Hi Graham
On Wednesday 06 April 2005 02:55, Graham Barr wrote:
> On Apr 5, 2005, at 11:18 AM, Peter Marschall wrote:
> > Just for reference: it's in SVN since August 2004 ;-)
> >
> > Since there were some posts about documentation on the ML recently
> > maybe Graham should cut a new release of
> > * perl-ldap
> > * Authen-SASL
> >
> > Although the changes since the previous releases are not very lanrge
> > they might fix a few border cases and improve documentation.
>
> Sure, no problem. I am slowly getting back into things after my move.
>
> There was some discussion recently about one of the controls, I forget
> which,
> which made to be made more intelligent. If we can get a patch for that
> and
> any doc updates then I will do a release.
O.K, you want me to work on that, so be it ;-)
Here's a first patch to the OID problem in Net::LDAP::Control::ProxyAuth.
I haven't committed it yet, it's only in my working copy of SVN, since I
haven't done many checks on it yet.
Would you give it a brief check, so see if it matches the ideas you had ?
David, would you be so kind to also give it a try ?
With positive feedback I'll commit the changes so that we do not have
anything blocking 0.33 ;-))
CU
Peter
--
Peter Marschall
eMail: [EMAIL PROTECTED]
Index: lib/Net/LDAP/Control/ProxyAuth.pm
===================================================================
--- lib/Net/LDAP/Control/ProxyAuth.pm (revision 451)
+++ lib/Net/LDAP/Control/ProxyAuth.pm (working copy)
@@ -8,37 +8,70 @@
use Net::LDAP::Control;
@ISA = qw(Net::LDAP::Control);
-$VERSION = "1.04";
+$VERSION = "1.04_01";
+use Net::LDAP::Constant qw(LDAP_CONTROL_PROXYAUTHENTICATION);
use Net::LDAP::ASN qw(proxyAuthValue);
use strict;
+sub LDAP_CONTROL_PROXYAUTHENTICATION_OLD { "2.16.840.1.113730.3.4.12"; }
+
sub init {
my($self) = @_;
delete $self->{asn};
+ $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD
+ if (defined($self->{proxyDN}));
+
unless (exists $self->{value}) {
$self->{asn} = {
- proxyDN => $self->{proxyDN} || '',
- };
+ authzID => (defined($self->{proxyDN})
+ ? ($self->{proxyDN} || '')
+ : ($self->{authzID} || ''))
+ };
}
- $self->{critical}=1;
+ # criticality must be set !
+ $self->{critical} = 1;
$self;
}
sub proxyDN {
my $self = shift;
+
$self->{asn} ||= $proxyAuthValue->decode($self->{value});
if (@_) {
delete $self->{value};
- return $self->{asn}{proxyDN} = shift || 0;
+ $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD;
+ return $self->{asn}{authzID} = shift || '';
}
- $self->{asn}{proxyDN};
+ elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION) {
+ $self->{error} = 'Illegal query method: use authzID()';
+ return undef;
+ }
+
+ $self->{asn}{authzID};
}
+sub authzID {
+ my $self = shift;
+
+ $self->{asn} ||= $proxyAuthValue->decode($self->{value});
+ if (@_) {
+ delete $self->{value};
+ $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION;
+ return $self->{asn}{authzID} = shift || '';
+ }
+ elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION_OLD) {
+ $self->{error} = 'Illegal query method: use proxyDN()';
+ return undef;
+ }
+
+ $self->{asn}{authzID};
+}
+
sub value {
my $self = shift;
@@ -62,7 +95,7 @@
$ldap = Net::LDAP->new( "ldap.mydomain.eg" );
- $auth = Net::LDAP::Control::ProxyAuth->new( proxyDN => 'cn=me,ou=people,o=myorg.com' );
+ $auth = Net::LDAP::Control::ProxyAuth->new( authzID => 'dn:cn=me,ou=people,o=myorg.com' );
@args = ( base => "cn=subnets,cn=sites,cn=configuration,$BASE_DN",
scope => "subtree",
@@ -84,7 +117,7 @@
=head1 DESCRIPTION
C<Net::LDAP::Control::ProxyAuth> provides an interface for the creation and manipulation
-of objects that represent the C<proxyauthorisationControl> as described by draft-weltman-ldapv3-proxy-05.txt.
+of objects that represent the C<proxyauthorisationControl> as described by draft-weltman-ldapv3-proxy-XX.txt.
=head1 CONSTRUCTOR ARGUMENTS
@@ -93,12 +126,27 @@
=over 4
+=item authzID
+
+The authzID that is required. This is the identity we are requesting operations to use
+
=item proxyDN
-The proxyDN that is required. This is the identity we are requesting operations to use
+In older versions of draft-weltman-ldapv3-proxy-XX.txt the value in the control and thus the
+constructor argument was a DN and was called C<proxyDN>. It served the same purpose as C<authzID>
+in recent versions of C<proxyauthorisationControl>.
=back
+B<Please note:>
+Unfortunately the OID for the C<proxyauthorisationControl> changed in recent versions
+of draft-weltman-ldapv3-proxy-XX.txt.
+Net::LDAP::Control::ProxyAuth tries to cope with that situation and changes the OID
+used depending on the constructor argument. With C<proxyDN> as constructor argument
+the old OID is used, while with C<authzID> as constructor argument the new OID
+is used.
+Using this logic servers supporting either OID can be handled correctly.
+
=head1 METHODS
As with L<Net::LDAP::Control> each constructor argument
@@ -114,7 +162,9 @@
=head1 AUTHOR
Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from
-Graham Barr E<lt>[EMAIL PROTECTED]<gt>
+Graham Barr E<lt>[EMAIL PROTECTED]<gt>.
+Peter Marschall E<lt>[EMAIL PROTECTED]<gt> added authzID extensions
+based on ideas from Graham Barr E<lt>[EMAIL PROTECTED]<gt>.
Please report any bugs, or post any suggestions, to the perl-ldap
mailing list E<lt>[EMAIL PROTECTED]<gt>
Index: lib/Net/LDAP/ASN.pm
===================================================================
--- lib/Net/LDAP/ASN.pm (revision 451)
+++ lib/Net/LDAP/ASN.pm (working copy)
@@ -1,7 +1,7 @@
package Net::LDAP::ASN;
-$VERSION = "0.03";
+$VERSION = "0.03_01";
use Convert::ASN1;
@@ -359,7 +359,7 @@
cookie OCTET STRING }
proxyAuthValue ::= SEQUENCE {
- proxyDN LDAPDN
+ authzID LDAPString
}
ManageDsaIT ::= SEQUENCE {
Index: lib/Net/LDAP/Constant.pm
===================================================================
--- lib/Net/LDAP/Constant.pm (revision 451)
+++ lib/Net/LDAP/Constant.pm (working copy)
@@ -4,7 +4,7 @@
package Net::LDAP::Constant;
-$VERSION = "0.03";
+$VERSION = "0.03_01";
use Carp;
@@ -449,7 +449,7 @@
=item LDAP_CONTROL_VLVRESPONSE (2.16.840.1.113730.3.4.10)
-=item LDAP_CONTROL_PROXYAUTHENTICATION (2.16.840.1.113730.3.4.12)
+=item LDAP_CONTROL_PROXYAUTHENTICATION (2.16.840.1.113730.3.4.18)
=item LDAP_CONTROL_PAGED (1.2.840.113556.1.4.319)
