|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
ldap_parse_passwordpolicy_control.c - replacement function
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 2013 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "config.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include <stdlib.h>
|
|
Packit |
6bd9ab |
#include <lber.h>
|
|
Packit |
6bd9ab |
#include <ldap.h>
|
|
Packit |
6bd9ab |
#include <string.h>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "compat/ldap_compat.h"
|
|
Packit |
6bd9ab |
#include "compat/attrs.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef PPOLICY_WARNING
|
|
Packit |
6bd9ab |
#define PPOLICY_WARNING 160
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
#ifndef PPOLICY_ERROR
|
|
Packit |
6bd9ab |
#define PPOLICY_ERROR 129
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
#ifndef PPOLICY_EXPIRE
|
|
Packit |
6bd9ab |
#define PPOLICY_EXPIRE 128
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
#ifndef PPOLICY_GRACE
|
|
Packit |
6bd9ab |
#define PPOLICY_GRACE 129
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* based on Openldap and pam_ldap implementations */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
int ldap_parse_passwordpolicy_control(LDAP UNUSED(*ld), LDAPControl *ctrl,
|
|
Packit |
6bd9ab |
ber_int_t *expirep, ber_int_t *gracep,
|
|
Packit |
6bd9ab |
LDAPPasswordPolicyError UNUSED(*errorp))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
BerElement *ber;
|
|
Packit |
6bd9ab |
ber_tag_t tag;
|
|
Packit |
6bd9ab |
ber_len_t berLen;
|
|
Packit |
6bd9ab |
char *last;
|
|
Packit |
6bd9ab |
#ifdef HAVE_BER_GET_ENUM
|
|
Packit |
6bd9ab |
int err = PP_noError;
|
|
Packit |
6bd9ab |
#endif /* HAVE_BER_GET_ENUM */
|
|
Packit |
6bd9ab |
/* get a BerElement from the control */
|
|
Packit |
6bd9ab |
ber = ber_init(&ctrl->ldctl_value);
|
|
Packit |
6bd9ab |
if (ber == NULL)
|
|
Packit |
6bd9ab |
return LDAP_LOCAL_ERROR;
|
|
Packit |
6bd9ab |
/* go over tags */
|
|
Packit |
6bd9ab |
for(tag = ber_first_element(ber, &berLen, &last); tag != LBER_DEFAULT; tag = ber_next_element(ber, &berLen, last))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (tag)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case PPOLICY_WARNING:
|
|
Packit |
6bd9ab |
ber_skip_tag(ber, &berLen);
|
|
Packit |
6bd9ab |
tag = ber_peek_tag(ber, &berLen);
|
|
Packit |
6bd9ab |
switch (tag)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case PPOLICY_EXPIRE:
|
|
Packit |
6bd9ab |
if (ber_get_int(ber, expirep) == LBER_DEFAULT)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_DECODING_ERROR;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
case PPOLICY_GRACE:
|
|
Packit |
6bd9ab |
if (ber_get_int(ber, gracep) == LBER_DEFAULT)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_DECODING_ERROR;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
default:
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_DECODING_ERROR;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
#ifdef HAVE_BER_GET_ENUM
|
|
Packit |
6bd9ab |
case PPOLICY_ERROR:
|
|
Packit |
6bd9ab |
if (ber_get_enum(ber, &err) == LBER_DEFAULT)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_DECODING_ERROR;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
#endif /* HAVE_BER_GET_ENUM */
|
|
Packit |
6bd9ab |
default:
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_DECODING_ERROR;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
return LDAP_SUCCESS;
|
|
Packit |
6bd9ab |
}
|