From: Kurt Zeilenga Date: Mon, 3 Jan 2011 22:05:23 +0000 (+0000) Subject: Remove authzid parameter from verify credential response. X-Git-Tag: MIGRATION_CVS2GIT~274 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=37dcb1d791fa8f67ab90a4e5a91d2741dd5ec047;p=openldap Remove authzid parameter from verify credential response. If client wants authzid, it can ask by adding an Authorization Identity Request inner control. --- diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c index c801cd1759..c6ca58578b 100644 --- a/clients/tools/ldapvc.c +++ b/clients/tools/ldapvc.c @@ -125,7 +125,6 @@ main( int argc, char *argv[] ) char * diag = NULL; struct berval *scookie = NULL; struct berval *scred = NULL; - struct berval *authzid = NULL; int id, code = 0; LDAPMessage *res; LDAPControl **ctrls = NULL; @@ -222,7 +221,7 @@ main( int argc, char *argv[] ) goto skip; } - rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, &authzid, NULL ); + rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, NULL ); ldap_msgfree(res); if( rc != LDAP_SUCCESS ) { @@ -233,14 +232,6 @@ main( int argc, char *argv[] ) if (!rcode) { printf(_("Failed: %s (%d)\n"), ldap_err2string(rcode), rcode); - } else { - if( authzid != NULL ) { - if( authzid->bv_len == 0 ) { - printf(_("anonymous\n") ); - } else { - printf("%s\n", authzid->bv_val ); - } - } } if (diag && *diag) { @@ -281,7 +272,7 @@ skip: ber_memvfree( (void **) refs ); ber_bvfree( scookie ); ber_bvfree( scred ); - ber_bvfree( authzid ); + ber_memfree( diag ); /* disconnect from server */ tool_unbind( ld ); diff --git a/include/ldap.h b/include/ldap.h index 458174c6bd..6081a2ee0f 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -390,7 +390,6 @@ typedef struct ldapcontrol { #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ((ber_tag_t) 0x81U) -#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID ((ber_tag_t) 0x82U) #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ((ber_tag_t) 0xa3U) /* context specific + constructed + 3 */ #define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */ @@ -2253,7 +2252,6 @@ ldap_verify_credentials_s LDAP_P(( char **diagmsgp, struct berval **scookie, struct berval **servercredp, - struct berval **authzid, LDAPControl ***vcoctrls)); @@ -2265,7 +2263,6 @@ ldap_parse_verify_credentials LDAP_P(( char **diagmsgp, struct berval **cookie, struct berval **servercredp, - struct berval **authzid, LDAPControl ***vcctrls)); /* diff --git a/libraries/libldap/vc.c b/libraries/libldap/vc.c index 1e13aa1185..50ce86e7a9 100644 --- a/libraries/libldap/vc.c +++ b/libraries/libldap/vc.c @@ -48,7 +48,6 @@ * diagnosticMessage LDAPString, * cookie [0] OCTET STRING OPTIONAL, * serverSaslCreds [1] OCTET STRING OPTIONAL - * authzid [2] OCTET STRING OPTIONAL * controls [3] Controls OPTIONAL * } * @@ -63,7 +62,6 @@ int ldap_parse_verify_credentials( char ** diagmsg, struct berval **cookie, struct berval **screds, - struct berval **authzid, LDAPControl ***ctrls) { int rc; @@ -73,9 +71,8 @@ int ldap_parse_verify_credentials( assert(ld != NULL); assert(LDAP_VALID(ld)); assert(res != NULL); - assert(authzid != NULL); - - *authzid = NULL; + assert(code != NULL); + assert(diagmsg != NULL); rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); @@ -108,10 +105,6 @@ int ldap_parse_verify_credentials( tag = ber_peek_tag(ber, &len); } - if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID) { - ber_scanf(ber, "O", authzid); - } - if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) { int nctrls = 0; char * opaque; @@ -284,7 +277,6 @@ ldap_verify_credentials_s( char **diagmsg, struct berval **scookie, struct berval **scred, - struct berval **authzid, LDAPControl ***vcoctrls) { int rc; @@ -298,7 +290,7 @@ ldap_verify_credentials_s( return ld->ld_errno; } - rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, authzid, vcoctrls); + rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, vcoctrls); if (rc != LDAP_SUCCESS) { ldap_msgfree(res); return rc;