
||||||
|
*
|
||||||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
* for the specific language governing rights and limitations under the
|
||||||
|
* License.
|
||||||
|
*
|
||||||
|
* The Original Code is Sun LDAP C SDK.
|
||||||
|
*
|
||||||
|
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
|
||||||
|
*
|
||||||
|
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
|
||||||
|
* Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Contributor(s): abobrov@sun.com
|
||||||
|
*
|
||||||
|
* Alternatively, the contents of this file may be used under the terms of
|
||||||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
* of those above. If you wish to allow use of your version of this file only
|
||||||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
* use your version of this file under the terms of the MPL, indicate your
|
||||||
|
* decision by deleting the provisions above and replace them with the notice
|
||||||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
* the provisions above, a recipient may use your version of this file under
|
||||||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
*
|
||||||
|
* ***** END LICENSE BLOCK ***** */
|
||||||
|
|
||||||
|
#include "ldap-int.h"
|
||||||
|
|
||||||
|
/* ldap_whoami */
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_whoami (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPControl **serverctrls,
|
||||||
|
LDAPControl **clientctrls,
|
||||||
|
int *msgidp
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
struct berval *requestdata = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_extended_operation( ld, LDAP_EXOP_WHO_AM_I, requestdata,
|
||||||
|
serverctrls, clientctrls, msgidp );
|
||||||
|
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_parse_whoami */
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_parse_whoami (
|
||||||
|
LDAP *ld,
|
||||||
|
LDAPMessage *result,
|
||||||
|
struct berval **authzid
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
char *retoidp = NULL;
|
||||||
|
char *authzidp = NULL;
|
||||||
|
struct berval *retdatap = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
if ( !result ) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
*authzid = NULL;
|
||||||
|
|
||||||
|
rc = ldap_parse_extended_result( ld, result, &retoidp, authzid, 0 );
|
||||||
|
|
||||||
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
ldap_memfree( retoidp );
|
||||||
|
return( LDAP_SUCCESS );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ldap_whoami_s */
|
||||||
|
int
|
||||||
|
LDAP_CALL
|
||||||
|
ldap_whoami_s (
|
||||||
|
LDAP *ld,
|
||||||
|
struct berval **authzid,
|
||||||
|
LDAPControl **serverctrls,
|
||||||
|
LDAPControl **clientctrls
|
||||||
|
)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
int msgid;
|
||||||
|
LDAPMessage *result = NULL;
|
||||||
|
|
||||||
|
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
|
||||||
|
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
|
||||||
|
return( LDAP_PARAM_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_whoami( ld, serverctrls, clientctrls, &msgid );
|
||||||
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
|
return( rc );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result );
|
||||||
|
if ( rc == -1 ) {
|
||||||
|
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_parse_whoami( ld, result, authzid );
|
||||||
|
|
||||||
|
ldap_msgfree( result );
|
||||||
|
|
||||||
|
return( rc );
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user