Ppolicy control should be sent with every request...

handle returns in ldappasswd(1) and ldapwhoami(1).  Likely needs to be
added to other ldap*(1) commands.

diff --git a/clients/tools/common.c b/clients/tools/common.c
index a881d6e52e7a2ca6609320807a947531644357a0..99f0807d2855c6c42459901faef358f9b331e1be 100644 (file)
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1279,7 +1279,7 @@ void
 tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
 {
        int i = 0, j, crit = 0, err;
-       LDAPControl c[10], **ctrls;
+       LDAPControl c[12], **ctrls;
 
        if ( ! ( assertctl
                || authzid
@@ -1289,6 +1289,9 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
                || manageDIT
                || manageDSAit
                || noop
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+               || ppolicy
+#endif
                || preread
                || postread
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -1391,6 +1394,16 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
                i++;
        }
 
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+       if ( ppolicy ) {
+               c[i].ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+               BER_BVZERO( &c[i].ldctl_value );
+               c[i].ldctl_iscritical = 0;
+               ctrls[i] = &c[i];
+               i++;
+       }
+#endif
+
        if ( preread ) {
                char berbuf[LBER_ELEMENT_SIZEOF];
                BerElement *ber = (BerElement *)berbuf;
@@ -1691,7 +1704,8 @@ print_ppolicy( LDAP *ld, LDAPControl *ctrl )
 
                if ( pperr != PP_noError ) {
                        ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
-                               "%serror=%s", ptr == buf ? "" : " ",
+                               "%serror=%d (%s)", ptr == buf ? "" : " ",
+                               pperr,
                                ldap_passwordpolicy_err2txt( pperr ) );
                }
 

diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
index 9e0cbbd206f92edb551ffe574f4b3421d76028d7..36b148de5b038ed6c86e9536b9aa062f111773fe 100644 (file)
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@@ -177,6 +177,7 @@ main( int argc, char *argv[] )
        char *matcheddn = NULL, *text = NULL, **refs = NULL;
        char    *retoid = NULL;
        struct berval *retdata = NULL;
+       LDAPControl **ctrls = NULL;
 
     tool_init( TOOL_PASSWD );
        prog = lutil_progname( "ldappasswd", argc, argv );
@@ -344,7 +345,7 @@ main( int argc, char *argv[] )
        }
 
        rc = ldap_parse_result( ld, res,
-               &code, &matcheddn, &text, &refs, NULL, 0 );
+               &code, &matcheddn, &text, &refs, &ctrls, 0 );
        if( rc != LDAP_SUCCESS ) {
                tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL );
                rc = EXIT_FAILURE;
@@ -386,7 +387,10 @@ main( int argc, char *argv[] )
                        " new password expected", NULL, NULL, NULL );
        }
 
-       if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
+skip:
+       if( verbose || code != LDAP_SUCCESS ||
+               matcheddn || text || refs || ctrls )
+       {
                printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
 
                if( text && *text ) {
@@ -403,6 +407,11 @@ main( int argc, char *argv[] )
                                printf(_("Referral: %s\n"), refs[i] );
                        }
                }
+
+               if( ctrls ) {
+                       tool_print_ctrls( ld, ctrls );
+                       ldap_controls_free( ctrls );
+               }
        }
 
        ber_memfree( text );

diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c
index 7d20097848df333638cd56b0770283e70c7f37b9..158f2a3206e6c407746c9a836237ff47aed8c342 100644 (file)
--- a/clients/tools/ldapwhoami.c
+++ b/clients/tools/ldapwhoami.c
@@ -118,6 +118,7 @@ main( int argc, char *argv[] )
        struct berval   *retdata = NULL;
        int             id, code = 0;
        LDAPMessage     *res;
+       LDAPControl     **ctrls = NULL;
 
        tool_init( TOOL_WHOAMI );
        prog = lutil_progname( "ldapwhoami", argc, argv );
@@ -186,7 +187,7 @@ main( int argc, char *argv[] )
        }
 
        rc = ldap_parse_result( ld, res,
-               &code, &matcheddn, &text, &refs, NULL, 0 );
+               &code, &matcheddn, &text, &refs, &ctrls, 0 );
 
        if ( rc == LDAP_SUCCESS ) {
                rc = code;
@@ -214,7 +215,10 @@ main( int argc, char *argv[] )
                }
        }
 
-       if( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs ) {
+skip:
+       if ( verbose || ( code != LDAP_SUCCESS ) ||
+               matcheddn || text || refs || ctrls )
+       {
                printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
 
                if( text && *text ) {
@@ -231,6 +235,11 @@ main( int argc, char *argv[] )
                                printf(_("Referral: %s\n"), refs[i] );
                        }
                }
+
+               if (ctrls) {
+                       tool_print_ctrls( ld, ctrls );
+                       ldap_controls_free( ctrls );
+               }
        }
 
        ber_memfree( text );
@@ -239,7 +248,6 @@ main( int argc, char *argv[] )
        ber_memfree( retoid );
        ber_bvfree( retdata );
 
-skip:
        /* disconnect from server */
        tool_unbind( ld );
        tool_destroy();