Commit 506c4765 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5560

parent 2184a345
OpenLDAP 2.4 Change Log
OpenLDAP 2.4.11 Engineering
Added libldap assertion control (ITS#5560)
Fixed slapd sets memory leak (ITS#5557)
Fixed slapd-sock, back-shell buffer count (ITS#5558)
Added slapo-nssov contrib module
......
......@@ -18,6 +18,6 @@ ol_minor=4
ol_patch=X
ol_api_inc=20410
ol_api_current=2
ol_api_revision=6
ol_api_revision=7
ol_api_age=0
ol_release_date="2008/06/10"
......@@ -93,6 +93,7 @@ char *sasl_secprops = NULL;
/* controls */
int assertctl;
char *assertion = NULL;
struct berval assertionvalue = BER_BVNULL;
char *authzid = NULL;
/* support deprecated early version of proxyAuthz */
#define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ "2.16.840.1.113730.3.4.12"
......@@ -1485,29 +1486,18 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
}
if ( assertctl ) {
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
if( assertion == NULL || *assertion == '\0' ) {
fprintf( stderr, "Assertion=<empty>\n" );
exit( EXIT_FAILURE );
}
ber_init2( ber, NULL, LBER_USE_DER );
err = ldap_pvt_put_filter( ber, assertion );
if( err < 0 ) {
fprintf( stderr, "assertion encode failed (%d)\n", err );
exit( EXIT_FAILURE );
}
err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
if( err < 0 ) {
fprintf( stderr, "assertion flatten failed (%d)\n", err );
exit( EXIT_FAILURE );
if ( BER_BVISNULL( &assertionvalue ) ) {
err = ldap_create_assertion_control_value( ld,
assertion, &assertionvalue );
if ( err ) {
fprintf( stderr,
"Unable to create assertion value "
"\"%s\" (%d)\n", assertion, err );
}
}
c[i].ldctl_oid = LDAP_CONTROL_ASSERT;
c[i].ldctl_value = assertionvalue;
c[i].ldctl_iscritical = assertctl > 1;
ctrls[i] = &c[i];
i++;
......
......@@ -2343,5 +2343,21 @@ ldap_parse_session_tracking_control LDAP_P((
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
/*
* in assertion.c
*/
LDAP_F (int)
ldap_create_assertion_control_value LDAP_P((
LDAP *ld,
char *assertion,
struct berval *value ));
LDAP_F( int )
ldap_create_assertion_control LDAP_P((
LDAP *ld,
char *filter,
int iscritical,
LDAPControl **ctrlp ));
LDAP_END_DECL
#endif /* _LDAP_H */
......@@ -26,7 +26,8 @@ SRCS = bind.c open.c result.c error.c compare.c search.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c
turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
assertion.c
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
......@@ -37,7 +38,8 @@ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo
turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
assertion.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
......
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/time.h>
#include "ldap-int.h"
int
ldap_create_assertion_control_value(
LDAP *ld,
char *assertion,
struct berval *value )
{
BerElement *ber = NULL;
int err;
if ( assertion == NULL || assertion[ 0 ] == '\0' ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}
if ( value == NULL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}
BER_BVZERO( value );
ber = ldap_alloc_ber_with_options( ld );
if ( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
err = ldap_pvt_put_filter( ber, assertion );
if ( err < 0 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
err = ber_flatten2( ber, value, 1 );
if ( err < 0 ) {
ld->ld_errno = LDAP_NO_MEMORY;
goto done;
}
done:;
if ( ber != NULL ) {
ber_free( ber, 1 );
}
return ld->ld_errno;
}
int
ldap_create_assertion_control(
LDAP *ld,
char *assertion,
int iscritical,
LDAPControl **ctrlp )
{
struct berval value;
if ( ctrlp == NULL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}
ld->ld_errno = ldap_create_assertion_control_value( ld,
assertion, &value );
if ( ld->ld_errno == LDAP_SUCCESS ) {
ld->ld_errno = ldap_control_create( LDAP_CONTROL_ASSERT,
iscritical, &value, 0, ctrlp );
if ( ld->ld_errno != LDAP_SUCCESS ) {
LDAP_FREE( value.bv_val );
}
}
return ld->ld_errno;
}
......@@ -28,7 +28,8 @@ XXSRCS = apitest.c test.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c
turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
assertion.c
SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \
thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
thr_pth.c thr_stub.c thr_debug.c
......@@ -44,7 +45,8 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpool.lo rq.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo
turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
assertion.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment