From: Ondřej Kuzník Date: Tue, 23 Jun 2020 10:49:00 +0000 (+0100) Subject: ITS#9279 Expose Netscape password policy controls in libldap X-Git-Tag: OPENLDAP_REL_ENG_2_4_51~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0687e289e40c8ba877fa191169f2ebdbd6cbada9;p=thirdparty%2Fopenldap.git ITS#9279 Expose Netscape password policy controls in libldap --- diff --git a/include/ldap.h b/include/ldap.h index b3f2af56dd..665394817a 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -365,6 +365,10 @@ typedef struct ldapcontrol { #define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9" #define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10" +/* Netscape Password policy response controls */ +#define LDAP_CONTROL_X_PASSWORD_EXPIRED "2.16.840.1.113730.3.4.4" +#define LDAP_CONTROL_X_PASSWORD_EXPIRING "2.16.840.1.113730.3.4.5" + /* LDAP Unsolicited Notifications */ #define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 4511 */ #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION @@ -2314,6 +2318,12 @@ LDAP_F( const char * ) ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError )); #endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */ +LDAP_F( int ) +ldap_parse_password_expiring_control LDAP_P(( + LDAP *ld, + LDAPControl *ctrl, + long *secondsp )); + /* * LDAP Dynamic Directory Services Refresh -- RFC 2589 * in dds.c diff --git a/libraries/libldap/ppolicy.c b/libraries/libldap/ppolicy.c index 3ab0066e92..78df1d1da1 100644 --- a/libraries/libldap/ppolicy.c +++ b/libraries/libldap/ppolicy.c @@ -212,3 +212,55 @@ ldap_passwordpolicy_err2txt( LDAPPasswordPolicyError err ) } #endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */ + +#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRING + +int +ldap_parse_password_expiring_control( + LDAP *ld, + LDAPControl *ctrl, + long *secondsp ) +{ + BerElement *ber; + struct berval time_string; + long seconds = 0; + char *next; + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( ctrl != NULL ); + + if ( !ctrl->ldctl_value.bv_val ) { + ld->ld_errno = LDAP_DECODING_ERROR; + return(ld->ld_errno); + } + + /* Create a BerElement from the berval returned in the control. */ + ber = ber_init(&ctrl->ldctl_value); + + if (ber == NULL) { + ld->ld_errno = LDAP_NO_MEMORY; + return(ld->ld_errno); + } + + if ( ber_get_stringbv( ber, &time_string, 0 ) == LBER_ERROR ) goto exit; + + seconds = strtol( time_string.bv_val, &next, 10 ); + if ( next == time_string.bv_val || next[0] != '\0' ) goto exit; + + if ( secondsp != NULL ) { + *secondsp = seconds; + } + + ber_free(ber, 1); + + ld->ld_errno = LDAP_SUCCESS; + return(ld->ld_errno); + + exit: + ber_free(ber, 1); + ld->ld_errno = LDAP_DECODING_ERROR; + return(ld->ld_errno); +} + +#endif /* LDAP_CONTROL_X_PASSWORD_EXPIRING */