summaryrefslogtreecommitdiffstats
path: root/ldap/c-sdk/libraries/libldap/authzidctrl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/c-sdk/libraries/libldap/authzidctrl.c')
-rw-r--r--ldap/c-sdk/libraries/libldap/authzidctrl.c157
1 files changed, 157 insertions, 0 deletions
diff --git a/ldap/c-sdk/libraries/libldap/authzidctrl.c b/ldap/c-sdk/libraries/libldap/authzidctrl.c
new file mode 100644
index 000000000..69b776cdc
--- /dev/null
+++ b/ldap/c-sdk/libraries/libldap/authzidctrl.c
@@ -0,0 +1,157 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Sun LDAP C SDK.
+ *
+ * The Initial Developer of the Original Code is Sun Microsystems, Inc.
+ *
+ * Portions created by Sun Microsystems, Inc are Copyright (C) 2005
+ * Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Contributor(s): abobrov@sun.com
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ldap-int.h"
+
+/* ldap_create_authzid_control:
+
+Parameters are
+
+ld LDAP pointer to the desired connection
+
+ctl_iscritical Indicates whether the control is critical of not.
+ If this field is non-zero, the operation will only be
+ carried out if the control is recognized by the server
+ and/or client
+
+ctrlp the address of a place to put the constructed control
+*/
+
+int
+LDAP_CALL
+ldap_create_authzid_control (
+ LDAP *ld,
+ const char ctl_iscritical,
+ LDAPControl **ctrlp
+ )
+{
+ int rc;
+
+ if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
+ return( LDAP_PARAM_ERROR );
+ }
+
+ if ( ctrlp == NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
+ return ( LDAP_PARAM_ERROR );
+ }
+
+ rc = nsldapi_build_control( LDAP_CONTROL_AUTHZID_REQ,
+ NULL, 0, ctl_iscritical, ctrlp );
+
+ LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
+ return( rc );
+}
+
+/* ldap_parse_authzid_control:
+
+Parameters are
+
+ld LDAP pointer to the desired connection
+
+ctrlp An array of controls obtained from calling
+ ldap_parse_result on the set of results
+ returned by the server
+
+authzid authorization identity, as defined in
+ RFC 2829, section 9.
+*/
+
+int
+LDAP_CALL
+ldap_parse_authzid_control (
+ LDAP *ld,
+ LDAPControl **ctrlp,
+ char **authzid
+ )
+{
+ int i, foundAUTHZIDControl;
+ char *authzidp = NULL;
+ LDAPControl *AUTHZIDCtrlp = NULL;
+
+ if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) ) {
+ return( LDAP_PARAM_ERROR );
+ }
+
+ /* find the control in the list of controls if it exists */
+ if ( ctrlp == NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
+ return ( LDAP_CONTROL_NOT_FOUND );
+ }
+ foundAUTHZIDControl = 0;
+ for ( i = 0; (( ctrlp[i] != NULL ) && ( !foundAUTHZIDControl )); i++ ) {
+ foundAUTHZIDControl = !strcmp( ctrlp[i]->ldctl_oid,
+ LDAP_CONTROL_AUTHZID_RES );
+ }
+
+ /*
+ * The control is only included in a bind response if the resultCode
+ * for the bind operation is success.
+ */
+ if ( !foundAUTHZIDControl ) {
+ LDAP_SET_LDERRNO( ld, LDAP_CONTROL_NOT_FOUND, NULL, NULL );
+ return ( LDAP_CONTROL_NOT_FOUND );
+ } else {
+ /* let local var point to the control */
+ AUTHZIDCtrlp = ctrlp[i-1];
+ }
+
+ /*
+ * If the bind request succeeded and resulted in an identity (not anonymous),
+ * the controlValue contains the authorization identity (authzid), as
+ * defined in [AUTH] section 9, granted to the requestor. If the bind
+ * request resulted in an anonymous association, the controlValue field
+ * is a string of zero length. If the bind request resulted in more
+ * than one authzid, the primary authzid is returned in the controlValue
+ * field.
+ */
+ if ( AUTHZIDCtrlp && AUTHZIDCtrlp->ldctl_value.bv_val &&
+ AUTHZIDCtrlp->ldctl_value.bv_len ) {
+ authzidp = ( (char *)NSLDAPI_MALLOC(
+ ( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) ) );
+ if ( authzidp == NULL ) {
+ LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
+ return( LDAP_NO_MEMORY );
+ }
+ STRLCPY( authzidp, AUTHZIDCtrlp->ldctl_value.bv_val,
+ ( AUTHZIDCtrlp->ldctl_value.bv_len + 1 ) );
+ *authzid = authzidp;
+ } else {
+ authzid = NULL;
+ }
+
+ return( LDAP_SUCCESS );
+}