From: Pierangelo Masarati Date: Sat, 14 Jun 2008 17:49:47 +0000 (+0000) Subject: add client API for assertion control (ITS#5560) X-Git-Tag: LOCKER_IDS~105 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=7e3c9a07e913ca4e2461c253a633944d0274c0df;p=openldap add client API for assertion control (ITS#5560) --- diff --git a/clients/tools/common.c b/clients/tools/common.c index 16293de9c0..c5e3e9db42 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -93,6 +93,7 @@ char *sasl_secprops = NULL; /* controls */ int assertctl; char *assertion = NULL; +struct berval assertionvalue = BER_BVNULL; char *authzid = NULL; /* support deprecated early version of proxyAuthz */ #define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ "2.16.840.1.113730.3.4.12" @@ -1485,29 +1486,18 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) } if ( assertctl ) { - BerElementBuffer berbuf; - BerElement *ber = (BerElement *)&berbuf; - - if( assertion == NULL || *assertion == '\0' ) { - fprintf( stderr, "Assertion=\n" ); - exit( EXIT_FAILURE ); - } - - ber_init2( ber, NULL, LBER_USE_DER ); - - err = ldap_pvt_put_filter( ber, assertion ); - if( err < 0 ) { - fprintf( stderr, "assertion encode failed (%d)\n", err ); - exit( EXIT_FAILURE ); - } - - err = ber_flatten2( ber, &c[i].ldctl_value, 0 ); - if( err < 0 ) { - fprintf( stderr, "assertion flatten failed (%d)\n", err ); - exit( EXIT_FAILURE ); + if ( BER_BVISNULL( &assertionvalue ) ) { + err = ldap_create_assertion_control_value( ld, + assertion, &assertionvalue ); + if ( err ) { + fprintf( stderr, + "Unable to create assertion value " + "\"%s\" (%d)\n", assertion, err ); + } } c[i].ldctl_oid = LDAP_CONTROL_ASSERT; + c[i].ldctl_value = assertionvalue; c[i].ldctl_iscritical = assertctl > 1; ctrls[i] = &c[i]; i++; diff --git a/include/ldap.h b/include/ldap.h index db4500d694..fe2934366b 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -2343,5 +2343,21 @@ ldap_parse_session_tracking_control LDAP_P(( #endif /* LDAP_CONTROL_X_SESSION_TRACKING */ +/* + * in assertion.c + */ +LDAP_F (int) +ldap_create_assertion_control_value LDAP_P(( + LDAP *ld, + char *assertion, + struct berval *value )); + +LDAP_F( int ) +ldap_create_assertion_control LDAP_P(( + LDAP *ld, + char *filter, + int iscritical, + LDAPControl **ctrlp )); + LDAP_END_DECL #endif /* _LDAP_H */ diff --git a/libraries/libldap/Makefile.in b/libraries/libldap/Makefile.in index 2f9e76f547..e0d0aabe2c 100644 --- a/libraries/libldap/Makefile.in +++ b/libraries/libldap/Makefile.in @@ -26,7 +26,8 @@ SRCS = bind.c open.c result.c error.c compare.c search.c \ request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ init.c options.c print.c string.c util-int.c schema.c \ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ - turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c + turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ + assertion.c OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ controls.lo messages.lo references.lo extended.lo cyrus.lo \ @@ -37,7 +38,8 @@ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ init.lo options.lo print.lo string.lo util-int.lo schema.lo \ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ - turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo + turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ + assertion.lo LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries diff --git a/libraries/libldap/assertion.c b/libraries/libldap/assertion.c new file mode 100644 index 0000000000..22289988be --- /dev/null +++ b/libraries/libldap/assertion.c @@ -0,0 +1,98 @@ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ + +#include "portable.h" + +#include +#include +#include +#include + +#include "ldap-int.h" + +int +ldap_create_assertion_control_value( + LDAP *ld, + char *assertion, + struct berval *value ) +{ + BerElement *ber = NULL; + int err; + + if ( assertion == NULL || assertion[ 0 ] == '\0' ) { + ld->ld_errno = LDAP_PARAM_ERROR; + return ld->ld_errno; + } + + if ( value == NULL ) { + ld->ld_errno = LDAP_PARAM_ERROR; + return ld->ld_errno; + } + + BER_BVZERO( value ); + + ber = ldap_alloc_ber_with_options( ld ); + if ( ber == NULL ) { + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } + + err = ldap_pvt_put_filter( ber, assertion ); + if ( err < 0 ) { + ld->ld_errno = LDAP_ENCODING_ERROR; + goto done; + } + + err = ber_flatten2( ber, value, 1 ); + if ( err < 0 ) { + ld->ld_errno = LDAP_NO_MEMORY; + goto done; + } + +done:; + if ( ber != NULL ) { + ber_free( ber, 1 ); + } + + return ld->ld_errno; +} + +int +ldap_create_assertion_control( + LDAP *ld, + char *assertion, + int iscritical, + LDAPControl **ctrlp ) +{ + struct berval value; + + if ( ctrlp == NULL ) { + ld->ld_errno = LDAP_PARAM_ERROR; + return ld->ld_errno; + } + + ld->ld_errno = ldap_create_assertion_control_value( ld, + assertion, &value ); + if ( ld->ld_errno == LDAP_SUCCESS ) { + ld->ld_errno = ldap_control_create( LDAP_CONTROL_ASSERT, + iscritical, &value, 0, ctrlp ); + if ( ld->ld_errno != LDAP_SUCCESS ) { + LDAP_FREE( value.bv_val ); + } + } + + return ld->ld_errno; +} + diff --git a/libraries/libldap_r/Makefile.in b/libraries/libldap_r/Makefile.in index 9d6f91c12c..03b99d4197 100644 --- a/libraries/libldap_r/Makefile.in +++ b/libraries/libldap_r/Makefile.in @@ -28,7 +28,8 @@ XXSRCS = apitest.c test.c \ request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ init.c options.c print.c string.c util-int.c schema.c \ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ - turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c + turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ + assertion.c SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \ thr_pth.c thr_stub.c thr_debug.c @@ -44,7 +45,8 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpool.lo rq.lo \ request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ init.lo options.lo print.lo string.lo util-int.lo schema.lo \ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ - turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo + turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ + assertion.lo LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries