From 9ed30535e3985c322f773154fcf2267275706c8e Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 31 Jul 2020 01:01:39 +0100
Subject: [PATCH] ITS#9279 Handle Netscape controls in client tools

---
 clients/tools/common.c | 47 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/clients/tools/common.c b/clients/tools/common.c
index 5cefc54e3d..9d75370176 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -147,6 +147,10 @@ static int print_deref( LDAP *ld, LDAPControl *ctrl );
 #ifdef LDAP_CONTROL_X_WHATFAILED
 static int print_whatfailed( LDAP *ld, LDAPControl *ctrl );
 #endif
+#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
+static int print_netscape_pwexpired( LDAP *ld, LDAPControl *ctrl );
+static int print_netscape_pwexpiring( LDAP *ld, LDAPControl *ctrl );
+#endif
 
 static struct tool_ctrls_t {
 	const char	*oid;
@@ -166,6 +170,10 @@ static struct tool_ctrls_t {
 #endif
 #ifdef LDAP_CONTROL_X_WHATFAILED
 	{ LDAP_CONTROL_X_WHATFAILED,			TOOL_ALL,	print_whatfailed },
+#endif
+#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
+	{ LDAP_CONTROL_X_PASSWORD_EXPIRED,		TOOL_ALL,	print_netscape_pwexpired },
+	{ LDAP_CONTROL_X_PASSWORD_EXPIRING,		TOOL_ALL,	print_netscape_pwexpiring },
 #endif
 	{ NULL,						0,		NULL }
 };
@@ -1561,6 +1569,23 @@ tool_bind( LDAP *ld )
 		}
 #endif
 
+#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
+	if ( ctrls ) {
+		LDAPControl *ctrl;
+		ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRED,
+			ctrls, NULL );
+		if ( !ctrl )
+			ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRING,
+				ctrls, NULL );
+		if ( ctrl ) {
+			LDAPControl *ctmp[2];
+			ctmp[0] = ctrl;
+			ctmp[1] = NULL;
+			tool_print_ctrls( ld, ctmp );
+		}
+	}
+#endif
+
 		if ( ctrls ) {
 			ldap_controls_free( ctrls );
 		}
@@ -2257,6 +2282,28 @@ print_ppolicy( LDAP *ld, LDAPControl *ctrl )
 }
 #endif
 
+#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
+static int
+print_netscape_pwexpired( LDAP *ld, LDAPControl *ctrl )
+{
+	printf(_("# PasswordExpired control\n") );
+	return 0;
+}
+
+static int
+print_netscape_pwexpiring( LDAP *ld, LDAPControl *ctrl )
+{
+	long expiring = 0;
+	int rc;
+
+	rc = ldap_parse_password_expiring_control( ld, ctrl, &expiring );
+	if ( rc == LDAP_SUCCESS ) {
+		printf(_("# PasswordExpiring control seconds=%ld\n"), expiring );
+	}
+	return rc;
+}
+#endif
+
 void tool_print_ctrls(
 	LDAP		*ld,
 	LDAPControl	**ctrls )
-- 
2.47.2