mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-18 11:05:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

proxy authz control (client only)

Browse Source 
Misc control cleanups (client only)
This commit is contained in:
Kurt Zeilenga 2002-11-28 02:26:55 +00:00
parent b41ab2502f
commit 235973571a
12 changed files with 625 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
clients/tools/ldapcompare.c
View File

@ -49,6 +49,7 @@ usage( const char *s )
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -h host LDAP server\n"
@ -116,6 +117,7 @@ main( int argc, char **argv )
struct berval bvalue = { 0, NULL };
char *pw_file = NULL;
char *control, *cvalue;
char *authzid = NULL;
debug = verbose = not = referrals = noop =
manageDSAit = want_bindpw = quiet = 0;
@ -196,7 +198,27 @@ main( int argc, char **argv )
*cvalue++ = '\0';
}
if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
if ( strcasecmp( control, "authzid" ) == 0 ) {
if( authzid != NULL ) {
fprintf( stderr, "authzid control previously specified");
return EXIT_FAILURE;
}
if( cvalue == NULL ) {
fprintf( stderr, "authzid: control value expected" );
usage(prog);
return EXIT_FAILURE;
}
if( !crit ) {
fprintf( stderr, "authzid: must be marked critical" );
usage(prog);
return EXIT_FAILURE;
}
assert( authzid == NULL );
authzid = control;
break;
} else if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
if( manageDSAit ) {
fprintf( stderr, "manageDSAit control previously specified");
return EXIT_FAILURE;
@ -208,7 +230,6 @@ main( int argc, char **argv )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -223,7 +244,6 @@ main( int argc, char **argv )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -737,37 +757,50 @@ main( int argc, char **argv )
}
}
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}

55
clients/tools/ldapdelete.c
View File

@ -63,6 +63,7 @@ usage( const char *s )
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
@ -101,6 +102,7 @@ main( int argc, char **argv )
int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit, noop, crit;
char *pw_file;
char *control, *cvalue;
char *authzid = NULL;
not = verbose = contoper = want_bindpw = debug
= manageDSAit = noop = referrals = 0;
@ -207,7 +209,6 @@ main( int argc, char **argv )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -222,7 +223,6 @@ main( int argc, char **argv )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -702,37 +702,50 @@ main( int argc, char **argv )
}
}
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}

55
clients/tools/ldapmodify.c
View File

@ -118,6 +118,7 @@ usage( const char *prog )
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
@ -159,6 +160,7 @@ main( int argc, char **argv )
int count, len;
char *pw_file = NULL;
char *control, *cvalue;
char *authzid = NULL;
int crit;
prog = lutil_progname( "ldapmodify", argc, argv );
@ -271,7 +273,6 @@ main( int argc, char **argv )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -286,7 +287,6 @@ main( int argc, char **argv )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -796,37 +796,50 @@ main( int argc, char **argv )
rc = 0;
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}

55
clients/tools/ldapmodrdn.c
View File

@ -77,6 +77,7 @@ usage( const char *s )
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
@ -116,6 +117,7 @@ main(int argc, char **argv)
char *newSuperior=NULL;
char *pw_file = NULL;
char *control, *cvalue;
char *authzid = NULL;
infile = NULL;
not = contoper = verbose = remove = want_bindpw =
@ -227,7 +229,6 @@ main(int argc, char **argv)
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -242,7 +243,6 @@ main(int argc, char **argv)
}
noop = 1 + crit;
free( control );
break;
} else {
@ -737,37 +737,50 @@ main(int argc, char **argv)
}
}
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}

57
clients/tools/ldappasswd.c
View File

@ -41,6 +41,7 @@ usage(const char *s)
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
@ -94,6 +95,8 @@ main( int argc, char *argv[] )
int noop = 0;
int crit;
char *control, *cvalue;
char *authzid = NULL;
#ifdef HAVE_CYRUS_SASL
unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
char *sasl_realm = NULL;
@ -102,6 +105,7 @@ main( int argc, char *argv[] )
char *sasl_mech = NULL;
char *sasl_secprops = NULL;
#endif
int use_tls = 0;
int referrals = 0;
LDAP *ld = NULL;
@ -225,7 +229,6 @@ main( int argc, char *argv[] )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -236,7 +239,6 @@ main( int argc, char *argv[] )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -733,37 +735,50 @@ main( int argc, char *argv[] )
}
}
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}

223
clients/tools/ldapsearch.c
View File

@ -58,7 +58,7 @@ usage( const char *s )
" [!]mv=<filter> (matched values filter)\n"
#ifdef LDAP_CONTROL_PAGEDRESULTS
" [!]pr=<size> (paged results)\n"
#endif /* LDAP_CONTROL_PAGEDRESULTS */
#endif
#ifdef LDAP_CONTROL_SUBENTRIES
" [!]subentries[=true|false] (subentries)\n"
#endif
@ -80,7 +80,8 @@ usage( const char *s )
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
" -h host LDAP server\n"
@ -153,13 +154,6 @@ static int dosearch LDAP_P((
struct timeval *timeout,
int sizelimit ));
#ifdef LDAP_CONTROL_PAGEDRESULTS
static int parse_page_control(
LDAP *ld,
LDAPMessage *result,
struct berval *cookie );
#endif /* LDAP_CONTROL_PAGEDRESULTS */
static char *tmpdir = NULL;
static char *urlpre = NULL;
static char *prog = NULL;
@ -180,9 +174,10 @@ static char *sasl_secprops = NULL;
static int use_tls = 0;
static char *sortattr = NULL;
static int verbose, not, includeufn, vals2tmp, ldif;
#ifdef LDAP_CONTROL_PAGEDRESULTS
static int pageSize = 0;
static ber_int_t searchControlSize = 0;
static int pagedResults = 0;
static ber_int_t pageSize = 0;
static ber_int_t entriesLeft = 0;
static ber_int_t morePagedResults = 1;
static struct berval cookie = { 0, NULL };
@ -191,6 +186,11 @@ static int npagedentries;
static int npagedreferences;
static int npagedextended;
static int npagedpartial;
static int parse_page_control(
LDAP *ld,
LDAPMessage *result,
struct berval *cookie );
#endif /* LDAP_CONTROL_PAGEDRESULTS */
static void
@ -217,13 +217,14 @@ main( int argc, char **argv )
LDAP *ld = NULL;
int subentries, valuesReturnFilter;
BerElement *ber = NULL;
struct berval *bvalp = NULL;
char *vrFilter = NULL, *control = NULL, *cvalue;
struct berval *sebvalp = NULL, *vrbvalp = NULL;
char *vrFilter = NULL;
char *control = NULL, *cvalue;
char *pw_file = NULL;
char *authzid = NULL;
#ifdef LDAP_CONTROL_PAGEDRESULTS
BerElement *pageber = NULL;
struct berval *bvalptr = NULL;
int num = 0, searchControlCrit = 0;
struct berval *prbvalp = NULL;
int num = 0;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
@ -336,20 +337,21 @@ main( int argc, char **argv )
#ifdef LDAP_CONTROL_PAGEDRESULTS
} else if ( strcasecmp( control, "pr" ) == 0 ) {
int tmp;
/* PagedResults control */
if ( pageSize != 0 ) {
if ( pagedResults != 0 ) {
fprintf( stderr, "PagedResultsControl previously specified" );
return EXIT_FAILURE;
}
num = sscanf( cvalue, "%d", &pageSize );
num = sscanf( cvalue, "%d", &tmp );
if ( num != 1 ) {
fprintf( stderr, "Invalid value for PagedResultsControl, %s.\n", cvalue);
return EXIT_FAILURE;
}
searchControlSize = (ber_int_t)pageSize;
searchControlCrit = crit;
pageSize = (ber_int_t) tmp;
pagedResults = 1 + crit;
break;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
@ -476,7 +478,6 @@ main( int argc, char **argv )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -491,7 +492,6 @@ main( int argc, char **argv )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -1026,53 +1026,52 @@ main( int argc, char **argv )
#ifdef LDAP_CONTROL_PAGEDRESULTS
getNextPage:
if ( manageDSAit || noop || valuesReturnFilter || pageSize ) {
int critical = 0;
#else /* !LDAP_CONTROL_PAGEDRESULTS */
if ( manageDSAit || noop || valuesReturnFilter ) {
#endif /* !LDAP_CONTROL_PAGEDRESULTS */
if ( manageDSAit || noop || subentries || valuesReturnFilter || pageSize )
#else
if ( manageDSAit || noop || subentries || valuesReturnFilter )
#endif
{
int err;
int i=0;
LDAPControl c1,c2,c3,c4,c5;
LDAPControl *ctrls[6];
int crit = 0;
LDAPControl c[6];
LDAPControl *ctrls[7];
if ( manageDSAit ) {
ctrls[i++]=&c1;
ctrls[i] = NULL;
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( c1.ldctl_iscritical ) critical = 1;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( c2.ldctl_iscritical ) critical = 1;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
#ifdef LDAP_CONTROL_SUBENTRIES
if ( subentries ) {
ctrls[i++]=&c3;
ctrls[i] = NULL;
c3.ldctl_oid = LDAP_CONTROL_SUBENTRIES;
c3.ldctl_iscritical = subentries < 1;
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( c3.ldctl_iscritical ) critical = 1;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
return EXIT_FAILURE;
}
@ -1084,24 +1083,21 @@ getNextPage:
return EXIT_FAILURE;
}
if ( ber_flatten( ber, &bvalp ) == LBER_ERROR ) {
if ( ber_flatten( ber, &sebvalp ) == LBER_ERROR ) {
return EXIT_FAILURE;
}
c3.ldctl_value=(*bvalp);
c[i].ldctl_oid = LDAP_CONTROL_SUBENTRIES;
c[i].ldctl_value=(*sebvalp);
c[i].ldctl_iscritical = subentries < 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
#endif
if ( valuesReturnFilter ) {
ctrls[i++]=&c4;
ctrls[i] = NULL;
c4.ldctl_oid = LDAP_CONTROL_VALUESRETURNFILTER;
c4.ldctl_iscritical = valuesReturnFilter > 1;
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( c4.ldctl_iscritical ) critical = 1;
#endif /* LDAP_CONTROL_PAGEDRESULTS */
if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
return EXIT_FAILURE;
}
@ -1112,62 +1108,59 @@ getNextPage:
return EXIT_FAILURE;
}
if ( ber_flatten( ber, &bvalp ) == LBER_ERROR ) {
if ( ber_flatten( ber, &vrbvalp ) == LBER_ERROR ) {
return EXIT_FAILURE;
}
c4.ldctl_value=(*bvalp);
ber_free( ber, 1 );
c[i].ldctl_oid = LDAP_CONTROL_VALUESRETURNFILTER;
c[i].ldctl_value=(*vrbvalp);
c[i].ldctl_iscritical = valuesReturnFilter > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( pageSize ) {
if (( pageber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
if ( pagedResults ) {
if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) {
return EXIT_FAILURE;
}
ber_printf( pageber, "{iO}", searchControlSize, &cookie );
if ( ber_flatten( pageber, &bvalptr ) == LBER_ERROR) {
ber_printf( ber, "{iO}", pageSize, &cookie );
if ( ber_flatten( ber, &prbvalp ) == LBER_ERROR ) {
return EXIT_FAILURE;
}
ctrls[i++]=&c5;
ctrls[i] = NULL;
ber_free( ber, 1 );
c5.ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
c5.ldctl_value = ( *bvalptr );
c5.ldctl_iscritical = searchControlCrit;
if ( c5.ldctl_iscritical ) critical = 1;
c[i].ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
c[i].ldctl_value=(*prbvalp);
c[i].ldctl_iscritical = pagedResults > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
#endif /* LDAP_CONTROL_PAGEDRESULTS */
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
ber_bvfree(bvalp);
ber_free( ber, 1 );
#ifdef LDAP_CONTROL_PAGEDRESULTS
ber_free( pageber, 1 );
ber_bvfree( bvalptr );
#endif /* LDAP_CONTROL_PAGEDRESULTS */
#ifdef LDAP_CONTROL_PAGEDRESULTS
if( err != LDAP_OPT_SUCCESS ) {
if ( critical ) {
fprintf( stderr, "Could not set controls\n");
return EXIT_FAILURE;
} else {
fprintf( stderr, "Could not set critical controls\n" );
}
}
#else /* !LDAP_CONTROL_PAGEDRESULTS */
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if( crit ) {
return EXIT_FAILURE;
}
}
#endif /* !LDAP_CONTROL_PAGEDRESULTS */
ber_bvfree( sebvalp );
ber_bvfree( vrbvalp );
#ifdef LDAP_CONTROL_PAGEDRESULTS
ber_bvfree( prbvalp );
#endif /* LDAP_CONTROL_PAGEDRESULTS */
}
if ( verbose ) {
@ -1230,8 +1223,8 @@ getNextPage:
}
if ( pageSize ) {
printf("\n# with pagedResults %scontrol: size=%d",
searchControlCrit ? "critical " : "",
searchControlSize );
(pagedResults > 1) ? "critical " : "",
pageSize );
}
printf( "\n#\n\n" );
@ -1271,7 +1264,7 @@ getNextPage:
printf( "Estimate entries: %d\n", entriesLeft );
}
printf( "Press [size] Enter for the next {%d|size} entries.\n",
(int)searchControlSize );
(int)pageSize );
i = 0;
moreEntries = getchar();
while ( moreEntries != EOF && moreEntries != '\n' ) {
@ -1290,7 +1283,7 @@ getNextPage:
return EXIT_FAILURE;
}
searchControlSize = (ber_int_t)tmpSize;
pageSize = (ber_int_t)tmpSize;
}
goto getNextPage;
@ -1429,15 +1422,7 @@ static int dosearch(
done:
#ifdef LDAP_CONTROL_PAGEDRESULTS
if ( pageSize == 0 ) {
if ( ldif < 2 ) {
printf( "\n# numResponses: %d\n", nresponses );
if( nentries ) printf( "# numEntries: %d\n", nentries );
if( nextended ) printf( "# numExtended: %d\n", nextended );
if( npartial ) printf( "# numPartial: %d\n", npartial );
if( nreferences ) printf( "# numReferences: %d\n", nreferences );
}
} else {
if ( pageSize != 0 ) {
npagedresponses = npagedresponses + nresponses;
npagedentries = npagedentries + nentries;
npagedreferences = npagedreferences + nreferences;
@ -1450,8 +1435,8 @@ done:
if( npartial ) printf( "# numPartial: %d\n", npagedpartial );
if( nreferences ) printf( "# numReferences: %d\n", npagedreferences );
}
}
#else /* !LDAP_CONTROL_PAGEDRESULTS */
} else
#endif /* LDAP_CONTROL_PAGEDRESULTS */
if ( ldif < 2 ) {
printf( "\n# numResponses: %d\n", nresponses );
if( nentries ) printf( "# numEntries: %d\n", nentries );
@ -1459,12 +1444,11 @@ done:
if( npartial ) printf( "# numPartial: %d\n", npartial );
if( nreferences ) printf( "# numReferences: %d\n", nreferences );
}
#endif /* LDAP_CONTROL_PAGEDRESULTS */
return( rc );
}
#if 1
#if 0
/* This is the original version, the old way of doing things. */
static void
print_entry(
@ -1574,7 +1558,7 @@ print_entry(
}
#else
/* This is the proposed new way of doing things.
* It is more * efficient, but the API is non-standard.
* It is more efficient, but the API is non-standard.
*/
static void
print_entry(
@ -2019,4 +2003,3 @@ parse_page_control(
return err;
}
#endif /* LDAP_CONTROL_PAGEDRESULTS */

60
clients/tools/ldapwhoami.c
View File

@ -35,6 +35,7 @@ usage(const char *s)
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n"
" -f file read operations from `file'\n"
@ -95,6 +96,7 @@ main( int argc, char *argv[] )
LDAP *ld = NULL;
int manageDSAit=0;
int noop=0;
char *authzid = NULL;
char *control, *cvalue;
int crit;
@ -185,7 +187,6 @@ main( int argc, char *argv[] )
}
manageDSAit = 1 + crit;
free( control );
break;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
@ -200,7 +201,6 @@ main( int argc, char *argv[] )
}
noop = 1 + crit;
free( control );
break;
} else {
@ -671,42 +671,59 @@ main( int argc, char *argv[] )
goto skip;
}
if ( manageDSAit || noop ) {
int err, i = 0;
LDAPControl c1, c2;
LDAPControl *ctrls[3];
if ( authzid || manageDSAit || noop ) {
int err, crit=0, i=0;
LDAPControl c[3];
LDAPControl *ctrls[4];
if ( authzid ) {
c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c[i].ldctl_value.bv_val = authzid;
c[i].ldctl_value.bv_len = strlen( authzid );
c[i].ldctl_iscritical = 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( manageDSAit ) {
ctrls[i++] = &c1;
ctrls[i] = NULL;
c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c1.ldctl_value.bv_val = NULL;
c1.ldctl_value.bv_len = 0;
c1.ldctl_iscritical = manageDSAit > 1;
c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = manageDSAit > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
if ( noop ) {
ctrls[i++] = &c2;
ctrls[i] = NULL;
c[i].ldctl_oid = LDAP_CONTROL_NOOP;
c[i].ldctl_value.bv_val = NULL;
c[i].ldctl_value.bv_len = 0;
c[i].ldctl_iscritical = noop > 1;
c2.ldctl_oid = LDAP_CONTROL_NOOP;
c2.ldctl_value.bv_val = NULL;
c2.ldctl_value.bv_len = 0;
c2.ldctl_iscritical = noop > 1;
if( c[i].ldctl_iscritical ) crit++;
ctrls[i] = &c[i];
ctrls[++i] = NULL;
}
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set %scontrols\n",
(c1.ldctl_iscritical || c2.ldctl_iscritical)
? "critical " : "" );
if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
crit ? "critical " : "" );
if ( crit ) {
return EXIT_FAILURE;
}
}
}
#if 1
rc = ldap_whoami_s( ld, &retdata, NULL, NULL );
#else
rc = ldap_extended_operation( ld,
LDAP_EXOP_X_WHO_AM_I, NULL,
NULL, NULL, &id );
@ -731,6 +748,7 @@ main( int argc, char *argv[] )
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
#endif
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );

42
include/ldap.h
View File

@ -189,6 +189,7 @@ typedef struct ldapcontrol {
#define LDAP_CHASE_EXTERNAL_REFERRALS 0x0040U
#endif
#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18"
#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2"
#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1"
#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2"
@ -231,6 +232,7 @@ typedef struct ldapcontrol {
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U)
#define LDAP_EXOP_X_CANCEL "1.3.6.1.4.1.4203.666.6.3"
#define LDAP_EXOP_X_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
/* LDAP Features */
@ -864,6 +866,24 @@ LDAP_F( void )
ldap_uncache_request LDAP_P(( LDAP *ld, int msgid ));
/*
* LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
*/
LDAP_F( int )
ldap_cancel LDAP_P(( LDAP *ld,
int cancelid,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp ));
LDAP_F( int )
ldap_cancel_s LDAP_P((
LDAP *ld,
int cancelid,
LDAPControl **sctrl,
LDAPControl **cctrl ));
/*
* in compare.c:
*/
@ -1643,6 +1663,28 @@ ldap_parse_vlv_control LDAP_P((
struct berval **contextp,
int *errcodep ));
/*
* LDAP Who Am I? (whoami.c)
*/
LDAP_F( int )
ldap_parse_whoami LDAP_P((
LDAP *ld,
LDAPMessage *res,
struct berval **authzid ));
LDAP_F( int )
ldap_whoami LDAP_P(( LDAP *ld,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp ));
LDAP_F( int )
ldap_whoami_s LDAP_P((
LDAP *ld,
struct berval **authzid,
LDAPControl **sctrls,
LDAPControl **cctrls ));
LDAP_END_DECL
#endif /* _LDAP_H */

7
libraries/liblber/decode.c
View File

@ -619,13 +619,6 @@ ber_scanf ( BerElement *ber,
va_list ap;
LDAP_CONST char *fmt_reset;
char *s, **ss;
#ifdef TMP_SLOTS
char *last;
char ***sss;
ber_tag_t tag;
struct berval ***bv;
int j;
#endif
struct berval **bvp, *bval;
ber_int_t *i;
ber_len_t *l;

12
libraries/libldap/libldap.dsp
View File

@ -147,6 +147,10 @@ SOURCE=.\cache.c
# End Source File
# Begin Source File
SOURCE=.\cancel.c
# End Source File
# Begin Source File
SOURCE=.\charray.c
# End Source File
# Begin Source File
@ -283,6 +287,10 @@ SOURCE=".\os-ip.c"
# End Source File
# Begin Source File
SOURCE=.\passwd.c
# End Source File
# Begin Source File
SOURCE=..\..\include\portable.h
# End Source File
# Begin Source File
@ -357,5 +365,9 @@ SOURCE=".\util-int.c"
SOURCE=.\vlvctrl.c
# End Source File
# Begin Source File
SOURCE=.\whoami.c
# End Source File
# End Target
# End Project

151
libraries/libldap/passwd.c Normal file
View File

@ -0,0 +1,151 @@
/* $OpenLDAP$ */
/*
* Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/time.h>
#include "ldap-int.h"
/*
* LDAP Password Modify (Extended) Operation <RFC 3???>
*/
int ldap_parse_passwd(
LDAP *ld,
LDAPMessage *res,
struct berval **newpasswd )
{
int rc;
char *retoid = NULL;
struct berval *retdata;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( res != NULL );
assert( newpasswd != NULL );
*newpasswd = NULL;
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
if( rc != LDAP_SUCCESS ) {
return rc;
}
if( retdata != NULL ) {
ber_tag_t tag;
BerElement *ber = ber_init( retdata );
if( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
/* we should check the tag */
tag = ber_scanf( ber, "{o}", newpasswd );
ber_free( ber, 1 );
if( tag == -1 ) {
rc = ld->ld_errno = LDAP_DECODING_ERROR;
}
}
ber_memfree( retoid );
return rc;
}
int
ldap_passwd( LDAP *ld,
struct berval *user,
struct berval *oldpw,
struct berval *newpw,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
int rc;
struct berval *bv = NULL;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( msgidp != NULL );
if( user != NULL || oldpw != NULL || newpw != NULL ) {
/* build change password control */
BerElement *ber = ber_alloc_t( LBER_USE_DER );
if( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
ber_printf( ber, "{" /*}*/ );
if( user != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
}
if( oldpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
}
if( newpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
}
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten( ber, &bv );
ber_free( ber, 1 );
if( rc < 0 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
}
rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
bv, sctrls, cctrls, msgidp );
return rc;
}
int
ldap_passwd_s(
LDAP *ld,
struct berval *user,
struct berval *oldpw,
struct berval *newpw,
struct berval **newpasswd,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
return ld->ld_errno;
}
rc = ldap_parse_passwd( ld, res, newpasswd );
ldap_msgfree( res );
return rc;
}

85
libraries/libldap/whoami.c Normal file
View File

@ -0,0 +1,85 @@
/* $OpenLDAP$ */
/*
* Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/time.h>
#include "ldap-int.h"
/*
* LDAP Who Am I? (Extended) Operation <draft-zeilenga-ldap-authzid-xx.txt>
*/
int ldap_parse_whoami(
LDAP *ld,
LDAPMessage *res,
struct berval **authzid )
{
int rc;
char *retoid = NULL;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( res != NULL );
assert( authzid != NULL );
*authzid = NULL;
rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_whoami" );
return rc;
}
ber_memfree( retoid );
return rc;
}
int
ldap_whoami( LDAP *ld,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
int rc;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( msgidp != NULL );
rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I,
NULL, sctrls, cctrls, msgidp );
return rc;
}
int
ldap_whoami_s(
LDAP *ld,
struct berval **authzid,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_whoami( ld, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) return rc;
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
return ld->ld_errno;
}
rc = ldap_parse_whoami( ld, res, authzid );
ldap_msgfree( res );
return rc;
}