Misc vc updates

diff --git a/include/ldap.h b/include/ldap.h
index 8e7f796eb8021dcac28b6912ea00316004134c79..bdf4cd90e3941e7a6d6324d12e92e97b35588fa7 100644 (file)
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -388,7 +388,9 @@ typedef struct ldapcontrol {
 #define LDAP_EXOP_VERIFY_CREDENTIALS   "1.3.6.1.4.1.4203.666.6.5"
 #define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_VERIFY_CREDENTIALS
 
-#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE        ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE         ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS         ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID ((ber_tag_t) 0x82U)
 
 #define LDAP_EXOP_WHO_AM_I             "1.3.6.1.4.1.4203.1.11.3"               /* RFC 4532 */
 #define LDAP_EXOP_X_WHO_AM_I   LDAP_EXOP_WHO_AM_I
@@ -2244,6 +2246,7 @@ ldap_verify_credentials_s LDAP_P((
        struct berval   *cred,
        LDAPControl     **serverctrls,
        LDAPControl     **clientctrls,
+       struct berval   **scookie,
        struct berval   **servercredp,
        struct berval   **authzid ));
 

diff --git a/libraries/libldap/vc.c b/libraries/libldap/vc.c
index 9e51c60e818d85f221b147e140991d17b9dded41..ee369a1761d633714946c85a7412206c5be97cd8 100644 (file)
--- a/libraries/libldap/vc.c
+++ b/libraries/libldap/vc.c
@@ -45,6 +45,7 @@
  * VCRequest ::= SEQUENCE {
  *             Cookie [0] OCTET STRING OPTIONAL,
  *             serverSaslCreds [1] OCTET STRING OPTIONAL
+ *             authzid [2] OCTET STRING OPTIONAL
  * }
  *
  */
@@ -52,12 +53,13 @@
 int ldap_parse_verify_credentials(
        LDAP *ld,
        LDAPMessage *res,
-       struct berval **servercred,
+    struct berval **cookie,
+       struct berval **screds,
        struct berval **authzid)
 {
        int rc;
        char *retoid = NULL;
-       struct berval *reqdata = NULL;
+       struct berval *retdata = NULL;
 
        assert(ld != NULL);
        assert(LDAP_VALID(ld));
@@ -66,13 +68,44 @@ int ldap_parse_verify_credentials(
 
        *authzid = NULL;
 
-       rc = ldap_parse_extended_result(ld, res, &retoid, &reqdata, 0);
+       rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
 
        if( rc != LDAP_SUCCESS ) {
                ldap_perror(ld, "ldap_parse_whoami");
                return rc;
        }
 
+    if (retdata) {
+           ber_tag_t tag;
+               ber_len_t len;
+           BerElement * ber = ber_init(retdata);
+               if (!ber) {
+                   rc = ld->ld_errno = LDAP_NO_MEMORY;
+                       goto done;
+               }
+
+               ber_scanf(ber, "{" /*"}"*/);
+
+               tag = ber_peek_tag(ber, &len);
+               if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) {
+                       ber_scanf(ber, "O", cookie);
+                   tag = ber_peek_tag(ber, &len);
+               }
+
+               if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) {
+                       ber_scanf(ber, "O", screds);
+                   tag = ber_peek_tag(ber, &len);
+               }
+
+               if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID) {
+                       ber_scanf(ber, "O", authzid);
+               }
+
+           ber_free(ber, 1);
+    }
+
+done:
+       ber_bvfree(retdata);
        ber_memfree(retoid);
        return rc;
 }
@@ -145,6 +178,7 @@ ldap_verify_credentials_s(
        struct berval   *cred,
        LDAPControl             **sctrls,
        LDAPControl             **cctrls,
+       struct berval   **scookie,
        struct berval   **scred,
        struct berval   **authzid)
 {
@@ -159,7 +193,7 @@ ldap_verify_credentials_s(
                return ld->ld_errno;
        }
 
-       rc = ldap_parse_verify_credentials(ld, res, scred, authzid);
+       rc = ldap_parse_verify_credentials(ld, res, scookie, scred, authzid);
        if (rc != LDAP_SUCCESS) {
                ldap_msgfree(res);
                return rc;