diff options
Diffstat (limited to 'ldap/c-sdk/libldap/authzidctrl.c')
-rw-r--r-- | ldap/c-sdk/libldap/authzidctrl.c | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/ldap/c-sdk/libldap/authzidctrl.c b/ldap/c-sdk/libldap/authzidctrl.c new file mode 100644 index 000000000..69b776cdc --- /dev/null +++ b/ldap/c-sdk/libldap/authzidctrl.c @@ -0,0 +1,157 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Sun LDAP C SDK. + * + * The Initial Developer of the Original Code is Sun Microsystems, Inc. + * + * Portions created by Sun Microsystems, Inc are Copyright (C) 2005 + * Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): abobrov@sun.com + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "ldap-int.h" + +/* ldap_create_authzid_control: + +Parameters are + +ld LDAP pointer to the desired connection + +ctl_iscritical Indicates whether the control is critical of not. + If this field is non-zero, the operation will only be + carried out if the control is recognized by the server + and/or client + +ctrlp the address of a place to put the constructed control +*/ + +int +LDAP_CALL +ldap_create_authzid_control ( + LDAP *ld, + const char ctl_iscritical, + LDAPControl **ctrlp + ) +{ + int rc; + + if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { + return( LDAP_PARAM_ERROR ); + } + + if ( ctrlp == NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL ); + return ( LDAP_PARAM_ERROR ); + } + + rc = nsldapi_build_control( LDAP_CONTROL_AUTHZID_REQ, + NULL, 0, ctl_iscritical, ctrlp ); + + LDAP_SET_LDERRNO( ld, rc, NULL, NULL ); + return( rc ); +} + +/* ldap_parse_authzid_control: + +Parameters are + +ld LDAP pointer to the desired connection + +ctrlp An array of controls obtained from calling + ldap_parse_result on the set of results + returned by the server + +authzid authorization identity, as defined in + RFC 2829, section 9. +*/ + +int +LDAP_CALL +ldap_parse_authzid_control ( + LDAP *ld, + LDAPControl **ctrlp, + char **authzid + ) +{ + int i, foundAUTHZIDControl; + char *authzidp = NULL; + LDAPControl *AUTHZIDCtrlp = NULL; + + if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) { + return( LDAP_PARAM_ERROR ); + } + + /* find the control in the list of controls if it exists */ + if ( ctrlp == NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL ); + return ( LDAP_CONTROL_NOT_FOUND ); + } + foundAUTHZIDControl = 0; + for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundAUTHZIDControl )); i++ ) { + foundAUTHZIDControl = !strcmp( ctrlp[i]->ldctl_oid, + LDAP_CONTROL_AUTHZID_RES ); + } + + /* + * The control is only included in a bind response if the resultCode + * for the bind operation is success. + */ + if ( !foundAUTHZIDControl ) { + LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL ); + return ( LDAP_CONTROL_NOT_FOUND ); + } else { + /* let local var point to the control */ + AUTHZIDCtrlp = ctrlp[i-1]; + } + + /* + * If the bind request succeeded and resulted in an identity (not anonymous), + * the controlValue contains the authorization identity (authzid), as + * defined in [AUTH] section 9, granted to the requestor. If the bind + * request resulted in an anonymous association, the controlValue field + * is a string of zero length. If the bind request resulted in more + * than one authzid, the primary authzid is returned in the controlValue + * field. + */ + if ( AUTHZIDCtrlp && AUTHZIDCtrlp->ldctl_value.bv_val && + AUTHZIDCtrlp->ldctl_value.bv_len ) { + authzidp = ( (char *)NSLDAPI_MALLOC( + ( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) ) ); + if ( authzidp == NULL ) { + LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL ); + return( LDAP_NO_MEMORY ); + } + STRLCPY( authzidp, AUTHZIDCtrlp->ldctl_value.bv_val, + ( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) ); + *authzid = authzidp; + } else { + authzid = NULL; + } + + return( LDAP_SUCCESS ); +} |