Remove authzid parameter from verify credential response.

If client wants authzid, it can ask by adding an Authorization Identity Request inner control.
2025-12-26 09:39:45 -05:00 · 2011-01-03 22:05:23 +00:00 · 2011-01-03 22:05:23 +00:00 · 37dcb1d791
commit 37dcb1d791
parent 9757235557
3 changed files with 5 additions and 25 deletions
--- a/clients/tools/ldapvc.c
+++ b/clients/tools/ldapvc.c
@ -125,7 +125,6 @@ main( int argc, char *argv[] )
 	char * diag = NULL;
 	struct berval	*scookie = NULL;
 	struct berval	*scred = NULL;
-	struct berval	*authzid = NULL;
 	int		id, code = 0;
 	LDAPMessage	*res;
 	LDAPControl	**ctrls = NULL;
@ -222,7 +221,7 @@ main( int argc, char *argv[] )
 		goto skip;
 	}

-	rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, &authzid, NULL );
+	rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, NULL );
 	ldap_msgfree(res);

 	if( rc != LDAP_SUCCESS ) {
@ -233,14 +232,6 @@ main( int argc, char *argv[] )

 	if (!rcode) {
 		printf(_("Failed: %s (%d)\n"), ldap_err2string(rcode), rcode);
-    } else {
-	    if( authzid != NULL ) {
-	    	if( authzid->bv_len == 0 ) {
-	    		printf(_("anonymous\n") );
-	    	} else {
-	    		printf("%s\n", authzid->bv_val );
-	    	}
-	    }
 	}

 	if (diag && *diag) {
@ -281,7 +272,7 @@ skip:
 	ber_memvfree( (void **) refs );
 	ber_bvfree( scookie );
 	ber_bvfree( scred );
-	ber_bvfree( authzid );
+	ber_memfree( diag );

 	/* disconnect from server */
 	tool_unbind( ld );
--- a/include/ldap.h
+++ b/include/ldap.h
@ -390,7 +390,6 @@ typedef struct ldapcontrol {

 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE	 ((ber_tag_t) 0x80U)
 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS	 ((ber_tag_t) 0x81U)
-#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID ((ber_tag_t) 0x82U)
 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ((ber_tag_t) 0xa3U) /* context specific + constructed + 3 */

 #define LDAP_EXOP_WHO_AM_I		"1.3.6.1.4.1.4203.1.11.3"		/* RFC 4532 */
@ -2253,7 +2252,6 @@ ldap_verify_credentials_s LDAP_P((
 	char			**diagmsgp,
 	struct berval	**scookie,
 	struct berval	**servercredp,
-	struct berval	**authzid,
 	LDAPControl	***vcoctrls));
 	

@ -2265,7 +2263,6 @@ ldap_parse_verify_credentials LDAP_P((
 	char			**diagmsgp,
 	struct berval	**cookie,
 	struct berval	**servercredp,
-	struct berval	**authzid,
 	LDAPControl	***vcctrls));

 /*
--- a/libraries/libldap/vc.c
+++ b/libraries/libldap/vc.c
@ -48,7 +48,6 @@
 *		diagnosticMessage LDAPString,
 *		cookie [0] OCTET STRING OPTIONAL,
 *		serverSaslCreds [1] OCTET STRING OPTIONAL
- *		authzid [2] OCTET STRING OPTIONAL
 *	    controls [3] Controls OPTIONAL
 * }
 *
@ -63,7 +62,6 @@ int ldap_parse_verify_credentials(
 	char ** diagmsg,
    struct berval **cookie,
 	struct berval **screds,
-	struct berval **authzid,
 	LDAPControl ***ctrls)
 {
 	int rc;
@ -73,9 +71,8 @@ int ldap_parse_verify_credentials(
 	assert(ld != NULL);
 	assert(LDAP_VALID(ld));
 	assert(res != NULL);
-	assert(authzid != NULL);
-
-	*authzid = NULL;
+	assert(code != NULL);
+	assert(diagmsg != NULL);

 	rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);

@ -108,10 +105,6 @@ int ldap_parse_verify_credentials(
 		    tag = ber_peek_tag(ber, &len);
 		}

-		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID) {
-			ber_scanf(ber, "O", authzid);
-		}
-
 		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) {
 		    int nctrls = 0;
 			char * opaque;
@ -284,7 +277,6 @@ ldap_verify_credentials_s(
 	char 			**diagmsg,
 	struct berval	**scookie,
 	struct berval	**scred,
-	struct berval	**authzid,
    LDAPControl		***vcoctrls)
 {
 	int				rc;
@ -298,7 +290,7 @@ ldap_verify_credentials_s(
 		return ld->ld_errno;
 	}

-	rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, authzid, vcoctrls);
+	rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, vcoctrls);
 	if (rc != LDAP_SUCCESS) {
 		ldap_msgfree(res);
 		return rc;