ldap_parse_passwordpolicy_control takes a single LDAPControl* arg now,

use ldap_find_control to find it. Added ldap_passwordpolicy_err2text().

diff --git a/include/ldap.h b/include/ldap.h
index 043cfb92639ed190b0976de9c92530432426e60c..00461e1829574d1d17c33fdb69e01827e29f646e 100644 (file)
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -1959,10 +1959,13 @@ ldap_create_passwordpolicy_control LDAP_P((
 LDAP_F( int )
 ldap_parse_passwordpolicy_control LDAP_P((
         LDAP *ld,
-        LDAPControl **ctrls,
+        LDAPControl *ctrl,
         int *expirep,
         int *gracep,
         LDAPPasswordPolicyError *errorp ));
 
+LDAP_F( const char * )
+ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
+
 LDAP_END_DECL
 #endif /* _LDAP_H */

diff --git a/libraries/libldap/ppcontrol.c b/libraries/libldap/ppcontrol.c
index 05d92a4af814eb6a4dcf7955e1d189b01c5e2a67..b9c5e15ce72bb4fa862922f6e5ddacccfb9da8a2 100644 (file)
--- a/libraries/libldap/ppcontrol.c
+++ b/libraries/libldap/ppcontrol.c
@@ -77,9 +77,9 @@ ldap_create_passwordpolicy_control( LDAP *ld,
 
    ld           (IN)   An LDAP session handle.
    
-   ctrls        (IN)   The address of a NULL-terminated array of 
-                                          LDAPControl structures, typically obtained 
-                                          by a call to ldap_parse_result().
+   ctrls        (IN)   The address of an
+                                          LDAPControl structure, typically obtained 
+                                          by a call to ldap_find_control().
 
    exptimep     (OUT)  This result parameter is filled in with the number of seconds before
                                            the password will expire, if expiration is imminent
@@ -115,13 +115,12 @@ ldap_create_passwordpolicy_control( LDAP *ld,
 int
 ldap_parse_passwordpolicy_control(
        LDAP           *ld,
-       LDAPControl    **ctrls,
+       LDAPControl    *ctrl,
         int            *expirep,
         int            *gracep,
         LDAPPasswordPolicyError *errorp )
 {
        BerElement  *ber;
-       LDAPControl *pControl;
        int i, exp = -1, grace = -1;
        ber_tag_t tag;
        ber_len_t berLen;
@@ -130,26 +129,10 @@ ldap_parse_passwordpolicy_control(
         
        assert( ld != NULL );
        assert( LDAP_VALID( ld ) );
+       assert( ctrl );
 
-       if (ctrls == NULL) {
-               ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
-               return(ld->ld_errno);
-       }
-
-       /* Search the list of control responses for a VLV control. */
-       for (i=0; ctrls[i]; i++) {
-               pControl = ctrls[i];
-               if (!strcmp(LDAP_CONTROL_PASSWORDPOLICYRESPONSE, pControl->ldctl_oid))
-                       goto foundPPControl;
-       }
-
-       /* No sort control was found. */
-       ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
-       return(ld->ld_errno);
-
-foundPPControl:
        /* Create a BerElement from the berval returned in the control. */
-       ber = ber_init(&pControl->ldctl_value);
+       ber = ber_init(&ctrl->ldctl_value);
 
        if (ber == NULL) {
                ld->ld_errno = LDAP_NO_MEMORY;
@@ -202,3 +185,21 @@ foundPPControl:
         ld->ld_errno = LDAP_DECODING_ERROR;
         return(ld->ld_errno);
 }
+
+const char *
+ldap_passwordpolicy_err2txt( LDAPPasswordPolicyError err )
+{
+       switch(err) {
+               case PP_passwordExpired: return "Password expired";
+               case PP_accountLocked: return "Account locked";
+               case PP_changeAfterReset: return "Password must be changed";
+               case PP_passwordModNotAllowed: return "Policy prevents password modification";
+               case PP_mustSupplyOldPassword: return "Policy requires old password in order to change password";
+               case PP_insufficientPasswordQuality: return "Password fails quality checks";
+               case PP_passwordTooShort: return "Password is too short for policy";
+               case PP_passwordTooYoung: return "Password has been changed too recently";
+               case PP_passwordInHistory: return "New password is in list of old passwords";
+               case PP_noError: return "No error";
+               default: return "Unknown error code";
+       }
+}