From: Kurt Zeilenga Date: Wed, 15 Dec 2010 00:59:42 +0000 (+0000) Subject: Misc vc updates X-Git-Tag: MIGRATION_CVS2GIT~350 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6119ad729476ac1f4943f7848c0c88f367aff83a;p=openldap Misc vc updates --- diff --git a/include/ldap.h b/include/ldap.h index 8e7f796eb8..bdf4cd90e3 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -388,7 +388,9 @@ typedef struct ldapcontrol { #define LDAP_EXOP_VERIFY_CREDENTIALS "1.3.6.1.4.1.4203.666.6.5" #define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_VERIFY_CREDENTIALS -#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U) +#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U) +#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ((ber_tag_t) 0x81U) +#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID ((ber_tag_t) 0x82U) #define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */ #define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I @@ -2244,6 +2246,7 @@ ldap_verify_credentials_s LDAP_P(( struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, + struct berval **scookie, struct berval **servercredp, struct berval **authzid )); diff --git a/libraries/libldap/vc.c b/libraries/libldap/vc.c index 9e51c60e81..ee369a1761 100644 --- a/libraries/libldap/vc.c +++ b/libraries/libldap/vc.c @@ -45,6 +45,7 @@ * VCRequest ::= SEQUENCE { * Cookie [0] OCTET STRING OPTIONAL, * serverSaslCreds [1] OCTET STRING OPTIONAL + * authzid [2] OCTET STRING OPTIONAL * } * */ @@ -52,12 +53,13 @@ int ldap_parse_verify_credentials( LDAP *ld, LDAPMessage *res, - struct berval **servercred, + struct berval **cookie, + struct berval **screds, struct berval **authzid) { int rc; char *retoid = NULL; - struct berval *reqdata = NULL; + struct berval *retdata = NULL; assert(ld != NULL); assert(LDAP_VALID(ld)); @@ -66,13 +68,44 @@ int ldap_parse_verify_credentials( *authzid = NULL; - rc = ldap_parse_extended_result(ld, res, &retoid, &reqdata, 0); + rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); if( rc != LDAP_SUCCESS ) { ldap_perror(ld, "ldap_parse_whoami"); return rc; } + if (retdata) { + ber_tag_t tag; + ber_len_t len; + BerElement * ber = ber_init(retdata); + if (!ber) { + rc = ld->ld_errno = LDAP_NO_MEMORY; + goto done; + } + + ber_scanf(ber, "{" /*"}"*/); + + tag = ber_peek_tag(ber, &len); + if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) { + ber_scanf(ber, "O", cookie); + tag = ber_peek_tag(ber, &len); + } + + if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) { + ber_scanf(ber, "O", screds); + tag = ber_peek_tag(ber, &len); + } + + if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID) { + ber_scanf(ber, "O", authzid); + } + + ber_free(ber, 1); + } + +done: + ber_bvfree(retdata); ber_memfree(retoid); return rc; } @@ -145,6 +178,7 @@ ldap_verify_credentials_s( struct berval *cred, LDAPControl **sctrls, LDAPControl **cctrls, + struct berval **scookie, struct berval **scred, struct berval **authzid) { @@ -159,7 +193,7 @@ ldap_verify_credentials_s( return ld->ld_errno; } - rc = ldap_parse_verify_credentials(ld, res, scred, authzid); + rc = ldap_parse_verify_credentials(ld, res, scookie, scred, authzid); if (rc != LDAP_SUCCESS) { ldap_msgfree(res); return rc;