add client API for assertion control (ITS#5560)

clients/tools/common.c

@@ -93,6 +93,7 @@ char		*sasl_secprops = NULL;
 /* controls */
 int		assertctl;
 char		*assertion = NULL;
+struct berval	assertionvalue = BER_BVNULL;
 char		*authzid = NULL;
 /* support deprecated early version of proxyAuthz */
 #define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ	"2.16.840.1.113730.3.4.12"
@@ -1485,29 +1486,18 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
 	}
 
 	if ( assertctl ) {
-		BerElementBuffer berbuf;
-		BerElement *ber = (BerElement *)&berbuf;
-		
-		if( assertion == NULL || *assertion == '\0' ) {
-			fprintf( stderr, "Assertion=<empty>\n" );
-			exit( EXIT_FAILURE );
-		}
-
-		ber_init2( ber, NULL, LBER_USE_DER );
-
-		err = ldap_pvt_put_filter( ber, assertion );
-		if( err < 0 ) {
-			fprintf( stderr, "assertion encode failed (%d)\n", err );
-			exit( EXIT_FAILURE );
-		}
-
-		err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
-		if( err < 0 ) {
-			fprintf( stderr, "assertion flatten failed (%d)\n", err );
-			exit( EXIT_FAILURE );
+		if ( BER_BVISNULL( &assertionvalue ) ) {
+			err = ldap_create_assertion_control_value( ld,
+				assertion, &assertionvalue );
+			if ( err ) {
+				fprintf( stderr,
+					"Unable to create assertion value "
+					"\"%s\" (%d)\n", assertion, err );
+			}
 		}
 
 		c[i].ldctl_oid = LDAP_CONTROL_ASSERT;
+		c[i].ldctl_value = assertionvalue;
 		c[i].ldctl_iscritical = assertctl > 1;
 		ctrls[i] = &c[i];
 		i++;

include/ldap.h

@@ -2343,5 +2343,21 @@ ldap_parse_session_tracking_control LDAP_P((
 
 #endif /* LDAP_CONTROL_X_SESSION_TRACKING */
 
+/*
+ * in assertion.c
+ */
+LDAP_F (int)
+ldap_create_assertion_control_value LDAP_P((
+	LDAP		*ld,
+	char		*assertion,
+	struct berval	*value ));
+
+LDAP_F( int )
+ldap_create_assertion_control LDAP_P((
+	LDAP		*ld,
+	char		*filter,
+	int		iscritical,
+	LDAPControl	**ctrlp ));
+
 LDAP_END_DECL
 #endif /* _LDAP_H */

libraries/libldap/Makefile.in

@@ -26,7 +26,8 @@ SRCS	= bind.c open.c result.c error.c compare.c search.c \
 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
 	init.c options.c print.c string.c util-int.c schema.c \
 	charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
-	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c
+	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
+	assertion.c
 
 OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
@@ -37,7 +38,8 @@ OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
 	charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
-	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo
+	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
+	assertion.lo
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries

libraries/libldap/assertion.c

@@ -0,0 +1,98 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+int
+ldap_create_assertion_control_value(
+	LDAP		*ld,
+	char		*assertion,
+	struct berval	*value )
+{
+	BerElement		*ber = NULL;
+	int			err;
+
+	if ( assertion == NULL || assertion[ 0 ] == '\0' ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	if ( value == NULL ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	BER_BVZERO( value );
+
+	ber = ldap_alloc_ber_with_options( ld );
+	if ( ber == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	err = ldap_pvt_put_filter( ber, assertion );
+	if ( err < 0 ) {
+		ld->ld_errno = LDAP_ENCODING_ERROR;
+		goto done;
+	}
+
+	err = ber_flatten2( ber, value, 1 );
+	if ( err < 0 ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		goto done;
+	}
+
+done:;
+	if ( ber != NULL ) {
+		ber_free( ber, 1 );
+	}
+
+	return ld->ld_errno;
+}
+
+int
+ldap_create_assertion_control(
+	LDAP		*ld,
+	char		*assertion,
+	int		iscritical,
+	LDAPControl	**ctrlp )
+{
+	struct berval	value;
+
+	if ( ctrlp == NULL ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	ld->ld_errno = ldap_create_assertion_control_value( ld,
+		assertion, &value );
+	if ( ld->ld_errno == LDAP_SUCCESS ) {
+		ld->ld_errno = ldap_control_create( LDAP_CONTROL_ASSERT,
+			iscritical, &value, 0, ctrlp );
+		if ( ld->ld_errno != LDAP_SUCCESS ) {
+			LDAP_FREE( value.bv_val );
+		}
+	}
+
+	return ld->ld_errno;
+}
+

libraries/libldap_r/Makefile.in

@@ -28,7 +28,8 @@ XXSRCS    = apitest.c test.c \
 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
 	init.c options.c print.c string.c util-int.c schema.c \
 	charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
-	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c
+	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
+	assertion.c
 SRCS	= threads.c rdwr.c rmutex.c tpool.c rq.c \
 	thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
 	thr_pth.c thr_stub.c thr_debug.c
@@ -44,7 +45,8 @@ OBJS	= threads.lo rdwr.lo rmutex.lo tpool.lo  rq.lo \
 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
 	charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
-	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo
+	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
+	assertion.lo
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries