[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 # Copyright (c) 2001-2004 Graham Barr <gbarr@pobox.com>. All rights reserved. 2 # This program is free software; you can redistribute it and/or 3 # modify it under the same terms as Perl itself. 4 5 package Net::LDAP::Control::ProxyAuth; 6 7 use vars qw(@ISA $VERSION); 8 use Net::LDAP::Control; 9 10 @ISA = qw(Net::LDAP::Control); 11 $VERSION = "1.05"; 12 13 use Net::LDAP::Constant qw(LDAP_CONTROL_PROXYAUTHENTICATION); 14 use Net::LDAP::ASN qw(proxyAuthValue); 15 use strict; 16 17 sub LDAP_CONTROL_PROXYAUTHENTICATION_OLD { "2.16.840.1.113730.3.4.12"; } 18 19 sub init { 20 my($self) = @_; 21 22 delete $self->{asn}; 23 24 if (defined($self->{proxyDN})) { 25 $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD; 26 27 unless (exists $self->{value}) { 28 $self->{asn} = { proxyDN => $self->{proxyDN} || '' }; 29 } 30 } 31 else { 32 $self->{value} = $self->{authzID} || ''; 33 } 34 35 # criticality must be set ! 36 $self->{critical} = 1; 37 38 $self; 39 } 40 41 42 sub proxyDN { 43 my $self = shift; 44 45 if (@_) { 46 delete $self->{value}; 47 48 $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD; 49 return $self->{asn}{proxyDN} = shift || ''; 50 } 51 elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION) { 52 $self->{error} = 'Illegal query method: use authzID()'; 53 return undef; 54 } 55 else { 56 $self->{asn} ||= $proxyAuthValue->decode($self->{value}); 57 } 58 59 $self->{asn}{proxyDN}; 60 } 61 62 63 sub authzID { 64 my $self = shift; 65 66 if (@_) { 67 delete $self->{value}; 68 69 $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION; 70 return $self->{authzID} = shift || ''; 71 } 72 elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION_OLD) { 73 $self->{error} = 'Illegal query method: use proxyDN()'; 74 return undef; 75 } 76 else { 77 $self->{authzID} ||= $self->{value}; 78 } 79 80 $self->{authzID}; 81 } 82 83 84 sub value { 85 my $self = shift; 86 87 unless (exists $self->{value}) { 88 $self->{value} = ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION_OLD) 89 ? $proxyAuthValue->encode($self->{asn}) 90 : $self->{authzID} || ''; 91 } 92 93 return $self->{value}; 94 } 95 96 1; 97 98 __END__ 99 100 =head1 NAME 101 102 Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authentication control object 103 104 =head1 SYNOPSIS 105 106 use Net::LDAP; 107 use Net::LDAP::Control::ProxyAuth; 108 109 $ldap = Net::LDAP->new( "ldap.mydomain.eg" ); 110 111 $auth = Net::LDAP::Control::ProxyAuth->new( authzID => 'dn:cn=me,ou=people,o=myorg.com' ); 112 113 @args = ( base => "cn=subnets,cn=sites,cn=configuration,$BASE_DN", 114 scope => "subtree", 115 filter => "(objectClass=subnet)", 116 callback => \&process_entry, # Call this sub for each entry 117 control => [ $auth ], 118 ); 119 120 while(1) { 121 # Perform search 122 my $mesg = $ldap->search( @args ); 123 124 # Only continue on LDAP_SUCCESS 125 $mesg->code and last; 126 127 } 128 129 130 =head1 DESCRIPTION 131 132 C<Net::LDAP::Control::ProxyAuth> provides an interface for the creation and manipulation 133 of objects that represent the C<proxyauthorisationControl> as described by draft-weltman-ldapv3-proxy-XX.txt. 134 135 =head1 CONSTRUCTOR ARGUMENTS 136 137 In addition to the constructor arguments described in 138 L<Net::LDAP::Control> the following are provided. 139 140 =over 4 141 142 =item authzID 143 144 The authzID that is required. This is the identity we are requesting operations to use 145 146 =item proxyDN 147 148 In older versions of draft-weltman-ldapv3-proxy-XX.txt the value in the control and thus the 149 constructor argument was a DN and was called C<proxyDN>. It served the same purpose as C<authzID> 150 in recent versions of C<proxyauthorisationControl>. 151 152 =back 153 154 B<Please note:> 155 Unfortunately the OID and the encoding or the C<proxyauthorisationControl> 156 changed significantly in recent versions of draft-weltman-ldapv3-proxy-XX.txt. 157 Net::LDAP::Control::ProxyAuth tries to cope with that situation and changes 158 the OID and encoding used depending on the constructor argument. 159 160 With C<proxyDN> as constructor argument the old OID and encoding are used, 161 while with C<authzID> as constructor argument the new OID and encoding are used. 162 Using this logic servers supporting either OID can be handled correctly. 163 164 =head1 METHODS 165 166 As with L<Net::LDAP::Control> each constructor argument 167 described above is also available as a method on the object which will 168 return the current value for the attribute if called without an argument, 169 and set a new value for the attribute if called with an argument. 170 171 =head1 SEE ALSO 172 173 L<Net::LDAP>, 174 L<Net::LDAP::Control>, 175 176 =head1 AUTHOR 177 178 Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from 179 Graham Barr E<lt>gbarr@pobox.comE<gt>. 180 Peter Marschall E<lt>peter@adpm.deE<gt> added authzID extensions 181 based on ideas from Graham Barr E<lt>gbarr@pobox.comE<gt>. 182 183 Please report any bugs, or post any suggestions, to the perl-ldap 184 mailing list E<lt>perl-ldap@perl.orgE<gt> 185 186 =head1 COPYRIGHT 187 188 Copyright (c) 2001-2004 Graham Barr. All rights reserved. This program is 189 free software; you can redistribute it and/or modify it under the same 190 terms as Perl itself. 191 192 =cut 193
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |