Bug 357668: merging Sun and Mozilla libldap: bring new srcs unique to Sun branch

This commit is contained in:
anton.bobrov%sun.com 2006-11-13 13:52:52 +00:00
parent e80d3b3302
commit 4dede094f4
13 changed files with 1096 additions and 16 deletions

View File

@ -46,8 +46,7 @@ extern "C" {
#define LDAP_PORT_MAX 65535 /* API extension */ #define LDAP_PORT_MAX 65535 /* API extension */
#define LDAP_VERSION1 1 /* API extension */ #define LDAP_VERSION1 1 /* API extension */
#define LDAP_VERSION LDAP_VERSION2 /* API extension */ #define LDAP_VERSION LDAP_VERSION3 /* API extension */
/* /*
* C LDAP features we support that are not (yet) part of the LDAP C API * C LDAP features we support that are not (yet) part of the LDAP C API
@ -105,20 +104,29 @@ extern "C" {
#define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18" /* version 2 #define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18" /* version 2
*/ */
/* Authorization Identity Request and Response Controls */
#define LDAP_CONTROL_AUTHZID_REQ "2.16.840.1.113730.3.4.16"
#define LDAP_CONTROL_AUTHZID_RES "2.16.840.1.113730.3.4.15"
/* Authentication request and response controls */ /* Authentication request and response controls */
#define LDAP_CONTROL_AUTH_REQUEST "2.16.840.1.113730.3.4.16" #define LDAP_CONTROL_AUTH_REQUEST LDAP_CONTROL_AUTHZID_REQ
#define LDAP_CONTROL_AUTH_RESPONSE "2.16.840.1.113730.3.4.15" #define LDAP_CONTROL_AUTH_RESPONSE LDAP_CONTROL_AUTHZID_RES
/* Password information sent back to client */ /* Password information sent back to client */
#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4" #define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5" #define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
/* Proposed standard password policy controls */ /* Password Policy Control */
#define LDAP_X_CONTROL_PWPOLICY_REQUEST "1.3.6.1.4.1.42.2.27.8.5.1" #define LDAP_CONTROL_PASSWD_POLICY "1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_X_CONTROL_PWPOLICY_RESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
/* Password Policy Control compatibility macros */
#define LDAP_X_CONTROL_PWPOLICY_REQUEST LDAP_CONTROL_PASSWD_POLICY
#define LDAP_X_CONTROL_PWPOLICY_RESPONSE LDAP_CONTROL_PASSWD_POLICY
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST LDAP_CONTROL_PASSWD_POLICY
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE LDAP_CONTROL_PASSWD_POLICY
/* Password Modify Extended Operation */ /* Password Modify Extended Operation */
#define LDAP_CONTROL_EXT_PASSWD_MODIFY "1.3.6.1.4.1.4203.1.11.1" #define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
/* Suppress virtual/inherited attribute values */ /* Suppress virtual/inherited attribute values */
#define LDAP_CONTROL_REAL_ATTRS_ONLY "2.16.840.1.113730.3.4.17" #define LDAP_CONTROL_REAL_ATTRS_ONLY "2.16.840.1.113730.3.4.17"
@ -126,9 +134,20 @@ extern "C" {
/* Only return virtual/inherited attribute values */ /* Only return virtual/inherited attribute values */
#define LDAP_CONTROL_VIRTUAL_ATTRS_ONLY "2.16.840.1.113730.3.4.19" #define LDAP_CONTROL_VIRTUAL_ATTRS_ONLY "2.16.840.1.113730.3.4.19"
/* getEffectiveRights request */
#define LDAP_CONTROL_GETEFFECTIVERIGHTS_REQUEST "1.3.6.1.4.1.42.2.27.9.5.2"
/* Password Policy Control to get account availability */
#define LDAP_CONTROL_ACCOUNT_USABLE "1.3.6.1.4.1.42.2.27.9.5.8"
/* "Who am I?" Extended Operation */
#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
LDAP_API(void) LDAP_CALL ldap_ber_free( BerElement *ber, int freebuf ); LDAP_API(void) LDAP_CALL ldap_ber_free( BerElement *ber, int freebuf );
LDAP_API(LDAPControl *) LDAP_CALL ldap_find_control( const char *oid,
LDAPControl **ctrls );
/* /*
* Server side sorting of search results (an LDAPv3 extension -- * Server side sorting of search results (an LDAPv3 extension --
* LDAP_API_FEATURE_SERVER_SIDE_SORT) * LDAP_API_FEATURE_SERVER_SIDE_SORT)
@ -139,6 +158,39 @@ typedef struct LDAPsortkey { /* structure for a sort-key */
int sk_reverseorder; int sk_reverseorder;
} LDAPsortkey; } LDAPsortkey;
/* where LDAP_CONTROL_ACCOUNT_USABLE control parse results */
typedef struct LDAPuserstatus { /* user account availability */
unsigned int us_available; /* availability status */
#define LDAP_US_ACCOUNT_USABLE 1
#define LDAP_US_ACCOUNT_NOT_USABLE 0
int us_expire; /* will expire in seconds */
int us_inactive; /* boolean inactivation status */
#define LDAP_US_ACCOUNT_ACTIVE 0
#define LDAP_US_ACCOUNT_INACTIVE 1
int us_reset; /* boolean password reset */
#define LDAP_US_ACCOUNT_NOT_RESET 0
#define LDAP_US_ACCOUNT_RESET 1
int us_expired; /* boolean password expired */
#define LDAP_US_ACCOUNT_NOT_EXPIRED 0
#define LDAP_US_ACCOUNT_EXPIRED 1
int us_remaining; /* remaining logins */
int us_seconds; /* will unlock in seconds */
} LDAPuserstatus;
/* LDAP_CONTROL_PASSWD_POLICY results */
typedef enum passpolicyerror_enum {
PP_passwordExpired = 0,
PP_accountLocked = 1,
PP_changeAfterReset = 2,
PP_passwordModNotAllowed = 3,
PP_mustSupplyOldPassword = 4,
PP_insufficientPasswordQuality = 5,
PP_passwordTooShort = 6,
PP_passwordTooYoung = 7,
PP_passwordInHistory = 8,
PP_noError = 65535
} LDAPPasswordPolicyError;
LDAP_API(int) LDAP_CALL ldap_create_sort_control( LDAP *ld, LDAP_API(int) LDAP_CALL ldap_create_sort_control( LDAP *ld,
LDAPsortkey **sortKeyList, const char ctl_iscritical, LDAPsortkey **sortKeyList, const char ctl_iscritical,
LDAPControl **ctrlp ); LDAPControl **ctrlp );
@ -149,6 +201,39 @@ LDAP_API(void) LDAP_CALL ldap_free_sort_keylist( LDAPsortkey **sortKeyList );
LDAP_API(int) LDAP_CALL ldap_create_sort_keylist( LDAPsortkey ***sortKeyList, LDAP_API(int) LDAP_CALL ldap_create_sort_keylist( LDAPsortkey ***sortKeyList,
const char *string_rep ); const char *string_rep );
LDAP_API(int) LDAP_CALL ldap_create_userstatus_control(
LDAP *ld, const char ctl_iscritical, LDAPControl **ctrlp );
LDAP_API(int) LDAP_CALL ldap_parse_userstatus_control( LDAP *ld,
LDAPControl **ctrlp, LDAPuserstatus *us );
LDAP_API(int) LDAP_CALL ldap_create_passwordpolicy_control( LDAP *ld,
LDAPControl **ctrlp );
LDAP_API(int) LDAP_CALL ldap_create_passwordpolicy_control_ext( LDAP *ld,
const char ctl_iscritical, LDAPControl **ctrlp );
LDAP_API(int) LDAP_CALL ldap_parse_passwordpolicy_control( LDAP *ld,
LDAPControl *ctrlp, ber_int_t *expirep, ber_int_t *gracep,
LDAPPasswordPolicyError *errorp );
LDAP_API(int) LDAP_CALL ldap_parse_passwordpolicy_control_ext ( LDAP *ld,
LDAPControl **ctrlp, ber_int_t *expirep, ber_int_t *gracep,
LDAPPasswordPolicyError *errorp );
LDAP_API(const char *) LDAP_CALL ldap_passwordpolicy_err2txt(
LDAPPasswordPolicyError err );
LDAP_API(int) LDAP_CALL ldap_create_authzid_control( LDAP *ld,
const char ctl_iscritical, LDAPControl **ctrlp );
LDAP_API(int) LDAP_CALL ldap_parse_authzid_control( LDAP *ld,
LDAPControl **ctrlp, char **authzid );
LDAP_API(int) LDAP_CALL ldap_whoami( LDAP *ld, LDAPControl **serverctrls,
LDAPControl **clientctrls, int *msgidp );
LDAP_API(int) LDAP_CALL ldap_whoami_s( LDAP *ld, struct berval **authzid,
LDAPControl **serverctrls, LDAPControl **clientctrls );
LDAP_API(int) LDAP_CALL ldap_parse_whoami( LDAP *ld, LDAPMessage *result,
struct berval **authzid );
LDAP_API(int) LDAP_CALL ldap_create_geteffectiveRights_control( LDAP *ld,
const char *authzid, const char **attrlist, const char ctl_iscritical,
LDAPControl **ctrlp );
/* /*
* Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW) * Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)

View File

@ -45,7 +45,7 @@ extern "C" {
#define LDAP_VERSION1 1 #define LDAP_VERSION1 1
#define LDAP_VERSION2 2 #define LDAP_VERSION2 2
#define LDAP_VERSION3 3 #define LDAP_VERSION3 3
#define LDAP_VERSION LDAP_VERSION2 #define LDAP_VERSION LDAP_VERSION3
#define COMPAT20 #define COMPAT20
#define COMPAT30 #define COMPAT30

View File

@ -177,6 +177,10 @@
150 ber_sockbuf_free 150 ber_sockbuf_free
151 ber_get_next_buffer_ext 151 ber_get_next_buffer_ext
152 ber_svecfree 152 ber_svecfree
153 ber_get_buf_datalen
154 ber_get_buf_databegin
155 ber_stack_init
156 ber_sockbuf_free_data
200 ldap_memfree 200 ldap_memfree
201 ldap_ber_free 201 ldap_ber_free
@ -297,7 +301,21 @@
533 ldap_x_calloc 533 ldap_x_calloc
534 ldap_x_realloc 534 ldap_x_realloc
535 ldap_x_free 535 ldap_x_free
536 ldap_create_proxiedauth_control #
536 ldap_create_proxiedauth_control
#
537 ldap_create_geteffectiveRights_control
#
538 ldap_find_control
#
550 ldap_create_userstatus_control
551 ldap_parse_userstatus_control
#
560 ldap_create_passwordpolicy_control
561 ldap_create_passwordpolicy_control_ext
562 ldap_parse_passwordpolicy_control
563 ldap_parse_passwordpolicy_control_ext
564 ldap_passwordpolicy_err2txt
# #
570 ldap_passwd 570 ldap_passwd
571 ldap_parse_passwd 571 ldap_parse_passwd
@ -306,6 +324,13 @@
580 ldap_delete_result_entry 580 ldap_delete_result_entry
581 ldap_add_result_entry 581 ldap_add_result_entry
# #
590 ldap_whoami
591 ldap_parse_whoami
592 ldap_whoami_s
#
600 ldap_create_authzid_control
601 ldap_parse_authzid_control
#
1000 ldap_memcache_init 1000 ldap_memcache_init
1001 ldap_memcache_set 1001 ldap_memcache_set
1002 ldap_memcache_get 1002 ldap_memcache_get

View File

@ -47,6 +47,7 @@ include $(topsrcdir)/build.mk
SRCS = abandon.c \ SRCS = abandon.c \
add.c \ add.c \
authzidctrl.c \
bind.c \ bind.c \
cache.c \ cache.c \
charray.c \ charray.c \
@ -66,6 +67,7 @@ SRCS = abandon.c \
getattr.c \ getattr.c \
getdn.c \ getdn.c \
getdxbyname.c \ getdxbyname.c \
geteffectiverightsctrl.c \
getentry.c \ getentry.c \
getfilter.c \ getfilter.c \
getoption.c \ getoption.c \
@ -78,6 +80,7 @@ SRCS = abandon.c \
proxyauthctrl.c \ proxyauthctrl.c \
psearch.c \ psearch.c \
pwmodext.c \ pwmodext.c \
pwpctrl.c \
referral.c \ referral.c \
regex.c \ regex.c \
rename.c \ rename.c \
@ -96,8 +99,10 @@ SRCS = abandon.c \
unbind.c \ unbind.c \
unescape.c \ unescape.c \
url.c \ url.c \
userstatusctrl.c \
utf8.c \ utf8.c \
vlistctrl.c vlistctrl.c \
whoami.c
ifeq ($(HAVE_SASL), 1) ifeq ($(HAVE_SASL), 1)
SRCS += saslio.c SRCS += saslio.c

View File

@ -0,0 +1,157 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s): abobrov@sun.com
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_create_authzid_control:
Parameters are
ld LDAP pointer to the desired connection
ctl_iscritical Indicates whether the control is critical of not.
If this field is non-zero, the operation will only be
carried out if the control is recognized by the server
and/or client
ctrlp the address of a place to put the constructed control
*/
int
LDAP_CALL
ldap_create_authzid_control (
LDAP *ld,
const char ctl_iscritical,
LDAPControl **ctrlp
)
{
int rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return ( LDAP_PARAM_ERROR );
}
rc = nsldapi_build_control( LDAP_CONTROL_AUTHZID_REQ,
NULL, NULL, ctl_iscritical, ctrlp );
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
/* ldap_parse_authzid_control:
Parameters are
ld LDAP pointer to the desired connection
ctrlp An array of controls obtained from calling
ldap_parse_result on the set of results
returned by the server
authzid authorization identity, as defined in
RFC 2829, section 9.
*/
int
LDAP_CALL
ldap_parse_authzid_control (
LDAP *ld,
LDAPControl **ctrlp,
char **authzid
)
{
int i, foundAUTHZIDControl;
char *authzidp = NULL;
LDAPControl *AUTHZIDCtrlp = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) {
return( LDAP_PARAM_ERROR );
}
/* find the control in the list of controls if it exists */
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
}
foundAUTHZIDControl = 0;
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundAUTHZIDControl )); i++ ) {
foundAUTHZIDControl = !strcmp( ctrlp[i]->ldctl_oid,
LDAP_CONTROL_AUTHZID_RES );
}
/*
* The control is only included in a bind response if the resultCode
* for the bind operation is success.
*/
if ( !foundAUTHZIDControl ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
} else {
/* let local var point to the control */
AUTHZIDCtrlp = ctrlp[i-1];
}
/*
* If the bind request succeeded and resulted in an identity (not anonymous),
* the controlValue contains the authorization identity (authzid), as
* defined in [AUTH] section 9, granted to the requestor. If the bind
* request resulted in an anonymous association, the controlValue field
* is a string of zero length. If the bind request resulted in more
* than one authzid, the primary authzid is returned in the controlValue
* field.
*/
if ( AUTHZIDCtrlp && AUTHZIDCtrlp->ldctl_value.bv_val &&
AUTHZIDCtrlp->ldctl_value.bv_len ) {
authzidp = ( (char *)NSLDAPI_MALLOC(
( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) ) );
if ( authzidp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
STRLCPY( authzidp, AUTHZIDCtrlp->ldctl_value.bv_val,
( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) );
*authzid = authzidp;
} else {
authzid = NULL;
}
return( LDAP_SUCCESS );
}

View File

@ -152,7 +152,7 @@ cldap_open( char *host, int port )
} }
ld->ld_sbp->sb_sd = s; ld->ld_sbp->sb_sd = s;
ld->ld_sbp->sb_naddr = 0; ld->ld_sbp->sb_naddr = 0;
ld->ld_version = LDAP_VERSION; ld->ld_version = LDAP_VERSION2;
sock.sin_family = AF_INET; sock.sin_family = AF_INET;
sock.sin_port = htons( port ); sock.sin_port = htons( port );

View File

@ -303,7 +303,30 @@ ldap_controls_free( LDAPControl **ctrls )
} }
} }
LDAPControl *
LDAP_CALL
ldap_find_control( const char *oid, LDAPControl **ctrls )
{
int i, foundControl;
LDAPControl *Ctrlp = NULL;
/* find the control in the list of controls if it exists */
if ( ctrls == NULL ) {
return ( NULL );
}
foundControl = 0;
for ( i = 0; (( ctrls[i] != NULL ) && ( !foundControl )); i++ ) {
foundControl = !strcmp( ctrls[i]->ldctl_oid, oid );
}
if ( !foundControl ) {
return ( NULL );
} else {
/* let local var point to the control */
Ctrlp = ctrls[i-1];
}
return( Ctrlp );
}
#if 0 #if 0
LDAPControl ** LDAPControl **

View File

@ -0,0 +1,109 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_create_geteffectiveRights_control
Create Effective Rights control.
Parameters are
ld LDAP pointer to the desired connection
authzid RFC2829 section 9, eg "dn:<DN>".
NULL or empty string means get bound user's rights,
just "dn:" means get anonymous user's rights.
attrlist additional attributes for which rights info is
requrested. NULL means "just the ones returned
with the search operation".
ctl_iscritical Indicates whether the control is critical of not. If
this field is non-zero, the operation will only be car-
ried out if the control is recognized by the server
and/or client
ctrlp the address of a place to put the constructed control
*/
int
LDAP_CALL
ldap_create_geteffectiveRights_control (
LDAP *ld,
const char *authzid,
const char **attrlist,
const char ctl_iscritical,
LDAPControl **ctrlp
)
{
BerElement *ber;
int rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return ( LDAP_PARAM_ERROR );
}
if (NULL == authzid)
{
authzid = "";
}
/* create a ber package to hold the controlValue */
if ( ( nsldapi_alloc_ber_with_options( ld, &ber ) ) != LDAP_SUCCESS ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
if ( LBER_ERROR == ber_printf( ber, "{s{v}}", authzid, attrlist ) ) {
LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_ENCODING_ERROR );
}
rc = nsldapi_build_control( LDAP_CONTROL_GETEFFECTIVERIGHTS_REQUEST, ber, 1,
ctl_iscritical, ctrlp );
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}

View File

@ -398,7 +398,7 @@ nsldapi_initialize_defaults( void )
memset( &nsldapi_memalloc_fns, 0, sizeof( nsldapi_memalloc_fns )); memset( &nsldapi_memalloc_fns, 0, sizeof( nsldapi_memalloc_fns ));
memset( &nsldapi_ld_defaults, 0, sizeof( nsldapi_ld_defaults )); memset( &nsldapi_ld_defaults, 0, sizeof( nsldapi_ld_defaults ));
nsldapi_ld_defaults.ld_options = LDAP_BITOPT_REFERRALS; nsldapi_ld_defaults.ld_options = LDAP_BITOPT_REFERRALS;
nsldapi_ld_defaults.ld_version = LDAP_VERSION2; nsldapi_ld_defaults.ld_version = LDAP_VERSION3;
nsldapi_ld_defaults.ld_lberoptions = LBER_OPT_USE_DER; nsldapi_ld_defaults.ld_lberoptions = LBER_OPT_USE_DER;
nsldapi_ld_defaults.ld_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT; nsldapi_ld_defaults.ld_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;

View File

@ -130,8 +130,8 @@ ldap_passwd (
requestdata = NULL; requestdata = NULL;
} }
rc = ldap_extended_operation( ld, LDAP_CONTROL_EXT_PASSWD_MODIFY, rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, requestdata,
requestdata, serverctrls, clientctrls, msgidp ); serverctrls, clientctrls, msgidp );
/* the ber encoding is no longer needed */ /* the ber encoding is no longer needed */
if ( requestdata ) { if ( requestdata ) {

View File

@ -0,0 +1,315 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s): abobrov@sun.com
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_create_passwordpolicy_control:
Parameters are
ld LDAP pointer to the desired connection
ctrlp the address of a place to put the constructed control
*/
int
LDAP_CALL
ldap_create_passwordpolicy_control (
LDAP *ld,
LDAPControl **ctrlp
)
{
int rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return ( LDAP_PARAM_ERROR );
}
rc = nsldapi_build_control( LDAP_CONTROL_PASSWD_POLICY,
NULL, NULL, 0, ctrlp );
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
/* ldap_create_passwordpolicy_control_ext:
Parameters are
ld LDAP pointer to the desired connection
ctl_iscritical Indicates whether the control is critical of not. If
this field is non-zero, the operation will only be car-
ried out if the control is recognized by the server
and/or client
ctrlp the address of a place to put the constructed control
*/
int
LDAP_CALL
ldap_create_passwordpolicy_control_ext (
LDAP *ld,
const char ctl_iscritical,
LDAPControl **ctrlp
)
{
int rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return ( LDAP_PARAM_ERROR );
}
rc = nsldapi_build_control( LDAP_CONTROL_PASSWD_POLICY,
NULL, NULL, ctl_iscritical, ctrlp );
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
/* ldap_parse_passwordpolicy_control:
Parameters are
ld LDAP pointer to the desired connection
ctrlp pointer to LDAPControl structure, obtained from
calling ldap_find_control() or by other means.
exptimep result parameter is filled in with the number of seconds before
the password will expire.
gracep result parameter is filled in with the number of grace logins
after the password has expired.
errorcodep result parameter is filled in with the error code of the
password operation.
*/
int
LDAP_CALL
ldap_parse_passwordpolicy_control (
LDAP *ld,
LDAPControl *ctrlp,
ber_int_t *expirep,
ber_int_t *gracep,
LDAPPasswordPolicyError *errorp
)
{
ber_len_t len;
ber_tag_t tag;
ber_int_t pp_exp = -1;
ber_int_t pp_grace = -1;
ber_int_t pp_warning = -1;
ber_int_t pp_err = PP_noError;
BerElement *ber = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
}
/* allocate a Ber element with the contents of the control's struct berval */
if ( ( ber = ber_init( &ctrlp->ldctl_value ) ) == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
/*
* The control value should look like this:
*
* PasswordPolicyResponseValue ::= SEQUENCE {
* warning [0] CHOICE {
* timeBeforeExpiration [0] INTEGER (0 .. maxInt),
* graceLoginsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL
* error [1] ENUMERATED {
* passwordExpired (0),
* accountLocked (1),
* changeAfterReset (2),
* passwordModNotAllowed (3),
* mustSupplyOldPassword (4),
* insufficientPasswordQuality (5),
* passwordTooShort (6),
* passwordTooYoung (7),
* passwordInHistory (8) } OPTIONAL }
*/
if ( ber_scanf( ber, "{" ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
tag = ber_peek_tag( ber, &len );
while ( (tag != LBER_ERROR) && (tag != LBER_END_OF_SEQORSET) ) {
if ( tag == ( LBER_CONSTRUCTED | LBER_CLASS_CONTEXT ) ) {
ber_skip_tag( ber, &len );
if ( ber_scanf( ber, "ti", &tag, &pp_warning ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
if ( tag == ( LBER_CLASS_CONTEXT | 0x01 ) ) {
pp_exp = pp_warning;
} else if ( tag == ( LBER_CLASS_CONTEXT | 0x02 ) ) {
pp_grace = pp_warning;
}
} else if ( tag == ( LBER_CLASS_CONTEXT | 0x01 ) ) {
if ( ber_scanf( ber, "ti", &tag, &pp_err ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
}
if ( tag == LBER_DEFAULT ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
tag = ber_skip_tag( ber, &len );
}
if (expirep) *expirep = pp_exp;
if (gracep) *gracep = pp_grace;
if (errorp) *errorp = pp_err;
/* the ber encoding is no longer needed */
ber_free( ber, 1 );
return( LDAP_SUCCESS );
}
/* ldap_parse_passwordpolicy_control_ext:
Parameters are
ld LDAP pointer to the desired connection
ctrlp An array of controls obtained from calling
ldap_parse_result on the set of results
returned by the server
exptimep result parameter is filled in with the number of seconds before
the password will expire.
gracep result parameter is filled in with the number of grace logins
after the password has expired.
errorcodep result parameter is filled in with the error code of the
password operation.
*/
int
LDAP_CALL
ldap_parse_passwordpolicy_control_ext (
LDAP *ld,
LDAPControl **ctrlp,
ber_int_t *expirep,
ber_int_t *gracep,
LDAPPasswordPolicyError *errorp
)
{
int i, foundPPControl;
LDAPControl *PPCtrlp = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) || pp == NULL ) {
return( LDAP_PARAM_ERROR );
}
/* find the control in the list of controls if it exists */
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
}
foundPPControl = 0;
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundPPControl )); i++ ) {
foundPPControl = !strcmp( ctrlp[i]->ldctl_oid, LDAP_CONTROL_PASSWD_POLICY );
}
if ( !foundPPControl ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
} else {
/* let local var point to the control */
PPCtrlp = ctrlp[i-1];
}
return (
ldap_parse_passwordpolicy_control( ld, PPCtrlp, expirep, gracep, errorp ));
}
const char *
LDAP_CALL
ldap_passwordpolicy_err2txt( LDAPPasswordPolicyError err )
{
switch(err) {
case PP_passwordExpired:
return "Password expired";
case PP_accountLocked:
return "Account locked";
case PP_changeAfterReset:
return "Password must be changed";
case PP_passwordModNotAllowed:
return "Policy prevents password modification";
case PP_mustSupplyOldPassword:
return "Policy requires old password in order to change password";
case PP_insufficientPasswordQuality:
return "Password fails quality checks";
case PP_passwordTooShort:
return "Password is too short for policy";
case PP_passwordTooYoung:
return "Password has been changed too recently";
case PP_passwordInHistory:
return "New password is in list of old passwords";
case PP_noError:
return "No error";
default:
return "Unknown error code";
}
}

View File

@ -0,0 +1,229 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s): abobrov@sun.com
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_create_userstatus_control:
Parameters are
ld LDAP pointer to the desired connection
ctl_iscritical Indicates whether the control is critical of not. If
this field is non-zero, the operation will only be car-
ried out if the control is recognized by the server
and/or client
ctrlp the address of a place to put the constructed control
*/
int
LDAP_CALL
ldap_create_userstatus_control (
LDAP *ld,
const char ctl_iscritical,
LDAPControl **ctrlp
)
{
int rc;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return ( LDAP_PARAM_ERROR );
}
rc = nsldapi_build_control( LDAP_CONTROL_ACCOUNT_USABLE,
NULL, NULL, ctl_iscritical, ctrlp );
LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
return( rc );
}
/* ldap_parse_userstatus_control:
Parameters are
ld LDAP pointer to the desired connection
ctrlp An array of controls obtained from calling
ldap_parse_result on the set of results
returned by the server
us the address of struct LDAPuserstatus
to parse control results to
*/
int
LDAP_CALL
ldap_parse_userstatus_control (
LDAP *ld,
LDAPControl **ctrlp,
LDAPuserstatus *us
)
{
BerElement *ber = NULL;
int i, foundUSControl;
LDAPControl *USCtrlp = NULL;
ber_len_t len;
ber_tag_t tag;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) || us == NULL ) {
return( LDAP_PARAM_ERROR );
}
/* find the control in the list of controls if it exists */
if ( ctrlp == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
}
foundUSControl = 0;
for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundUSControl )); i++ ) {
foundUSControl = !strcmp( ctrlp[i]->ldctl_oid, LDAP_CONTROL_ACCOUNT_USABLE );
}
if ( !foundUSControl ) {
LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
return ( LDAP_CONTROL_NOT_FOUND );
} else {
/* let local var point to the control */
USCtrlp = ctrlp[i-1];
}
/* allocate a Ber element with the contents of the control's struct berval */
if ( ( ber = ber_init( &USCtrlp->ldctl_value ) ) == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
memset( us, 0, sizeof(struct LDAPuserstatus) );
/*
* The control value should look like this:
*
* ACCOUNT_USABLE_RESPONSE::= CHOICE {
* is_available [0] INTEGER, ** seconds before expiration **
* is_not_available [1] More_info
* }
* More_info::= SEQUENCE {
* inactive [0] BOOLEAN DEFAULT FALSE,
* reset [1] BOOLEAN DEFAULT FALSE,
* expired [2] BOOLEAN DEFAULT FALSE,
* remaining_grace [3] INTEGER OPTIONAL,
* seconds_before_unlock [4] INTEGER OPTIONAL
* }
*/
if ( ( ber_scanf( ber, "t", &tag ) ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
tag = (( tag & LBER_CONSTRUCTED ) == LBER_CONSTRUCTED ) ? 1 : 0;
if ( !tag ) {
us->us_available = 1;
if ( ber_scanf( ber, "i", &us->us_expire ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
} else {
us->us_available = 0;
tag = 0;
if ( ( ber_scanf( ber, "{t", &tag ) ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
while ( tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET ) {
tag = tag & (~LBER_CLASS_CONTEXT);
switch (tag)
{
case 0:
if ( ber_scanf( ber, "b", &us->us_inactive ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
us->us_inactive = ( us->us_inactive != 0 ) ? 1 : 0;
break;
case 1:
if ( ber_scanf( ber, "b", &us->us_reset ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
us->us_reset = ( us->us_reset != 0 ) ? 1 : 0;
break;
case 2:
if ( ber_scanf( ber, "b", &us->us_expired ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
us->us_expired = ( us->us_expired != 0 ) ? 1 : 0;
break;
case 3:
if ( ber_scanf( ber, "i", &us->us_remaining ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
break;
case 4:
if ( ber_scanf( ber, "i", &us->us_seconds ) == LBER_ERROR ) {
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
break;
default:
LDAP_SET_LDERRNO( ld, LDAP_DECODING_ERROR, NULL, NULL );
ber_free( ber, 1 );
return( LDAP_DECODING_ERROR );
}
ber_scanf( ber, "t", &tag );
}
}
/* the ber encoding is no longer needed */
ber_free( ber, 1 );
return( LDAP_SUCCESS );
}

View File

@ -0,0 +1,132 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s): abobrov@sun.com
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_whoami */
int
LDAP_CALL
ldap_whoami (
LDAP *ld,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
int *msgidp
)
{
int rc;
struct berval *requestdata = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
rc = ldap_extended_operation( ld, LDAP_EXOP_WHO_AM_I, requestdata,
serverctrls, clientctrls, msgidp );
return( rc );
}
/* ldap_parse_whoami */
int
LDAP_CALL
ldap_parse_whoami (
LDAP *ld,
LDAPMessage *result,
struct berval **authzid
)
{
int rc;
char *retoidp = NULL;
char *authzidp = NULL;
struct berval *retdatap = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
if ( !result ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
*authzid = NULL;
rc = ldap_parse_extended_result( ld, result, &retoidp, authzid, 0 );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
ldap_memfree( retoidp );
return( LDAP_SUCCESS );
}
/* ldap_whoami_s */
int
LDAP_CALL
ldap_whoami_s (
LDAP *ld,
struct berval **authzid,
LDAPControl **serverctrls,
LDAPControl **clientctrls
)
{
int rc;
int msgid;
LDAPMessage *result = NULL;
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
return( LDAP_PARAM_ERROR );
}
rc = ldap_whoami( ld, serverctrls, clientctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result );
if ( rc == -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
rc = ldap_parse_whoami( ld, result, authzid );
ldap_msgfree( result );
return( rc );
}