mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
151 lines
3.2 KiB
C
151 lines
3.2 KiB
C
/* $OpenLDAP$ */
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
*
|
|
* Copyright 1998-2010 The OpenLDAP Foundation.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
* Public License.
|
|
*
|
|
* A copy of this license is available in the file LICENSE in the
|
|
* top-level directory of the distribution or, alternatively, at
|
|
* <http://www.OpenLDAP.org/license.html>.
|
|
*/
|
|
/* ACKNOWLEDGEMENTS:
|
|
* This program was orignally developed by Kurt D. Zeilenga for inclusion in
|
|
* OpenLDAP Software.
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <stdio.h>
|
|
#include <ac/stdlib.h>
|
|
#include <ac/string.h>
|
|
#include <ac/time.h>
|
|
|
|
#include "ldap-int.h"
|
|
|
|
/*
|
|
* LDAP Verify Credentials
|
|
*/
|
|
|
|
int ldap_parse_verify_credentials(
|
|
LDAP *ld,
|
|
LDAPMessage *res,
|
|
struct berval **servercred,
|
|
struct berval **authzid)
|
|
{
|
|
int rc;
|
|
char *retoid = NULL;
|
|
struct berval *reqdata = NULL;
|
|
|
|
assert(ld != NULL);
|
|
assert(LDAP_VALID(ld));
|
|
assert(res != NULL);
|
|
assert(authzid != NULL);
|
|
|
|
*authzid = NULL;
|
|
|
|
rc = ldap_parse_extended_result(ld, res, &retoid, &reqdata, 0);
|
|
|
|
if( rc != LDAP_SUCCESS ) {
|
|
ldap_perror(ld, "ldap_parse_whoami");
|
|
return rc;
|
|
}
|
|
|
|
ber_memfree(retoid);
|
|
return rc;
|
|
}
|
|
|
|
int
|
|
ldap_verify_credentials(LDAP *ld,
|
|
struct berval *cookie,
|
|
LDAP_CONST char *dn,
|
|
LDAP_CONST char *mechanism,
|
|
struct berval *cred,
|
|
LDAPControl **sctrls,
|
|
LDAPControl **cctrls,
|
|
int *msgidp)
|
|
{
|
|
int rc;
|
|
BerElement *ber;
|
|
struct berval * reqdata;
|
|
|
|
assert(ld != NULL);
|
|
assert(LDAP_VALID(ld));
|
|
assert(msgidp != NULL);
|
|
|
|
ber = ber_alloc_t(LBER_USE_DER);
|
|
ber_printf(ber, "{");
|
|
if (dn == NULL) dn = "";
|
|
|
|
if (mechanism == LDAP_SASL_SIMPLE) {
|
|
assert(!cookie);
|
|
|
|
rc = ber_printf(ber, "{istON}",
|
|
3, dn, LDAP_AUTH_SIMPLE, cred);
|
|
|
|
} else {
|
|
if (!cred || BER_BVISNULL(cred)) {
|
|
if (cookie) {
|
|
rc = ber_printf(ber, "{t0ist{sN}N}",
|
|
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
|
|
3, dn, LDAP_AUTH_SASL, mechanism);
|
|
} else {
|
|
rc = ber_printf(ber, "{ist{sN}N}",
|
|
3, dn, LDAP_AUTH_SASL, mechanism);
|
|
}
|
|
} else {
|
|
if (cookie) {
|
|
rc = ber_printf(ber, "{tOist{sON}N}",
|
|
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
|
|
3, dn, LDAP_AUTH_SASL, mechanism, cred);
|
|
} else {
|
|
rc = ber_printf(ber, "{ist{sON}N}",
|
|
3, dn, LDAP_AUTH_SASL, mechanism, cred);
|
|
}
|
|
}
|
|
}
|
|
|
|
ber_flatten(ber, &reqdata);
|
|
|
|
rc = ldap_extended_operation(ld, LDAP_EXOP_VERIFY_CREDENTIALS,
|
|
reqdata, sctrls, cctrls, msgidp);
|
|
|
|
ber_free(ber, 1);
|
|
return rc;
|
|
}
|
|
|
|
int
|
|
ldap_verify_credentials_s(
|
|
LDAP *ld,
|
|
struct berval *cookie,
|
|
LDAP_CONST char *dn,
|
|
LDAP_CONST char *mechanism,
|
|
struct berval *cred,
|
|
LDAPControl **sctrls,
|
|
LDAPControl **cctrls,
|
|
struct berval **scred,
|
|
struct berval **authzid)
|
|
{
|
|
int rc;
|
|
int msgid;
|
|
LDAPMessage *res;
|
|
|
|
rc = ldap_verify_credentials(ld, cookie, dn, mechanism, cred, sctrls, cctrls, &msgid);
|
|
if (rc != LDAP_SUCCESS) return rc;
|
|
|
|
if (ldap_result(ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res) == -1 || !res) {
|
|
return ld->ld_errno;
|
|
}
|
|
|
|
rc = ldap_parse_verify_credentials(ld, res, scred, authzid);
|
|
if (rc != LDAP_SUCCESS) {
|
|
ldap_msgfree(res);
|
|
return rc;
|
|
}
|
|
|
|
return( ldap_result2error(ld, res, 1));
|
|
}
|