1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Sun LDAP C SDK.
*
* The Initial Developer of the Original Code is Sun Microsystems, Inc.
*
* Portions created by Sun Microsystems, Inc are Copyright (C) 2005
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "ldap-int.h"
/* ldap_create_geteffectiveRights_control
Create Effective Rights control.
Parameters are
ld LDAP pointer to the desired connection
authzid RFC2829 section 9, eg "dn:<DN>".
NULL or empty string means get bound user's rights,
just "dn:" means get anonymous user's rights.
attrlist additional attributes for which rights info is
requested. NULL means "just the ones returned
with the search operation".
ctl_iscritical Indicates whether the control is critical of not. If
this field is non-zero, the operation will only be car-
ried out if the control is recognized by the server
and/or client
ctrlp the address of a place to put the constructed control
*/
int LDAP_CALL ldap_create_geteffectiveRights_control(LDAP* ld,
const char* authzid,
const char** attrlist,
const char ctl_iscritical,
LDAPControl** ctrlp) {
BerElement* ber;
int rc;
if (!NSLDAPI_VALID_LDAP_POINTER(ld)) {
return (LDAP_PARAM_ERROR);
}
if (ctrlp == NULL) {
LDAP_SET_LDERRNO(ld, LDAP_PARAM_ERROR, NULL, NULL);
return (LDAP_PARAM_ERROR);
}
if (NULL == authzid) {
authzid = "";
}
/* create a ber package to hold the controlValue */
if ((nsldapi_alloc_ber_with_options(ld, &ber)) != LDAP_SUCCESS) {
LDAP_SET_LDERRNO(ld, LDAP_NO_MEMORY, NULL, NULL);
return (LDAP_NO_MEMORY);
}
if (LBER_ERROR == ber_printf(ber, "{s{v}}", authzid, attrlist)) {
LDAP_SET_LDERRNO(ld, LDAP_ENCODING_ERROR, NULL, NULL);
ber_free(ber, 1);
return (LDAP_ENCODING_ERROR);
}
rc = nsldapi_build_control(LDAP_CONTROL_GETEFFECTIVERIGHTS_REQUEST, ber, 1,
ctl_iscritical, ctrlp);
LDAP_SET_LDERRNO(ld, rc, NULL, NULL);
return (rc);
}
|
