summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap.c18
-rw-r--r--src/providers/ldap/sdap.h3
-rw-r--r--src/providers/ldap/sdap_async.c16
-rw-r--r--src/providers/ldap/sdap_async_connection.c16
4 files changed, 39 insertions, 14 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index cfcaff095..4d911c458 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -432,3 +432,21 @@ int build_attrs_from_map(TALLOC_CTX *memctx,
return EOK;
}
+int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
+ struct berval *value, int dupval, LDAPControl **ctrlp)
+{
+ int ret;
+
+ if (sdap_is_control_supported(sh, oid)) {
+ ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp);
+ if (ret != LDAP_SUCCESS) {
+ DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n",
+ ret, ldap_err2string(ret)));
+ }
+ } else {
+ DEBUG(3, ("Server does not support the requested control [%s].\n", oid));
+ ret = LDAP_NOT_SUPPORTED;
+ }
+
+ return ret;
+}
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index c533f3b9c..4426dac93 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -297,4 +297,7 @@ bool sdap_check_sup_list(struct sup_list *l, const char *val);
int build_attrs_from_map(TALLOC_CTX *memctx,
struct sdap_attr_map *map,
size_t size, const char ***_attrs);
+
+int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
+ struct berval *value, int dupval, LDAPControl **ctrlp);
#endif /* _SDAP_H_ */
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index cd61a2214..7fc04a646 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -451,7 +451,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
BerElement *ber = NULL;
struct berval *bv = NULL;
int msgid;
- LDAPControl *request_controls[2];
+ LDAPControl **request_controls = NULL;
+ LDAPControl *ctrls[2] = { NULL, NULL };
req = tevent_req_create(memctx, &state,
struct sdap_exop_modify_passwd_state);
@@ -486,20 +487,21 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
return NULL;
}
- ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- 0, NULL, 0, &request_controls[0]);
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("sss_ldap_control_create failed.\n"));
+ ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ 0, NULL, 0, &ctrls[0]);
+ if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
+ DEBUG(1, ("sdap_control_create failed to create "
+ "Password Policy control.\n"));
goto fail;
}
- request_controls[1] = NULL;
+ request_controls = ctrls;
DEBUG(4, ("Executing extended operation\n"));
ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD,
bv, request_controls, NULL, &msgid);
ber_bvfree(bv);
- ldap_control_free(request_controls[0]);
+ if (ctrls[0]) ldap_control_free(ctrls[0]);
if (ret == -1 || msgid == -1) {
DEBUG(1, ("ldap_extended_operation failed\n"));
goto fail;
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 1375e4bdd..c7acc2d97 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -305,7 +305,8 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
int ret = EOK;
int msgid;
int ldap_err;
- LDAPControl *request_controls[2];
+ LDAPControl **request_controls = NULL;
+ LDAPControl *ctrls[2] = { NULL, NULL };
req = tevent_req_create(memctx, &state, struct simple_bind_state);
if (!req) return NULL;
@@ -321,19 +322,20 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
state->user_dn = user_dn;
state->pw = pw;
- ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- 0, NULL, 0, &request_controls[0]);
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("sss_ldap_control_create failed.\n"));
+ ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ 0, NULL, 0, &ctrls[0]);
+ if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
+ DEBUG(1, ("sdap_control_create failed to create "
+ "Password Policy control.\n"));
goto fail;
}
- request_controls[1] = NULL;
+ request_controls = ctrls;
DEBUG(4, ("Executing simple bind as: %s\n", state->user_dn));
ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE,
state->pw, request_controls, NULL, &msgid);
- ldap_control_free(request_controls[0]);
+ if (ctrls[0]) ldap_control_free(ctrls[0]);
if (ret == -1 || msgid == -1) {
ret = ldap_get_option(state->sh->ldap,
LDAP_OPT_RESULT_CODE, &ldap_err);