pike.git / lib / modules / Protocols.pmod / LDAP.pmod / client.pike

version» Context lines:

pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:1:   #pike __REAL_VERSION__      // LDAP client protocol implementation for Pike.   // - // $Id: client.pike,v 1.26 2001/09/17 02:45:42 hop Exp $ + // $Id: client.pike,v 1.27 2001/11/05 11:53:20 hop Exp $   //   // Honza Petrous, hop@unibase.cz   //   // ----------------------------------------------------------------------   //   // History:   //   // v0.0 1998-05-25 Starting up!   // v1.0 1998-06-21 Core functions (open, bind, unbind, delete, add,   // compare, search), only V2 operations,
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:86:   #define ASN1_DECODE_RESULTAPP(X) (.ldap_privates.ldap_der_decode(X)->elements[1]->get_tag())   #define ASN1_DECODE_RESULTCODE(X) (int)(.ldap_privates.ldap_der_decode(X)->elements[1]->elements[0]->value->cast_to_int())   #define ASN1_DECODE_RESULTSTRING(X) (.ldap_privates.ldap_der_decode(X)->elements[1]->elements[2]->value)   #define ASN1_DECODE_RESULTREFS(X) (.ldap_privates.ldap_der_decode(X)->elements[1]->elements[3]->elements)   #define ASN1_DECODE_ENTRIES(X) _New_decode(X)   #define ASN1_DECODE_DN(X) (string)((X)->elements[0]->value)   #define ASN1_DECODE_RAWDEBUG(X) (.ldap_privates.ldap_der_decode(X)->debug_string())   #define ASN1_GET_ATTR_ARRAY(X) (array)((X)->elements[1]->elements)   #define ASN1_GET_ATTR_NAME(X) ((X)->elements[0]->value)    -  //! module Protocols -  //! submodule LDAP -  //! -  //! class client -  //! +     //! Contains the client implementation of the LDAP protocol.    //! All of the version 2 protocol features are implemented    //! but only the base parts of the version 3.       inherit .protocol;       private int binded = 0; // flag for v2 operations    private string ldap_basedn = ""; // baseDN    private int ldap_scope = 0; // 0: base, 1: onelevel, 2: subtree    private int ldap_deref = 0; // 0: ...
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:239:    int num_entries() { return(entrycnt); }       //!    //! Returns the number of entries from current cursor    //! possition till end of the list.    //!    //! @seealso    //! @[LDAP.client.result.first], @[LDAP.client.result.next]    int count_entries() { return(entrycnt - actnum); }    -  //! @decl mapping(string:array(string)) fetch() -  //! @decl mapping(string:array(string)) fetch(int) -  //! +     //! Returns a mapping with an entry for each attribute.    //! Each entry is an array of values of the attribute.    //! -  //! @param idx +  //! @param index    //! Optional argument can be used for direct access    //! to the entry other then currently pointed by cursor.    int|mapping(string:array(string)) fetch(int|void idx) {       if (!idx)    idx = actnum + 1;    if ((idx <= num_entries()) && (idx > 0)) {    actnum = idx - 1;    return(entry[actnum]);    }
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:329:    THROW(({"LDAP: Invalid DN syntax.\n",backtrace()}));    return(-ldap_errno);    }    return(0);    }       //! Several information about code itself and about active connection too    mapping info;       //! @decl void create() -  //! @decl void create(string) -  //! @decl void create(string, object) +  //! @decl void create(string url) +  //! @decl void create(string url, object context)    //!    //! Create object. The first optional argument can be used later    //! for subsequence operations. The second one can specify -  //! TLS context of connection. +  //! TLS context of connection. The default context only allows +  //! 128-bit encryption methods, so you may need to provide your +  //! own context if your LDAP server supports only export encryption.    //!    //! @param url    //! LDAP server URL in form    //! @tt{"ldap://hostname/basedn?attrlist?scope?ext"@}    //!    //! @param context    //! TLS context of connection    //!    //! @seealso    //! @[LDAP.client.bind], @[LDAP.client.search]    void create(string|void url, object|void context)    {    -  info = ([ "code_revision" : ("$Revision: 1.26 $"/" ")[1] ]); +  info = ([ "code_revision" : ("$Revision: 1.27 $"/" ")[1] ]);       if(!url || !sizeof(url))    url = LDAP_DEFAULT_URL;       lauth = parse_url(url);       if(!stringp(lauth->scheme) ||    ((lauth->scheme != "ldap") && (lauth->scheme != "ldaps"))) {    THROW(({"Unknown scheme in server URL.\n",backtrace()}));    }
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:425:    namedn = Standards.ASN1.Types.asn1_octet_string(name);    auth = ASN1_CONTEXT_OCTET_STRING(0, password);    // SASL credentials ommited       msgval = ASN1_APPLICATION_SEQUENCE(0, ({vers, namedn, auth}));       return (do_op(msgval));    }       //! @decl int bind() -  //! @decl int bind(string, string) -  //! @decl int bind(string, string, version) +  //! @decl int bind(string dn, string password) +  //! @decl int bind(string dn, string password, int version)    //!    //! Authenticates connection to the direcory.    //!    //! First form uses default value previously entered in create.    //!    //! Second form uses value from parameters:    //!    //! @param dn    //! The distinguished name (DN) of an entry aginst which will    //! be made authentication.
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:632:       msgval = ASN1_APPLICATION_SEQUENCE(8,    ({Standards.ASN1.Types.asn1_octet_string(dn),    Standards.ASN1.Types.asn1_sequence(oatt)    }));       return (do_op(msgval));    }       -  // API function (ldap_add) -  // -  // add(string dn, mapping(string:array(string)) attrs) -  // -  // dn: DN of compared object -  // ttrs: attribute(s) and value +  //! The Add Operation allows a client to request the addition +  //! of an entry into the directory +  //! +  //! @param dn +  //! The Distinguished Name of the entry to be added. +  //! +  //! @param attrs +  //! The mapping of attributes and their values that make up the content +  //! of the entry being added. +  //!    int add (string dn, mapping(string:array(string)) attrs) {       int id;    mixed raw;    object rv;       if (chk_ver())    return(-ldap_errno);    if (chk_binded())    return(-ldap_errno);
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:959:    string old_dn = ldap_basedn;       if(ldap_version == 3) {    base_dn = string_to_utf8(base_dn);    }    ldap_basedn = base_dn;    DWRITE_HI("client.SET_BASEDN = " + base_dn + "\n");    return(old_dn);    }    -  // API function (ldap_setscope) -  // -  // set_scope(string base_dn) -  // -  // scope: scope; 0: base, 1: onelevel, 2: subtree -  int set_scope (int scope) { +  //! +  //! Sets value of scope for search operation. +  //! +  //! @param scope +  //! Value can be integer or its corresponding string value. +  //! 0: base, 1: one, 2: sub +  //! +  int set_scope (int|string scope) {       int old_scope = ldap_scope;    -  +  // support for string based values +  if(stringp(scope)) +  switch (lower_case(scope)) { +  case "sub": scope = 2; break; +  case "one": scope = 1; break; +  case "base": scope = 0; break; +  default: return (-1); +  } +  else +  if(scope != 0 && scope != 1 && scope != 2) +  return (-1); +     ldap_scope = scope;    DWRITE_HI("client.SET_SCOPE = " + (string)scope + "\n");    return(old_scope);    }       // API function (ldap_setoption)    //    // set_option(int option_type, mixed value)    //    // option_type: LDAP_OPT_xxx
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:1031:    case 2: // LDAP_OPT_SIZELIMIT    return(ldap_sizelimit);    case 3: // LDAP_OPT_TIMELIMIT    return(ldap_timelimit);    case 4: // LDAP_OPT_REFERRALS    }       return(-1);    }    -  +     private int|string send_modify_op(string dn,    mapping(string:array(mixed)) attropval) {    // MODIFY       object o, msgval;    string atype;    array(object) oatt = ({}), attrarr;          foreach(indices(attropval), atype) {
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:1070:    } //foreach       msgval = ASN1_APPLICATION_SEQUENCE(6,    ({ Standards.ASN1.Types.asn1_octet_string(dn),    Standards.ASN1.Types.asn1_sequence(oatt)    }));       return (do_op(msgval));    }    +  private int|string send_modifydn_op(string dn, string newrdn, +  int deleteoldrdn, string newsuperior) {    -  // API function (ldap_modify) -  // -  // modify(string dn, mapping(string:array(mix)) attropval) -  // -  // dn: DN of compared object -  // attropval: attribute(s), operation and value(s) +  object msgval; +  array seq=({ Standards.ASN1.Types.asn1_octet_string(dn), +  Standards.ASN1.Types.asn1_octet_string(newrdn), +  Standards.ASN1.Types.asn1_boolean(deleteoldrdn) +  }); +  if(newsuperior) +  seq+=({Standards.ASN1.Types.asn1_octet_string(newsuperior)}); +  +  msgval = ASN1_APPLICATION_SEQUENCE(12, seq); +  +  return (do_op(msgval)); +  } +  +  //! The Modify DN Operation allows a client to change the leftmost +  //! (least significant) component of the name of an entry in the directory, +  //! or to move a subtree of entries to a new location in the directory. +  //! +  //! @param dn +  //! DN of source object +  //! +  //! @param newrdn +  //! RDN of destination +  //! +  //! @param deleteoldrdn +  //! The parameter controls whether the old RDN attribute values +  //! are to be retained as attributes of the entry, or deleted +  //! from the entry. +  //! +  //! @param newsuperior +  //! If present, this is the Distinguished Name of the entry +  //! which becomes the immediate superior of the existing entry. +  //! +  int modifydn (string dn, string newrdn, int deleteoldrdn, +  string|void newsuperior) { +  +  mixed raw; +  object rv; +  +  if (chk_ver()) +  return(-ldap_errno); +  if (chk_binded()) +  return(-ldap_errno); +  if (chk_dn(dn)) +  return(-ldap_errno); +  if(ldap_version == 3) { +  dn = string_to_utf8(dn); +  newrdn = string_to_utf8(newrdn); +  if(newsuperior) newsuperior = string_to_utf8(newsuperior); +  } +  if(intp(raw = send_modifydn_op(dn, newrdn, deleteoldrdn, newsuperior))) { +  THROW(({error_string()+"\n",backtrace()})); +  return(-ldap_errno); +  } +  +  rv = result(({raw})); +  DWRITE_HI(sprintf("client.MODIFYDN: %s\n", rv->error_string())); +  return (seterr (rv->error_number())); +  +  } //modifydn +  +  //! The Modify Operation allows a client to request that a modification +  //! of an entry be performed on its behalf by a server. +  //! +  //! @param dn +  //! The distinguished name of modified entry. +  //! +  //! @param attropval +  //! The mapping of attributes with requested operation and attribute's +  //! values. +  //! +  //! attropval=([ attribute: ({operation, value1, value2, ...}) ]) +  //! +  //! where operation is one of the following: +  //! 0 (LDAP_OPERATION_ADD) - +  //! add values listed to the given attribute, creating the attribute +  //! if necessary +  //! 1 (LDAP_OPERATION_DELETE) - +  //! delete values listed from the given attribute, removing the entire +  //! attribute if no values are listed, or if all current values +  //! of the attribute are listed for deletion +  //! 2 (LDAP_OPERATION_REPLACE) - +  //! replace all existing values of the given attribute with the new +  //! values listed, creating the attribute if it did not already exist. +  //! A replace with no value will delete the entire attribute if it +  //! exists, and is ignored if the attribute does not exist +  //!    int modify (string dn, mapping(string:array(mixed)) attropval) {       int id;    mixed raw;    object rv;       if (chk_ver())    return(-ldap_errno);    if (chk_binded())    return(-ldap_errno);