#define LDAP_TAG_EXOP_REFRESH_REQ_TTL ((ber_tag_t) 0x81U)
#define LDAP_TAG_EXOP_REFRESH_RES_TTL ((ber_tag_t) 0x80U)
+#define LDAP_EXOP_VERIFY_CREDENTIALS "1.1.1"
+#define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_X_VERIFY_CREDENTIALS
+
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U)
+
#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */
#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
struct berval **contextp,
int *errcodep ));
+/*
+ * LDAP Verify Credentials
+ */
+#define LDAP_API_FEATURE_VERIFY_CREDENTIALS 1000
+
+LDAP_F( int )
+ldap_verify_credentials LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_verify_credentials_s LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ struct berval **servercredp,
+ struct berval **authzid ));
+
+LDAP_F( int )
+ldap_parse_verify_credentials_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **cookie,
+ struct berval **servercredp,
+ struct berval **authzid));
+
/*
* LDAP Who Am I?
* in whoami.c
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
sasl.c gssapi.c sbind.c unbind.c cancel.c \
- filter.c free.c sort.c passwd.c whoami.c \
+ filter.c free.c sort.c passwd.c whoami.c vc.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
- filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo vc.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
--- /dev/null
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2010 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was orignally developed by Kurt D. Zeilenga for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+/*
+ * LDAP Verify Credentials
+ */
+
+int ldap_parse_verify_credentials(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval **servercred,
+ struct berval **authzid )
+{
+ int rc;
+ char *retoid = NULL;
+ struct berval *reqdata = NULL;
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+ assert( authzid != NULL );
+
+ *authzid = NULL;
+
+ rc = ldap_parse_extended_result( ld, res, &retoid, &reqdata, 0 );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_parse_whoami" );
+ return rc;
+ }
+
+ ber_memfree( retoid );
+ return rc;
+}
+
+int
+ldap_verify_credentials( LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ int rc;
+ BerElement *ber;
+ struct berval * reqdata;
+
+ assert(ld != NULL);
+ assert(LDAP_VALID(ld));
+ assert(msgidp != NULL);
+
+ ber = ber_alloc_t(LBER_USE_DER);
+ ber_printf(ber, "{");
+ if (dn == NULL) dn = "";
+
+ if (mechanism == LDAP_SASL_SIMPLE) {
+ assert(!cookie);
+
+ rc = ber_printf(ber, "{istON}",
+ 3, dn, LDAP_AUTH_SIMPLE, cred);
+
+ } else {
+ if (!cred || BER_BVISNULL(cred)) {
+ if (cookie) {
+ rc = ber_printf(ber, "{t0ist{sN}N}",
+ LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
+ 3, dn, LDAP_AUTH_SASL, mechanism);
+ } else {
+ rc = ber_printf(ber, "{ist{sN}N}",
+ 3, dn, LDAP_AUTH_SASL, mechanism);
+ }
+ } else {
+ if (cookie) {
+ rc = ber_printf(ber, "{tOist{sON}N}",
+ LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
+ 3, dn, LDAP_AUTH_SASL, mechanism, cred);
+ } else {
+ rc = ber_printf(ber, "{ist{sON}N}",
+ 3, dn, LDAP_AUTH_SASL, mechanism, cred);
+ }
+ }
+ }
+
+ ber_flatten(ber, &reqdata);
+
+ rc = ldap_extended_operation(ld, LDAP_EXOP_VERIFY_CREDENTIALS,
+ reqdata, sctrls, cctrls, msgidp);
+
+ ber_free(ber, 1);
+ return rc;
+}
+
+int
+ldap_verify_credentials_s(
+ LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ struct berval **scred,
+ struct berval **authzid)
+{
+ int rc;
+ int msgid;
+ LDAPMessage *res;
+
+ rc = ldap_verify_credentials(ld, cookie, dn, mechanism, cred, sctrls, cctrls, &msgid);
+ if (rc != LDAP_SUCCESS) return rc;
+
+ if (ldap_result(ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res) == -1 || !res) {
+ return ld->ld_errno;
+ }
+
+ rc = ldap_parse_verify_credentials(ld, res, scred, authzid);
+ if (rc != LDAP_SUCCESS) {
+ ldap_msgfree(res);
+ return rc;
+ }
+
+ return( ldap_result2error(ld, res, 1));
+}
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
sasl.c gssapi.c sbind.c unbind.c cancel.c \
- filter.c free.c sort.c passwd.c whoami.c \
+ filter.c free.c sort.c passwd.c whoami.c vc.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
- filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ filter.lo free.lo sort.lo passwd.lo whoami.lo vc.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
projects / openldap / commitdiff