From: Kurt Zeilenga Date: Thu, 28 Nov 2002 02:26:55 +0000 (+0000) Subject: proxy authz control (client only) X-Git-Tag: NO_SLAP_OP_BLOCKS~762 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=235973571a2cfca652d7095f9658e8a8a2090480;p=openldap proxy authz control (client only) Misc control cleanups (client only) --- diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c index e1ed0f74c7..1dedf90ed5 100644 --- a/clients/tools/ldapcompare.c +++ b/clients/tools/ldapcompare.c @@ -49,6 +49,7 @@ usage( const char *s ) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -h host LDAP server\n" @@ -116,6 +117,7 @@ main( int argc, char **argv ) struct berval bvalue = { 0, NULL }; char *pw_file = NULL; char *control, *cvalue; + char *authzid = NULL; debug = verbose = not = referrals = noop = manageDSAit = want_bindpw = quiet = 0; @@ -196,7 +198,27 @@ main( int argc, char **argv ) *cvalue++ = '\0'; } - if ( strcasecmp( control, "manageDSAit" ) == 0 ) { + if ( strcasecmp( control, "authzid" ) == 0 ) { + if( authzid != NULL ) { + fprintf( stderr, "authzid control previously specified"); + return EXIT_FAILURE; + } + if( cvalue == NULL ) { + fprintf( stderr, "authzid: control value expected" ); + usage(prog); + return EXIT_FAILURE; + } + if( !crit ) { + fprintf( stderr, "authzid: must be marked critical" ); + usage(prog); + return EXIT_FAILURE; + } + + assert( authzid == NULL ); + authzid = control; + break; + + } else if ( strcasecmp( control, "manageDSAit" ) == 0 ) { if( manageDSAit ) { fprintf( stderr, "manageDSAit control previously specified"); return EXIT_FAILURE; @@ -208,7 +230,6 @@ main( int argc, char **argv ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -223,7 +244,6 @@ main( int argc, char **argv ) } noop = 1 + crit; - free( control ); break; } else { @@ -737,37 +757,50 @@ main( int argc, char **argv ) } } - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; - - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index bc9d057dda..fe0e33f808 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -63,6 +63,7 @@ usage( const char *s ) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" @@ -101,6 +102,7 @@ main( int argc, char **argv ) int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit, noop, crit; char *pw_file; char *control, *cvalue; + char *authzid = NULL; not = verbose = contoper = want_bindpw = debug = manageDSAit = noop = referrals = 0; @@ -207,7 +209,6 @@ main( int argc, char **argv ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -222,7 +223,6 @@ main( int argc, char **argv ) } noop = 1 + crit; - free( control ); break; } else { @@ -702,37 +702,50 @@ main( int argc, char **argv ) } } - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index 6f2efb8782..adf0403306 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -118,6 +118,7 @@ usage( const char *prog ) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" @@ -159,6 +160,7 @@ main( int argc, char **argv ) int count, len; char *pw_file = NULL; char *control, *cvalue; + char *authzid = NULL; int crit; prog = lutil_progname( "ldapmodify", argc, argv ); @@ -271,7 +273,6 @@ main( int argc, char **argv ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -286,7 +287,6 @@ main( int argc, char **argv ) } noop = 1 + crit; - free( control ); break; } else { @@ -796,37 +796,50 @@ main( int argc, char **argv ) rc = 0; - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index cc36d120c0..60fd986adb 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -77,6 +77,7 @@ usage( const char *s ) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" @@ -116,6 +117,7 @@ main(int argc, char **argv) char *newSuperior=NULL; char *pw_file = NULL; char *control, *cvalue; + char *authzid = NULL; infile = NULL; not = contoper = verbose = remove = want_bindpw = @@ -227,7 +229,6 @@ main(int argc, char **argv) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -242,7 +243,6 @@ main(int argc, char **argv) } noop = 1 + crit; - free( control ); break; } else { @@ -737,37 +737,50 @@ main(int argc, char **argv) } } - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index d2ad739ec2..4d3bfb29fc 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -41,6 +41,7 @@ usage(const char *s) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" @@ -94,6 +95,8 @@ main( int argc, char *argv[] ) int noop = 0; int crit; char *control, *cvalue; + char *authzid = NULL; + #ifdef HAVE_CYRUS_SASL unsigned sasl_flags = LDAP_SASL_AUTOMATIC; char *sasl_realm = NULL; @@ -102,6 +105,7 @@ main( int argc, char *argv[] ) char *sasl_mech = NULL; char *sasl_secprops = NULL; #endif + int use_tls = 0; int referrals = 0; LDAP *ld = NULL; @@ -225,7 +229,6 @@ main( int argc, char *argv[] ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -236,7 +239,6 @@ main( int argc, char *argv[] ) } noop = 1 + crit; - free( control ); break; } else { @@ -733,37 +735,50 @@ main( int argc, char *argv[] ) } } - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 0c8f1126cf..6d15747cf8 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -58,7 +58,7 @@ usage( const char *s ) " [!]mv= (matched values filter)\n" #ifdef LDAP_CONTROL_PAGEDRESULTS " [!]pr= (paged results)\n" -#endif /* LDAP_CONTROL_PAGEDRESULTS */ +#endif #ifdef LDAP_CONTROL_SUBENTRIES " [!]subentries[=true|false] (subentries)\n" #endif @@ -80,7 +80,8 @@ usage( const char *s ) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" -" [!]manageDSAit (alternate form, see -M)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" +" [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" " -h host LDAP server\n" @@ -153,13 +154,6 @@ static int dosearch LDAP_P(( struct timeval *timeout, int sizelimit )); -#ifdef LDAP_CONTROL_PAGEDRESULTS -static int parse_page_control( - LDAP *ld, - LDAPMessage *result, - struct berval *cookie ); -#endif /* LDAP_CONTROL_PAGEDRESULTS */ - static char *tmpdir = NULL; static char *urlpre = NULL; static char *prog = NULL; @@ -180,9 +174,10 @@ static char *sasl_secprops = NULL; static int use_tls = 0; static char *sortattr = NULL; static int verbose, not, includeufn, vals2tmp, ldif; + #ifdef LDAP_CONTROL_PAGEDRESULTS -static int pageSize = 0; -static ber_int_t searchControlSize = 0; +static int pagedResults = 0; +static ber_int_t pageSize = 0; static ber_int_t entriesLeft = 0; static ber_int_t morePagedResults = 1; static struct berval cookie = { 0, NULL }; @@ -191,6 +186,11 @@ static int npagedentries; static int npagedreferences; static int npagedextended; static int npagedpartial; + +static int parse_page_control( + LDAP *ld, + LDAPMessage *result, + struct berval *cookie ); #endif /* LDAP_CONTROL_PAGEDRESULTS */ static void @@ -217,13 +217,14 @@ main( int argc, char **argv ) LDAP *ld = NULL; int subentries, valuesReturnFilter; BerElement *ber = NULL; - struct berval *bvalp = NULL; - char *vrFilter = NULL, *control = NULL, *cvalue; + struct berval *sebvalp = NULL, *vrbvalp = NULL; + char *vrFilter = NULL; + char *control = NULL, *cvalue; char *pw_file = NULL; + char *authzid = NULL; #ifdef LDAP_CONTROL_PAGEDRESULTS - BerElement *pageber = NULL; - struct berval *bvalptr = NULL; - int num = 0, searchControlCrit = 0; + struct berval *prbvalp = NULL; + int num = 0; #endif /* LDAP_CONTROL_PAGEDRESULTS */ @@ -336,20 +337,21 @@ main( int argc, char **argv ) #ifdef LDAP_CONTROL_PAGEDRESULTS } else if ( strcasecmp( control, "pr" ) == 0 ) { + int tmp; /* PagedResults control */ - if ( pageSize != 0 ) { + if ( pagedResults != 0 ) { fprintf( stderr, "PagedResultsControl previously specified" ); return EXIT_FAILURE; } - num = sscanf( cvalue, "%d", &pageSize ); + num = sscanf( cvalue, "%d", &tmp ); if ( num != 1 ) { fprintf( stderr, "Invalid value for PagedResultsControl, %s.\n", cvalue); return EXIT_FAILURE; } - searchControlSize = (ber_int_t)pageSize; - searchControlCrit = crit; + pageSize = (ber_int_t) tmp; + pagedResults = 1 + crit; break; #endif /* LDAP_CONTROL_PAGEDRESULTS */ @@ -476,7 +478,6 @@ main( int argc, char **argv ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -491,7 +492,6 @@ main( int argc, char **argv ) } noop = 1 + crit; - free( control ); break; } else { @@ -1026,53 +1026,52 @@ main( int argc, char **argv ) #ifdef LDAP_CONTROL_PAGEDRESULTS getNextPage: - if ( manageDSAit || noop || valuesReturnFilter || pageSize ) { - int critical = 0; -#else /* !LDAP_CONTROL_PAGEDRESULTS */ - if ( manageDSAit || noop || valuesReturnFilter ) { -#endif /* !LDAP_CONTROL_PAGEDRESULTS */ + if ( manageDSAit || noop || subentries || valuesReturnFilter || pageSize ) +#else + if ( manageDSAit || noop || subentries || valuesReturnFilter ) +#endif + { int err; int i=0; - LDAPControl c1,c2,c3,c4,c5; - LDAPControl *ctrls[6]; + int crit = 0; + LDAPControl c[6]; + LDAPControl *ctrls[7]; + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } + if ( manageDSAit ) { - ctrls[i++]=&c1; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; -#ifdef LDAP_CONTROL_PAGEDRESULTS - if ( c1.ldctl_iscritical ) critical = 1; -#endif /* LDAP_CONTROL_PAGEDRESULTS */ + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; -#ifdef LDAP_CONTROL_PAGEDRESULTS - if ( c2.ldctl_iscritical ) critical = 1; -#endif /* LDAP_CONTROL_PAGEDRESULTS */ + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } #ifdef LDAP_CONTROL_SUBENTRIES if ( subentries ) { - ctrls[i++]=&c3; - ctrls[i] = NULL; - - c3.ldctl_oid = LDAP_CONTROL_SUBENTRIES; - c3.ldctl_iscritical = subentries < 1; -#ifdef LDAP_CONTROL_PAGEDRESULTS - if ( c3.ldctl_iscritical ) critical = 1; -#endif /* LDAP_CONTROL_PAGEDRESULTS */ - if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) { return EXIT_FAILURE; } @@ -1084,24 +1083,21 @@ getNextPage: return EXIT_FAILURE; } - if ( ber_flatten( ber, &bvalp ) == LBER_ERROR ) { + if ( ber_flatten( ber, &sebvalp ) == LBER_ERROR ) { return EXIT_FAILURE; } - c3.ldctl_value=(*bvalp); + c[i].ldctl_oid = LDAP_CONTROL_SUBENTRIES; + c[i].ldctl_value=(*sebvalp); + c[i].ldctl_iscritical = subentries < 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } #endif if ( valuesReturnFilter ) { - ctrls[i++]=&c4; - ctrls[i] = NULL; - - c4.ldctl_oid = LDAP_CONTROL_VALUESRETURNFILTER; - c4.ldctl_iscritical = valuesReturnFilter > 1; -#ifdef LDAP_CONTROL_PAGEDRESULTS - if ( c4.ldctl_iscritical ) critical = 1; -#endif /* LDAP_CONTROL_PAGEDRESULTS */ - if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) { return EXIT_FAILURE; } @@ -1112,62 +1108,59 @@ getNextPage: return EXIT_FAILURE; } - if ( ber_flatten( ber, &bvalp ) == LBER_ERROR ) { + if ( ber_flatten( ber, &vrbvalp ) == LBER_ERROR ) { return EXIT_FAILURE; } - c4.ldctl_value=(*bvalp); + ber_free( ber, 1 ); + + c[i].ldctl_oid = LDAP_CONTROL_VALUESRETURNFILTER; + c[i].ldctl_value=(*vrbvalp); + c[i].ldctl_iscritical = valuesReturnFilter > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } #ifdef LDAP_CONTROL_PAGEDRESULTS - if ( pageSize ) { - if (( pageber = ber_alloc_t(LBER_USE_DER)) == NULL ) { + if ( pagedResults ) { + if (( ber = ber_alloc_t(LBER_USE_DER)) == NULL ) { return EXIT_FAILURE; } - ber_printf( pageber, "{iO}", searchControlSize, &cookie ); - if ( ber_flatten( pageber, &bvalptr ) == LBER_ERROR) { + ber_printf( ber, "{iO}", pageSize, &cookie ); + if ( ber_flatten( ber, &prbvalp ) == LBER_ERROR ) { return EXIT_FAILURE; } - ctrls[i++]=&c5; - ctrls[i] = NULL; + ber_free( ber, 1 ); - c5.ldctl_oid = LDAP_CONTROL_PAGEDRESULTS; - c5.ldctl_value = ( *bvalptr ); - c5.ldctl_iscritical = searchControlCrit; - if ( c5.ldctl_iscritical ) critical = 1; + c[i].ldctl_oid = LDAP_CONTROL_PAGEDRESULTS; + c[i].ldctl_value=(*prbvalp); + c[i].ldctl_iscritical = pagedResults > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } #endif /* LDAP_CONTROL_PAGEDRESULTS */ err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); - ber_bvfree(bvalp); - ber_free( ber, 1 ); -#ifdef LDAP_CONTROL_PAGEDRESULTS - ber_free( pageber, 1 ); - ber_bvfree( bvalptr ); -#endif /* LDAP_CONTROL_PAGEDRESULTS */ - -#ifdef LDAP_CONTROL_PAGEDRESULTS - if( err != LDAP_OPT_SUCCESS ) { - if ( critical ) { - fprintf( stderr, "Could not set controls\n"); - return EXIT_FAILURE; - } else { - fprintf( stderr, "Could not set critical controls\n" ); - } - } -#else /* !LDAP_CONTROL_PAGEDRESULTS */ if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if( crit ) { return EXIT_FAILURE; } } -#endif /* !LDAP_CONTROL_PAGEDRESULTS */ + + ber_bvfree( sebvalp ); + ber_bvfree( vrbvalp ); +#ifdef LDAP_CONTROL_PAGEDRESULTS + ber_bvfree( prbvalp ); +#endif /* LDAP_CONTROL_PAGEDRESULTS */ } if ( verbose ) { @@ -1230,8 +1223,8 @@ getNextPage: } if ( pageSize ) { printf("\n# with pagedResults %scontrol: size=%d", - searchControlCrit ? "critical " : "", - searchControlSize ); + (pagedResults > 1) ? "critical " : "", + pageSize ); } printf( "\n#\n\n" ); @@ -1271,7 +1264,7 @@ getNextPage: printf( "Estimate entries: %d\n", entriesLeft ); } printf( "Press [size] Enter for the next {%d|size} entries.\n", - (int)searchControlSize ); + (int)pageSize ); i = 0; moreEntries = getchar(); while ( moreEntries != EOF && moreEntries != '\n' ) { @@ -1290,7 +1283,7 @@ getNextPage: return EXIT_FAILURE; } - searchControlSize = (ber_int_t)tmpSize; + pageSize = (ber_int_t)tmpSize; } goto getNextPage; @@ -1429,15 +1422,7 @@ static int dosearch( done: #ifdef LDAP_CONTROL_PAGEDRESULTS - if ( pageSize == 0 ) { - if ( ldif < 2 ) { - printf( "\n# numResponses: %d\n", nresponses ); - if( nentries ) printf( "# numEntries: %d\n", nentries ); - if( nextended ) printf( "# numExtended: %d\n", nextended ); - if( npartial ) printf( "# numPartial: %d\n", npartial ); - if( nreferences ) printf( "# numReferences: %d\n", nreferences ); - } - } else { + if ( pageSize != 0 ) { npagedresponses = npagedresponses + nresponses; npagedentries = npagedentries + nentries; npagedreferences = npagedreferences + nreferences; @@ -1450,8 +1435,8 @@ done: if( npartial ) printf( "# numPartial: %d\n", npagedpartial ); if( nreferences ) printf( "# numReferences: %d\n", npagedreferences ); } - } -#else /* !LDAP_CONTROL_PAGEDRESULTS */ + } else +#endif /* LDAP_CONTROL_PAGEDRESULTS */ if ( ldif < 2 ) { printf( "\n# numResponses: %d\n", nresponses ); if( nentries ) printf( "# numEntries: %d\n", nentries ); @@ -1459,12 +1444,11 @@ done: if( npartial ) printf( "# numPartial: %d\n", npartial ); if( nreferences ) printf( "# numReferences: %d\n", nreferences ); } -#endif /* LDAP_CONTROL_PAGEDRESULTS */ return( rc ); } -#if 1 +#if 0 /* This is the original version, the old way of doing things. */ static void print_entry( @@ -1574,7 +1558,7 @@ print_entry( } #else /* This is the proposed new way of doing things. - * It is more * efficient, but the API is non-standard. + * It is more efficient, but the API is non-standard. */ static void print_entry( @@ -2019,4 +2003,3 @@ parse_page_control( return err; } #endif /* LDAP_CONTROL_PAGEDRESULTS */ - diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c index 054ef2caee..7cdbe998bd 100644 --- a/clients/tools/ldapwhoami.c +++ b/clients/tools/ldapwhoami.c @@ -35,6 +35,7 @@ usage(const char *s) " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" " -e [!][=] general controls (! indicates criticality)\n" +" [!]authzid= (\"dn:\" or \"u:\")\n" " [!]manageDSAit (alternate form, see -M)\n" " [!]noop\n" " -f file read operations from `file'\n" @@ -95,6 +96,7 @@ main( int argc, char *argv[] ) LDAP *ld = NULL; int manageDSAit=0; int noop=0; + char *authzid = NULL; char *control, *cvalue; int crit; @@ -185,7 +187,6 @@ main( int argc, char *argv[] ) } manageDSAit = 1 + crit; - free( control ); break; } else if ( strcasecmp( control, "noop" ) == 0 ) { @@ -200,7 +201,6 @@ main( int argc, char *argv[] ) } noop = 1 + crit; - free( control ); break; } else { @@ -671,42 +671,59 @@ main( int argc, char *argv[] ) goto skip; } - if ( manageDSAit || noop ) { - int err, i = 0; - LDAPControl c1, c2; - LDAPControl *ctrls[3]; + if ( authzid || manageDSAit || noop ) { + int err, crit=0, i=0; + LDAPControl c[3]; + LDAPControl *ctrls[4]; + + if ( authzid ) { + c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; + c[i].ldctl_value.bv_val = authzid; + c[i].ldctl_value.bv_len = strlen( authzid ); + c[i].ldctl_iscritical = 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; + } if ( manageDSAit ) { - ctrls[i++] = &c1; - ctrls[i] = NULL; - c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c1.ldctl_value.bv_val = NULL; - c1.ldctl_value.bv_len = 0; - c1.ldctl_iscritical = manageDSAit > 1; + c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = manageDSAit > 1; + + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } if ( noop ) { - ctrls[i++] = &c2; - ctrls[i] = NULL; + c[i].ldctl_oid = LDAP_CONTROL_NOOP; + c[i].ldctl_value.bv_val = NULL; + c[i].ldctl_value.bv_len = 0; + c[i].ldctl_iscritical = noop > 1; - c2.ldctl_oid = LDAP_CONTROL_NOOP; - c2.ldctl_value.bv_val = NULL; - c2.ldctl_value.bv_len = 0; - c2.ldctl_iscritical = noop > 1; + if( c[i].ldctl_iscritical ) crit++; + ctrls[i] = &c[i]; + ctrls[++i] = NULL; } err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set %scontrols\n", - (c1.ldctl_iscritical || c2.ldctl_iscritical) - ? "critical " : "" ); - if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + crit ? "critical " : "" ); + if ( crit ) { return EXIT_FAILURE; } } } +#if 1 + rc = ldap_whoami_s( ld, &retdata, NULL, NULL ); + +#else rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I, NULL, NULL, NULL, &id ); @@ -731,6 +748,7 @@ main( int argc, char *argv[] ) } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); +#endif if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); diff --git a/include/ldap.h b/include/ldap.h index d2dd256d2c..e8b63f48c4 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -189,6 +189,7 @@ typedef struct ldapcontrol { #define LDAP_CHASE_EXTERNAL_REFERRALS 0x0040U #endif +#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" #define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" #define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" #define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2" @@ -231,6 +232,7 @@ typedef struct ldapcontrol { #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U) +#define LDAP_EXOP_X_CANCEL "1.3.6.1.4.1.4203.666.6.3" #define LDAP_EXOP_X_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* LDAP Features */ @@ -864,6 +866,24 @@ LDAP_F( void ) ldap_uncache_request LDAP_P(( LDAP *ld, int msgid )); +/* + * LDAP Cancel Extended Operation + */ + +LDAP_F( int ) +ldap_cancel LDAP_P(( LDAP *ld, + int cancelid, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp )); + +LDAP_F( int ) +ldap_cancel_s LDAP_P(( + LDAP *ld, + int cancelid, + LDAPControl **sctrl, + LDAPControl **cctrl )); + /* * in compare.c: */ @@ -1643,6 +1663,28 @@ ldap_parse_vlv_control LDAP_P(( struct berval **contextp, int *errcodep )); +/* + * LDAP Who Am I? (whoami.c) + */ + +LDAP_F( int ) +ldap_parse_whoami LDAP_P(( + LDAP *ld, + LDAPMessage *res, + struct berval **authzid )); + +LDAP_F( int ) +ldap_whoami LDAP_P(( LDAP *ld, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp )); + +LDAP_F( int ) +ldap_whoami_s LDAP_P(( + LDAP *ld, + struct berval **authzid, + LDAPControl **sctrls, + LDAPControl **cctrls )); LDAP_END_DECL #endif /* _LDAP_H */ diff --git a/libraries/liblber/decode.c b/libraries/liblber/decode.c index e69bb496fa..411bb6eeb4 100644 --- a/libraries/liblber/decode.c +++ b/libraries/liblber/decode.c @@ -619,13 +619,6 @@ ber_scanf ( BerElement *ber, va_list ap; LDAP_CONST char *fmt_reset; char *s, **ss; -#ifdef TMP_SLOTS - char *last; - char ***sss; - ber_tag_t tag; - struct berval ***bv; - int j; -#endif struct berval **bvp, *bval; ber_int_t *i; ber_len_t *l; diff --git a/libraries/libldap/libldap.dsp b/libraries/libldap/libldap.dsp index 9bae2d963e..c457cd9c1c 100644 --- a/libraries/libldap/libldap.dsp +++ b/libraries/libldap/libldap.dsp @@ -147,6 +147,10 @@ SOURCE=.\cache.c # End Source File # Begin Source File +SOURCE=.\cancel.c +# End Source File +# Begin Source File + SOURCE=.\charray.c # End Source File # Begin Source File @@ -283,6 +287,10 @@ SOURCE=".\os-ip.c" # End Source File # Begin Source File +SOURCE=.\passwd.c +# End Source File +# Begin Source File + SOURCE=..\..\include\portable.h # End Source File # Begin Source File @@ -357,5 +365,9 @@ SOURCE=".\util-int.c" SOURCE=.\vlvctrl.c # End Source File +# Begin Source File + +SOURCE=.\whoami.c +# End Source File # End Target # End Project diff --git a/libraries/libldap/passwd.c b/libraries/libldap/passwd.c new file mode 100644 index 0000000000..d2d32b58a5 --- /dev/null +++ b/libraries/libldap/passwd.c @@ -0,0 +1,151 @@ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" + +#include +#include +#include +#include + +#include "ldap-int.h" + +/* + * LDAP Password Modify (Extended) Operation + */ + +int ldap_parse_passwd( + LDAP *ld, + LDAPMessage *res, + struct berval **newpasswd ) +{ + int rc; + char *retoid = NULL; + struct berval *retdata; + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( res != NULL ); + assert( newpasswd != NULL ); + + *newpasswd = NULL; + + rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if( retdata != NULL ) { + ber_tag_t tag; + BerElement *ber = ber_init( retdata ); + + if( ber == NULL ) { + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } + + /* we should check the tag */ + tag = ber_scanf( ber, "{o}", newpasswd ); + ber_free( ber, 1 ); + + if( tag == -1 ) { + rc = ld->ld_errno = LDAP_DECODING_ERROR; + } + } + + ber_memfree( retoid ); + return rc; +} + +int +ldap_passwd( LDAP *ld, + struct berval *user, + struct berval *oldpw, + struct berval *newpw, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp ) +{ + int rc; + struct berval *bv = NULL; + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( msgidp != NULL ); + + if( user != NULL || oldpw != NULL || newpw != NULL ) { + /* build change password control */ + BerElement *ber = ber_alloc_t( LBER_USE_DER ); + + if( ber == NULL ) { + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } + + ber_printf( ber, "{" /*}*/ ); + + if( user != NULL ) { + ber_printf( ber, "ts", + LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); + } + + if( oldpw != NULL ) { + ber_printf( ber, "ts", + LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw ); + } + + if( newpw != NULL ) { + ber_printf( ber, "ts", + LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw ); + } + + ber_printf( ber, /*{*/ "N}" ); + + rc = ber_flatten( ber, &bv ); + + ber_free( ber, 1 ); + + if( rc < 0 ) { + ld->ld_errno = LDAP_ENCODING_ERROR; + return ld->ld_errno; + } + + } + + rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, + bv, sctrls, cctrls, msgidp ); + + return rc; +} + +int +ldap_passwd_s( + LDAP *ld, + struct berval *user, + struct berval *oldpw, + struct berval *newpw, + struct berval **newpasswd, + LDAPControl **sctrls, + LDAPControl **cctrls ) +{ + int rc; + int msgid; + LDAPMessage *res; + + rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid ); + if ( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) { + return ld->ld_errno; + } + + rc = ldap_parse_passwd( ld, res, newpasswd ); + ldap_msgfree( res ); + return rc; +} diff --git a/libraries/libldap/whoami.c b/libraries/libldap/whoami.c new file mode 100644 index 0000000000..3ad13869c9 --- /dev/null +++ b/libraries/libldap/whoami.c @@ -0,0 +1,85 @@ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" + +#include +#include +#include +#include + +#include "ldap-int.h" + +/* + * LDAP Who Am I? (Extended) Operation + */ + +int ldap_parse_whoami( + LDAP *ld, + LDAPMessage *res, + struct berval **authzid ) +{ + int rc; + char *retoid = NULL; + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( res != NULL ); + assert( authzid != NULL ); + + *authzid = NULL; + + rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_parse_whoami" ); + return rc; + } + + ber_memfree( retoid ); + return rc; +} + +int +ldap_whoami( LDAP *ld, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp ) +{ + int rc; + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( msgidp != NULL ); + + rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I, + NULL, sctrls, cctrls, msgidp ); + + return rc; +} + +int +ldap_whoami_s( + LDAP *ld, + struct berval **authzid, + LDAPControl **sctrls, + LDAPControl **cctrls ) +{ + int rc; + int msgid; + LDAPMessage *res; + + rc = ldap_whoami( ld, sctrls, cctrls, &msgid ); + if ( rc != LDAP_SUCCESS ) return rc; + + if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) { + return ld->ld_errno; + } + + rc = ldap_parse_whoami( ld, res, authzid ); + ldap_msgfree( res ); + return rc; +}