Update proxied authorization implementation to use IANA

assigned result code.
2025-03-07 14:18:15 +08:00 · 2006-01-12 22:55:56 +00:00 · 2006-01-12 22:55:56 +00:00 · 48c34d254f
commit 48c34d254f
parent 7124ec615e
3 changed files with 10 additions and 6 deletions
--- a/include/ldap.h
+++ b/include/ldap.h
@ -544,7 +544,7 @@ typedef struct ldapcontrol {

 #define LDAP_SECURITY_ERROR(n)	LDAP_RANGE((n),0x2F,0x32) /* 47-50 */

-#define LDAP_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
+#define LDAP_X_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
 #define LDAP_INAPPROPRIATE_AUTH		0x30
 #define LDAP_INVALID_CREDENTIALS	0x31
 #define LDAP_INSUFFICIENT_ACCESS	0x32
@ -585,6 +585,8 @@ typedef struct ldapcontrol {
 /* Assertion control (122) */ 
 #define LDAP_ASSERTION_FAILED		0x7A

+/* Proxied Authorization Denied (123) */ 
+#define LDAP_PROXIED_AUTHORIZATION_DENIED		0x7B

 /* Experimental result codes */
 #define LDAP_E_ERROR(n)	LDAP_RANGE((n),0x1000,0x3FFF)
--- a/libraries/libldap/error.c
+++ b/libraries/libldap/error.c
@ -65,7 +65,6 @@ static struct ldaperror ldap_builtin_errlist[] = {
 	{LDAP_IS_LEAF, 					N_("Entry is a leaf")},
 	{LDAP_ALIAS_DEREF_PROBLEM,	 	N_("Alias dereferencing problem")},

-	{LDAP_PROXY_AUTHZ_FAILURE,		N_("Proxy Authorization Failure")},
 	{LDAP_INAPPROPRIATE_AUTH, 		N_("Inappropriate authentication")},
 	{LDAP_INVALID_CREDENTIALS, 		N_("Invalid credentials")},
 	{LDAP_INSUFFICIENT_ACCESS, 		N_("Insufficient access")},
@ -93,6 +92,9 @@ static struct ldaperror ldap_builtin_errlist[] = {
 	{LDAP_ASSERTION_FAILED,			N_("Assertion Failed")},
 	{LDAP_X_ASSERTION_FAILED,		N_("Assertion Failed (X)")},

+	{LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
+	{LDAP_X_PROXY_AUTHZ_FAILURE,		N_("Proxy Authorization Failure (X)")},
+
 	{LDAP_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required")},
 	{LDAP_X_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required (X)")},

--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@ -921,8 +921,8 @@ static int parseProxyAuthz (
 	if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
 		&& BER_BVISEMPTY( &op->o_ndn ) )
 	{
-		rs->sr_text = "anonymous proxyAuthz not allowed";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		rs->sr_text = "anonymous proxied authorization not allowed";
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}

 	op->o_proxy_authz = ctrl->ldctl_iscritical
@ -963,7 +963,7 @@ static int parseProxyAuthz (
 			ch_free( dn.bv_val );
 		}
 		rs->sr_text = "authzId mapping failed";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}

 	Debug( LDAP_DEBUG_TRACE,
@ -976,7 +976,7 @@ static int parseProxyAuthz (
 	if ( rc ) {
 		ch_free( dn.bv_val );
 		rs->sr_text = "not authorized to assume identity";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}

 	ch_free( op->o_ndn.bv_val );