ldap/servers
by Noriko Hosoi
ldap/servers/plugins/retrocl/retrocl.h | 2 +-
ldap/servers/plugins/retrocl/retrocl_trim.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit b065fb3e3fa6ded5569b01bc9ed7a2fda532883d
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Oct 20 18:30:10 2010 -0700
Bug 629681 - Retro Changelog trimming does not behave as expected
https://bugzilla.redhat.com/show_bug.cgi?id=629681
Description: As reporter Oliver Thalmann (oliver.thalmann(a)chuv.ch)
pointed out, retrocl_init_trimming was repeating the retrocl_
housekeeping event every 5000 minutes instead of 5 minutes.
This patch fixes it to 5 minutes.
diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
index c4354d4..276912b 100644
--- a/ldap/servers/plugins/retrocl/retrocl.h
+++ b/ldap/servers/plugins/retrocl/retrocl.h
@@ -80,7 +80,7 @@ typedef struct _cnumRet {
/*
* How often the changelog trimming thread runs. This is the minimum trim age.
*/
-#define CHANGELOGDB_TRIM_INTERVAL 300*1000 /* 5 minutes */
+#define CHANGELOGDB_TRIM_INTERVAL 300*1000 /* 5 minutes in milliseconds */
#if defined(__hpux) && defined(__ia64)
#define RETROCL_DLL_DEFAULT_THREAD_STACKSIZE 524288L
diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c
index 7e97736..756f13b 100644
--- a/ldap/servers/plugins/retrocl/retrocl_trim.c
+++ b/ldap/servers/plugins/retrocl/retrocl_trim.c
@@ -516,8 +516,9 @@ void retrocl_init_trimming (void)
retrocl_trimming = 1;
retrocl_trim_ctx = slapi_eq_repeat(retrocl_housekeeping,
- NULL,(time_t)0,
- CHANGELOGDB_TRIM_INTERVAL * 1000);
+ NULL, (time_t)0,
+ /* in milliseconds */
+ CHANGELOGDB_TRIM_INTERVAL);
}
13 years, 6 months
Changes to 'refs/tags/389-dsgw-1.1.6'
by Richard Allen Megginson
Changes since the dawn of time:
Nathan Kinder (3):
Added orgchart to dsgw.
General templating work for DSGW CGI URI's.
Added dsgw.tmpl template
Noriko Hosoi (1):
openldap porting snapshot
Rich Megginson (56):
Initial import of code from ldapserver, modified to use autoconf for build
cleaned up build and setup scripts
update of autotool files based on recent ldapserver and adminserver
Initial pass at using adminutil for CGI code
Check ldapquery for NULL
Still need to unescape some form vars
added manuals; fixed code that displays manuals; added initial tests
get phonebook and orgchart working; use memmove instead of overlapping strcpy; fix memory error in dsgw_dn_parent
Renamed setup to setup-ds-dsgw to be consistent with other setup scripts
fix build issues and compiler warnings on HP-UX
added CXXLINK stuff for HP-UX
add dummy c++ file to force automake to define CXXLINK
include config.h in dsgw.h so all of the dsgw code will include it
do not check for GNU compatible realloc
better method of choosing suffix
enhance setup - move to sbin, check for already configured, add reconfig option to force reconfig, add support for users and groups
add pthread lib for HP-UX
attributes in LDIF may be in mixed case - sed cannot portably do case insensitive matching - just use a simple sed search and replace for ldif attributes
added perlpath for bundled installs
actually use perlpath in the generated files
setup will print messages showing what it is doing - setup will copy in the admin server home page html fragment files to enable using dsgw, phonebook, and orgchart from the admin server home page
remove the hp host:port cgi parameter
added a lot of tests
do not print empty message
add domodify tests
1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
clean up org chart code - added tests for org chart
Resolves: bug 171353
Resolves: Bug 146294
additional cleanup - my last org chart commit broke org chart, this fixes it, and cleans up some other stuff, and adds some more tests
Resolves: bug 435230
Resolves: bug 435230
Resolves: bug 435230
Resolves: bug 450134
Resolves: bug 450588
Resolves: bug 450894
Resolves: bug 450898
Resolves: bug 450971
Resolves: bug 452018
Resolves: bug 453052
Resolves: bug 171353
Resolves: bug 413531
this is the 1.1.1 release
Resolves: bug 471681
Resolves: bug 472092
for the 1.1.2 release
rename to 389
remove directory server exception from license
bump version to 1.1.3 for fedora review
bump version to 1.1.4 - require 389-adminutil - fix adminutil.m4 - fix remaining licensing problems
make sure we can find ICU genrb on all platforms
port dsgw to use openldap
org cannot use LDAP_URL_OPT_SECURE; ldap_sasl_bind result check not correct
openldap does not use global MozNSS context
Bug 553636 - dsgw and ds has problems in schema
13 years, 6 months
ldap/admin
by Noriko Hosoi
ldap/admin/src/scripts/60upgradeschemafiles.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 904698eaf466a865c0edb9a0743469f23c97bab8
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Oct 20 13:21:28 2010 -0700
Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
are not upgraded in the server instance schema dir
https://bugzilla.redhat.com/show_bug.cgi?id=645061
Description: To replace 06inetorgperson.ldif and 05rfc4524.ldif
in teh server instance schema dir, adding the 2 schema files to
the toremove list in the schema upgrade script 60upgradeschemafiles.pl.
diff --git a/ldap/admin/src/scripts/60upgradeschemafiles.pl b/ldap/admin/src/scripts/60upgradeschemafiles.pl
index 97d6a94..99373dc 100644
--- a/ldap/admin/src/scripts/60upgradeschemafiles.pl
+++ b/ldap/admin/src/scripts/60upgradeschemafiles.pl
@@ -11,7 +11,7 @@ sub runinst {
# these schema files are obsolete, or we want to replace
# them with newer versions
- my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif);
+ my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif);
# these hashes will be used to check for obsolete schema
# in 99user.ldif
13 years, 6 months
VERSION.sh
by Richard Allen Megginson
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 22276b9cb08e256b4311bfa4d30c5bd406019cec
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Oct 20 14:47:34 2010 -0600
bump version to 1.1.12.a2
diff --git a/VERSION.sh b/VERSION.sh
index 0e8352a..13dd113 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -15,7 +15,7 @@ VERSION_MAINT=12
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
-VERSION_PREREL=.a1
+VERSION_PREREL=.a2
# NOTES on VERSION_PREREL
# use aN for an alpha release e.g. a1, a2, etc.
# use rcN for a release candidate e.g. rc1, rc2, etc.
13 years, 6 months
Changes to 'refs/tags/389-admin-1.1.12.a1'
by Richard Allen Megginson
Changes since 389-admin-1.1.11:
Endi S. Dewata (1):
Bug 573889 - Migration does not remove deprecated schema
Rich Megginson (7):
bump version to 1.1.12.a1
initial support for openldap
add selinux policy for dsgw
skip LD_PRELOAD if using openldap
add more log information if nss init fails
add even more nss debugging
Bug 618454 - mod_admserv should only clear NSS caches and shutdown if NSS is initialized
---
Makefile.am | 39 +
Makefile.in | 76 +--
VERSION.sh | 4
admserv/cfgstuff/start-ds-admin.in | 25
admserv/cgi-src40/admlib.mk | 119 ----
admserv/cgi-src40/admpw.c | 67 --
admserv/cgi-src40/dllglue.c | 42 -
admserv/cgi-src40/dsconfig.c | 9
admserv/cgi-src40/htmladmin.c | 166 +++---
admserv/cgi-src40/security.c | 2
admserv/cgi-src40/viewdata.c | 150 +++--
admserv/cgi-src40/viewlog.c | 21
admserv/newinst/src/AdminMigration.pm.in | 49 +
config.h.in | 12
configure | 778 ++++++++++++++++++++++++++++---
configure.ac | 15
include/libadmin/libadmin.h | 62 ++
include/libdsa/dsalib.h | 6
lib/libadmin/dllglue.c | 77 ---
lib/libadmin/util.c | 732 +++++++++++++++++++++++++++++
lib/libdsa/dsalib_conf.c | 15
lib/libdsa/dsalib_confs.c | 68 ++
m4/mozldap.m4 | 109 ++--
m4/openldap.m4 | 131 +++++
mod_admserv/mod_admserv.c | 153 ++----
mod_admserv/mod_admserv.h | 15
selinux/dirsrv-admin.fc.in | 5
tests/ds_create/testget.1 | 2
tests/htmladmin/testget.2 | 2
tests/htmladmin/testget.3 | 2
tests/htmladmin/testget.4 | 2
tests/htmladmin/testget.5 | 2
tests/htmladmin/testget.6 | 2
tests/htmladmin/testget.7 | 2
tests/htmladmin/testget.8 | 2
tests/setup.sh | 250 +++++++--
tests/ugdsconfig/testget.10 | 2
tests/viewdata/testget.2 | 2
tests/viewdata/testget.3 | 2
tests/viewdata/testget.4 | 2
tests/viewlog/testget.3 | 2
tests/viewlog/testget.4 | 2
42 files changed, 2396 insertions(+), 829 deletions(-)
---
13 years, 6 months
6 commits - admserv/cfgstuff admserv/cgi-src40 config.h.in configure configure.ac include/libadmin include/libdsa lib/libadmin lib/libdsa ltmain.sh m4/mozldap.m4 m4/openldap.m4 Makefile.am Makefile.in mod_admserv/mod_admserv.c mod_admserv/mod_admserv.h selinux/dirsrv-admin.fc.in tests/ds_create tests/htmladmin tests/setup.sh tests/ugdsconfig tests/viewdata tests/viewlog
by Richard Allen Megginson
Makefile.am | 39 +
Makefile.in | 76 ++-
admserv/cfgstuff/start-ds-admin.in | 25 -
admserv/cgi-src40/admlib.mk | 119 -----
admserv/cgi-src40/admpw.c | 67 ---
admserv/cgi-src40/dllglue.c | 42 -
admserv/cgi-src40/dsconfig.c | 9
admserv/cgi-src40/htmladmin.c | 166 ++++---
admserv/cgi-src40/security.c | 2
admserv/cgi-src40/viewdata.c | 150 +++----
admserv/cgi-src40/viewlog.c | 21
config.h.in | 12
configure | 778 +++++++++++++++++++++++++++++++++----
configure.ac | 15
include/libadmin/libadmin.h | 62 ++
include/libdsa/dsalib.h | 6
lib/libadmin/dllglue.c | 77 ---
lib/libadmin/util.c | 732 ++++++++++++++++++++++++++++++++++
lib/libdsa/dsalib_conf.c | 15
lib/libdsa/dsalib_confs.c | 68 ++-
m4/mozldap.m4 | 109 +++--
m4/openldap.m4 | 131 ++++++
mod_admserv/mod_admserv.c | 153 +++----
mod_admserv/mod_admserv.h | 15
selinux/dirsrv-admin.fc.in | 5
tests/ds_create/testget.1 | 2
tests/htmladmin/testget.2 | 2
tests/htmladmin/testget.3 | 2
tests/htmladmin/testget.4 | 2
tests/htmladmin/testget.5 | 2
tests/htmladmin/testget.6 | 2
tests/htmladmin/testget.7 | 2
tests/htmladmin/testget.8 | 2
tests/setup.sh | 250 ++++++++---
tests/ugdsconfig/testget.10 | 2
tests/viewdata/testget.2 | 2
tests/viewdata/testget.3 | 2
tests/viewdata/testget.4 | 2
tests/viewlog/testget.3 | 2
tests/viewlog/testget.4 | 2
40 files changed, 2368 insertions(+), 804 deletions(-)
New commits:
commit 24fd9c4c1af99b2a3c067b633c26c76bf672fb31
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Oct 20 11:14:24 2010 -0600
Bug 618454 - mod_admserv should only clear NSS caches and shutdown if NSS is initialized
https://bugzilla.redhat.com/show_bug.cgi?id=618454
Resolves: bug 618454
Bug Description: mod_admserv should only clear NSS caches and shutdown if NSS is initialized
Branch: master
Fix Description: Check NSS_IsInitialized before clearing caches. We also do
an NSS_Shutdown here - with the new NSS fips mode, you cannot load the
softoken after a fork unless you have first shutdown NSS - Apache loads and
unloads its modules several times during the startup phase, so we have to
make sure we completely shutdown NSS when the module is unloaded so that we
can load it again and start the NSS engine when the module is re-loaded.
Finally, change ldap_unbind_ext_s to just ldap_unbind_ext - ldap_unbind is
always asynchronous.
This should also fix https://bugzilla.redhat.com/show_bug.cgi?id=555296
Platforms tested: RHEL5 x86_64, Fedora 14 x86_64
Flag Day: no
Doc impact: no
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index b1da00d..ec7397c 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -504,7 +504,7 @@ ldapu_find_userdn (LDAP *ld, const char *uid, const char *base,
static void
closeLDAPConnection(LDAP *server)
{
- ldap_unbind_ext_s(server, NULL, NULL);
+ ldap_unbind_ext(server, NULL, NULL);
}
static LDAP *
@@ -2227,19 +2227,23 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
static
apr_status_t mod_admserv_unload(void *data)
{
- SECStatus status;
-
- SSL_ClearSessionCache();
- status = NSS_Shutdown();
- if (status != SECSuccess) {
- PRErrorCode prerr = PR_GetError();
- if (prerr == SEC_ERROR_NOT_INITIALIZED) {
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
- "Unable to shutdown NSS - not initialized");
- } else {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
- "Unable to shutdown NSS - [%d:%s]",
- prerr, SSL_Strerror(prerr));
+ if (NSS_IsInitialized()) {
+ SECStatus status;
+ SSL_ClearSessionCache();
+ status = NSS_Shutdown();
+ if (status != SECSuccess) {
+ PRErrorCode prerr = PR_GetError();
+ if (prerr == SEC_ERROR_NOT_INITIALIZED) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "Unable to shutdown NSS - not initialized");
+ } else if (prerr == SEC_ERROR_BUSY) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "Unable to shutdown NSS - still busy - assume mod_nss is holding references - continuing");
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+ "Unable to shutdown NSS - [%d:%s]",
+ prerr, SSL_Strerror(prerr));
+ }
}
}
return OK;
commit 5785ac192b0664945cfd4ec297cfe2ef1236e419
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Oct 15 17:18:14 2010 -0600
add even more nss debugging
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 4e14a0f..b1da00d 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -87,6 +87,7 @@
#include "nss.h"
#include "ssl.h"
+#include "secerr.h"
#include "mod_admserv.h"
@@ -2226,7 +2227,21 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
static
apr_status_t mod_admserv_unload(void *data)
{
+ SECStatus status;
+
SSL_ClearSessionCache();
+ status = NSS_Shutdown();
+ if (status != SECSuccess) {
+ PRErrorCode prerr = PR_GetError();
+ if (prerr == SEC_ERROR_NOT_INITIALIZED) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "Unable to shutdown NSS - not initialized");
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+ "Unable to shutdown NSS - [%d:%s]",
+ prerr, SSL_Strerror(prerr));
+ }
+ }
return OK;
}
commit bfe1d9a242050ba4a9a2d00a2be362a422a23fc7
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Oct 15 15:07:09 2010 -0600
add more log information if nss init fails
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 90f81eb..4e14a0f 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -784,7 +784,8 @@ sslinit(AdmldapInfo info, const char *configdir)
we still have to perform our own TLS/SSL client init */
if (ADMSSL_Init(info, (char *)configdir, 0)) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
- "sslinit: NSS is required to use LDAPS, but security initialization failed. Cannot start server");
+ "sslinit: NSS is required to use LDAPS, but security initialization failed [%d:%s]. Cannot start server",
+ PR_GetError(), SSL_Strerror(PR_GetError()));
exit(1);
}
} else {
commit c378a9f681050ac02c19a9a81d4adf2033497307
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Oct 15 12:28:59 2010 -0600
skip LD_PRELOAD if using openldap
Because Apache can be linked directly against the openldap libraries, we had
to LD_PRELOAD the mozldap libraries in order to force them to be used instead
of openldap - now that we can use openldap, we can omit this step
diff --git a/Makefile.am b/Makefile.am
index ae8190e..22af4b2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -137,6 +137,7 @@ LIBCRUN=@LIBCRUN@
if OPENLDAP
LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@
+use_openldap = 1
else
LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
endif
@@ -514,6 +515,7 @@ fixupcmd = sed \
-e 's,@LIBPATH\@,$(LIBPATH),g' \
-e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \
-e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \
+ -e 's,@use_openldap\@,$(use_openldap),g' \
-e 's,@admmoddir\@,$(admmoddir),g' \
-e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \
-e 's,@instconfigdir\@,$(instconfigdir),g' \
@@ -572,6 +574,7 @@ fixupcmd = sed \
-e 's,@LIBPATH\@,$(LIBPATH),g' \
-e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \
-e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \
+ -e 's,@use_openldap\@,$(use_openldap),g' \
-e 's,@admmoddir\@,$(admmoddir),g' \
-e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \
-e 's,@instconfigdir\@,$(instconfigdir),g' \
diff --git a/Makefile.in b/Makefile.in
index c55491d..4094360 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -570,6 +570,7 @@ noinst_LIBRARIES = libdsa.a
admmod_LTLIBRARIES = mod_admserv.la mod_restartd.la
@OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@
+@OPENLDAP_TRUE@use_openldap = 1
DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \
@icu_lib@ -licui18n -licuuc -licudata \
$(LDAPSDK_LINK) \
@@ -873,6 +874,7 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \
@BUNDLE_FALSE@ -e 's,@LIBPATH\@,$(LIBPATH),g' \
@BUNDLE_FALSE@ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \
@BUNDLE_FALSE@ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \
+@BUNDLE_FALSE@ -e 's,@use_openldap\@,$(use_openldap),g' \
@BUNDLE_FALSE@ -e 's,@admmoddir\@,$(admmoddir),g' \
@BUNDLE_FALSE@ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \
@BUNDLE_FALSE@ -e 's,@instconfigdir\@,$(instconfigdir),g' \
@@ -940,6 +942,7 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \
@BUNDLE_TRUE@ -e 's,@LIBPATH\@,$(LIBPATH),g' \
@BUNDLE_TRUE@ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \
@BUNDLE_TRUE@ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \
+@BUNDLE_TRUE@ -e 's,@use_openldap\@,$(use_openldap),g' \
@BUNDLE_TRUE@ -e 's,@admmoddir\@,$(admmoddir),g' \
@BUNDLE_TRUE@ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \
@BUNDLE_TRUE@ -e 's,@instconfigdir\@,$(instconfigdir),g' \
diff --git a/admserv/cfgstuff/start-ds-admin.in b/admserv/cfgstuff/start-ds-admin.in
index f95de9a..8258b08 100644
--- a/admserv/cfgstuff/start-ds-admin.in
+++ b/admserv/cfgstuff/start-ds-admin.in
@@ -32,21 +32,24 @@ LIBPATH=@LIBPATH@:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; exp
SHLIB_PATH=@LIBPATH@:${SHLIB_PATH}; export SHLIB_PATH
HTTPD=@HTTPD@
-
-# see if httpd is linked with the openldap libraries - we need to override them
OS=`uname -s`
-if [ $OS = "Linux" ]; then
- hasol=0
- /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1
+# see if httpd is linked with the openldap libraries - we need to override them if
+# using mozldap
+if [ -z "@use_openldap@" ] ; then
+ if [ $OS = "Linux" ]; then
+ hasol=0
+
+ /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1
- if [ $hasol -eq 1 ] ; then
- LD_PRELOAD="@ldapsdk_libdir(a)/libldap60.so"
- ssl_lib="@nss_libdir(a)/libssl3.so"
- if [ -f "$ssl_lib" ] ; then
- LD_PRELOAD="$ssl_lib $LD_PRELOAD"
+ if [ $hasol -eq 1 ] ; then
+ LD_PRELOAD="@ldapsdk_libdir(a)/libldap60.so"
+ ssl_lib="@nss_libdir(a)/libssl3.so"
+ if [ -f "$ssl_lib" ] ; then
+ LD_PRELOAD="$ssl_lib $LD_PRELOAD"
+ fi
+ export LD_PRELOAD
fi
- export LD_PRELOAD
fi
fi
commit be01871d71a678a1b47f4441c738cdf9740154e2
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Oct 11 11:16:53 2010 -0600
add selinux policy for dsgw
This adds selinux policy for dsgw - this assumes the use of the admin server
to run dsgw i.e. no standalone policy for standalone dsgw
diff --git a/Makefile.am b/Makefile.am
index 1e79eb0..ae8190e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -85,6 +85,11 @@ logdir = $(localstatedir)@admlogdir@/$(instancename)
endif
updatedir = $(datadir)@updatedir@
+# needed for selinux policy
+dsgwcgibindir = $(libdir)@dsgwcgibindir@
+dsgwconfigdir = $(instconfigdir)/dsgw
+dsgwcookiedir = $(localstatedir)@dsgwcookiedir@
+
libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \
lib/base/system.cpp lib/base/nscputil.cpp
@@ -534,7 +539,10 @@ fixupcmd = sed \
-e 's,@adminutilpath\@,$(adminutilpath),g' \
-e 's,@initconfigdir\@,$(initconfigdir),g' \
-e 's,@updatedir\@,$(updatedir),g' \
- -e 's,@with_selinux\@,@with_selinux@,g'
+ -e 's,@with_selinux\@,@with_selinux@,g' \
+ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \
+ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \
+ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g'
else
fixupcmd = sed \
-e 's,@ECHO_C\@,$(ECHO_C),g' \
@@ -589,7 +597,10 @@ fixupcmd = sed \
-e 's,@adminutilpath\@,$(adminutilpath),g' \
-e 's,@initconfigdir\@,$(initconfigdir),g' \
-e 's,@updatedir\@,$(updatedir),g' \
- -e 's,@with_selinux\@,@with_selinux@,g'
+ -e 's,@with_selinux\@,@with_selinux@,g' \
+ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \
+ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \
+ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g'
endif
# because the source may be either httpd.conf.in or httpd-2.2.conf.in
diff --git a/Makefile.in b/Makefile.in
index 08d626f..c55491d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -415,6 +415,10 @@ cgibindir = $(libdir)@cgibindir@
cmdbindir = $(sbindir)
datadir = @datadir@
debug_defs = @debug_defs@
+
+# needed for selinux policy
+dsgwcgibindir = $(libdir)@dsgwcgibindir@
+dsgwcookiedir = $(localstatedir)@dsgwcookiedir@
dslibdir = @dslibdir@
exec_prefix = @exec_prefix@
extra_cppflags = @extra_cppflags@
@@ -528,6 +532,7 @@ configdir = $(instconfigdir)/$(instancename)
securitydir = $(configdir)
@BUNDLE_FALSE@logdir = $(localstatedir)@admlogdir@/$(instancename)
@BUNDLE_TRUE@logdir = $(localstatedir)@admlogdir@
+dsgwconfigdir = $(instconfigdir)/dsgw
libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \
lib/base/system.cpp lib/base/nscputil.cpp
@@ -893,7 +898,10 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \
@BUNDLE_FALSE@ -e 's,@adminutilpath\@,$(adminutilpath),g' \
@BUNDLE_FALSE@ -e 's,@initconfigdir\@,$(initconfigdir),g' \
@BUNDLE_FALSE@ -e 's,@updatedir\@,$(updatedir),g' \
-@BUNDLE_FALSE@ -e 's,@with_selinux\@,@with_selinux@,g'
+@BUNDLE_FALSE@ -e 's,@with_selinux\@,@with_selinux@,g' \
+@BUNDLE_FALSE@ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \
+@BUNDLE_FALSE@ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \
+@BUNDLE_FALSE@ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g'
# these are for the config files and scripts that we need to generate and replace
@@ -957,7 +965,10 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \
@BUNDLE_TRUE@ -e 's,@adminutilpath\@,$(adminutilpath),g' \
@BUNDLE_TRUE@ -e 's,@initconfigdir\@,$(initconfigdir),g' \
@BUNDLE_TRUE@ -e 's,@updatedir\@,$(updatedir),g' \
-@BUNDLE_TRUE@ -e 's,@with_selinux\@,@with_selinux@,g'
+@BUNDLE_TRUE@ -e 's,@with_selinux\@,@with_selinux@,g' \
+@BUNDLE_TRUE@ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \
+@BUNDLE_TRUE@ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \
+@BUNDLE_TRUE@ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g'
all: $(BUILT_SOURCES) config.h
$(MAKE) $(AM_MAKEFLAGS) all-am
diff --git a/configure b/configure
index b682415..1d154f6 100755
--- a/configure
+++ b/configure
@@ -466,7 +466,7 @@ ac_includes_default="\
#endif"
ac_default_prefix=/opt/dirsrv
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP
CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir
updatedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP
CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir
updatedir dsgwcgibindir dsgwcookiedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -25817,6 +25817,7 @@ if test "$with_fhs_opt" = "yes"; then
# relative to libdir
# CGI program directory
cgibindir=/cgi-bin
+ dsgwcgibindir=/dsgw-cgi-bin
# where our private Apache modules will go
admmoddir=/modules
perldir=/perl
@@ -25826,6 +25827,8 @@ if test "$with_fhs_opt" = "yes"; then
piddir=/$PACKAGE_BASE_NAME/$instancename/run
# location of property/resource files, relative to datadir
propertydir=/properties
+ # relative to $localstatedir
+ dsgwcookiedir=/$PACKAGE_BASE_NAME/dsgw/cookies
else
if test "$with_fhs" = "yes"; then
ac_default_prefix=/usr
@@ -25844,6 +25847,7 @@ else
# relative to libdir
# CGI program directory
cgibindir=/$PACKAGE_BASE_NAME/cgi-bin
+ dsgwcgibindir=/$PACKAGE_BASE_NAME/dsgw-cgi-bin
# where our private Apache modules will go
admmoddir=/$PACKAGE_BASE_NAME/modules
perldir=/$PACKAGE_BASE_NAME/perl
@@ -25853,6 +25857,8 @@ else
piddir=/run/$PACKAGE_BASE_NAME
# location of property/resource files, relative to datadir
propertydir=/$PACKAGE_BASE_NAME/properties
+ # relative to $localstatedir
+ dsgwcookiedir=/run/$PACKAGE_BASE_NAME/dsgw/cookies
fi
pidfile=$instancename.pid
@@ -25921,6 +25927,9 @@ pidfile=$instancename.pid
+# these are needed for selinux policy for the dsgw
+
+
@@ -26860,6 +26869,8 @@ s,@nssmoddir@,$nssmoddir,;t t
s,@infdir@,$infdir,;t t
s,@perldir@,$perldir,;t t
s,@updatedir@,$updatedir,;t t
+s,@dsgwcgibindir@,$dsgwcgibindir,;t t
+s,@dsgwcookiedir@,$dsgwcookiedir,;t t
s,@brand@,$brand,;t t
s,@capbrand@,$capbrand,;t t
s,@vendor@,$vendor,;t t
diff --git a/configure.ac b/configure.ac
index 5d19e81..6d72542 100644
--- a/configure.ac
+++ b/configure.ac
@@ -319,6 +319,7 @@ if test "$with_fhs_opt" = "yes"; then
# relative to libdir
# CGI program directory
cgibindir=/cgi-bin
+ dsgwcgibindir=/dsgw-cgi-bin
# where our private Apache modules will go
admmoddir=/modules
perldir=/perl
@@ -328,6 +329,8 @@ if test "$with_fhs_opt" = "yes"; then
piddir=/$PACKAGE_BASE_NAME/$instancename/run
# location of property/resource files, relative to datadir
propertydir=/properties
+ # relative to $localstatedir
+ dsgwcookiedir=/$PACKAGE_BASE_NAME/dsgw/cookies
else
if test "$with_fhs" = "yes"; then
ac_default_prefix=/usr
@@ -348,6 +351,7 @@ else
# relative to libdir
# CGI program directory
cgibindir=/$PACKAGE_BASE_NAME/cgi-bin
+ dsgwcgibindir=/$PACKAGE_BASE_NAME/dsgw-cgi-bin
# where our private Apache modules will go
admmoddir=/$PACKAGE_BASE_NAME/modules
perldir=/$PACKAGE_BASE_NAME/perl
@@ -357,6 +361,8 @@ else
piddir=/run/$PACKAGE_BASE_NAME
# location of property/resource files, relative to datadir
propertydir=/$PACKAGE_BASE_NAME/properties
+ # relative to $localstatedir
+ dsgwcookiedir=/run/$PACKAGE_BASE_NAME/dsgw/cookies
fi
pidfile=$instancename.pid
@@ -425,6 +431,9 @@ AC_SUBST(nssmoddir)
AC_SUBST(infdir)
AC_SUBST(perldir)
AC_SUBST(updatedir)
+# these are needed for selinux policy for the dsgw
+AC_SUBST(dsgwcgibindir)
+AC_SUBST(dsgwcookiedir)
AC_SUBST(brand)
AC_SUBST(capbrand)
diff --git a/selinux/dirsrv-admin.fc.in b/selinux/dirsrv-admin.fc.in
index d00380b..f97a606 100644
--- a/selinux/dirsrv-admin.fc.in
+++ b/selinux/dirsrv-admin.fc.in
@@ -5,6 +5,7 @@
# Configuration
@configdir(a)(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0)
+@dsgwconfigdir(a)(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0)
# Log dir
@logdir(a)(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
@@ -14,3 +15,7 @@
# CGIs
@cgibindir(a)(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
+@dsgwcgibindir(a)(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
+
+# DSGW cookies
+@dsgwcookiedir(a)(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
commit 64991f3154db313bb5fee22f2c003f56580d09d3
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Sep 28 08:53:25 2010 -0600
initial support for openldap
This adds support for using openldap instead of mozldap
diff --git a/Makefile.am b/Makefile.am
index 15484ea..1e79eb0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -90,11 +90,11 @@ libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \
libsi18n_a_SOURCES = lib/libsi18n/getstrprop.c
-libadmin_a_SOURCES = lib/libadmin/cluster.c lib/libadmin/dllglue.c \
+libadmin_a_SOURCES = lib/libadmin/cluster.c \
lib/libadmin/error.c lib/libadmin/form_get.c lib/libadmin/httpcon.c lib/libadmin/install.c \
lib/libadmin/referer.c lib/libadmin/template.c lib/libadmin/util.c
-AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) @adminutil_inc@ @icu_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 \
+AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) @adminutil_inc@ @icu_inc@ @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 \
-I$(srcdir)/include -I$(srcdir)/include/base
if WINNT
AM_CPPFLAGS += -DXP_WINNT
@@ -130,9 +130,15 @@ LIBNSL=@LIBNSL@
LIBCSTD=@LIBCSTD@
LIBCRUN=@LIBCRUN@
+if OPENLDAP
+LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@
+else
+LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
+endif
+
DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \
@icu_lib@ -licui18n -licuuc -licudata \
- @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 \
+ $(LDAPSDK_LINK) \
@sasl_lib@ -lsasl2 \
@nss_lib@ -lsmime3 -lssl3 -lnss3 -lsoftokn3 \
@nspr_lib@ -lplds4 -lplc4 -lnspr4 \
@@ -263,8 +269,7 @@ libdsa_a_SOURCES = lib/libdsa/dsalib_conf.c \
lib/libdsa/dsalib_db.c \
lib/libdsa/dsalib_util.c
-libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @ldapsdk_inc@ @nss_inc@ @nspr_inc@
-libdsa_a_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK)
+libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@
# source files for our CGI programs
download_SOURCES = admserv/cgi-src40/download.c
@@ -352,7 +357,7 @@ ds_snmpctrl_LINK = $(MYLINK)
mod_admserv_la_SOURCES = mod_admserv/mod_admserv.c
mod_admserv_la_CPPFLAGS = -I@apache_inc@ @apr_inc@ $(AM_CPPFLAGS) @extra_cppflags@
mod_admserv_la_LDFLAGS = -module -avoid-version
-mod_admserv_la_LIBADD = $(DEFAULT_LIBS_NOCGI)
+mod_admserv_la_LIBADD = $(DEFAULT_LIBS)
mod_admserv_la_LINK = $(MYLINK) $(mod_admserv_la_LDFLAGS)
############## mod_restartd ################
@@ -408,14 +413,14 @@ perlpath=$(perldir) $(libdir)/perl/arch $(libdir)/perl
else
# need to create the LD_LIBRARY_PATH,SHLIB_PATH string to use in scripts
# sort also strips out duplicates
-LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir)
+LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(openldap_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir)
LIBDIRS = $(call mysort,-ru,$(LIBDIRLIST))
# now put it in the canonical form
LIBPATH = $(subst $(SPACE),$(COLON),$(LIBDIRS))
# nssmoddir is the same
runtime_nssmoddir=$(nssmoddir)
runtime_nss_libdir=$(nss_libdir)
-runtime_ldapsdk_libdir=$(ldapsdk_libdir)
+runtime_ldapsdk_libdir=$(openldap_libdir) $(ldapsdk_libdir)
perlpath=$(perldir)
endif
# this is primarily needed for HP-UX and the other platforms
diff --git a/Makefile.in b/Makefile.in
old mode 100755
new mode 100644
index 2e325c0..08d626f
--- a/Makefile.in
+++ b/Makefile.in
@@ -61,10 +61,10 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/fhs.m4 \
$(top_srcdir)/m4/fortitude.m4 $(top_srcdir)/m4/httpd.m4 \
$(top_srcdir)/m4/nspr.m4 $(top_srcdir)/m4/nss.m4 \
- $(top_srcdir)/m4/sasl.m4 $(top_srcdir)/m4/mozldap.m4 \
- $(top_srcdir)/m4/icu.m4 $(top_srcdir)/m4/adminutil.m4 \
- $(top_srcdir)/m4/mod_nss.m4 $(top_srcdir)/m4/selinux.m4 \
- $(top_srcdir)/configure.ac
+ $(top_srcdir)/m4/sasl.m4 $(top_srcdir)/m4/openldap.m4 \
+ $(top_srcdir)/m4/mozldap.m4 $(top_srcdir)/m4/icu.m4 \
+ $(top_srcdir)/m4/adminutil.m4 $(top_srcdir)/m4/mod_nss.m4 \
+ $(top_srcdir)/m4/selinux.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
@@ -75,7 +75,7 @@ CONFIG_CLEAN_FILES =
LIBRARIES = $(noinst_LIBRARIES)
ARFLAGS = cru
libdsa_a_AR = $(AR) $(ARFLAGS)
-libdsa_a_DEPENDENCIES =
+libdsa_a_LIBADD =
am__dirstamp = $(am__leading_dot)dirstamp
am_libdsa_a_OBJECTS = lib/libdsa/libdsa_a-dsalib_conf.$(OBJEXT) \
lib/libdsa/libdsa_a-dsalib_debug.$(OBJEXT) \
@@ -109,18 +109,19 @@ libds_admin_serv_la_DEPENDENCIES =
am__objects_1 = lib/base/file.lo lib/base/nscperror.lo \
lib/base/system.lo lib/base/nscputil.lo
am__objects_2 = lib/libsi18n/getstrprop.lo
-am__objects_3 = lib/libadmin/cluster.lo lib/libadmin/dllglue.lo \
- lib/libadmin/error.lo lib/libadmin/form_get.lo \
- lib/libadmin/httpcon.lo lib/libadmin/install.lo \
- lib/libadmin/referer.lo lib/libadmin/template.lo \
- lib/libadmin/util.lo
+am__objects_3 = lib/libadmin/cluster.lo lib/libadmin/error.lo \
+ lib/libadmin/form_get.lo lib/libadmin/httpcon.lo \
+ lib/libadmin/install.lo lib/libadmin/referer.lo \
+ lib/libadmin/template.lo lib/libadmin/util.lo
am_libds_admin_serv_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
$(am__objects_3)
libds_admin_serv_la_OBJECTS = $(am_libds_admin_serv_la_OBJECTS)
am__DEPENDENCIES_1 =
am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-mod_admserv_la_DEPENDENCIES = $(am__DEPENDENCIES_2)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am__DEPENDENCIES_3 = libds-admin-serv.la $(am__DEPENDENCIES_2)
+mod_admserv_la_DEPENDENCIES = $(am__DEPENDENCIES_3)
am_mod_admserv_la_OBJECTS = mod_admserv/mod_admserv_la-mod_admserv.lo
mod_admserv_la_OBJECTS = $(am_mod_admserv_la_OBJECTS)
mod_restartd_la_LIBADD =
@@ -131,7 +132,6 @@ cgibinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(cgibin_PROGRAMS)
am_ReadLog_OBJECTS = admserv/cgi-src40/ReadLog.$(OBJEXT)
ReadLog_OBJECTS = $(am_ReadLog_OBJECTS)
-am__DEPENDENCIES_3 = libds-admin-serv.la $(am__DEPENDENCIES_2)
ReadLog_DEPENDENCIES = $(am__DEPENDENCIES_3)
am_admpw_OBJECTS = admserv/cgi-src40/admpw.$(OBJEXT)
admpw_OBJECTS = $(am_admpw_OBJECTS)
@@ -350,6 +350,8 @@ MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
MAKEINFO = @MAKEINFO@
OBJEXT = @OBJEXT@
+OPENLDAP_FALSE = @OPENLDAP_FALSE@
+OPENLDAP_TRUE = @OPENLDAP_TRUE@
PACKAGE = @PACKAGE@
PACKAGE_BASE_NAME = @PACKAGE_BASE_NAME@
PACKAGE_BASE_VERSION = @PACKAGE_BASE_VERSION@
@@ -460,7 +462,11 @@ nss_lib = @nss_lib@
nss_libdir = @nss_libdir@
nssmoddir = @nssmoddir@
nsspcache = @nsspcache@
+ol_libver = @ol_libver@
oldincludedir = @oldincludedir@
+openldap_inc = @openldap_inc@
+openldap_lib = @openldap_lib@
+openldap_libdir = @openldap_libdir@
perldir = $(libdir)@perldir@
perlexec = @perlexec@
piddir = $(localstatedir)@piddir@
@@ -526,14 +532,14 @@ libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \
lib/base/system.cpp lib/base/nscputil.cpp
libsi18n_a_SOURCES = lib/libsi18n/getstrprop.c
-libadmin_a_SOURCES = lib/libadmin/cluster.c lib/libadmin/dllglue.c \
+libadmin_a_SOURCES = lib/libadmin/cluster.c \
lib/libadmin/error.c lib/libadmin/form_get.c lib/libadmin/httpcon.c lib/libadmin/install.c \
lib/libadmin/referer.c lib/libadmin/template.c lib/libadmin/util.c
AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) \
- @adminutil_inc@ @icu_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ \
- -DUSE_ADMSERV=1 -I$(srcdir)/include -I$(srcdir)/include/base \
- $(am__append_1) $(am__append_2) \
+ @adminutil_inc@ @icu_inc@ @openldap_inc@ @ldapsdk_inc@ \
+ @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 -I$(srcdir)/include \
+ -I$(srcdir)/include/base $(am__append_1) $(am__append_2) \
-DPROPERTYDIR=\"$(propertydir)\" -DLIBDIR=\"$(libdir)\" \
-DPIDDIR=\"$(piddir)\" -DHTMLDIR=\"$(htmldir)\" \
-DICONDIR=\"$(icondir)\" -DCMDBINDIR=\"$(cmdbindir)\" \
@@ -557,9 +563,11 @@ noinst_LIBRARIES = libdsa.a
# Apache modules
admmod_LTLIBRARIES = mod_admserv.la mod_restartd.la
+@OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
+@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@
DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \
@icu_lib@ -licui18n -licuuc -licudata \
- @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 \
+ $(LDAPSDK_LINK) \
@sasl_lib@ -lsasl2 \
@nss_lib@ -lsmime3 -lssl3 -lnss3 -lsoftokn3 \
@nspr_lib@ -lplds4 -lplc4 -lnspr4 \
@@ -667,8 +675,7 @@ libdsa_a_SOURCES = lib/libdsa/dsalib_conf.c \
lib/libdsa/dsalib_db.c \
lib/libdsa/dsalib_util.c
-libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @ldapsdk_inc@ @nss_inc@ @nspr_inc@
-libdsa_a_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK)
+libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@
# source files for our CGI programs
download_SOURCES = admserv/cgi-src40/download.c
@@ -750,7 +757,7 @@ ds_snmpctrl_LINK = $(MYLINK)
mod_admserv_la_SOURCES = mod_admserv/mod_admserv.c
mod_admserv_la_CPPFLAGS = -I@apache_inc@ @apr_inc@ $(AM_CPPFLAGS) @extra_cppflags@
mod_admserv_la_LDFLAGS = -module -avoid-version
-mod_admserv_la_LIBADD = $(DEFAULT_LIBS_NOCGI)
+mod_admserv_la_LIBADD = $(DEFAULT_LIBS)
mod_admserv_la_LINK = $(MYLINK) $(mod_admserv_la_LDFLAGS)
############## mod_restartd ################
@@ -799,13 +806,13 @@ mysort = $(shell echo -e $(subst $(SPACE),$(NL),$2) | grep -v -- -e | sort $1 -k
@BUNDLE_TRUE@runtime_nssmoddir = $(admmoddir)
@BUNDLE_FALSE@runtime_nss_libdir = $(nss_libdir)
@BUNDLE_TRUE@runtime_nss_libdir = $(libdir)
-@BUNDLE_FALSE@runtime_ldapsdk_libdir = $(ldapsdk_libdir)
+@BUNDLE_FALSE@runtime_ldapsdk_libdir = $(openldap_libdir) $(ldapsdk_libdir)
@BUNDLE_TRUE@runtime_ldapsdk_libdir = $(libdir)
@BUNDLE_FALSE@perlpath = $(perldir)
@BUNDLE_TRUE@perlpath = $(perldir) $(libdir)/perl/arch $(libdir)/perl
# need to create the LD_LIBRARY_PATH,SHLIB_PATH string to use in scripts
# sort also strips out duplicates
-@BUNDLE_FALSE@LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir)
+@BUNDLE_FALSE@LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(openldap_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir)
@BUNDLE_FALSE@LIBDIRS = $(call mysort,-ru,$(LIBDIRLIST))
# this is primarily needed for HP-UX and the other platforms
# where we bundle all of the components together
@@ -1125,8 +1132,6 @@ lib/libadmin/$(DEPDIR)/$(am__dirstamp):
@: > lib/libadmin/$(DEPDIR)/$(am__dirstamp)
lib/libadmin/cluster.lo: lib/libadmin/$(am__dirstamp) \
lib/libadmin/$(DEPDIR)/$(am__dirstamp)
-lib/libadmin/dllglue.lo: lib/libadmin/$(am__dirstamp) \
- lib/libadmin/$(DEPDIR)/$(am__dirstamp)
lib/libadmin/error.lo: lib/libadmin/$(am__dirstamp) \
lib/libadmin/$(DEPDIR)/$(am__dirstamp)
lib/libadmin/form_get.lo: lib/libadmin/$(am__dirstamp) \
@@ -1491,8 +1496,6 @@ mostlyclean-compile:
-rm -f lib/base/system.lo
-rm -f lib/libadmin/cluster.$(OBJEXT)
-rm -f lib/libadmin/cluster.lo
- -rm -f lib/libadmin/dllglue.$(OBJEXT)
- -rm -f lib/libadmin/dllglue.lo
-rm -f lib/libadmin/error.$(OBJEXT)
-rm -f lib/libadmin/error.lo
-rm -f lib/libadmin/form_get.$(OBJEXT)
@@ -1558,7 +1561,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@lib/base/$(DEPDIR)/nscputil.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lib/base/$(DEPDIR)/system.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/cluster.Plo(a)am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/dllglue.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/error.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/form_get.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/httpcon.Plo(a)am__quote@
diff --git a/admserv/cgi-src40/admlib.mk b/admserv/cgi-src40/admlib.mk
deleted file mode 100644
index 5241bdf..0000000
--- a/admserv/cgi-src40/admlib.mk
+++ /dev/null
@@ -1,119 +0,0 @@
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; version 2
-# of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-#
-
-# END COPYRIGHT BLOCK
-ifneq ($(ARCH), WINNT)
-
-OLD_BUILD_ROOT := $(BUILD_ROOT)
-BUILD_ROOT := $(shell cd $(OLD_BUILD_ROOT); pwd)
-SRCDIR=$(BUILD_ROOT)/admserv/cgi-src40
-
-ifeq ($(ARCH), OSF1)
-EXTRA_LIBS += -Wl,-rpath,../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), Linux)
-EXTRA_LIBS += -Wl,-rpath,../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), IRIX)
-EXTRA_LIBS += -lgen -rpath ../../lib:../..:../../../../lib
-endif
-
-
-ifeq ($(ARCH), SOLARIS)
-EXTRA_LIBS += -lgen -R../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), SONY)
-EXTRA_LIBS += -rpath ../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), NECSVR4)
-EXTRA_LIBS += -L../../lib -L../..
-endif
-
-ifeq ($(ARCH), HPUX)
-EXTRA_LIBS += -Wl,+b,../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), AIX)
-#LDAPLINK=-L../.. -L../../../../lib $(addprefix -l, $(LDAP_LIBNAMES))
-EXTRA_LIBS+= -blibpath:../../lib:.:../../:../../../../lib:$(DEF_LIBPATH) -brtl
-endif
-
-ifdef USE_LD_RUN_PATH
-EXTRA_LIBS += -L.
-export LD_RUN_PATH=../../lib:../..:../../../../lib
-endif
-
-ifeq ($(ARCH), SUNOS4)
-EXTRA_LIBS += -L../../lib -L../..
-endif
-
-EXTRA_LIBS += $(MATHLIB)
-
-ifndef LDAPLINK
-LDAPLINK = -L$(LDAPSDK_LIBPATH) $(addprefix -l, $(addsuffix $(DLL_PRESUF), $(LDAP_LIBNAMES)))
-endif
-
-GLUEOBJS=$(OBJDIR)/admin-lib/dllglue.o
-
-ifeq ($(ARCH), AIX)
-DEPLINK+=-bE:$(OBJDIR)/admin-lib/dllglue.exp
-endif
-
-ifeq ($(ARCH), AIX)
-$(GLUEOBJS): dllglue.c
- $(CC) -c $(CFLAGS) $(MCC_INCLUDE) dllglue.c \
- -o $(OBJDIR)/admin-lib/dllglue.o
- nm -B -g $(OBJDIR)/admin-lib/dllglue.o \
- | awk '/ [T,D,B] / {print $$3}' \
- | sed -e 's/^\.//' \
- | sort -u > $(OBJDIR)/admin-lib/dllglue.exp
- echo func_standard >> $(OBJDIR)/admin-lib/dllglue.exp
-
-else
-#
-# Puzzled! If this is not seperated, secglue.o will be removed after
-# compiling the cgi programs!
-#
-$(GLUEOBJS): dllglue.c
- $(CC) -c $(CFLAGS) $(MCC_INCLUDE) dllglue.c \
- -o $(OBJDIR)/admin-lib/dllglue.o
-endif
-
-$(OBJDIR)/admin-lib:
- mkdir -p $(OBJDIR)/admin-lib
-
-#
-# 10/01/96 achan
-# The dependency rules for ADMLIB is really defined in ../src/unixso.mk
-# So go there and check!
-#
-# 5/12/97 achan
-# Remove the check for whether ns-admin.so should be rebuilt since it will
-# sometimes remake it for no reason.
-#
-$(ADMLIB): FORCEIT
-
-FORCEIT:
-
-endif
diff --git a/admserv/cgi-src40/admpw.c b/admserv/cgi-src40/admpw.c
index 540a720..cbba671 100644
--- a/admserv/cgi-src40/admpw.c
+++ b/admserv/cgi-src40/admpw.c
@@ -66,7 +66,6 @@
static void output_admuid(AdmldapInfo admInfo);
static void update_uidpwd();
static void update_admpwd(char *newuid, char *newpw, const char *filename);
-static void update_ds(char *newpw);
static char *
sha1_pw_enc(const char *pwd)
@@ -315,7 +314,6 @@ static void update_uidpwd(AdmldapInfo admInfo) {
NULL, NULL);
}
- update_ds(newpw);
update_admpwd(newuid, sha1_pw_enc(newpw), filename);
}
else {
@@ -350,68 +348,3 @@ static void update_admpwd(char *newuid, char *newpw, const char *filename) {
fclose(f);
}
-
-/*
- * Modify userpassword in the DS
- */
-static void update_ds(char *pwd) {
-
- int err, rv, errorCode;
- PsetHndl pset;
- char *username = 0;
- char *localAdmin = 0;
- char *binddn = 0;
- char *bindpw = 0;
- char error_info[128];
- char *configdir = util_get_conf_dir();
-
- /* Get UserDN and User Password */
-
- rv = ADM_GetUserDNString(&err, &binddn);
- if (rv < 0 || !binddn || !*binddn) {
- rv = ADM_GetCurrentUsername(&err, &username);
- if (rv < 0 || !username || !*username) {
- rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERNAME, "No User Name"), NULL, NULL);
- }
- else {
- /* No DN, maybe it is local super */
- localAdmin = admGetLocalAdmin(NULL, &rv);
- if (localAdmin) {
- if (strcmp(username, localAdmin)) {
- rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERDN, "No User DN"), NULL, NULL);
- }
- else {
- binddn = NULL;
- bindpw = NULL;
- }
- }
- else {
- rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERDN, "No User DN"), NULL, NULL);
- }
- }
- }
-
- if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw);
-
- /* Initialize the pset */
-
- pset = psetCreateSSL("admin-serv",
- /* configRoot */ configdir,
- /* userDN */ binddn,
- /* passwd */ bindpw,
- /* errorcode */ &rv);
-
- if (!pset) {
- PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_PSET_ERROR,"PSETERROR: %d"), rv);
- rpt_err(APP_ERROR, i18nMsg(DBT_PSET_CREATE, "PSET Creation Failed"), NULL, error_info);
- }
-
- errorCode = psetSetSingleValueAttr(pset, "userpassword", pwd);
-
- if (errorCode) {
- logMsg("psetErr=%d\n", errorCode);
- psetDelete(pset);
- PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_PSET_ERROR,"PSETERROR: %d"), errorCode);
- rpt_err(APP_ERROR, "PSET SET Failed", NULL, error_info);
- }
-}
diff --git a/admserv/cgi-src40/dllglue.c b/admserv/cgi-src40/dllglue.c
deleted file mode 100644
index f86dd3e..0000000
--- a/admserv/cgi-src40/dllglue.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; version 2
- * of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- * END COPYRIGHT BLOCK **/
-/*
- * dllglue.c: Glue routines for the httpd.so shared object. These are
- * necessary because on many system no garbage collection is performed for
- * shared objects.
- *
- * Rob McCool
- */
-
-
-#ifdef XP_UNIX
-
-#include "base/systems.h"
-
-char *func_standard;
-void magnus_atrestart(void) {}
-#ifdef AIX
-void aix_dlopen(void) {}
-void aix_dlclose(void) {}
-void aix_dlerror(void) {}
-void aix_dlsym(void) {}
-#endif
-#endif
diff --git a/admserv/cgi-src40/dsconfig.c b/admserv/cgi-src40/dsconfig.c
index 80a206b..899836b 100644
--- a/admserv/cgi-src40/dsconfig.c
+++ b/admserv/cgi-src40/dsconfig.c
@@ -238,13 +238,14 @@ static void handle_getconfig()
int rc;
LDAPURLDesc *ludp;
char *ldapurl = NULL;
+ int ssl;
logMsg("In handle_getconfig\n");
ldapurl = get_ldap_url();
logMsg("baseurl=%s\n", ldapurl);
- if (( rc = ldap_url_parse( ldapurl, &ludp )) != 0 ) {
+ if (( rc = util_ldap_url_parse( ldapurl, &ludp, 0, &ssl )) != 0 ) {
char error_info[128];
PR_snprintf(error_info, sizeof(error_info),
i18nMsg(DBT_BAD_LDAPURL, "LDAP URL (%s) is invalid"), ldapurl);
@@ -252,7 +253,6 @@ static void handle_getconfig()
rpt_err(SYSTEM_ERROR, error_info, NULL, NULL);
}
else {
- int ssl;
fprintf(stdout, "Content-type: text/html\n\n");
@@ -262,7 +262,6 @@ static void handle_getconfig()
fprintf(stdout, "dsconfig.port:%d\n", ludp->lud_port);
logMsg("dsconfig.port:%d\n", ludp->lud_port);
- ssl = (ludp->lud_options & LDAP_URL_OPT_SECURE);
fprintf(stdout, "dsconfig.ssl:%s\n", ssl ? "true" : "false");
logMsg("dsconfig.ssl:%s\n", ssl ? "true" : "false");
@@ -337,7 +336,7 @@ static char* create_new_ldapurl(char *new_host, int new_port, char *new_basedn,
curldapurl = get_ldap_url();
logMsg("baseurl=%s\n", curldapurl);
- if (( rc = ldap_url_parse( curldapurl, &ludp )) != 0 ) {
+ if (( rc = util_ldap_url_parse( curldapurl, &ludp, 0, &sslflag )) != 0 ) {
logMsg("ldap_url_parse(%s) failed, rc=%d\n", curldapurl, rc);
rpt_err(SYSTEM_ERROR, i18nMsg(DBT_BAD_LDAPURL,"Bad ldap url in adm.conf"), NULL, NULL);
}
@@ -347,7 +346,7 @@ static char* create_new_ldapurl(char *new_host, int new_port, char *new_basedn,
host = (new_host != NULL) ? new_host : ludp->lud_host;
port = (new_port != -1) ? new_port : ludp->lud_port;
basedn = (new_basedn != NULL) ? new_basedn : ludp->lud_dn;
- sslflag = (new_ssl != -1) ? new_ssl : (ludp->lud_options & LDAP_URL_OPT_SECURE);
+ sslflag = (new_ssl != -1) ? new_ssl : sslflag;
ssl = (sslflag) ? (char *)"s" : (char *)"";
PR_snprintf(url, sizeof(url), "ldap%s://%s:%d/%s", ssl, host, port, basedn);
diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c
index e6d9eee..71e1437 100644
--- a/admserv/cgi-src40/htmladmin.c
+++ b/admserv/cgi-src40/htmladmin.c
@@ -36,7 +36,6 @@
#include "libadmsslutil/admsslutil.h"
#include "libadmin/cluster.h"
#include "ldap.h"
-#include <ldap_ssl.h>
#include "prnetdb.h"
#include "plstr.h"
@@ -336,7 +335,11 @@ int sorted_search( char *sortattr, LDAP *ld, const char *base, int scope,
const char *filter, char **attrs, int attrsonly, LDAPMessage **res ) {
int rv;
+#if defined(USE_OPENLDAP)
+ LDAPSortKey **key;
+#else
LDAPsortkey **key;
+#endif
LDAPControl *control;
LDAPControl **controls;
@@ -403,8 +406,9 @@ char *get_admin_url(LDAP *server, char *sie) {
* Get the server host here.
*/
- if((ldapError = ldap_search_s(server, group, LDAP_SCOPE_SUBTREE,
- ADMIN_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, group, LDAP_SCOPE_SUBTREE,
+ ADMIN_OBJTYPE, NULL, 0,
+ NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS)
return NULL;
entry = ldap_first_entry(server, result);
@@ -412,9 +416,9 @@ char *get_admin_url(LDAP *server, char *sie) {
return NULL;
}
- if((vals = ldap_get_values(server, entry, ADMIN_HOST)) != NULL) {
+ if((vals = util_ldap_get_values(server, entry, ADMIN_HOST)) != NULL) {
host = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
@@ -428,8 +432,9 @@ char *get_admin_url(LDAP *server, char *sie) {
* Get the ISIE entry
*/
- if((ldapError = ldap_search_s(server, isie, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &result)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, isie, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS)
return NULL;
entry = ldap_first_entry(server, result);
@@ -441,8 +446,9 @@ char *get_admin_url(LDAP *server, char *sie) {
* Now search the SIE's configuration object to get the port and the security status.
*/
- if((ldapError = ldap_search_s(server, ldap_get_dn(server, entry), LDAP_SCOPE_SUBTREE,
- ADMINCONF_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, ldap_get_dn(server, entry), LDAP_SCOPE_SUBTREE,
+ ADMINCONF_OBJTYPE, NULL, 0,
+ NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS)
return NULL;
entry = ldap_first_entry(server, result);
@@ -450,14 +456,14 @@ char *get_admin_url(LDAP *server, char *sie) {
return NULL;
}
- if((vals = ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) {
+ if((vals = util_ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) {
port = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, ADMINCONF_SECURITY)) != NULL) {
+ if((vals = util_ldap_get_values(server, entry, ADMINCONF_SECURITY)) != NULL) {
security = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
/* Construct URL. */
@@ -487,15 +493,15 @@ int get_host_and_port(LDAP *server, char *sie, LDAPMessage *sie_entry, char **ho
*host=NULL;
*port=NULL;
- if((vals = ldap_get_values(server, sie_entry, ADMIN_HOST)) != NULL) {
+ if((vals = util_ldap_get_values(server, sie_entry, ADMIN_HOST)) != NULL) {
*host = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, sie_entry, ADMINCONF_PORT)) != NULL) {
+ if((vals = util_ldap_get_values(server, sie_entry, ADMINCONF_PORT)) != NULL) {
*port = (int *)malloc(sizeof(int));
(*port)[0] = atoi(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
if(*host && *port)
@@ -504,21 +510,22 @@ int get_host_and_port(LDAP *server, char *sie, LDAPMessage *sie_entry, char **ho
PR_snprintf(sie_conf, BIG_LINE, "cn=configuration, %s",
sie);
- if((ldapError = ldap_search_s(server, sie_conf, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &result)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, sie_conf, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS)
return 0;
entry = ldap_first_entry(server, result);
- if((vals = ldap_get_values(server, entry, ADMIN_HOST)) != NULL) {
+ if((vals = util_ldap_get_values(server, entry, ADMIN_HOST)) != NULL) {
*host = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) {
+ if((vals = util_ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) {
*port = (int *)malloc(sizeof(int));
(*port)[0] = atoi(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
if(*host && *port)
@@ -622,8 +629,9 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) {
}
PR_snprintf(filter, BIG_LINE, "(&(objectclass=nscustomview))");
- ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE,
- filter, NULL, 0, &result);
+ ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE,
+ filter, NULL, 0,
+ NULL, NULL, NULL, -1, &result);
if(ldapError != LDAP_SUCCESS)
/* fatal error, bail */
@@ -634,7 +642,7 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) {
entry != NULL;
entry = ldap_next_entry(server, entry)) {
- vals = ldap_get_values(server, entry, "nsdisplayname");
+ vals = util_ldap_get_values(server, entry, "nsdisplayname");
if(!vals || !vals[0])
break;
@@ -655,8 +663,9 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) {
/* Next, search public views */
PR_snprintf(dn, BIG_LINE, "ou=Global Preferences, %s", ptr3);
- ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE,
- filter, NULL, 0, &result);
+ ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE,
+ filter, NULL, 0,
+ NULL, NULL, NULL, -1, &result);
if((ldapError != LDAP_SUCCESS) && (ldapError != LDAP_NO_SUCH_OBJECT))
/* fatal error, bail */
return NULL;
@@ -665,7 +674,7 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) {
entry != NULL;
entry = ldap_next_entry(server, entry)) {
- vals = ldap_get_values(server, entry, "nsdisplayname");
+ vals = util_ldap_get_values(server, entry, "nsdisplayname");
if(!vals || !vals[0])
break;
@@ -722,26 +731,28 @@ char **get_view_list(LDAP *server, char *view, char *binddn, AdmldapInfo ldapInf
contain values like = () etc. */
escape_filter_value(filter, -1, escaped_filter);
- ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE,
- escaped_filter, NULL, 0, &result);
+ ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE,
+ escaped_filter, NULL, 0,
+ NULL, NULL, NULL, -1, &result);
if(ldapError != LDAP_SUCCESS)
/* fatal error, bail */
return NULL;
- vals = ldap_get_values(server, result, "nsviewconfiguration");
+ vals = util_ldap_get_values(server, result, "nsviewconfiguration");
if(!vals || !strcmp(vals[0], "<none>")) {
/* not in the private views, maybe in the public views? */
PR_snprintf(dn, sizeof(dn), "ou=Global Preferences, %s", ptr3);
- ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE,
- escaped_filter, NULL, 0, &result);
+ ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE,
+ escaped_filter, NULL, 0,
+ NULL, NULL, NULL, -1, &result);
if(ldapError != LDAP_SUCCESS)
/* fatal error, bail */
return NULL;
- vals = ldap_get_values(server, result, "nsviewconfiguration");
+ vals = util_ldap_get_values(server, result, "nsviewconfiguration");
if(!vals || !strcmp(vals[0], "<none>"))
return NULL;
}
@@ -766,28 +777,18 @@ char **get_view_list(LDAP *server, char *view, char *binddn, AdmldapInfo ldapInf
}
-LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw) {
+LDAP *server_bind(const char *securitydir, char *host, int port, int security, char *binddn, char *bindpw) {
- int ver = LDAP_VERSION3;
- int rv;
int ldapError;
LDAP *server;
- if(security) {
- if(!(server = ldapssl_init(host, port, 1)))
- return NULL;
- }
- else {
- if(!(server = ldap_init(host, port)))
+
+ if(!(server = util_ldap_init(securitydir, NULL, host, port, security, 0, NULL))) {
return NULL;
}
- rv = ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver);
- if(rv != LDAP_SUCCESS)
- return NULL;
-
- if ((ldapError = ldap_simple_bind_s(server, binddn, bindpw))
+ if ((ldapError = util_ldap_bind(server, binddn, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL))
!= LDAP_SUCCESS ) {
switch (ldapError) {
case LDAP_INAPPROPRIATE_AUTH:
@@ -795,16 +796,21 @@ LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw
case LDAP_INSUFFICIENT_ACCESS:
/* authenticate failed: Should not continue */
#ifdef LDAP_DEBUG
- ldap_perror( ld, "ldap_simple_bind_s" );
+ util_ldap_perror( ld, "util_ldap_bind:" );
#endif
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
case LDAP_NO_SUCH_OBJECT:
case LDAP_ALIAS_PROBLEM:
case LDAP_INVALID_DN_SYNTAX:
+#ifdef LDAP_DEBUG
+ util_ldap_perror( ld, "util_ldap_bind:" );
+#endif
/* Not a good DN */
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
default:
- ldap_unbind(server);
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
}
}
@@ -897,6 +903,7 @@ int output_topology(AdmldapInfo ldapInfo,
char *host = admldapGetHost(ldapInfo);
int port = admldapGetPort(ldapInfo);
int security = admldapGetSecurity(ldapInfo);
+ char *securitydir = admldapGetSecurityDir(ldapInfo);
LDAP *server;
int ldapError;
@@ -913,7 +920,9 @@ int output_topology(AdmldapInfo ldapInfo,
int first_servergroup;
int legacy;
- server = server_bind(host, port, security, binddn, bindpw);
+ server = server_bind(securitydir, host, port, security, binddn, bindpw);
+ PL_strfree(securitydir);
+ securitydir = NULL;
if(!server)
return -1;
@@ -942,11 +951,11 @@ int output_topology(AdmldapInfo ldapInfo,
continue;
- if((vals = ldap_get_values(server, domain_entry, DOMAIN_ATTR)) != NULL) {
+ if((vals = util_ldap_get_values(server, domain_entry, DOMAIN_ATTR)) != NULL) {
fprintf(stdout,
(const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_DOMAIN_IMAGE),
vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
else
return -1;
@@ -965,11 +974,11 @@ int output_topology(AdmldapInfo ldapInfo,
continue;
- if((vals = ldap_get_values(server, host_entry, HOST_ATTR)) != NULL) {
+ if((vals = util_ldap_get_values(server, host_entry, HOST_ATTR)) != NULL) {
fprintf(stdout,
(const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_HOST_IMAGE),
vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
else
return -1;
@@ -989,7 +998,7 @@ int output_topology(AdmldapInfo ldapInfo,
continue;
legacy = 0;
- if((vals = ldap_get_values(server, servergroup_entry, "objectclass")) != NULL) {
+ if((vals = util_ldap_get_values(server, servergroup_entry, "objectclass")) != NULL) {
int count=0;
while(vals[count]) {
if(!strcasecmp(vals[count], "nslegacyadmingroup")) {
@@ -998,10 +1007,10 @@ int output_topology(AdmldapInfo ldapInfo,
}
count++;
}
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, servergroup_entry, SERVERGROUP_ATTR)) != NULL) {
+ if((vals = util_ldap_get_values(server, servergroup_entry, SERVERGROUP_ATTR)) != NULL) {
if(first_servergroup) {
first_servergroup = 0;
}
@@ -1010,7 +1019,7 @@ int output_topology(AdmldapInfo ldapInfo,
fprintf(stdout,
(const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_SERVER_GROUP_IMAGE),
vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
else
return -1;
@@ -1028,7 +1037,7 @@ int output_topology(AdmldapInfo ldapInfo,
if(!within_view(view_list, ldap_get_dn(server, isie_entry)))
continue;
- if((vals = ldap_get_values(server, isie_entry, ISIE_PRODNAME_ATTR)) != NULL) {
+ if((vals = util_ldap_get_values(server, isie_entry, ISIE_PRODNAME_ATTR)) != NULL) {
char *img;
char *version;
@@ -1050,7 +1059,7 @@ int output_topology(AdmldapInfo ldapInfo,
img = strdup("oldservic.gif");
}
- if((vals2 = ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR))) {
+ if((vals2 = util_ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR))) {
version = (char *)malloc(4+strlen(vals2[0]));
sprintf(version, " %s", vals2[0]);
}
@@ -1066,8 +1075,8 @@ int output_topology(AdmldapInfo ldapInfo,
version);
free(img);
free(version);
- ldap_value_free(vals);
- ldap_value_free(vals2);
+ util_ldap_value_free(vals);
+ util_ldap_value_free(vals2);
}
else
return -1;
@@ -1088,7 +1097,7 @@ int output_topology(AdmldapInfo ldapInfo,
if(view)
PR_snprintf(viewparam, sizeof(viewparam), "&view=%s", view);
- if((vals = ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) != NULL) {
+ if((vals = util_ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) != NULL) {
char *admin_url;
char *server_host;
@@ -1101,7 +1110,7 @@ int output_topology(AdmldapInfo ldapInfo,
if(legacy) {
/* show server id, link to 3.x Admin Server page and move on */
- if((vals2 = ldap_get_values(server, sie_entry, ADMIN_LEGACY_URL)) != NULL) {
+ if((vals2 = util_ldap_get_values(server, sie_entry, ADMIN_LEGACY_URL)) != NULL) {
fprintf(stdout,
(const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_LEGACY_SERVER_ID),
@@ -1109,9 +1118,9 @@ int output_topology(AdmldapInfo ldapInfo,
vals2[0]
);
- ldap_value_free(vals2);
+ util_ldap_value_free(vals2);
}
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
continue;
}
@@ -1323,7 +1332,7 @@ int output_topology(AdmldapInfo ldapInfo,
fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER));
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
else
return -1;
@@ -1650,17 +1659,19 @@ int main(int argc, char *argv[])
char **selections = NULL;
int i;
int found;
+ char *securitydir;
ldapInfo = get_adm_ldapinfo(configdir, secdir);
if(!get_bindinfo(&binddn, &bindpw))
exit(0);
- server = server_bind(admldapGetHost(ldapInfo),
+ securitydir = admldapGetSecurityDir(ldapInfo);
+ server = server_bind(securitydir, admldapGetHost(ldapInfo),
admldapGetPort(ldapInfo),
admldapGetSecurity(ldapInfo),
binddn,
bindpw);
-
+ PL_strfree(securitydir);
if(server)
selections = get_all_users_views(server, binddn, ldapInfo);
@@ -1718,6 +1729,7 @@ int main(int argc, char *argv[])
char **serverid;
char *sie;
int count, max_count;
+ char *securitydir;
if (object) {
sie = strdup(object);
@@ -1726,22 +1738,24 @@ int main(int argc, char *argv[])
goto output_topology;
}
- server = server_bind(admldapGetHost(ldapInfo),
+ securitydir = admldapGetSecurityDir(ldapInfo);
+ server = server_bind(securitydir, admldapGetHost(ldapInfo),
admldapGetPort(ldapInfo),
admldapGetSecurity(ldapInfo),
binddn,
bindpw);
-
+ PL_strfree(securitydir);
if(!server)
goto output_topology;
- if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE,
- SIE_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE,
+ SIE_OBJTYPE, NULL, 0,
+ NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS)
goto output_topology;
sie_entry = ldap_first_entry(server, result);
- if((serverid = ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) == NULL)
+ if((serverid = util_ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) == NULL)
goto output_topology;
if(!get_host_and_port(server, sie, sie_entry, &host, &ports))
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 14e3c53..c53f065 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -496,7 +496,7 @@ getSecurityDir(AdmldapInfo info, const char *sie)
}
psetDelete(pset);
- pset = psetRealCreateSSL(host, port, security, DSCONFIGENTRY,
+ pset = psetRealCreateSSL(info, host, port, security, DSCONFIGENTRY,
binddn, bindpw, NULL, &rval);
securitydir = psetGetAttrSingleValue(pset, DSSECURITYDIR, &rval);
PL_strfree(host);
diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c
index 81e706f..05a6c1d 100644
--- a/admserv/cgi-src40/viewdata.c
+++ b/admserv/cgi-src40/viewdata.c
@@ -41,7 +41,6 @@
#include "libadmsslutil/admsslutil.h"
#include "libadmin/libadmin.h"
#include "libadmin/cluster.h"
-#include <ldap_ssl.h>
#define MY_PAGE "viewdata.html"
@@ -155,28 +154,18 @@ int get_bindinfo(char **binddn, char **bindpw) {
}
-LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw) {
+LDAP *server_bind(const char *securitydir, char *host, int port, int security, char *binddn, char *bindpw) {
- int ver = LDAP_VERSION3;
- int rv;
int ldapError;
LDAP *server;
- if(security) {
- if(!(server = ldapssl_init(host, port, 1)))
- return NULL;
- }
- else {
- if(!(server = ldap_init(host, port)))
+
+ if(!(server = util_ldap_init(securitydir, NULL, host, port, security, 0, NULL))) {
return NULL;
}
- rv = ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver);
- if(rv != LDAP_SUCCESS)
- return NULL;
-
- if ((ldapError = ldap_simple_bind_s(server, binddn, bindpw))
+ if ((ldapError = util_ldap_bind(server, binddn, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL))
!= LDAP_SUCCESS ) {
switch (ldapError) {
case LDAP_INAPPROPRIATE_AUTH:
@@ -184,16 +173,21 @@ LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw
case LDAP_INSUFFICIENT_ACCESS:
/* authenticate failed: Should not continue */
#ifdef LDAP_DEBUG
- ldap_perror( ld, "ldap_simple_bind_s" );
+ util_ldap_perror( ld, "util_ldap_bind:" );
#endif
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
case LDAP_NO_SUCH_OBJECT:
case LDAP_ALIAS_PROBLEM:
case LDAP_INVALID_DN_SYNTAX:
+#ifdef LDAP_DEBUG
+ util_ldap_perror( ld, "util_ldap_bind:" );
+#endif
/* Not a good DN */
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
default:
- ldap_unbind(server);
+ ldap_unbind_ext(server, NULL, NULL);
return NULL;
}
}
@@ -250,20 +244,21 @@ int get_product_url(LDAP *server, char *sie, char **text, char **url) {
dn = PR_smprintf("%s, %s", base, domain);
- if((ldapError = ldap_search_s(server, dn, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) {
+ if((ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) {
PR_smprintf_free(dn);
return 1;
}
PR_smprintf_free(dn);
- if((vals = ldap_get_values(server, entry, "nshtmladminproducturl"))) {
+ if((vals = util_ldap_get_values(server, entry, "nshtmladminproducturl"))) {
*url = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nshtmladminproducttext"))) {
+ if((vals = util_ldap_get_values(server, entry, "nshtmladminproducttext"))) {
*text = strdup(vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
if(*url && *text)
@@ -283,64 +278,71 @@ void output_data(LDAP *server, char *sie) {
/* SIE has some data... */
- if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS)
return;
- if((vals = ldap_get_values(server, entry, "serverproductname"))) {
+ if((vals = util_ldap_get_values(server, entry, "serverproductname"))) {
fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PRODUCT_NAME), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "installationtimestamp"))) {
+ if((vals = util_ldap_get_values(server, entry, "installationtimestamp"))) {
struct tm tm;
char buf[BIG_LINE];
+ int rc;
/* only PARSE YYYYmmddHHMMSS */
- sscanf(vals[0], "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
- &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
-
- tm.tm_year -= 1900; /* the number of years since 1900 */
- tm.tm_mon -= 1; /* The number of month since January, in the range 0 to 11 */
+ rc = sscanf(vals[0], "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
+ &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
+
+ if (rc < 6) {
+ PR_snprintf(buf, sizeof(buf), "Error: date [%s] not in YYYYmmddHHMMSS format", vals[0]);
+ } else {
+ tm.tm_year -= 1900; /* the number of years since 1900 */
+ tm.tm_mon -= 1; /* The number of month since January, in the range 0 to 11 */
#ifdef LINUX
- strftime(buf, BIG_LINE, "%b %d, %Y %T %p", &tm);
- tzset();
- PR_snprintf(buf, sizeof(buf), "%s %s", buf, daylight ? tzname[1] : tzname[0]);
+ strftime(buf, BIG_LINE, "%b %d, %Y %T %p", &tm);
+ tzset();
+ PR_snprintf(buf, sizeof(buf), "%s %s", buf, daylight ? tzname[1] : tzname[0]);
#else
- strftime(buf, sizeof(buf), "%b %d, %Y %T %p %Z", &tm);
+ strftime(buf, sizeof(buf), "%b %d, %Y %T %p %Z", &tm);
#endif
+ }
-
+ util_ldap_value_free(vals);
+ vals = NULL;
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_DATE), buf);
- ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "serverroot"))) {
+ if((vals = util_ldap_get_values(server, entry, "serverroot"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_ROOT), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if(!(vals = ldap_get_values(server, entry, "nsserverport"))) {
+ if(!(vals = util_ldap_get_values(server, entry, "nsserverport"))) {
/* argh, port can be in the configuration object */
char *config_buf = PR_smprintf("cn=configuration, %s", sie);
-
- if((ldapError = ldap_search_s(server, config_buf, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) {
+
+ if((ldapError = ldap_search_ext_s(server, config_buf, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) {
PR_smprintf_free(config_buf);
return;
}
PR_smprintf_free(config_buf);
- vals = ldap_get_values(server, entry, "nsserverport");
+ vals = util_ldap_get_values(server, entry, "nsserverport");
}
if(vals) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PORT), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
/* ... and ISIE has the rest. */
@@ -350,43 +352,44 @@ void output_data(LDAP *server, char *sie) {
while(*isie == ' ')
isie++; /* eliminate spaces */
- if((ldapError = ldap_search_s(server, isie, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, isie, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0,
+ NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS)
return;
- if((vals = ldap_get_values(server, entry, "nsproductname"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsproductname"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_NAME), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nsvendor"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsvendor"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_VENDOR), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nsproductversion"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsproductversion"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_VERSION), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nsbuildnumber"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsbuildnumber"))) {
fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_NUMBER), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nsbuildsecurity"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsbuildsecurity"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_SECURITY), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "nsrevisionnumber"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsrevisionnumber"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_REVISION_NUMBER), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
- if((vals = ldap_get_values(server, entry, "description"))) {
+ if((vals = util_ldap_get_values(server, entry, "description"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_DESCRIPTION), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
}
@@ -405,6 +408,7 @@ int main(int argc, char *argv[])
int ldapError;
const char *configdir = util_get_conf_dir();
const char *secdir = util_get_security_dir();
+ char *securitydir = NULL;
AdmldapInfo ldapInfo = get_adm_ldapinfo(configdir, secdir);
@@ -413,7 +417,9 @@ int main(int argc, char *argv[])
if(!get_bindinfo(&binddn, &bindpw))
exit(0);
- server = server_bind(admldapGetHost(ldapInfo),
+ securitydir = admldapGetSecurityDir(ldapInfo);
+ server = server_bind(securitydir,
+ admldapGetHost(ldapInfo),
admldapGetPort(ldapInfo),
admldapGetSecurity(ldapInfo),
binddn,
@@ -421,6 +427,13 @@ int main(int argc, char *argv[])
fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n");
+ if (!server) {
+ char buf[BUFSIZ];
+ PR_snprintf(buf, sizeof(buf), "Error: could not open connection to [%s:%d]\n",
+ admldapGetHost(ldapInfo), admldapGetPort(ldapInfo));
+ rpt_err(NETWORK_ERROR, buf, NULL, NULL);
+ }
+
if(qs) {
get_begin(qs);
sie=get_cgi_var("sie", NULL, NULL);
@@ -439,13 +452,14 @@ int main(int argc, char *argv[])
}
else if(directive_is(line, "ID_TITLE")) {
char **vals;
- if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS)
+ if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE,
+ "(objectclass=*)", NULL, 0, NULL,
+ NULL, NULL, -1, &entry)) != LDAP_SUCCESS)
continue;
- if((vals = ldap_get_values(server, entry, "nsserverid"))) {
+ if((vals = util_ldap_get_values(server, entry, "nsserverid"))) {
fprintf(stdout, (const char*)getResourceString(DBT_MAIN_SERVER_ID), vals[0]);
- ldap_value_free(vals);
+ util_ldap_value_free(vals);
}
}
else if(directive_is(line, "SHOW_URL")) {
diff --git a/admserv/cgi-src40/viewlog.c b/admserv/cgi-src40/viewlog.c
index caf76dc..6ec93f2 100644
--- a/admserv/cgi-src40/viewlog.c
+++ b/admserv/cgi-src40/viewlog.c
@@ -255,14 +255,33 @@ getLogDir(AdmldapInfo info, const char *id)
}
psetDelete(pset);
- pset = psetRealCreateSSL(host, port, security, DSCONFIGENTRY,
+ pset = psetRealCreateSSL(info, host, port, security, DSCONFIGENTRY,
binddn, bindpw, NULL, &rval);
+ if (!pset) {
+#ifdef LDAP_DEBUG
+ char buf[BUFSIZ];
+ fprintf(stderr, "Error: could not open pset to [%s:%d] dn (%s) as (%s): %d (%s)\n",
+ host, port, DSCONFIGENTRY, binddn, rval,
+ psetErrorString(rval, acceptLanguage, buf, sizeof(buf), NULL));
+#endif
+ goto done;
+ }
logdir = psetGetAttrSingleValue(pset, DSERRORLOGDIR, &rval);
+ if (!logdir) {
+#ifdef LDAP_DEBUG
+ char buf[BUFSIZ];
+ fprintf(stderr, "Error: could not read logdir from [%s:%d] dn (%s) as (%s): %d (%s)\n",
+ host, port, DSCONFIGENTRY, binddn, rval,
+ psetErrorString(rval, acceptLanguage, buf, sizeof(buf), NULL));
+#endif
+ goto done;
+ }
p = strstr(logdir, "/errors");
if (p) {
*p = '\0';
}
+done:
PL_strfree(host);
PL_strfree(sport);
PL_strfree(ssecport);
diff --git a/config.h.in b/config.h.in
index 9c47173..3ca04f2 100644
--- a/config.h.in
+++ b/config.h.in
@@ -71,6 +71,12 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* have the function ldap_url_parse_ext */
+#undef HAVE_LDAP_URL_PARSE_EXT
+
+/* have the function ldap_url_parse_no_defaults */
+#undef HAVE_LDAP_URL_PARSE_NO_DEFAULTS
+
/* Define to 1 if you have the `localtime_r' function. */
#undef HAVE_LOCALTIME_R
@@ -311,6 +317,12 @@
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
+/* If defined, using MozLDAP for LDAP SDK */
+#undef USE_MOZLDAP
+
+/* If defined, using OpenLDAP for LDAP SDK */
+#undef USE_OPENLDAP
+
/* package version */
#undef VERSION
diff --git a/configure b/configure
index 2582ca3..b682415 100755
--- a/configure
+++ b/configure
@@ -466,7 +466,7 @@ ac_includes_default="\
#endif"
ac_default_prefix=/opt/dirsrv
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP
CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir updatedir brand capbrand vendor vendorurl WINNT_TRUE
WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP
CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir
updatedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -1077,9 +1077,16 @@ Optional Packages:
--with-sasl=PATH Use sasl from supplied path
--with-sasl-inc=PATH SASL include file directory
--with-sasl-lib=PATH SASL library directory
- --with-ldapsdk=PATH Mozilla LDAP SDK directory
- --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory
- --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory
+ --with-openldap[=PATH]
+ Use OpenLDAP - optional PATH is path to OpenLDAP SDK
+ --with-openldap-inc=PATH
+ OpenLDAP SDK include directory
+ --with-openldap-lib=PATH
+ OpenLDAP SDK library directory
+ --with-ldapsdk[=PATH]
+ Mozilla LDAP SDK directory
+ --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory
+ --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory
--with-icu=PATH ICU directory
--with-icu-inc=PATH ICU include directory
--with-icu-lib=PATH ICU library directory
@@ -4358,7 +4365,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 4361 "configure"' > conftest.$ac_ext
+ echo '#line 4368 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -5493,7 +5500,7 @@ fi
# Provide some information about the compiler.
-echo "$as_me:5496:" \
+echo "$as_me:5503:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
@@ -6556,11 +6563,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6559: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6566: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6563: \$? = $ac_status" >&5
+ echo "$as_me:6570: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -6824,11 +6831,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6827: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6834: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6831: \$? = $ac_status" >&5
+ echo "$as_me:6838: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -6928,11 +6935,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6931: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6938: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:6935: \$? = $ac_status" >&5
+ echo "$as_me:6942: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -8397,7 +8404,7 @@ linux*)
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 8400 "configure"' > conftest.$ac_ext
+ echo '#line 8407 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -9294,7 +9301,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9297 "configure"
+#line 9304 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -9394,7 +9401,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9397 "configure"
+#line 9404 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11737,11 +11744,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11740: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11747: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11744: \$? = $ac_status" >&5
+ echo "$as_me:11751: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -11841,11 +11848,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11844: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11851: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11848: \$? = $ac_status" >&5
+ echo "$as_me:11855: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -12377,7 +12384,7 @@ linux*)
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 12380 "configure"' > conftest.$ac_ext
+ echo '#line 12387 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -13435,11 +13442,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13438: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13445: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13442: \$? = $ac_status" >&5
+ echo "$as_me:13449: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -13539,11 +13546,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13542: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13549: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13546: \$? = $ac_status" >&5
+ echo "$as_me:13553: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -14988,7 +14995,7 @@ linux*)
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 14991 "configure"' > conftest.$ac_ext
+ echo '#line 14998 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -15766,11 +15773,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15769: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15776: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15773: \$? = $ac_status" >&5
+ echo "$as_me:15780: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -16034,11 +16041,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16037: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16044: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16041: \$? = $ac_status" >&5
+ echo "$as_me:16048: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -16138,11 +16145,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16141: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16148: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:16145: \$? = $ac_status" >&5
+ echo "$as_me:16152: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -17607,7 +17614,7 @@ linux*)
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 17610 "configure"' > conftest.$ac_ext
+ echo '#line 17617 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -24330,6 +24337,564 @@ echo "$as_me: error: sasl not found, specify with --with-sasl." >&2;}
fi
# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
+
+{ echo "$as_me:$LINENO: checking for OpenLDAP..." >&5
+echo "$as_me: checking for OpenLDAP..." >&6;}
+
+# check for --with-openldap
+echo "$as_me:$LINENO: checking for --with-openldap" >&5
+echo $ECHO_N "checking for --with-openldap... $ECHO_C" >&6
+
+# Check whether --with-openldap or --without-openldap was given.
+if test "${with_openldap+set}" = set; then
+ withval="$with_openldap"
+
+ if test "$withval" = yes
+ then
+ echo "$as_me:$LINENO: result: using system OpenLDAP" >&5
+echo "${ECHO_T}using system OpenLDAP" >&6
+ elif test "$withval" = no
+ then
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+ then
+ echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+ OPENLDAPDIR=$withval
+ openldap_incdir="$OPENLDAPDIR/include"
+ openldap_inc="-I$openldap_incdir"
+ openldap_lib="-L$OPENLDAPDIR/lib"
+ openldap_libdir="$OPENLDAPDIR/lib"
+ with_openldap=yes
+ else
+ echo
+ { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-openldap-inc
+echo "$as_me:$LINENO: checking for --with-openldap-inc" >&5
+echo $ECHO_N "checking for --with-openldap-inc... $ECHO_C" >&6
+
+# Check whether --with-openldap-inc or --without-openldap-inc was given.
+if test "${with_openldap_inc+set}" = set; then
+ withval="$with_openldap_inc"
+
+ if test -e "$withval"/ldap.h
+ then
+ echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+ openldap_incdir="$withval"
+ openldap_inc="-I$withval"
+ with_openldap=yes
+ else
+ echo
+ { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-openldap-lib
+echo "$as_me:$LINENO: checking for --with-openldap-lib" >&5
+echo $ECHO_N "checking for --with-openldap-lib... $ECHO_C" >&6
+
+# Check whether --with-openldap-lib or --without-openldap-lib was given.
+if test "${with_openldap_lib+set}" = set; then
+ withval="$with_openldap_lib"
+
+ if test -d "$withval"
+ then
+ echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+ openldap_lib="-L$withval"
+ openldap_libdir="$withval"
+ with_openldap=yes
+ else
+ echo
+ { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# if OPENLDAP is not found yet, try pkg-config
+
+if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths
+ if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir"; then
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+
+if test -n "$PKG_CONFIG"; then
+ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+ echo "$as_me:$LINENO: checking for OpenLDAP with pkg-config" >&5
+echo $ECHO_N "checking for OpenLDAP with pkg-config... $ECHO_C" >&6
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then
+ openldap_inc=`$PKG_CONFIG --cflags-only-I openldap`
+ openldap_lib=`$PKG_CONFIG --libs-only-L openldap`
+ openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//`
+ openldap_incdir=`$PKG_CONFIG --variable=includedir openldap`
+ echo "$as_me:$LINENO: result: using system OpenLDAP from pkg-config" >&5
+echo "${ECHO_T}using system OpenLDAP from pkg-config" >&6
+ else
+ openldap_incdir="/usr/include"
+ openldap_inc="-I$openldap_incdir"
+ echo "$as_me:$LINENO: result: no OpenLDAP pkg-config files" >&5
+echo "${ECHO_T}no OpenLDAP pkg-config files" >&6
+ fi
+ fi
+fi
+
+
+if test "$with_openldap" = yes ; then
+ save_cppflags="$CPPFLAGS"
+ CPPFLAGS="$openldap_inc $nss_inc $nspr_inc"
+ if test "${ac_cv_header_ldap_features_h+set}" = set; then
+ echo "$as_me:$LINENO: checking for ldap_features.h" >&5
+echo $ECHO_N "checking for ldap_features.h... $ECHO_C" >&6
+if test "${ac_cv_header_ldap_features_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_ldap_features_h" >&5
+echo "${ECHO_T}$ac_cv_header_ldap_features_h" >&6
+else
+ # Is the header compilable?
+echo "$as_me:$LINENO: checking ldap_features.h usability" >&5
+echo $ECHO_N "checking ldap_features.h usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <ldap_features.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking ldap_features.h presence" >&5
+echo $ECHO_N "checking ldap_features.h presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ldap_features.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null; then
+ if test -s conftest.err; then
+ ac_cpp_err=$ac_c_preproc_warn_flag
+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+ else
+ ac_cpp_err=
+ fi
+else
+ ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: ldap_features.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: ldap_features.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: ldap_features.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: ldap_features.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: ldap_features.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: ldap_features.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: ldap_features.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ldap_features.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: ldap_features.h: in the future, the compiler will take precedence" >&2;}
+ (
+ cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+ ) |
+ sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+echo "$as_me:$LINENO: checking for ldap_features.h" >&5
+echo $ECHO_N "checking for ldap_features.h... $ECHO_C" >&6
+if test "${ac_cv_header_ldap_features_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_ldap_features_h=$ac_header_preproc
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_ldap_features_h" >&5
+echo "${ECHO_T}$ac_cv_header_ldap_features_h" >&6
+
+fi
+if test $ac_cv_header_ldap_features_h = yes; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: specified with-openldap but ldap_features.h not found" >&5
+echo "$as_me: error: specified with-openldap but ldap_features.h not found" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+ ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ ol_libver="-${ol_ver_maj}.${ol_ver_min}"
+ save_ldflags="$LDFLAGS"
+ LDFLAGS="$openldap_lib $LDFLAGS"
+ as_ac_Lib=`echo "ac_cv_lib_ldap$ol_libver''_ldap_initialize" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for ldap_initialize in -lldap$ol_libver" >&5
+echo $ECHO_N "checking for ldap_initialize in -lldap$ol_libver... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Lib+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap$ol_libver $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ldap_initialize ();
+int
+main ()
+{
+ldap_initialize ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Lib=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Lib=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6
+if test `eval echo '${'$as_ac_Lib'}'` = yes; then
+ have_ldap_lib=1
+fi
+
+ if test -z "$have_ldap_lib" ; then
+ echo "$as_me:$LINENO: checking for ldap_initialize in -lldap" >&5
+echo $ECHO_N "checking for ldap_initialize in -lldap... $ECHO_C" >&6
+if test "${ac_cv_lib_ldap_ldap_initialize+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ldap_initialize ();
+int
+main ()
+{
+ldap_initialize ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_ldap_ldap_initialize=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_ldap_ldap_initialize=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_ldap_initialize" >&5
+echo "${ECHO_T}$ac_cv_lib_ldap_ldap_initialize" >&6
+if test $ac_cv_lib_ldap_ldap_initialize = yes; then
+ unset ol_libver
+else
+ { { echo "$as_me:$LINENO: error: specified with-openldap but libldap not found" >&5
+echo "$as_me: error: specified with-openldap but libldap not found" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ fi
+ as_ac_Lib=`echo "ac_cv_lib_ldap$ol_libver''_ldap_url_parse_ext" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for ldap_url_parse_ext in -lldap$ol_libver" >&5
+echo $ECHO_N "checking for ldap_url_parse_ext in -lldap$ol_libver... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Lib+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap$ol_libver $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ldap_url_parse_ext ();
+int
+main ()
+{
+ldap_url_parse_ext ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_Lib=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Lib=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6
+if test `eval echo '${'$as_ac_Lib'}'` = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LDAP_URL_PARSE_EXT 1
+_ACEOF
+
+fi
+
+ LDFLAGS="$save_ldflags"
+ CPPFLAGS="$save_cppflags"
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_OPENLDAP 1
+_ACEOF
+
+fi
+
+# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
#
@@ -24349,8 +24914,8 @@ fi
#
# END COPYRIGHT BLOCK
-{ echo "$as_me:$LINENO: checking for LDAPSDK..." >&5
-echo "$as_me: checking for LDAPSDK..." >&6;}
+{ echo "$as_me:$LINENO: checking for Mozilla LDAPSDK..." >&5
+echo "$as_me: checking for Mozilla LDAPSDK..." >&6;}
# check for --with-ldapsdk
echo "$as_me:$LINENO: checking for --with-ldapsdk" >&5
@@ -24360,7 +24925,15 @@ echo $ECHO_N "checking for --with-ldapsdk... $ECHO_C" >&6
if test "${with_ldapsdk+set}" = set; then
withval="$with_ldapsdk"
- if test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+ if test "$withval" = yes
+ then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ elif test "$withval" = no
+ then
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
then
echo "$as_me:$LINENO: result: using $withval" >&5
echo "${ECHO_T}using $withval" >&6
@@ -24368,7 +24941,7 @@ echo "${ECHO_T}using $withval" >&6
ldapsdk_inc="-I$LDAPSDKDIR/include"
ldapsdk_lib="-L$LDAPSDKDIR/lib"
ldapsdk_libdir="$LDAPSDKDIR/lib"
- ldapsdk_bindir="$LDAPSDKDIR/bin"
+ with_ldapsdk=yes
else
echo
{ { echo "$as_me:$LINENO: error: $withval not found" >&5
@@ -24376,9 +24949,31 @@ echo "$as_me: error: $withval not found" >&2;}
{ (exit 1); exit 1; }; }
fi
+ if test "$with_ldapsdk" = yes -a "$with_openldap" = yes
+ then
+ { { echo "$as_me:$LINENO: error: Cannot use both LDAPSDK and OpenLDAP." >&5
+echo "$as_me: error: Cannot use both LDAPSDK and OpenLDAP." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ if test "$with_ldapsdk" != yes -a "$with_openldap" != yes
+ then
+ { { echo "$as_me:$LINENO: error: Either LDAPSDK or OpenLDAP must be used." >&5
+echo "$as_me: error: Either LDAPSDK or OpenLDAP must be used." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
else
- echo "$as_me:$LINENO: result: no" >&5
+
+ if test "$with_openldap" = yes
+ then
+ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
+ else
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ with_ldapsdk=yes
+ fi
+
fi;
# check for --with-ldapsdk-inc
@@ -24394,6 +24989,7 @@ if test "${with_ldapsdk_inc+set}" = set; then
echo "$as_me:$LINENO: result: using $withval" >&5
echo "${ECHO_T}using $withval" >&6
ldapsdk_inc="-I$withval"
+ with_ldapsdk=yes
else
echo
{ { echo "$as_me:$LINENO: error: $withval not found" >&5
@@ -24420,6 +25016,7 @@ if test "${with_ldapsdk_lib+set}" = set; then
echo "${ECHO_T}using $withval" >&6
ldapsdk_lib="-L$withval"
ldapsdk_libdir="$withval"
+ with_ldapsdk=yes
else
echo
{ { echo "$as_me:$LINENO: error: $withval not found" >&5
@@ -24435,8 +25032,9 @@ fi;
# if LDAPSDK is not found yet, try pkg-config
# last resort
-if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then
- # Extract the first word of "pkg-config", so it can be a program name with args.
+if test "$with_ldapsdk" = yes ; then
+ if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir"; then
+ # Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
@@ -24475,42 +25073,37 @@ else
echo "${ECHO_T}no" >&6
fi
- echo "$as_me:$LINENO: checking for mozldap with pkg-config" >&5
+ echo "$as_me:$LINENO: checking for mozldap with pkg-config" >&5
echo $ECHO_N "checking for mozldap with pkg-config... $ECHO_C" >&6
- if test -n "$PKG_CONFIG"; then
- if $PKG_CONFIG --exists mozldap6; then
- mozldappkg=mozldap6
- elif $PKG_CONFIG --exists mozldap; then
- mozldappkg=mozldap
- else
- { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
+ if test -n "$PKG_CONFIG"; then
+ if $PKG_CONFIG --exists mozldap6; then
+ mozldappkg=mozldap6
+ elif $PKG_CONFIG --exists mozldap; then
+ mozldappkg=mozldap
+ else
+ { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;}
{ (exit 1); exit 1; }; }
- fi
- ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
- ldapsdk_libdir=`$PKG_CONFIG --variable=libdir $mozldappkg`
- ldapsdk_lib="-L$ldapsdk_libdir"
- ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg`
- echo "$as_me:$LINENO: result: using system $mozldappkg" >&5
+ fi
+ ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
+ ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg`
+ ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ .*$//`
+ echo "$as_me:$LINENO: result: using system $mozldappkg" >&5
echo "${ECHO_T}using system $mozldappkg" >&6
+ fi
fi
fi
-if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
- { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
+
+if test "$with_ldapsdk" = yes ; then
+ if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
+ { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;}
{ (exit 1); exit 1; }; }
-fi
-if test -z "$ldapsdk_bindir" ; then
- if -d $libdir/mozldap6 ; then
- ldapsdk_bindir=$libdir/mozldap6
- else
- ldapsdk_bindir=$libdir/mozldap
fi
-fi
-save_cppflags="$CPPFLAGS"
-CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
-echo "$as_me:$LINENO: checking for ldap.h" >&5
+ save_cppflags="$CPPFLAGS"
+ CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
+ echo "$as_me:$LINENO: checking for ldap.h" >&5
echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6
if test "${ac_cv_header_ldap_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -24569,12 +25162,23 @@ else
fi
-CPPFLAGS="$save_cppflags"
+ CPPFLAGS="$save_cppflags"
-if test -z "$isversion6" ; then
- { { echo "$as_me:$LINENO: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&5
+ if test -z "$isversion6" ; then
+ { { echo "$as_me:$LINENO: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&5
echo "$as_me: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&2;}
{ (exit 1); exit 1; }; }
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MOZLDAP 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LDAP_URL_PARSE_NO_DEFAULTS 1
+_ACEOF
+
fi
# BEGIN COPYRIGHT BLOCK
@@ -25275,6 +25879,10 @@ pidfile=$instancename.pid
+
+
+
+
# extra stuff for Apache modules
@@ -25319,6 +25927,16 @@ pidfile=$instancename.pid
+
+
+if test "$with_openldap" = "yes"; then
+ OPENLDAP_TRUE=
+ OPENLDAP_FALSE='#'
+else
+ OPENLDAP_TRUE='#'
+ OPENLDAP_FALSE=
+fi
+
# WINNT should be true if building on Windows system not using
# cygnus, mingw, or the like and using cmd.exe as the shell
@@ -25533,6 +26151,13 @@ echo "$as_me: error: conditional \"SELINUX\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
+if test -z "${OPENLDAP_TRUE}" && test -z "${OPENLDAP_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"OPENLDAP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"OPENLDAP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"WINNT\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
@@ -26191,6 +26816,10 @@ s,@sasl_libdir@,$sasl_libdir,;t t
s,@ldapsdk_inc@,$ldapsdk_inc,;t t
s,@ldapsdk_lib@,$ldapsdk_lib,;t t
s,@ldapsdk_libdir@,$ldapsdk_libdir,;t t
+s,@openldap_inc@,$openldap_inc,;t t
+s,@openldap_lib@,$openldap_lib,;t t
+s,@openldap_libdir@,$openldap_libdir,;t t
+s,@ol_libver@,$ol_libver,;t t
s,@adminutil_inc@,$adminutil_inc,;t t
s,@adminutil_lib@,$adminutil_lib,;t t
s,@adminutil_libdir@,$adminutil_libdir,;t t
@@ -26235,6 +26864,8 @@ s,@brand@,$brand,;t t
s,@capbrand@,$capbrand,;t t
s,@vendor@,$vendor,;t t
s,@vendorurl@,$vendorurl,;t t
+s,@OPENLDAP_TRUE@,$OPENLDAP_TRUE,;t t
+s,@OPENLDAP_FALSE@,$OPENLDAP_FALSE,;t t
s,@WINNT_TRUE@,$WINNT_TRUE,;t t
s,@WINNT_FALSE@,$WINNT_FALSE,;t t
s,@APACHE22_TRUE@,$APACHE22_TRUE,;t t
diff --git a/configure.ac b/configure.ac
index c64774d..5d19e81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -250,6 +250,7 @@ m4_include(m4/httpd.m4)
m4_include(m4/nspr.m4)
m4_include(m4/nss.m4)
m4_include(m4/sasl.m4)
+m4_include(m4/openldap.m4)
m4_include(m4/mozldap.m4)
m4_include(m4/icu.m4)
m4_include(m4/adminutil.m4)
@@ -374,6 +375,10 @@ AC_SUBST(sasl_libdir)
AC_SUBST(ldapsdk_inc)
AC_SUBST(ldapsdk_lib)
AC_SUBST(ldapsdk_libdir)
+AC_SUBST(openldap_inc)
+AC_SUBST(openldap_lib)
+AC_SUBST(openldap_libdir)
+AC_SUBST(ol_libver)
AC_SUBST(adminutil_inc)
AC_SUBST(adminutil_lib)
AC_SUBST(adminutil_libdir)
@@ -426,6 +431,7 @@ AC_SUBST(capbrand)
AC_SUBST(vendor)
AC_SUBST(vendorurl)
+AM_CONDITIONAL(OPENLDAP,test "$with_openldap" = "yes")
# WINNT should be true if building on Windows system not using
# cygnus, mingw, or the like and using cmd.exe as the shell
AM_CONDITIONAL([WINNT], false)
diff --git a/include/libadmin/libadmin.h b/include/libadmin/libadmin.h
index 3914fce..a29c2fe 100644
--- a/include/libadmin/libadmin.h
+++ b/include/libadmin/libadmin.h
@@ -581,6 +581,68 @@ util_verify_file_or_dir(const char *path, PRFileType, const char *child, size_t,
NSAPI_PUBLIC int
util_psetHasObjectClass(PsetHndl pset, const char *ocname);
+NSAPI_PUBLIC const char *
+util_urlparse_err2string(int err);
+
+/* there are various differences among url parsers - directory server
+ needs the ability to parse partial URLs - those with no dn - and
+ needs to be able to tell if it is a secure url (ldaps) or not */
+NSAPI_PUBLIC int
+util_ldap_url_parse(const char *url, LDAPURLDesc **ludpp, int require_dn, int *secure);
+
+NSAPI_PUBLIC int
+util_ldap_get_lderrno(LDAP *ld, char **m, char **s);
+
+/*
+ Perform LDAP init and return an LDAP* handle. If ldapurl is given,
+ that is used as the basis for the protocol, host, port, and whether
+ to use starttls (given on the end as ldap://..../?????starttlsOID
+ If hostname is given, LDAP or LDAPS is assumed, and this will override
+ the hostname from the ldapurl, if any. If port is > 0, this is the
+ port number to use. It will override the port in the ldapurl, if any.
+ If no port is given in port or ldapurl, the default will be used based
+ on the secure setting (389 for ldap, 636 for ldaps)
+ secure takes 1 of 2 values - 0 means regular ldap, 1 means ldaps
+ filename is the ldapi file name - if this is given, and no other options
+ are given, ldapi is assumed.
+ */
+LDAP *
+util_ldap_init(
+ const char *certdir, /* contains the key/cert dbs */
+ const char *ldapurl, /* full ldap url */
+ const char *hostname, /* can also use this to override
+ host in url */
+ int port, /* can also use this to override port in url */
+ int secure, /* 0 for ldap, 1 for ldaps */
+ int shared, /* if true, LDAP* will be shared among multiple threads */
+ const char *filename /* for ldapi */
+);
+
+/*
+ * Does the correct bind operation simple/sasl/cert depending
+ * on the arguments passed in.
+ */
+NSAPI_PUBLIC int
+util_ldap_bind(
+ LDAP *ld, /* ldap connection */
+ const char *bindid, /* usually a bind DN for simple bind */
+ const char *creds, /* usually a password for simple bind */
+ const char *mech, /* name of mechanism */
+ LDAPControl **serverctrls, /* additional controls to send */
+ LDAPControl ***returnedctrls, /* returned controls */
+ struct timeval *timeout, /* timeout */
+ int *msgidp /* pass in non-NULL for async handling */
+);
+
+NSAPI_PUBLIC void
+util_ldap_perror(LDAP *ld, const char *fmt, ...);
+
+NSAPI_PUBLIC char **
+util_ldap_get_values(LDAP *ld, LDAPMessage *entry, const char *attrtype);
+
+NSAPI_PUBLIC void
+util_ldap_value_free(char **vals);
+
NSPR_END_EXTERN_C
#endif /* libadmin_h */
diff --git a/include/libdsa/dsalib.h b/include/libdsa/dsalib.h
index 6596ae5..d6ffc80 100644
--- a/include/libdsa/dsalib.h
+++ b/include/libdsa/dsalib.h
@@ -30,6 +30,8 @@
#ifdef HPUX
#include <limits.h> /* for PATH_MAX */
#endif
+#include <lber.h>
+#include <ldif.h>
/* error types */
#define DS_FILE_ERROR 0
@@ -290,7 +292,11 @@ extern DS_EXPORT_SYMBOL void ds_set_run_dir(char *run_dir);
extern DS_EXPORT_SYMBOL char *ds_get_bak_dir();
extern DS_EXPORT_SYMBOL void ds_set_bak_dir(char *bak_dir);
extern DS_EXPORT_SYMBOL int ds_check_config(int type);
+#if defined(USE_OPENLDAP)
+extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(LDIFFP *conf);
+#else
extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(FILE *conf);
+#endif
extern DS_EXPORT_SYMBOL char *ds_get_var_name(int varnum);
extern DS_EXPORT_SYMBOL char *ds_get_value(char **ds_config, char *parm, int phase, int occurance);
extern DS_EXPORT_SYMBOL int ds_file_exists(char *filename);
diff --git a/lib/libadmin/dllglue.c b/lib/libadmin/dllglue.c
deleted file mode 100644
index 8b35ad5..0000000
--- a/lib/libadmin/dllglue.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; version 2
- * of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- * END COPYRIGHT BLOCK **/
-/*
- * dllglue.c: Glue routines for the admlib.so shared object. These are
- * necessary because on many system no garbage collection is performed for
- * shared objects.
- *
- * Rob McCool
- */
-
-
-#ifdef XP_UNIX
-
-#include "base/systems.h"
-
-#define FUNC(name) void name (void) {}
-
-FUNC(DS_Alloc)
-FUNC(DS_Free)
-FUNC(DS_Zfree)
-FUNC(MD5_HashBuf)
-#ifdef THREAD_NSPR_KERNEL
-FUNC(PR_GetSelectFD)
-#endif
-FUNC(RC4_MakeKey)
-FUNC(SEC_CertTimesValid)
-FUNC(SEC_CheckPassword)
-FUNC(SEC_CloseKeyDB)
-FUNC(SEC_DestroyPrivateKey)
-FUNC(SEC_FileForRNG)
-FUNC(SEC_FindCertByNickname)
-FUNC(SEC_FindKeyByName)
-FUNC(SEC_GetPassword)
-FUNC(SEC_Init)
-FUNC(SEC_NameToAscii)
-FUNC(SEC_OpenCertDB)
-FUNC(SEC_OpenKeyDB)
-FUNC(SEC_UTCTimeToAscii)
-FUNC(SSL_Accept)
-FUNC(SSL_AcceptHook)
-FUNC(SSL_Bind)
-FUNC(SSL_Close)
-FUNC(SSL_ConfigSecureServer)
-FUNC(SSL_ConfigServerSessionIDCache)
-FUNC(SSL_Enable)
-FUNC(SSL_EnableCipher)
-FUNC(SSL_GetPeerName)
-FUNC(SSL_GetSockOpt)
-FUNC(SSL_Import)
-FUNC(SSL_IsDomestic)
-FUNC(SSL_Listen)
-FUNC(SSL_Read)
-FUNC(SSL_SecurityCapabilities)
-FUNC(SSL_SecurityStatus)
-FUNC(SSL_SetSockOpt)
-FUNC(SSL_Socket)
-FUNC(SSL_Write)
-
-#endif
diff --git a/lib/libadmin/util.c b/lib/libadmin/util.c
index 52cd726..1a0bfea 100644
--- a/lib/libadmin/util.c
+++ b/lib/libadmin/util.c
@@ -28,6 +28,8 @@
#include "base/util.h"
#include "private/pprio.h"
#include "prprf.h"
+#include "prlog.h"
+#include "prerror.h"
#ifdef XP_UNIX
#include <dirent.h>
@@ -1433,3 +1435,733 @@ util_psetHasObjectClass(PsetHndl pset, const char *ocname)
return rval;
}
+#if defined(USE_OPENLDAP)
+/* mozldap ldap_init and ldap_url_parse accept a hostname in the form
+ host1[:port1]SPACEhost2[:port2]SPACEhostN[:portN]
+ where SPACE is a single space (0x20) character
+ for openldap, we have to convert this to a string like this:
+ PROTO://host1[:port1]/SPACEPROTO://host2[:port2]/SPACEPROTO://hostN[:portN]/
+ where PROTO is ldap or ldaps or ldapi
+ if proto is NULL, assume hostname_or_uri is really a valid ldap uri
+*/
+static char *
+convert_to_openldap_uri(const char *hostname_or_uri, int port, const char *proto)
+{
+ char *retstr = NULL;
+ char *my_copy = NULL;
+ char *start = NULL;
+ char *iter = NULL;
+ char *s = NULL;
+ const char *brkstr = " ";
+
+ if (!hostname_or_uri) {
+ return NULL;
+ }
+
+ my_copy = PL_strdup(hostname_or_uri);
+ /* see if hostname_or_uri is an ldap uri */
+ if (!proto && !PL_strncasecmp(my_copy, "ldap", 4)) {
+ start = my_copy + 4;
+ if ((*start == 's') || (*start == 'i')) {
+ start++;
+ }
+ if (!PL_strncmp(start, "://", 3)) {
+ *start = '\0';
+ proto = my_copy;
+ start += 3;
+ } else {
+#ifdef DEBUG
+ fprintf(stderr, "convert_to_openldap_uri: The given LDAP URI [%s] is not valid\n", hostname_or_uri);
+#endif
+ goto end;
+ }
+ } else if (!proto) {
+#ifdef DEBUG
+ fprintf(stderr, "convert_to_openldap_uri: The given LDAP URI [%s] is not valid\n", hostname_or_uri);
+#endif
+ goto end;
+ } else {
+ start = my_copy; /* just assume it's not a uri */
+ }
+
+ for (s = strtok_r(my_copy, brkstr, &iter); s != NULL;
+ s = strtok_r(NULL, brkstr, &iter)) {
+ char *ptr;
+ int last = 0;
+ /* strtok will grab the '/' at the end of the uri, if any,
+ so terminate parsing there */
+ if ((ptr = strchr(s, '/'))) {
+ *ptr = '\0';
+ last = 1;
+ }
+ if (retstr) {
+ retstr = PR_sprintf_append(retstr, "/ %s://%s", proto, s);
+ } else {
+ retstr = PR_smprintf("%s://%s", proto, s);
+ }
+ if (last) {
+ break;
+ }
+ }
+
+ /* add the port on the last one */
+ retstr = PR_sprintf_append(retstr, ":%d/", port);
+end:
+ PL_strfree(my_copy);
+ return retstr;
+}
+#endif /* USE_OPENLDAP */
+
+const char *
+util_urlparse_err2string(int err)
+{
+ const char *s="internal error";
+
+ switch( err ) {
+ case 0:
+ s = "no error";
+ break;
+ case LDAP_URL_ERR_BADSCOPE:
+ s = "invalid search scope";
+ break;
+ case LDAP_URL_ERR_MEM:
+ s = "unable to allocate memory";
+ break;
+ case LDAP_URL_ERR_PARAM:
+ s = "bad parameter to an LDAP URL function";
+ break;
+#if defined(USE_OPENLDAP)
+ case LDAP_URL_ERR_BADSCHEME:
+ s = "does not begin with ldap://, ldaps://, or ldapi://";
+ break;
+ case LDAP_URL_ERR_BADENCLOSURE:
+ s = "missing trailing '>' in enclosure";
+ break;
+ case LDAP_URL_ERR_BADURL:
+ s = "not a valid LDAP URL";
+ break;
+ case LDAP_URL_ERR_BADHOST:
+ s = "hostname part of url is not valid or not given";
+ break;
+ case LDAP_URL_ERR_BADATTRS:
+ s = "attribute list not formatted correctly or missing";
+ break;
+ case LDAP_URL_ERR_BADFILTER:
+ s = "search filter not correct";
+ break;
+ case LDAP_URL_ERR_BADEXTS:
+ s = "extensions not specified correctly";
+ break;
+#else /* !USE_OPENLDAP */
+ case LDAP_URL_ERR_NOTLDAP:
+ s = "missing ldap:// or ldaps:// or ldapi://";
+ break;
+ case LDAP_URL_ERR_NODN:
+ s = "missing suffix";
+ break;
+#endif
+ }
+
+ return( s );
+}
+
+/* there are various differences among url parsers - directory server
+ needs the ability to parse partial URLs - those with no dn - and
+ needs to be able to tell if it is a secure url (ldaps) or not */
+int
+util_ldap_url_parse(const char *url, LDAPURLDesc **ludpp, int require_dn, int *secure)
+{
+ PR_ASSERT(url);
+ PR_ASSERT(ludpp);
+ int rc;
+ const char *url_to_use = url;
+#if defined(USE_OPENLDAP)
+ char *urlescaped = NULL;
+#endif
+
+ if (secure) {
+ *secure = 0;
+ }
+#if defined(USE_OPENLDAP)
+ /* openldap does not support the non-standard multi host:port URLs supported
+ by mozldap - so we have to fake out openldap - replace all spaces with %20 -
+ replace all but the last colon with %3A
+ Go to the 3rd '/' or to the end of the string (convert only the host:port part) */
+ if (url) {
+ char *p = strstr(url, "://");
+ if (p) {
+ int foundspace = 0;
+ int coloncount = 0;
+ char *lastcolon = NULL;
+ p += 3;
+ for (; *p && (*p != '/'); p++) {
+ if (*p == ' ') {
+ foundspace = 1;
+ }
+ if (*p == ':') {
+ coloncount++;
+ lastcolon = p;
+ }
+ }
+ if (foundspace) {
+ char *src = NULL, *dest = NULL;
+ /* have to convert url */
+ /* len * 3 is way too much, but acceptable */
+ urlescaped = PR_Calloc(strlen(url) * 3, sizeof(char));
+ dest = urlescaped;
+ /* copy the scheme */
+ src = strstr(url, "://");
+ src += 3;
+ memcpy(dest, url, src-url);
+ dest += (src-url);
+ /* we have to convert all spaces to %20 - we have to convert
+ all colons except the last one to %3A */
+ for (; *src; ++src) {
+ if (src < p) {
+ if (*src == ' ') {
+ memcpy(dest, "%20", 3);
+ dest += 3;
+ } else if ((coloncount > 1) && (*src == ':') && (src != lastcolon)) {
+ memcpy(dest, "%3A", 3);
+ dest += 3;
+ } else {
+ *dest++ = *src;
+ }
+ } else {
+ *dest++ = *src;
+ }
+ }
+ *dest = '\0';
+ url_to_use = urlescaped;
+ }
+ }
+ }
+#endif
+
+#if defined(HAVE_LDAP_URL_PARSE_NO_DEFAULTS)
+ rc = ldap_url_parse_no_defaults(url_to_use, ludpp, require_dn);
+ if (!rc && *ludpp && secure) {
+ *secure = (*ludpp)->lud_options & LDAP_URL_OPT_SECURE;
+ }
+#else /* openldap */
+#if defined(HAVE_LDAP_URL_PARSE_EXT) && defined(LDAP_PVT_URL_PARSE_NONE) && defined(LDAP_PVT_URL_PARSE_NOEMPTY_DN)
+ rc = ldap_url_parse_ext(url_to_use, ludpp, require_dn ? LDAP_PVT_URL_PARSE_NONE : LDAP_PVT_URL_PARSE_NOEMPTY_DN);
+#else
+ rc = ldap_url_parse(url_to_use, ludpp);
+ if ((rc || !*ludpp) && !require_dn) { /* failed - see if failure was due to missing dn */
+ size_t len = strlen(url_to_use);
+ /* assume the url is just scheme://host:port[/] - add the empty string
+ as the DN (adding a trailing / first if needed) and try to parse
+ again
+ */
+ char *urlcopy = PR_smprintf("%s%s%s", url_to_use, (url_to_use[len-1] == '/' ? "" : "/"), "");
+ if (*ludpp) {
+ ldap_free_urldesc(*ludpp); /* free the old one, if any */
+ }
+ rc = ldap_url_parse(urlcopy, ludpp);
+ PL_strfree(urlcopy);
+ urlcopy = NULL;
+ if (0 == rc) { /* only problem was the DN - free it */
+ PL_strfree((*ludpp)->lud_dn);
+ (*ludpp)->lud_dn = NULL;
+ }
+ }
+#endif
+ if (!rc && *ludpp && secure) {
+ *secure = (*ludpp)->lud_scheme && !strcmp((*ludpp)->lud_scheme, "ldaps");
+ }
+#endif /* openldap */
+
+#if defined(USE_OPENLDAP)
+ if (urlescaped && (*ludpp) && (*ludpp)->lud_host) {
+ /* have to unescape lud_host - can unescape in place */
+ char *p = strstr((*ludpp)->lud_host, "://");
+ if (p) {
+ char *dest = NULL;
+ p += 3;
+ dest = p;
+ /* up to the first '/', unescape the host */
+ for (; *p && (*p != '/'); p++) {
+ if (!strncmp(p, "%20", 3)) {
+ *dest++ = ' ';
+ p += 2;
+ } else if (!strncmp(p, "%3A", 3)) {
+ *dest++ = ':';
+ p += 2;
+ } else {
+ *dest++ = *p;
+ }
+ }
+ /* just copy the remainder of the host, if any */
+ while (*p) {
+ *dest++ = *p++;
+ }
+ *dest = '\0';
+ }
+ }
+ PL_strfree(urlescaped);
+#endif
+ return rc;
+}
+
+/*
+ Perform LDAP init and return an LDAP* handle. If ldapurl is given,
+ that is used as the basis for the protocol, host, port, and whether
+ to use starttls (given on the end as ldap://..../?????starttlsOID
+ If hostname is given, LDAP or LDAPS is assumed, and this will override
+ the hostname from the ldapurl, if any. If port is > 0, this is the
+ port number to use. It will override the port in the ldapurl, if any.
+ If no port is given in port or ldapurl, the default will be used based
+ on the secure setting (389 for ldap, 636 for ldaps)
+ secure takes 1 of 2 values - 0 means regular ldap, 1 means ldaps
+ filename is the ldapi file name - if this is given, and no other options
+ are given, ldapi is assumed.
+ */
+LDAP *
+util_ldap_init(
+ const char *certdir,
+ const char *ldapurl, /* full ldap url */
+ const char *hostname, /* can also use this to override
+ host in url */
+ int port, /* can also use this to override port in url */
+ int secure, /* 0 for ldap, 1 for ldaps */
+ int shared, /* if true, LDAP* will be shared among multiple threads */
+ const char *filename /* for ldapi */
+)
+{
+ LDAPURLDesc *ludp = NULL;
+ LDAP *ld = NULL;
+ int rc = 0;
+ int secureurl = 0;
+ int ldap_version3 = LDAP_VERSION3;
+
+ /* if ldapurl is given, parse it */
+ if (ldapurl && ((rc = util_ldap_url_parse(ldapurl, &ludp, 0, &secureurl)) ||
+ !ludp)) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: Could not parse given LDAP URL [%s] : error [%s]\n",
+ ldapurl, /* ldapurl cannot be NULL here */
+ util_urlparse_err2string(rc));
+#endif
+ goto done;
+ }
+
+ /* use url host if no host given */
+ if (!hostname && ludp && ludp->lud_host) {
+ hostname = ludp->lud_host;
+ }
+
+ /* use url port if no port given */
+ if (!port && ludp && ludp->lud_port) {
+ port = ludp->lud_port;
+ }
+
+ /* use secure setting from url if none given */
+ if (!secure && ludp) {
+ if (secureurl) {
+ secure = 1;
+ }
+ }
+
+#if defined(USE_OPENLDAP)
+ if (ldapurl) {
+ rc = ldap_initialize(&ld, ldapurl);
+ if (rc) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: Could not initialize LDAP connection to [%s]: %d:%s\n",
+ ldapurl, rc, ldap_err2string(rc));
+#endif
+ goto done;
+ }
+ } else {
+ char *makeurl = NULL;
+ if (filename) {
+ makeurl = PR_smprintf("ldapi://%s/", filename);
+ } else { /* host port */
+ makeurl = convert_to_openldap_uri(hostname, port, (secure == 1 ? "ldaps" : "ldap"));
+ }
+ rc = ldap_initialize(&ld, makeurl);
+ if (rc) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: Could not initialize LDAP connection to [%s]: %d:%s\n",
+ makeurl, rc, ldap_err2string(rc));
+#endif
+ PL_strfree(makeurl);
+ makeurl = NULL;
+ goto done;
+ }
+ PL_strfree(makeurl);
+ makeurl = NULL;
+ }
+#else /* !USE_OPENLDAP */
+ if (filename) {
+ /* ldapi in mozldap client is not yet supported */
+ } else if (secure == 1) {
+ ld = ldapssl_init(hostname, port, secure);
+ } else { /* regular ldap and/or starttls */
+ /*
+ * Leverage the libprldap layer to take care of all the NSPR
+ * integration.
+ * Note that ldapssl_init() uses libprldap implicitly.
+ */
+ ld = prldap_init(hostname, port, shared);
+ }
+#endif /* !USE_OPENLDAP */
+
+ /* must explicitly set version to 3 */
+ ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version3);
+
+ if ((ld != NULL) && !filename) {
+ /*
+ * Set SSL strength (server certificate validity checking).
+ */
+ if (secure > 0) {
+#if defined(USE_OPENLDAP)
+ int optval = 0;
+#endif /* !USE_OPENLDAP */
+ int ssl_strength = 0;
+ LDAP *myld = NULL;
+
+ /* we can only use the set functions below with a real
+ LDAP* if it has already gone through ldapssl_init -
+ so, use NULL if using starttls */
+ if (secure == 1) {
+ myld = ld;
+ }
+
+ /* verify certificate only */
+#if defined(USE_OPENLDAP)
+ ssl_strength = LDAP_OPT_X_TLS_NEVER;
+#else /* !USE_OPENLDAP */
+ ssl_strength = LDAPSSL_AUTH_CERT;
+#endif /* !USE_OPENLDAP */
+
+#if defined(USE_OPENLDAP)
+ if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "failed: unable to create new TLS context\n");
+#endif
+ }
+ if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "failed: unable to set REQUIRE_CERT option to %d\n", ssl_strength);
+#endif
+ }
+ /* tell it where our cert db is */
+ if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, certdir))) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "failed: unable to set CACERTDIR option to %s\n", certdir);
+#endif
+ }
+#if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN)
+ optval = LDAP_OPT_X_TLS_PROTOCOL_SSL3;
+ if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, &optval))) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "failed: unable to set minimum TLS protocol level to SSL3\n");
+#endif
+ }
+#endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */
+#else /* !USE_OPENLDAP */
+ if ((rc = ldapssl_set_strength(myld, ssl_strength)) ||
+ (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL2, PR_FALSE)) ||
+ (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL3, PR_TRUE)) ||
+ (rc = ldapssl_set_option(myld, SSL_ENABLE_TLS, PR_TRUE))) {
+ int prerr = PR_GetError();
+
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "failed: unable to set SSL options ("
+ "error %d - %s)\n",
+ prerr, PR_ErrorToString(prerr, PR_LANGUAGE_I_DEFAULT));
+#endif
+ }
+ if (secure == 1) {
+ /* tell bind code we are using SSL */
+ ldap_set_option(ld, LDAP_OPT_SSL, LDAP_OPT_ON);
+ }
+#endif /* !USE_OPENLDAP */
+ }
+ }
+
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_init: "
+ "Success: set up conn to [%s:%d]%s\n",
+ hostname, port,
+ secure ? " using TLS/SSL" : "");
+#endif
+done:
+ ldap_free_urldesc(ludp);
+
+ return( ld );
+}
+
+int
+util_ldap_get_lderrno(LDAP *ld, char **m, char **s)
+{
+ int rc = LDAP_SUCCESS;
+
+#if defined(USE_OPENLDAP)
+ ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &rc);
+ if (m) {
+ ldap_get_option(ld, LDAP_OPT_MATCHED_DN, m);
+ }
+ if (s) {
+#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
+ ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, s);
+#else
+ ldap_get_option(ld, LDAP_OPT_ERROR_STRING, s);
+#endif
+ }
+#else /* !USE_OPENLDAP */
+ rc = ldap_get_lderrno( ld, m, s );
+#endif
+ return rc;
+}
+
+#ifndef LDAP_SASL_EXTERNAL
+#define LDAP_SASL_EXTERNAL "EXTERNAL" /* TLS/SSL extension */
+#endif
+
+/*
+ * Does the correct bind operation simple/sasl/cert depending
+ * on the arguments passed in.
+ */
+int
+util_ldap_bind(
+ LDAP *ld, /* ldap connection */
+ const char *bindid, /* usually a bind DN for simple bind */
+ const char *creds, /* usually a password for simple bind */
+ const char *mech, /* name of mechanism */
+ LDAPControl **serverctrls, /* additional controls to send */
+ LDAPControl ***returnedctrls, /* returned controls */
+ struct timeval *timeout, /* timeout */
+ int *msgidp /* pass in non-NULL for async handling */
+)
+{
+ int rc = LDAP_SUCCESS;
+ int secure = 0;
+ struct berval bvcreds = {0, NULL};
+ LDAPMessage *result = NULL;
+ struct berval *servercredp = NULL;
+#if defined(USE_OPENLDAP)
+ /* openldap doesn't have a SSL/TLS yes/no flag - so grab the
+ ldapurl, parse it, and see if it is a secure one */
+ char *ldapurl = NULL;
+
+ ldap_get_option(ld, LDAP_OPT_URI, &ldapurl);
+ if (ldapurl && !PL_strncasecmp(ldapurl, "ldaps", 5)) {
+ secure = 1;
+ }
+ PL_strfree(ldapurl);
+ ldapurl = NULL;
+#else /* !USE_OPENLDAP */
+ ldap_get_option(ld, LDAP_OPT_SSL, &secure);
+#endif
+
+#ifdef EXTERNAL_AUTH_SUPPORTED
+ if (secure && mech && !strcmp(mech, LDAP_SASL_EXTERNAL)) {
+ /* SSL connections will use the server's security context
+ and cert for client auth */
+ rc = slapd_SSL_client_auth(ld);
+
+ if (rc != 0) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: could not configure the server for cert "
+ "auth - error %d - make sure the server is "
+ "correctly configured for SSL/TLS\n", rc);
+#endif
+ goto done;
+ } else {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Set up conn to use client auth\n");
+#endif
+ }
+ bvcreds.bv_val = NULL; /* ignore username and passed in creds */
+ bvcreds.bv_len = 0; /* for external auth */
+ bindid = NULL;
+ } else { /* other type of auth */
+#endif /* EXTERNAL_AUTH_SUPPORTED */
+ bvcreds.bv_val = (char *)creds;
+ bvcreds.bv_len = creds ? strlen(creds) : 0;
+#ifdef EXTERNAL_AUTH_SUPPORTED
+ }
+#endif /* EXTERNAL_AUTH_SUPPORTED */
+
+ /* The connection has been set up - now do the actual bind, depending on
+ the mechanism and arguments */
+ if (!mech || (mech == LDAP_SASL_SIMPLE) ||
+ !strcmp(mech, LDAP_SASL_EXTERNAL)) {
+ int mymsgid = 0;
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "attempting %s bind with id [%s] creds [%s]\n",
+ mech ? mech : "SIMPLE",
+ bindid, creds);
+#endif
+ if ((rc = ldap_sasl_bind(ld, bindid, mech, &bvcreds, serverctrls,
+ NULL /* clientctrls */, &mymsgid))) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: could not send bind request for id "
+ "[%s] mech [%s]: error %d (%s) %d (%s) %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE",
+ rc, ldap_err2string(rc),
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT),
+ errno, strerror(errno));
+#endif
+ goto done;
+ }
+
+ if (msgidp) { /* let caller process result */
+ *msgidp = mymsgid;
+ } else { /* process results */
+ rc = ldap_result(ld, mymsgid, LDAP_MSG_ALL, timeout, &result);
+ if (-1 == rc) { /* error */
+ rc = util_ldap_get_lderrno(ld, NULL, NULL);
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error reading bind response for id "
+ "[%s] mech [%s]: error %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE",
+ rc, ldap_err2string(rc));
+#endif
+ goto done;
+ } else if (rc == 0) { /* timeout */
+ rc = LDAP_TIMEOUT;
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: timeout after [%ld.%ld] seconds reading "
+ "bind response for [%s] mech [%s]\n",
+ timeout ? timeout->tv_sec : 0,
+ timeout ? timeout->tv_usec : 0,
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE");
+#endif
+ goto done;
+ }
+ /* if we got here, we were able to read success result */
+ /* Get the controls sent by the server if requested */
+ if (returnedctrls) {
+ if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
+ NULL, returnedctrls,
+ 0)) != LDAP_SUCCESS) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: could not bind id "
+ "[%s] mech [%s]: error %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE",
+ rc, ldap_err2string(rc));
+#endif
+ goto done;
+ }
+ }
+
+ /* parse the bind result and get the ldap error code */
+ if ((rc = ldap_parse_sasl_bind_result(ld, result, &servercredp,
+ 0))) {
+ rc = util_ldap_get_lderrno(ld, NULL, NULL);
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: could not read bind results for id "
+ "[%s] mech [%s]: error %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE",
+ rc, ldap_err2string(rc));
+#endif
+ goto done;
+ }
+ }
+ } else {
+ rc = -1;
+#ifdef SASL_AUTH_SUPPORTED
+ /* a SASL mech */
+ rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
+ serverctrls, returnedctrls,
+ msgidp);
+ if (LDAP_SUCCESS != rc) {
+#ifdef DEBUG
+ fprintf(stderr, "util_ldap_bind: "
+ "Error: could not perform interactive bind for id "
+ "[%s] mech [%s]: error %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech, /* mech cannot be SIMPLE here */
+ rc, ldap_err2string(rc));
+#endif
+ }
+#endif /* SASL_AUTH_SUPPORTED */
+ }
+
+done:
+ ber_bvfree(servercredp);
+ ldap_msgfree(result);
+
+ return rc;
+}
+
+void
+util_ldap_perror(LDAP *ld, const char *fmt, ...)
+{
+ char *matched, *extra;
+ int err = util_ldap_get_lderrno(ld, &matched, &extra);
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, ": error %d (%s)", err, ldap_err2string(err));
+ if (matched) {
+ fprintf(stderr, ": matched DN (%s)", matched);
+ }
+ if (extra) {
+ fprintf(stderr, ": extra (%s)", extra);
+ }
+ fprintf(stderr, "\n");
+}
+
+char **
+util_ldap_get_values(LDAP *ld, LDAPMessage *entry, const char *attrtype)
+{
+#if defined(USE_OPENLDAP)
+ struct berval **bvals = NULL;
+ char **vals = NULL;
+ int ii;
+
+ bvals = ldap_get_values_len(ld, entry, attrtype);
+
+ if (!bvals) {
+ return vals;
+ }
+
+ for (ii = 0; bvals[ii]; ++ii);
+ vals = (char **)PR_Malloc((ii + 1) * sizeof(char *));
+ for (ii = 0; vals && bvals && bvals[ii]; ++ii) {
+ vals[ii] = PL_strndup(bvals[ii]->bv_val, bvals[ii]->bv_len);
+ }
+ ldap_value_free_len(bvals);
+ if (vals) {
+ vals[ii] = NULL;
+ }
+ return vals;
+#else
+ return ldap_get_values(ld, entry, attrtype);
+#endif
+}
+
+void
+util_ldap_value_free(char **vals)
+{
+ int ii;
+
+ for (ii = 0; vals && vals[ii]; ++ii) {
+ PL_strfree(vals[ii]);
+ }
+ PR_Free(vals);
+}
diff --git a/lib/libdsa/dsalib_conf.c b/lib/libdsa/dsalib_conf.c
index 3c5bbe6..41c8204 100644
--- a/lib/libdsa/dsalib_conf.c
+++ b/lib/libdsa/dsalib_conf.c
@@ -52,7 +52,11 @@ ds_get_config(int type)
{
char conffile[PATH_MAX];
char *configdir;
+#if defined(USE_OPENLDAP)
+ LDIFFP *sf = NULL;
+#else
FILE *sf = NULL;
+#endif
char **conf_list = NULL;
if ( (type != DS_REAL_CONFIG) && (type != DS_TMP_CONFIG) ) {
@@ -67,14 +71,23 @@ ds_get_config(int type)
PR_snprintf(conffile, PATH_MAX, "%s/%s", configdir, DS_CONFIG_FILE);
- if ( !(sf = fopen(conffile, "r")) ) {
+#if defined(USE_OPENLDAP)
+ sf = ldif_open(conffile, "r");
+#else
+ sf = fopen(conffile, "r");
+#endif
+ if ( !sf ) {
ds_send_error("could not read config file.", 1);
return(NULL);
}
conf_list = ds_get_conf_from_file(sf);
+#if defined(USE_OPENLDAP)
+ ldif_close(sf);
+#else
fclose(sf);
+#endif
if (!conf_list) {
ds_send_error("failed to read the config file successfully.", 0);
return(NULL);
diff --git a/lib/libdsa/dsalib_confs.c b/lib/libdsa/dsalib_confs.c
index b2b1d45..c7049bc 100644
--- a/lib/libdsa/dsalib_confs.c
+++ b/lib/libdsa/dsalib_confs.c
@@ -32,16 +32,43 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <lber.h>
#include <ldif.h>
#include <ctype.h>
#include "nspr.h"
#include "plstr.h"
+int
+dsalib_ldif_parse_line(
+ char *line,
+ struct berval *type,
+ struct berval *value,
+ int *freeval
+)
+{
+ int rc;
+#if defined(USE_OPENLDAP)
+ rc = ldif_parse_line2(line, type, value, freeval);
+ /* check that type and value are null terminated */
+#else
+ int vlen;
+ rc = ldif_parse_line(line, &type->bv_val, &value->bv_val, &vlen);
+ type->bv_len = type->bv_val ? strlen(type->bv_val) : 0;
+ value->bv_len = vlen;
+ *freeval = 0; /* always returns in place */
+#endif
+ return rc;
+}
+
/*
* Read the configuration info into a null-terminated list of strings.
*/
DS_EXPORT_SYMBOL char **
+#if defined(USE_OPENLDAP)
+ds_get_conf_from_file(LDIFFP *conf)
+#else
ds_get_conf_from_file(FILE *conf)
+#endif
{
static char config_entry[] = "dn: cn=config";
static int cfg_ent_len = sizeof(config_entry)-1;
@@ -49,14 +76,21 @@ ds_get_conf_from_file(FILE *conf)
char **conf_list = NULL;
char *entry = 0;
int lineno = 0;
+#if defined(USE_OPENLDAP)
+ int buflen;
+#endif
+#if defined(USE_OPENLDAP)
+ while (ldif_read_record(conf, &lineno, &entry, &buflen)) {
+#else
while ((entry = ldif_get_entry(conf, &lineno))) {
+#endif
char *begin = entry;
if (!PL_strncasecmp(entry, config_entry, cfg_ent_len)) {
char *line = entry;
while ((line = ldif_getline(&entry))) {
- char *type, *value;
- int vlen = 0;
+ struct berval type, value;
+ int freeval = 0;
int rc;
if ( *line == '\n' || *line == '\0' ) {
@@ -64,10 +98,10 @@ ds_get_conf_from_file(FILE *conf)
}
/* this call modifies line */
- rc = ldif_parse_line(line, &type, &value, &vlen);
+ rc = dsalib_ldif_parse_line(line, &type, &value, &freeval);
if (rc != 0)
{
- ds_send_error("Unknown error processing config file", 0);
+ ds_send_error("Unknown error processing config file", 0);
free(begin);
return NULL;
}
@@ -75,8 +109,12 @@ ds_get_conf_from_file(FILE *conf)
conf_list = (char **) realloc(conf_list,
((listsize + 1) * sizeof(char *)));
/* this is the format expected by ds_get_config_value */
- conf_list[listsize - 1] = PR_smprintf("%s:%s", type, value);
+ conf_list[listsize - 1] = PR_smprintf("%.*s:%.*s",
+ type.bv_len, type.bv_val, value.bv_len, value.bv_val);
conf_list[listsize] = NULL; /* always null terminated */
+ if (freeval) {
+ PL_strfree(value.bv_val);
+ }
}
}
free(begin);
@@ -134,8 +172,10 @@ ds_get_value(char **ds_config, char *parm, int phase, int occurance)
* Use ldif_parse_line() so continuation markers are
* handled correctly, etc.
*/
- char *type = NULL, *value = NULL, *tmpvalue = NULL;
- int ldif_rc, tmpvlen = 0;
+ struct berval type, tmpvalue;
+ char *value = NULL;
+ int freeval = 0;
+ int ldif_rc;
char *tmpline = strdup(line);
if ( NULL == tmpline ) {
@@ -145,13 +185,15 @@ ds_get_value(char **ds_config, char *parm, int phase, int occurance)
return(NULL);
}
- ldif_rc = ldif_parse_line( tmpline, &type, &tmpvalue, &tmpvlen );
- if (ldif_rc < 0) {
+ ldif_rc = dsalib_ldif_parse_line( tmpline, &type, &tmpvalue, &freeval );
+ if (ldif_rc) {
ds_send_error("Unknown error processing config file", 0);
- } else if (ldif_rc == 0) { /* value returned in place */
- value = strdup(tmpvalue);
- } else { /* malloc'd value */
- value = tmpvalue;
+ } else {
+ if (freeval) {
+ value = tmpvalue.bv_val;
+ } else {
+ value = PL_strndup(tmpvalue.bv_val, tmpvalue.bv_len);
+ }
}
free(tmpline);
return value;
diff --git a/ltmain.sh b/ltmain.sh
old mode 100755
new mode 100644
diff --git a/m4/mozldap.m4 b/m4/mozldap.m4
index a976d47..976e41c 100644
--- a/m4/mozldap.m4
+++ b/m4/mozldap.m4
@@ -18,35 +18,59 @@
#
# END COPYRIGHT BLOCK
-AC_CHECKING(for LDAPSDK)
+AC_CHECKING(for Mozilla LDAPSDK)
# check for --with-ldapsdk
AC_MSG_CHECKING(for --with-ldapsdk)
-AC_ARG_WITH(ldapsdk, [ --with-ldapsdk=PATH Mozilla LDAP SDK directory],
+AC_ARG_WITH(ldapsdk, AS_HELP_STRING([--with-ldapsdk@<:@=PATH@:>@],[Mozilla LDAP SDK directory]),
[
- if test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+ if test "$withval" = yes
+ then
+ AC_MSG_RESULT(yes)
+ elif test "$withval" = no
+ then
+ AC_MSG_RESULT(no)
+ elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
then
AC_MSG_RESULT([using $withval])
LDAPSDKDIR=$withval
ldapsdk_inc="-I$LDAPSDKDIR/include"
ldapsdk_lib="-L$LDAPSDKDIR/lib"
ldapsdk_libdir="$LDAPSDKDIR/lib"
- ldapsdk_bindir="$LDAPSDKDIR/bin"
+ with_ldapsdk=yes
else
echo
AC_MSG_ERROR([$withval not found])
fi
+
+ if test "$with_ldapsdk" = yes -a "$with_openldap" = yes
+ then
+ AC_MSG_ERROR([Cannot use both LDAPSDK and OpenLDAP.])
+ fi
+ if test "$with_ldapsdk" != yes -a "$with_openldap" != yes
+ then
+ AC_MSG_ERROR([Either LDAPSDK or OpenLDAP must be used.])
+ fi
],
-AC_MSG_RESULT(no))
+[
+ if test "$with_openldap" = yes
+ then
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT(yes)
+ with_ldapsdk=yes
+ fi
+])
# check for --with-ldapsdk-inc
AC_MSG_CHECKING(for --with-ldapsdk-inc)
-AC_ARG_WITH(ldapsdk-inc, [ --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory],
+AC_ARG_WITH(ldapsdk-inc, AS_HELP_STRING([--with-ldapsdk-inc=PATH],[Mozilla LDAP SDK include directory]),
[
if test -e "$withval"/ldap.h
then
AC_MSG_RESULT([using $withval])
ldapsdk_inc="-I$withval"
+ with_ldapsdk=yes
else
echo
AC_MSG_ERROR([$withval not found])
@@ -56,13 +80,14 @@ AC_MSG_RESULT(no))
# check for --with-ldapsdk-lib
AC_MSG_CHECKING(for --with-ldapsdk-lib)
-AC_ARG_WITH(ldapsdk-lib, [ --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory],
+AC_ARG_WITH(ldapsdk-lib, AS_HELP_STRING([--with-ldapsdk-lib=PATH],[Mozilla LDAP SDK library directory]),
[
if test -d "$withval"
then
AC_MSG_RESULT([using $withval])
ldapsdk_lib="-L$withval"
ldapsdk_libdir="$withval"
+ with_ldapsdk=yes
else
echo
AC_MSG_ERROR([$withval not found])
@@ -73,49 +98,47 @@ AC_MSG_RESULT(no))
# if LDAPSDK is not found yet, try pkg-config
# last resort
-if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then
- AC_PATH_PROG(PKG_CONFIG, pkg-config)
- AC_MSG_CHECKING(for mozldap with pkg-config)
- if test -n "$PKG_CONFIG"; then
- if $PKG_CONFIG --exists mozldap6; then
- mozldappkg=mozldap6
- elif $PKG_CONFIG --exists mozldap; then
- mozldappkg=mozldap
- else
- AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
+if test "$with_ldapsdk" = yes ; then
+ if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir"; then
+ AC_PATH_PROG(PKG_CONFIG, pkg-config)
+ AC_MSG_CHECKING(for mozldap with pkg-config)
+ if test -n "$PKG_CONFIG"; then
+ if $PKG_CONFIG --exists mozldap6; then
+ mozldappkg=mozldap6
+ elif $PKG_CONFIG --exists mozldap; then
+ mozldappkg=mozldap
+ else
+ AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
+ fi
+ ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
+ ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg`
+ ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ .*$//`
+ AC_MSG_RESULT([using system $mozldappkg])
fi
- ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
- ldapsdk_libdir=`$PKG_CONFIG --variable=libdir $mozldappkg`
- ldapsdk_lib="-L$ldapsdk_libdir"
- ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg`
- AC_MSG_RESULT([using system $mozldappkg])
fi
fi
-if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
- AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
-fi
-dnl default path for the ldap c sdk tools (see [210947] for more details)
-if test -z "$ldapsdk_bindir" ; then
- if [ -d $libdir/mozldap6 ] ; then
- ldapsdk_bindir=$libdir/mozldap6
- else
- ldapsdk_bindir=$libdir/mozldap
+
+if test "$with_ldapsdk" = yes ; then
+ if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
+ AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
fi
-fi
-dnl make sure the ldap sdk version is 6 or greater - we do not support
-dnl the old 5.x or prior versions - the ldap server code expects the new
-dnl ber types and other code used with version 6
-save_cppflags="$CPPFLAGS"
-CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
-AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=],
-[#include <ldap-standard.h>
+ dnl make sure the ldap sdk version is 6 or greater - we do not support
+ dnl the old 5.x or prior versions - the ldap server code expects the new
+ dnl ber types and other code used with version 6
+ save_cppflags="$CPPFLAGS"
+ CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
+ AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=],
+ [#include <ldap-standard.h>
#if LDAP_VENDOR_VERSION < 600
#error The LDAP C SDK version is not supported
#endif
-])
-CPPFLAGS="$save_cppflags"
+ ])
+ CPPFLAGS="$save_cppflags"
-if test -z "$isversion6" ; then
- AC_MSG_ERROR([The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported])
+ if test -z "$isversion6" ; then
+ AC_MSG_ERROR([The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported])
+ fi
+ AC_DEFINE([USE_MOZLDAP], [1], [If defined, using MozLDAP for LDAP SDK])
+ AC_DEFINE([HAVE_LDAP_URL_PARSE_NO_DEFAULTS], [1], [have the function ldap_url_parse_no_defaults])
fi
diff --git a/m4/openldap.m4 b/m4/openldap.m4
new file mode 100644
index 0000000..a4e2e88
--- /dev/null
+++ b/m4/openldap.m4
@@ -0,0 +1,131 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
+
+AC_CHECKING(for OpenLDAP)
+
+# check for --with-openldap
+AC_MSG_CHECKING(for --with-openldap)
+AC_ARG_WITH(openldap, AS_HELP_STRING([--with-openldap@<:@=PATH@:>@],[Use OpenLDAP - optional PATH is path to OpenLDAP SDK]),
+[
+ if test "$withval" = yes
+ then
+ AC_MSG_RESULT([using system OpenLDAP])
+ elif test "$withval" = no
+ then
+ AC_MSG_RESULT(no)
+ elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+ then
+ AC_MSG_RESULT([using $withval])
+ OPENLDAPDIR=$withval
+ openldap_incdir="$OPENLDAPDIR/include"
+ openldap_inc="-I$openldap_incdir"
+ openldap_lib="-L$OPENLDAPDIR/lib"
+ openldap_libdir="$OPENLDAPDIR/lib"
+ with_openldap=yes
+ else
+ echo
+ AC_MSG_ERROR([$withval not found])
+ fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-openldap-inc
+AC_MSG_CHECKING(for --with-openldap-inc)
+AC_ARG_WITH(openldap-inc, AS_HELP_STRING([--with-openldap-inc=PATH],[OpenLDAP SDK include directory]),
+[
+ if test -e "$withval"/ldap.h
+ then
+ AC_MSG_RESULT([using $withval])
+ openldap_incdir="$withval"
+ openldap_inc="-I$withval"
+ with_openldap=yes
+ else
+ echo
+ AC_MSG_ERROR([$withval not found])
+ fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-openldap-lib
+AC_MSG_CHECKING(for --with-openldap-lib)
+AC_ARG_WITH(openldap-lib, AS_HELP_STRING([--with-openldap-lib=PATH],[OpenLDAP SDK library directory]),
+[
+ if test -d "$withval"
+ then
+ AC_MSG_RESULT([using $withval])
+ openldap_lib="-L$withval"
+ openldap_libdir="$withval"
+ with_openldap=yes
+ else
+ echo
+ AC_MSG_ERROR([$withval not found])
+ fi
+],
+AC_MSG_RESULT(no))
+
+# if OPENLDAP is not found yet, try pkg-config
+
+if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths
+ if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir"; then
+ AC_PATH_PROG(PKG_CONFIG, pkg-config)
+ AC_MSG_CHECKING(for OpenLDAP with pkg-config)
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then
+ openldap_inc=`$PKG_CONFIG --cflags-only-I openldap`
+ openldap_lib=`$PKG_CONFIG --libs-only-L openldap`
+ openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//`
+ openldap_incdir=`$PKG_CONFIG --variable=includedir openldap`
+ AC_MSG_RESULT([using system OpenLDAP from pkg-config])
+ else
+ openldap_incdir="/usr/include"
+ openldap_inc="-I$openldap_incdir"
+ AC_MSG_RESULT([no OpenLDAP pkg-config files])
+ fi
+ fi
+fi
+
+dnl lets see if we can find the headers and libs
+
+if test "$with_openldap" = yes ; then
+ save_cppflags="$CPPFLAGS"
+ CPPFLAGS="$openldap_inc $nss_inc $nspr_inc"
+ AC_CHECK_HEADER([ldap_features.h], [],
+ [AC_MSG_ERROR([specified with-openldap but ldap_features.h not found])])
+ dnl figure out which version we're using from the header file
+ ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'`
+ dnl full libname is libname-$maj.$min
+ ol_libver="-${ol_ver_maj}.${ol_ver_min}"
+ dnl look for ldap lib
+ save_ldflags="$LDFLAGS"
+ LDFLAGS="$openldap_lib $LDFLAGS"
+ AC_CHECK_LIB([ldap$ol_libver], [ldap_initialize], [have_ldap_lib=1])
+ if test -z "$have_ldap_lib" ; then
+ AC_CHECK_LIB([ldap], [ldap_initialize], [unset ol_libver],
+ [AC_MSG_ERROR([specified with-openldap but libldap not found])])
+ fi
+ dnl look for ldap_url_parse_ext
+ AC_CHECK_LIB([ldap$ol_libver], [ldap_url_parse_ext],
+ [AC_DEFINE([HAVE_LDAP_URL_PARSE_EXT], [1], [have the function ldap_url_parse_ext])])
+ LDFLAGS="$save_ldflags"
+ CPPFLAGS="$save_cppflags"
+
+ AC_DEFINE([USE_OPENLDAP], [1], [If defined, using OpenLDAP for LDAP SDK])
+fi
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index d3a659a..90f81eb 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -375,8 +375,8 @@ ldapu_find (LDAP *ld, const char *base, int scope,
filter = ldapu_strings[LDAPU_STR_FILTER_DEFAULT];
}
- retval = ldap_search_s(ld, base, scope, filter, (char **)attrs,
- attrsonly, res);
+ retval = ldap_search_ext_s(ld, base, scope, filter, (char **)attrs,
+ attrsonly, NULL, NULL, NULL, -1, res);
if (retval != LDAP_SUCCESS)
{
@@ -503,45 +503,39 @@ ldapu_find_userdn (LDAP *ld, const char *uid, const char *base,
static void
closeLDAPConnection(LDAP *server)
{
- ldap_unbind_s(server);
+ ldap_unbind_ext_s(server, NULL, NULL);
}
static LDAP *
openLDAPConnection(LdapServerData *data)
{
- static int falseint = 0;
-
LDAP *server;
- if (data->secure) {
- if (!(server = ldapssl_init(data->host, data->port, 1))) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
- "openLDAPConnection(): ldapssl_init failed for %s:%d",
- data->host, data->port);
- return NULL;
- }
- }
- else {
- if (!(server = ldap_init(data->host, data->port))) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
- "openLDAPConnection(): ldap_init failed for %s:%d",
- data->host, data->port);
- return NULL;
- }
- }
-
- if (ldap_set_option(server, LDAP_OPT_CACHE_ENABLE, (void*)&falseint) != LDAP_SUCCESS) {
+ if (!(server = util_ldap_init(data->securitydir, NULL,
+ data->host, data->port, data->secure, 1, NULL))) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
- "openLDAPConnection(): ldap_set_option failed to disable cache for %s:%d",
+ "openLDAPConnection(): util_ldap_init failed for ldap%s://%s:%d",
+ data->secure ? "s" : "",
data->host, data->port);
- closeLDAPConnection(server);
return NULL;
}
return (server);
}
-static int LDAP_CALL LDAP_CALLBACK
+#if defined(USE_OPENLDAP)
+static int
+admserv_ldap_rebind_proc(
+ LDAP *ld, LDAP_CONST char *url,
+ ber_tag_t request, ber_int_t msgid,
+ void *arg)
+{
+ RebindData *data = (RebindData*)arg;
+
+ return util_ldap_bind(ld, data->user, data->pw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL);
+}
+#else /* NOT USE_OPENLDAP */
+static int
admserv_ldap_rebind_proc(LDAP *ld, char **who, char **pw, int *auth, int freeit, void *arg)
{
RebindData *data = (RebindData*)arg;
@@ -554,6 +548,7 @@ admserv_ldap_rebind_proc(LDAP *ld, char **who, char **pw, int *auth, int freeit,
return LDAP_SUCCESS;
}
+#endif
static void
setLDAPRebindProc(LDAP *server, const char *user, const char *pw)
@@ -664,21 +659,13 @@ admserv_ldap_auth_userdn_password(LDAP *server,
const char *pw,
int *pw_expiring)
{
- int ver = LDAP_VERSION3;
- LDAPMessage *res = NULL; /* LDAP result message */
LDAPControl **ctrls = NULL;
int ldapError = LDAP_SUCCESS;
- int msgid = 0; /* async bind id */
- int rc = 0; /* result code of LDAP operation */
*pw_expiring = -1;
setLDAPRebindProc(server, userdn, pw);
- /* This is for password expiration check */
- /* set the LDAP version -- only v3 knows about controls */
- ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver);
-
/* DT 9/18/98 - Fix for bind problem. Previously, if pw == null,
* then the bind does not occur (connection is still anonymous),
* but ldap_simple_bind() returns LDAP_SUCCESS. We want the
@@ -688,32 +675,13 @@ admserv_ldap_auth_userdn_password(LDAP *server,
pw = (char*)"";
/* bind user asynchronously */
- if ( (msgid = ldap_simple_bind(server, userdn, pw)) == -1 ) {
- /*return LDAP_OPERATIONS_ERROR;*/
- return LDAP_SERVER_DOWN;
- }
-
- rc = ldap_result(server, msgid, 1, NULL, &res);
+ ldapError = util_ldap_bind(server, userdn, pw,
+ LDAP_SASL_SIMPLE, NULL, &ctrls, NULL, NULL);
- switch (rc) {
- case -1:
- if (res) ldap_msgfree(res);
- return ldap_get_lderrno(server, NULL, NULL);
- default:
- if ((ldapError = ldap_result2error(server, res, 0)) != LDAP_SUCCESS) {
- if (res) ldap_msgfree(res);
- return ldapError;
- }
- }
-
- if ((ldapError = ldap_parse_result(server, res, NULL, NULL, NULL, NULL, &ctrls, 0))
- != LDAP_SUCCESS) {
- if (res) ldap_msgfree(res);
- return ldapError;
- }
-
- if ((ldapError = ldap_result2error(server, res, 0)) != LDAP_SUCCESS) {
- if (res) ldap_msgfree(res);
+ if (ldapError) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0 /* status */, NULL,
+ "Could not bind as [%s]: ldap error %d: %s",
+ userdn, ldapError, ldap_err2string(ldapError));
return ldapError;
}
@@ -740,7 +708,6 @@ admserv_ldap_auth_userdn_password(LDAP *server,
ldap_controls_free(ctrls);
}
- if (res) ldap_msgfree(res);
return ldapError;
}
@@ -777,15 +744,16 @@ static int
extractLdapServerData(LdapServerData *data, char *ldapURL, const server_rec *s)
{
LDAPURLDesc *ldapInfo = NULL;
+ int secure;
if (!ldapURL)
return extractLdapError(s, NULL);
- if (ldap_url_parse(ldapURL, &ldapInfo)) {
+ if (util_ldap_url_parse(ldapURL, &ldapInfo, 0, &secure)) {
return extractLdapError(s, NULL);
}
- data->secure = (ldapInfo->lud_options & LDAP_URL_OPT_SECURE);
+ data->secure = secure;
data->port = ldapInfo->lud_port;
if (!data->port) {
if (data->secure) {
@@ -888,6 +856,7 @@ buildUGInfo(char** errorInfo, const request_rec *r) {
userGroupServer.secure = 0;
userGroupServer.baseDN = NULL;
userGroupServer.admservSieDN = NULL;
+ userGroupServer.securitydir = admldapGetSecurityDir(info);
if (NULL == admldapGetLDAPHndl(info)) {
/* LDAP is not available; gather info from the cache */
@@ -1166,7 +1135,7 @@ sync_task_sie_data(const char *name, char *query, void *arg, request_rec *r)
for (i=0; i < servercnt; i++) {
/* Create Pset for each individual server */
char *host = admldapGetHost(ldapInfo);
- tmp = psetRealCreateSSL(host,
+ tmp = psetRealCreateSSL(ldapInfo, host,
admldapGetPort(ldapInfo),
admldapGetSecurity(ldapInfo),
serverlist[i],
@@ -1295,7 +1264,7 @@ task_update_registry_server_bindpw(char *uid, char *password,
userDN = apr_table_get(r->notes, RQ_NOTES_USERDN);
/* authenticate to LDAP server */
- if (LDAP_SUCCESS != (ldapError = ldap_simple_bind_s(ld, userDN, bindpw))) {
+ if (LDAP_SUCCESS != (ldapError = util_ldap_bind(ld, userDN, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL))) {
switch (ldapError) {
case LDAP_INAPPROPRIATE_AUTH:
case LDAP_INVALID_CREDENTIALS:
@@ -1327,7 +1296,7 @@ task_update_registry_server_bindpw(char *uid, char *password,
mod.mod_values = vals;
mods[0] = &mod;
mods[1] = NULL;
- if (LDAP_SUCCESS != (ldapError = ldap_modify_s(ld, adminDN, mods))) {
+ if (LDAP_SUCCESS != (ldapError = ldap_modify_ext_s(ld, adminDN, mods, NULL, NULL))) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"task_update_registry_server_bindpw(): ldap_modify for %s failed: %s",
adminDN, ldap_err2string(ldapError));
@@ -1489,8 +1458,8 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata)
tries = 0;
do {
- ldapError = ldap_search_s(server, (char *)sieDN, LDAP_SCOPE_SUBTREE, NS_EXEC_REF_QUERY,
- searchAttributes, 0, &result);
+ ldapError = ldap_search_ext_s(server, (char *)sieDN, LDAP_SCOPE_SUBTREE, NS_EXEC_REF_QUERY,
+ searchAttributes, 0, NULL, NULL, NULL, -1, &result);
if(ldapError != LDAP_SERVER_DOWN && ldapError != LDAP_CONNECT_ERROR)
break;
@@ -1513,23 +1482,24 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata)
for (e = ldap_first_entry(server, result) ; e != NULL ;
e = ldap_next_entry(data->server, e)) {
- char *dn, **vals, **vals2, *execRefArgs;
+ char *dn, *execRefArgs;
+ struct berval **vals, **vals2;
TaskCacheEntry *cache_entry;
dn = ldap_get_dn(server, e);
if (!dn) continue;
- vals = ldap_get_values(server, e, NS_EXEC_REF);
+ vals = ldap_get_values_len(server, e, NS_EXEC_REF);
if (!vals) {
ldap_memfree(dn);
continue;
}
- vals2 = ldap_get_values(server, e, NS_LOG_SUPPRESS);
+ vals2 = ldap_get_values_len(server, e, NS_LOG_SUPPRESS);
- if ((execRefArgs = strchr(vals[0], '?')) != NULL)
+ if (vals && vals[0] && ((execRefArgs = PL_strnchr(vals[0]->bv_val, '?', vals[0]->bv_len)) != NULL))
*(execRefArgs++) = '\0';
adm_normalize_dn(dn, normDN);
@@ -1548,9 +1518,13 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata)
*/
}
- cache_entry->execRef = apr_pstrdup(module_pool, vals[0]);
+ if (vals && vals[0]) {
+ cache_entry->execRef = apr_pstrndup(module_pool, vals[0]->bv_val, vals[0]->bv_len);
+ } else {
+ cache_entry->execRef = NULL;
+ }
cache_entry->execRefArgs = execRefArgs ? apr_pstrdup(module_pool, execRefArgs) : NULL;
- cache_entry->logSuppress = (vals2 && !STRCASECMP(vals2[0], LOG_SUPPRESS_ON_VALUE));
+ cache_entry->logSuppress = (vals2 && vals[0] && !strncasecmp(vals2[0]->bv_val, LOG_SUPPRESS_ON_VALUE, vals2[0]->bv_len));
HashTableInsert(cache_entry->auth_userDNs, apr_pstrdup(module_pool, data->userDN),
(char*)(data->now));
@@ -1561,9 +1535,9 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata)
cache_entry->execRefArgs ? cache_entry->execRefArgs : "",
data->userDN);
- ldap_value_free(vals);
+ ldap_value_free_len(vals);
if (vals2)
- ldap_value_free(vals2);
+ ldap_value_free_len(vals2);
ldap_memfree(dn);
}
@@ -2327,7 +2301,8 @@ do_admserv_post_config(apr_pool_t *p, apr_pool_t *plog,
registryServer.bindDN = ""; /* deprecated - use user credentials */
registryServer.bindPW = ""; /* deprecated - use user credentials */
registryServer.admservSieDN = admldapGetSIEDN(info);
-
+ registryServer.securitydir = admldapGetSecurityDir(info);
+
destroyAdmldap(info);
info = NULL;
@@ -2853,7 +2828,7 @@ static int fixup_adminsdk(request_rec *r)
admserv_config *cf = ap_get_module_config(r->per_dir_config,
&admserv_module);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"fixup_adminsdk flag is %d", cf->adminsdk);
if (!cf->adminsdk)
diff --git a/mod_admserv/mod_admserv.h b/mod_admserv/mod_admserv.h
index 965407b..9a041f0 100644
--- a/mod_admserv/mod_admserv.h
+++ b/mod_admserv/mod_admserv.h
@@ -28,13 +28,10 @@
#define _ADMSERV_PLUGIN_H
#include <ldap.h>
-#include <ldap_ssl.h>
-#include "apr_hash.h"
+#include "libadmin/libadmin.h"
-typedef unsigned long DWORD;
-typedef DWORD *PDWORD;
-typedef DWORD *LPDWORD;
+#include "apr_hash.h"
#define LDAPU_SUCCESS 0
#define LDAPU_FAILED -1
@@ -137,6 +134,7 @@ typedef struct LdapServerData {
char *bindDN; /* deprecated since the SIE cannot bind anymore */
char *bindPW; /* deprecated since the SIE cannot bind anymore */
char *admservSieDN; /* SIE DN of this admin server */
+ char *securitydir; /* path to key/cert databases */
} LdapServerData;
typedef struct ServletLookupData {
@@ -153,4 +151,11 @@ typedef struct RuntimeCommandRecord {
void *arg;
} RuntimeCommandRecord;
+#ifndef LDAP_CONTROL_PWEXPIRED
+#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
+#endif
+#ifndef LDAP_CONTROL_PWEXPIRING
+#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
+#endif
+
#endif
diff --git a/tests/ds_create/testget.1 b/tests/ds_create/testget.1
index 266503a..9abb2c4 100644
--- a/tests/ds_create/testget.1
+++ b/tests/ds_create/testget.1
@@ -1 +1 @@
-servport=38900&cfg_sspt_uid=uid%3Dadmin%2C+ou%3DAdministrators%2C+ou%3DTopologyManagement%2C+o%3DNetscapeRoot&ldap_url=ldap%3A%2F%2Flocalhost.localdomain%3A1100%2Fo%3DNetscapeRoot&servuser=SETTOYOURUSERID&cfg_sspt_uid_pw=admin&rootpw=password&servid=localhost2&start_server=1&suitespot3x_uid=admin&suffix=dc%3Dexample%2Cdc%3Dcom&servname=localhost.localdomain&rootdn=cn%3DDirectory+Manager&admin_domain=localdomain
+servport=38900&cfg_sspt_uid=uid%3Dadmin%2C+ou%3DAdministrators%2C+ou%3DTopologyManagement%2C+o%3DNetscapeRoot&ldap_url=ldap%3A%2F%2FHOSTNAME%3APORT%2Fo%3DNetscapeRoot&servuser=USER&cfg_sspt_uid_pw=admin&rootpw=password&servid=localhost2&start_server=1&suitespot3x_uid=admin&suffix=dc%3Dexample%2Cdc%3Dcom&servname=HOSTNAME&rootdn=cn%3DDirectory+Manager&admin_domain=DOMAIN
diff --git a/tests/htmladmin/testget.2 b/tests/htmladmin/testget.2
index 05e140f..1765055 100644
--- a/tests/htmladmin/testget.2
+++ b/tests/htmladmin/testget.2
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=topframepaint&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=topframepaint&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.3 b/tests/htmladmin/testget.3
index 7e946f8..82f3179 100644
--- a/tests/htmladmin/testget.3
+++ b/tests/htmladmin/testget.3
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=index&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=index&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.4 b/tests/htmladmin/testget.4
index 077786d..868c0f2 100644
--- a/tests/htmladmin/testget.4
+++ b/tests/htmladmin/testget.4
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=empty&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=empty&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.5 b/tests/htmladmin/testget.5
index c2ec86e..e3969c8 100644
--- a/tests/htmladmin/testget.5
+++ b/tests/htmladmin/testget.5
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=framepaint&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=framepaint&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.6 b/tests/htmladmin/testget.6
index 4647668..26a84f9 100644
--- a/tests/htmladmin/testget.6
+++ b/tests/htmladmin/testget.6
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=viewselect&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=viewselect&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.7 b/tests/htmladmin/testget.7
index 254c228..a8bb81c 100644
--- a/tests/htmladmin/testget.7
+++ b/tests/htmladmin/testget.7
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=serveractivate&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=serveractivate&view=viewparam
\ No newline at end of file
diff --git a/tests/htmladmin/testget.8 b/tests/htmladmin/testget.8
index 448b7d7..1fcd009 100644
--- a/tests/htmladmin/testget.8
+++ b/tests/htmladmin/testget.8
@@ -1 +1 @@
-obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&view=viewparam
\ No newline at end of file
+obj=cn%3Dslapd-INSTANCE+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&view=viewparam
\ No newline at end of file
diff --git a/tests/setup.sh b/tests/setup.sh
index 0c05de5..c979166 100755
--- a/tests/setup.sh
+++ b/tests/setup.sh
@@ -1,73 +1,157 @@
#!/bin/sh
testdir="$1"
-#sroot=/home/$USER/11srv
-sroot=/export/rmeggins/11srv
-port=1100
-secport=1101
+hostname=vmhost.testdomain.com
+domain=testdomain.com
+sroot=/home/$USER/dsol
+port=1200
+secport=1201
rootdn="cn=directory manager"
+escapedrootdn='cn\\\\3Ddirectory manager'
rootpw=password
-#adminpw=boguspassword
+adminpw=boguspassword
adminpw=admin
#needinstance=1
#needdata=1
-#usessl=1
-PATH=/usr/lib64/mozldap:/usr/lib/mozldap:$PATH
-export PATH
+usessl=1
+secdir=/home/$USER/save
+#PATH=/usr/lib64/mozldap:$PATH
+#export PATH
+instance=ds
if [ "$needinstance" ] ; then
-$sroot/bin/ds_newinst.pl - <<EOF
+$sroot/sbin/setup-ds.pl -s -f - <<EOF
[General]
-FullMachineName= localhost.localdomain
+FullMachineName= $hostname
SuiteSpotUserID= $USER
-ServerRoot= $sroot/lib/fedora-ds
[slapd]
ServerPort= $port
-ServerIdentifier= localhost
+ServerIdentifier= $instance
Suffix= o=NetscapeRoot
RootDN= $rootdn
RootDNPwd= $rootpw
EOF
+
+sslconf=/tmp/sslconf.$$.ldif
+cat > $sslconf <<EOF
+dn: cn=encryption,cn=config
+changetype: modify
+replace: nsSSL3
+nsSSL3: on
+-
+replace: nsSSLClientAuth
+nsSSLClientAuth: allowed
+-
+add: nsSSL3Ciphers
+nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,
+ +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,
+ +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,
+ +tls_rsa_export1024_with_des_cbc_sha
+
+dn: cn=config
+changetype: modify
+add: nsslapd-security
+nsslapd-security: on
+-
+replace: nsslapd-ssl-check-hostname
+nsslapd-ssl-check-hostname: off
+-
+replace: nsslapd-secureport
+nsslapd-secureport: $secport
+
+dn: cn=RSA,cn=encryption,cn=config
+changetype: add
+objectclass: top
+objectclass: nsEncryptionModule
+cn: RSA
+nsSSLPersonalitySSL: Server-Cert
+nsSSLToken: internal (software)
+nsSSLActivation: on
+
+EOF
+
+ldapmodify -x -h $hostname -p $port -D "$rootdn" -w "$rootpw" -c -f $sslconf
+rm -f $sslconf
+
+$sroot/lib/dirsrv/slapd-$instance/stop-slapd
+cp $secdir/*.db $sroot/etc/dirsrv/slapd-$instance
+cp $secdir/pin.txt $sroot/etc/dirsrv/slapd-$instance
+$sroot/lib/dirsrv/slapd-$instance/start-slapd
+
fi
if [ "$needdata" ] ; then
-$sroot/lib/fedora-ds/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $testdir/nsroot.ldif
-sleep 10
+ for file in $testdir/*.ldif.tmpl $testdir/*.mod.tmpl ; do
+ echo processing file $file
+ tmpfile=/tmp/mod.$$
+ sed \
+ -e "s/%as_uid%/admin/g" \
+ -e "s/%as_passwd%/admin/g" \
+ -e "s/%domain%/$domain/g" \
+ -e "s/%console_version%/0.0/g" \
+ -e "s/%as_baseversion%/0.0/g" \
+ -e "s/%ds_console_jar%/389-ds.jar/g" \
+ -e "s/%fqdn%/$hostname/g" \
+ -e "s/%ds_port%/$port/g" \
+ -e "s/%ds_secure_port%/$secport/g" \
+ -e "s/%ds_suffix%/$suffix/g" \
+ -e "s/%ds_user%/$USER/g" \
+ -e "s/%brand%/389/g" \
+ -e "s/%dsid%/$instance/g" \
+ -e "s,%uname_a%,`uname -a`,g" \
+ -e "s/%uname_m%/`uname -m`/g" \
+ -e "s/%ds_version%/0.0/g" \
+ -e "s/%ds_buildnum%/0.0/g" \
+ -e "s/%asid%/$instance/g" \
+ -e "s/%vendor%/389/g" \
+ -e "s/%timestamp%/`date +%Y%m%d%H%M%S`/g" \
+ -e "s/%rootdn%/$rootdn/g" \
+ -e "s/%escapedrootdn%/$escapedrootdn/g" \
+ -e "s/%ds_sie%/cn=slapd-$instance,cn=389 Directory Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot/g" \
+ -e "s/%as_sie%/cn=admin-serv-$instance,cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot/g" \
+ -e "s/%as_version%/0.0/g" \
+ -e "s/%as_buildnum%/0.0/g" \
+ -e "s/%as_console_jar%/389-admin.jar/g" \
+ -e "s/%as_port%/9830/g" \
+ -e "s/%as_user%/$USER/g" \
+ -e "s/%as_addr%/127.0.0.1/g" \
+ -e "s,%admpw%,testtmp/admpw,g" \
+ -e "s,%as_error%,testtmp/error,g" \
+ -e "s,%as_access%,testtmp/access,g" \
+ -e "s,%as_pid%,testtmp/pid,g" \
+ -e "s,%as_help_path%,testtmp,g" $file > $tmpfile
+ ldapmodify -x -h $hostname -p $port -D "$rootdn" -w "$rootpw" -c -a -f $tmpfile
+ rm -f $tmpfile
+ done
fi
rm -rf testtmp
mkdir testtmp
if [ "$usessl" ] ; then
- ldapurl="ldaps://localhost:$secport/o=NetscapeRoot"
- # grab CA cert
- certutil -L -d $sroot/etc/fedora-ds/slapd-localhost -n "CA certificate" -a > testtmp/cacert.asc
- # pin file
- echo "passwordpassword" > testtmp/pwdfile.txt
- # create sec db
- certutil -N -d testtmp -f testtmp/pwdfile.txt
- # import CA cert
- certutil -A -d testtmp -n "CA certificate" -t "CT,," -a -i testtmp/cacert.asc
+ ldapurl="ldaps://$hostname:$secport/o=NetscapeRoot"
else
- ldapurl="ldap://localhost:$port/o=NetscapeRoot"
+ ldapurl="ldap://$hostname:$port/o=NetscapeRoot"
fi
cat > testtmp/adm.conf <<EOF
ldapurl: $ldapurl
-ldapHost: localhost.localdomain
+ldapHost: $hostname
ldapPort: $port
-sie: cn=admin-serv-localhost, cn=Fedora Administration Server, cn=Server Group, cn=localhost.localdomain, ou=localdomain, o=NetscapeRoot
-isie: cn=Fedora Administration Server, cn=Server Group, cn=localhost.localdomain, ou=localdomain, o=NetscapeRoot
-port: 32348
-ldapStart: slapd-localhost/start-slapd
+sie: cn=admin-serv-$instance,cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot
+isie: cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot
+port: 9830
+ldapStart: slapd-$instance/start-slapd
+securitydir: $secdir
EOF
+cp testtmp/adm.conf testtmp/adm.conf.orig
cat > testtmp/admpw <<EOF
admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
EOF
cat > testtmp/console.conf <<EOF
-Listen localhost:54321
+Listen $hostname:9830
CustomLog testtmp/access common
ErrorLog testtmp/error
PidFile testtmp/pid
@@ -77,11 +161,11 @@ EOF
dir=`pwd`
# CGI env. vars
-#ADMSERV_CONF_DIR=$dir/testtmp
+ADMSERV_CONF_DIR=$dir/testtmp
#ADMSERV_CONF_DIR=$sroot/etc/fedora-ds/admin-serv
-#export ADMSERV_CONF_DIR
-#ADMSERV_LOG_DIR=$dir/testtmp
-#export ADMSERV_LOG_DIR
+export ADMSERV_CONF_DIR
+ADMSERV_LOG_DIR=$dir/testtmp
+export ADMSERV_LOG_DIR
HTTP_ACCEPT_LANGUAGE=en
export HTTP_ACCEPT_LANGUAGE
SERVER_URL=http://localhost
@@ -92,65 +176,80 @@ cat > $pwpfile <<EOF
User: admin
Password: $adminpw
-UserDN: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
+UserDN: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
SIEPWD: $adminpw
EOF
-VALGRIND="valgrind --log-file=/var/tmp/vg.out --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 "
+VALGRIND="valgrind -q --tool=memcheck --leak-check=yes --suppressions=/share/scripts/valgrind.supp --num-callers=40 --log-file="
GDB="gdb -x .gdbinit "
#DEBUGCMD="$VALGRIND"
-#DEBUGCMD="$GDB"
+DEBUGCMD="$GDB"
+
+PROGS="help"
+#PROGS="mergeConfig admpw security ugdsconfig ReadLog start_config_ds \
+# config statpingserv viewdata dsconfig monreplication restartsrv \
+# statusping viewlog htmladmin sec-activate stopsrv download help"
-PROGS="mergeConfig admpw security ugdsconfig ReadLog start_config_ds \
- config statpingserv viewdata dsconfig monreplication restartsrv \
- statusping viewlog htmladmin sec-activate stopsrv download help"
+#SCRIPTS=ds_create
-SCRIPTS=ds_create
+#$sroot/lib/dirsrv/slapd-$instance/stop-slapd
# each prog has a subdir containing the GET/POST args and any other test data
for prog in $PROGS ; do
getlist=/tmp/gettests.$$
find $testdir/$prog -name testget.\* -print 2> /dev/null | sort -n > $getlist
for test in `cat $getlist` ; do
- if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi
- basetest=`basename $test`
- echo "Running test $test"
- REQUEST_METHOD=GET ; export REQUEST_METHOD
- QUERY_STRING="`cat $test`" ; export QUERY_STRING
- SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME
- # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST
- exec 4<$pwpfile
- PASSWORD_PIPE=4 ; export PASSWORD_PIPE
- if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then
- echo "break main" > .gdbinit
- echo "run > results/$prog/$basetest.html" >> .gdbinit
- ./libtool --mode execute $GDB ./$prog
- else
- ./libtool --mode execute $DEBUGCMD ./$prog > results/$prog/$basetest.html
- fi
+ if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi
+ sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed
+ basetest=`basename $test`
+ echo "Running test $test"
+ REQUEST_METHOD=GET ; export REQUEST_METHOD
+ QUERY_STRING="`cat $test.sed`" ; export QUERY_STRING
+ SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME
+ # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST
+ exec 4<$pwpfile
+ PASSWORD_PIPE=4 ; export PASSWORD_PIPE
+ if [ "$DEBUGCMD" = "$VALGRIND" ] ; then
+ VGFILE="results/$prog/vg.$basetest"
+ fi
+ if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then
+ echo "break main" > .gdbinit
+ echo "run > results/$prog/$basetest.html" >> .gdbinit
+ ./libtool --mode execute $GDB ./$prog
+ else
+ ./libtool --mode execute ${DEBUGCMD}$VGFILE ./$prog > results/$prog/$basetest.html
+ fi
+ rm $test.sed
done
rm -f $getlist
+ cp -p testtmp/adm.conf.orig testtmp/adm.conf
postlist=/tmp/posttests.$$
find $testdir/$prog -name testpost.\* -print 2> /dev/null | sort -n > $postlist
for test in `cat $postlist` ; do
- if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi
- basetest=`basename $test`
- echo "Running test $test"
- REQUEST_METHOD=POST ; export REQUEST_METHOD
- CONTENT_LENGTH=`wc -c $test | cut -f1 -d' '` ; export CONTENT_LENGTH
- SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME
- # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST
- exec 4<$pwpfile
- PASSWORD_PIPE=4 ; export PASSWORD_PIPE
- if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then
- echo "break main" > .gdbinit
- echo "run < $test > results/$prog/$basetest.html" >> .gdbinit
- ./libtool --mode execute $GDB ./$prog
- else
- ./libtool --mode execute $DEBUGCMD ./$prog < $test > results/$prog/$basetest.html
- fi
+ if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi
+ sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed
+ basetest=`basename $test`
+ echo "Running test $test"
+ REQUEST_METHOD=POST ; export REQUEST_METHOD
+ CONTENT_LENGTH=`wc -c $test.sed | cut -f1 -d' '` ; export CONTENT_LENGTH
+ SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME
+ # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST
+ exec 4<$pwpfile
+ PASSWORD_PIPE=4 ; export PASSWORD_PIPE
+ if [ "$DEBUGCMD" = "$VALGRIND" ] ; then
+ VGFILE="results/$prog/vg.$basetest"
+ fi
+ if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then
+ echo "break main" > .gdbinit
+ echo "run < $test.sed > results/$prog/$basetest.html" >> .gdbinit
+ ./libtool --mode execute $GDB ./$prog
+ else
+ ./libtool --mode execute ${DEBUGCMD}$VGFILE ./$prog < $test.sed > results/$prog/$basetest.html
+ fi
+ rm $test.sed
done
rm -f $postlist
+ cp -p testtmp/adm.conf.orig testtmp/adm.conf
done
for prog in $SCRIPTS ; do
@@ -158,10 +257,11 @@ for prog in $SCRIPTS ; do
find $testdir/$prog -name testget.\* -print 2> /dev/null | sort -n > $getlist
for test in `cat $getlist` ; do
if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi
+ sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed
basetest=`basename $test`
echo "Running test $test"
REQUEST_METHOD=GET ; export REQUEST_METHOD
- QUERY_STRING="`cat $test`" ; export QUERY_STRING
+ QUERY_STRING="`cat $test.sed`" ; export QUERY_STRING
SCRIPT_NAME=slapd/Tasks/Operation/$prog ; export SCRIPT_NAME
# open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST
exec 4<$pwpfile
@@ -171,8 +271,10 @@ for prog in $SCRIPTS ; do
else
perl -w admserv/cgi-src40/$prog
fi
+ rm $test.sed
done
rm -f $getlist
+ cp -p testtmp/adm.conf.orig testtmp/adm.conf
done
rm -rf $pwpfile .gdbinit
diff --git a/tests/ugdsconfig/testget.10 b/tests/ugdsconfig/testget.10
index 593e766..77ec9ea 100644
--- a/tests/ugdsconfig/testget.10
+++ b/tests/ugdsconfig/testget.10
@@ -1 +1 @@
-op=setconfig&ugdsconfig.inforef=cn%3DUserDirectory%2C+ou%3DGlobal+Preferences%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&ugdsconfig.dirurl=ldap://newhost:newport/o=newsuffix&ugdsconfig.binddn=newbinddn&ugdsconfig.bindpw=newbindpw
\ No newline at end of file
+op=setconfig&ugdsconfig.inforef=cn%3DUserDirectory%2C+ou%3DGlobal+Preferences%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&ugdsconfig.dirurl=ldap://newhost:newport/o=newsuffix&ugdsconfig.binddn=newbinddn&ugdsconfig.bindpw=newbindpw
\ No newline at end of file
diff --git a/tests/viewdata/testget.2 b/tests/viewdata/testget.2
index 93dc6a7..74af381 100644
--- a/tests/viewdata/testget.2
+++ b/tests/viewdata/testget.2
@@ -1 +1 @@
-sie=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot
\ No newline at end of file
+sie=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot
\ No newline at end of file
diff --git a/tests/viewdata/testget.3 b/tests/viewdata/testget.3
index 5d6fcd5..d6527d8 100644
--- a/tests/viewdata/testget.3
+++ b/tests/viewdata/testget.3
@@ -1 +1 @@
-sie=cn%3Dslapd-localhost2%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot
\ No newline at end of file
+sie=cn%3Dslapd-INSTANCE2%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot
\ No newline at end of file
diff --git a/tests/viewdata/testget.4 b/tests/viewdata/testget.4
index 9f6cd3a..4858c39 100644
--- a/tests/viewdata/testget.4
+++ b/tests/viewdata/testget.4
@@ -1 +1 @@
-sie=cn%3Dadmin-serv-localhost%2C+cn%3DFedora+Administration+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot
\ No newline at end of file
+sie=cn%3Dadmin-serv-INSTANCE%2C+cn%3D389+Administration+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot
diff --git a/tests/viewlog/testget.3 b/tests/viewlog/testget.3
index 663e36c..ba8e2b6 100644
--- a/tests/viewlog/testget.3
+++ b/tests/viewlog/testget.3
@@ -1 +1 @@
-file=access&num=25&str=&id=slapd-localhost
\ No newline at end of file
+file=access&num=25&str=&id=slapd-INSTANCE
diff --git a/tests/viewlog/testget.4 b/tests/viewlog/testget.4
index 4dcc43b..8b8839b 100644
--- a/tests/viewlog/testget.4
+++ b/tests/viewlog/testget.4
@@ -1 +1 @@
-file=errors&num=25&str=&id=slapd-localhost
\ No newline at end of file
+file=errors&num=25&str=&id=slapd-INSTANCE
13 years, 6 months
VERSION.sh
by Richard Allen Megginson
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 28f83cce08acfbc615b862e762eb62b3b72cfe28
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Oct 20 10:46:49 2010 -0600
bump version to 1.2.7.a3
diff --git a/VERSION.sh b/VERSION.sh
index af6b06f..759b92e 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -14,7 +14,7 @@ VERSION_MAINT=7
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
-VERSION_PREREL=.a2
+VERSION_PREREL=.a3
# NOTES on VERSION_PREREL
# use aN for an alpha release e.g. a1, a2, etc.
# use rcN for a release candidate e.g. rc1, rc2, etc.
13 years, 6 months
Changes to 'refs/tags/389-ds-base-1.2.7.a2'
by Richard Allen Megginson
Changes since 389-ds-base-1.2.6.a1:
Endi S. Dewata (166):
Bug 545620 - Password cannot start with minus sign
Bug 538525 - Ability to create instance as non-root user
Bug 570542 - Root password cannot contain matching curly braces
Bug 470684 - Pam_passthru plugin doesn't verify account activation
Bug 573375 - MODRDN operation not logged
Bug 520151 - Error when modifying userPassword with proxy user
Bug 455489 - Address compiler warnings about strict-aliasing rules
Bug 566320 - RFE: add exception to removal of attributes in cn=config for aci
Bug 566043 - startpid file is only cleaned by initscript runs
Bug 584109 - Slapd crashes while parsing DNA configuration
Bug 542570 - Directory Server port number is not validated in the beginning.
Bug 145181 - Plugin target/bind subtrees only take 1 value.
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 628096 - spurious error message from /sbin/service when doing a stop on no instances
Bug 573889 - Migration does not remove deprecated schema
Endi Sukma Dewata (16):
Bug 630092 - Coverity #12117: Resource leaks issues
Bug 630092 - Coverity #15478: Resource leaks issues
Bug 630092 - Coverity #15479: Resource leaks issues
Bug 630092 - Coverity #15481: Resource leaks issues
Bug 630092 - Coverity #15482: Resource leaks issues
Bug 630092 - Coverity #15483: Resource leaks issues
Bug 630092 - Coverity #15484: Resource leaks issues
Bug 630092 - Coverity #15485: Resource leaks issues
Bug 630092 - Coverity #15487: Resource leaks issues
Bug 630092 - Coverity #15490: Resource leaks issues
Bug 630092 - Coverity #15497: Resource leaks issues
Bug 630092 - Coverity #11991: Resource leaks issues
Bug 630092 - Coverity #12000: Resource leaks issues
Bug 630092 - Coverity #12003: Resource leaks issues
Bug 630092 - Coverity #11985: Resource leaks issues
Bug 630092 - Coverity #11992,11993: Resource leaks issues
Nathan Kinder (85):
Bug 549554 - Trim single-valued attributes before sending to AD
Improve search for pcre header file
Bug 434735 - Allow SASL ANONYMOUS mech to work
Bug 570912 - Avoid selinux context conflict with httpd
Allow instance name to be parsed from start-slapd
Add managed entries plug-in
Bug 572355 - Label instance files and ports during upgrade.
Bug 578863 - Password modify extop needs to send referrals on replicas
Bug 584156 - Remove ldapi socket file during upgrade
Fix rsearch usage of name files for random filters
Bug 584497 - Allow DNA plugin to set same value on multiple attributes
Add replication session hooks
Correct function prototype for repl session hook
Bug 592389 - Set anonymous resource limits properly
Bug 601433 - Add man pages for start-dirsrv and related commands
Bug 604263 - Fix memory leak when password change is rejected
Bug 612242 - membership change on DS does not show on AD
Bug 613833 - Allow dirsrv_t to bind to rpc ports
Bug 594745 - Get rid of dirsrv_lib_t label
Bug 620927 - Allow multiple membership attributes in memberof plugin
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 630098 - fix coverity Defect Type: Code maintainability issues
Bug 630098 - fix coverity Defect Type: Code maintainability issues
Bug 630093 - (cov#15511) Don't use unintialized search_results in refint plugin
Bug 630093 - (cov#15518) Need to intialize fd in ldbm2ldif code
Bug 630096 - (cov#11778) check return value of ldap_parse_result
Bug 630096 - (cov#15446) check return value of ber_scanf()
Bug 630096 - (cov#15449,15450) Check return value of stat()
Bug 630096 - (cov#15448) Check return value of cache_replace()
Bug 630096 - (cov#15447) - Check return value of idl_append_extend()
Bug 630090 - (cov#11974) Remove unused ACL functions
Bug 630090 - (cov#15445) Fix illegal free in archive code
Bug 630094 - (cov#11818) Fix unreachable return in snmp subagent
Bug 630094 - (cov#15451) Get rid of unreachable free statements
Bug 630094 - (cov#15452) Remove NULL checking for op_string
Bug 630094 - (cov#15453) Eliminate NULL check for local_newentry
Bug 630094 - (cov#15454) Fix deadcode issue in mapping tree code
Bug 630094 - (cov#15455) Remove deadcode in attr_index_config()
Bug 630094 - (cov#15456) Remove NULL check for srdn in import code
Bug 630094 - (cov#15457) Remove deadcode in import code
Bug 630094 - (cov#15458) Fix deadcode issue in moddn code
Bug 630094 - (cov#15459) Remove NULL check for srdn in ldif2ldbm code
Bug 630094 - (cov#15520) Fix unreachable code issue if perfctrs code
Bug 630094 - (cov#15581) Add missing breaks in agt_mopen_stats()
Bug 690090 - (cov#11974) Remove additional unused ACL functions
Bug 630091 - (cov#15512) Fix usage of uninitialized bervals
Bug 630091 - (cov#15513) Fix usage of uninitialized bervals
Bug 630091 - (cov#15514) Initialize DBT in entryrdn_get_parent()
Bug 630091 - (cov#15515) Use of uninitialized array in index config code
Bug 630091 - (cov#15516,15517) Initialize pointers before attempting to free
Bug 630091 - (cov#15519) Initialize bervals in search_easter_egg()
Bug 630091 - (cov#15582) Free of uninitialized pointer in attr_index_config()
Bug 630097 - (cov#11933) Fix NULL dereference in schema code
Bug 630097 - (cov#11938) NULL dereference in mmldif
Bug 630097 - (cov#11946) NULL dereference in ResHashCreate()
Bug 630097 - (cov#11964) Remove dead code from libaccess
Bug 630097 - (cov#12143) NULL dereference in cos cache code
Bug 630097 - (cov#12148) NULL dereference in ruvInit()
Bug 630097 - (cov#12182,12183) NULL dereference in import code
Bug 630097 - (cov#15460) NULL deference in ACL URL code
Bug 630097 - (cov#15461) Remove unnecessary NULL check in DNA
Bug 630097 - (cov#15462) NULL dereference in mep_modrdn_post_op()
Bug 630097 - (cov#15463) Remove NULL check in referint plugin
Bug 630097 - (cov#15464) NULL dereference in repl code
Bug 630097 - (cov#15465) Null dereference in USN code
Bug 630097 - (cov#15473) NULL dereference in ResHashCreate()
Bug 630097 - (cov#15505) NULL dereference in memberOf code
Bug 630097 - (cov#15506) NULL dereference in dblayer code
Bug 630097 - (cov#15507,15508) NULL dereference in entryrdn code
Bug 630097 - (cov#15509) NULL dereference in idsktune
Bug 630097 - (cov#11938) NULL dereference in mmldif
Bug 630097 - (cov#15477) NULL dereference in ACL plug-in code
Bug 630091 - (cov#12209) Use of uninitialized pointer in libaccess
Bug 630092 - (cov#12116) Resource leak in ldclt code
Bug 630092 - (cov#12105) Resource leak in pwdscheme config code
Bug 630092 - (cov#12068) Resource leak in certmap code
Bug 630091 - (cov#11973) Array overrun in libaccess
Bug 522055 - Scope check for managed attribute fails
Bug 625335 - Self-write aci has permission to invalid attribute
Bug 631993 - Log authzid when proxy auth control is used
Cov #16300 - Unused variable in account policy plugin
Bug 544321 - remove-ds.pl should not throw error unlabelling port
Bug 555955 - Allow CoS values to be merged
Bug 643937 - Initialize replication version flags
Bug 305131 - Allow empty modify operation
Noriko Hosoi (171):
544089 - Referential Integrity Plugin does not take into account the attribute
557224 - subtree rename breaks the referential integrity plug-in
247413 - Incorrect error on multiple identical value add
559016 - Attempting to rename suffix returns inappropriate errors
555577 - Syntax validation fails for "ou=NetscapeRoot" tree
Undo - 555577 - Syntax validation fails for "ou=NetscapeRoot" tree
560827 - Admin Server templates: DistinguishName validation fails
548535 - memory leak in attrcrypt
563365 - Error handling problems in the backend functions
565664 - Incorrect parameter for CACHE_RETURN()
565987 - redhat-ds-base fails to build due to undefined struct
527848 - make sure db upgrade to 4.7 and later works correctly
539618 - Replication bulk import reports Invalid read/write
567370 - dncache: assertion failure in id2entry_delete
548115 - memory leak in schema reload
555970 - missing read lock in the combination of cos and nsview
539618 - Replication bulk import reports Invalid read/write
570667 - MMR: simultaneous total updates on the masters cause
Merge branch '547503'
Revert "Merge branch '547503'"
Bug 554573 - ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
199923 - subtree search fails to find items under a db
570107 - The import of LDIFs with base-64 encoded DNs fails,
572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case)
573060 - DN normalizer: ESC HEX HEX is not normalized (
573896 - initializing subtree with invalid syntax crashes ns-slapd
515805 - Stop "initialize Database" crashes the server
548533 - memory leak in Repl_5_Inc_Protocol_new
Fixing a syntax error
Update to New DN Format
585905 - ACL with targattrfilters error crashes the server
574167 - An escaped space at the end of the RDN value is not
590931 - rhds81 import - hardcoded pages_limit for nsslapd-import-cache-autosize
591336 - Implementing upgrade DN format tool
593453 - Creating password policy with ns-newpolicy.pl on Replicated
593110 - backup-restore does not ALWAYS work
593899 - adding specific ACI causes very large mem allocate request
588867 - entryusn plugin fails on solaris
593899 - adding specific ACI causes very large mem allocate request
595893 - Base DN in SASL mapping is not normalized
511112 - Password history limited to 25 values
597375 - Deleting LDBM database causes backup/restore problem
574101 - MODRDN request never returns - possible deadlock
606920 - anonymous resource limit - nstimelimit -
605827 - In-place upgrade: upgrade dn format should not run in setup-ds-admin.pl
578296 - Attribute type entrydn needs to be added when subtree
609256 - Selinux: pwdhash fails if called via Admin Server CGI
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
609255 - fix coverity Defect Type: Memory - illegal accesses issues
616618 - 389 v1.2.5 accepts 2 identical entries with different DN formats
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
610281 - fix coverity Defect Type: Control flow issues
616608 - SIGBUS in RDN index reads on platforms with strict alignments
619595 - Upgrading sub suffix under non-normalized suffix disappears
513166 - Simple Paged result doesn't provide the server's estimate
621928 - Unable to enable replica (rdn problem?) on 1.2.6 rc6
Bug 194531 - db2bak is too noisy
Bug 622628 - fix coverity Defect Type: Integer handling issues
Bug 622628 - fix coverity Defect Type: Integer handling issues
Bug 622628 - fix coverity Defect Type: Integer handling issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 622903 - fix coverity Defect Type: Code maintainability issues
Bug 623118 - Simplepaged results going in infinite loop
Bug 614511 - fix coverity Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 619122 - fix coverity Defect Type: Resource leaks issues CID 11975 - 12051
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 617630 - fix coverity Defect Type: Resource leaks issues CID 12052 - 12093
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136
Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136
Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939
Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892
Bug 616500 - fix coverity Defect Type: Resource leaks issues
Bug 623507 - fix coverity Defect Type: Incorrect expression issues
Bug 623507 - fix coverity Defect Type: Incorrect expression issues
Bug 613056 - fix coverify Defect Type: Null pointer dereferences
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166
Removed redundant code in agmt_new_from_entry
Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093
Bug 628300 - DN is not normalized in dn/entry cache when an entry is added, entrydn is not present in search results
Bug 531642 - EntryUSN: RFE: a configuration option to make entryusn "global"
Bug 627738 - The cn=monitor statistics entries for the dnentry cache do not change or change very rarely
DN normalizer should check the invalid type
Bug 627738 - The cn=monitor statistics entries for the dnentry cache
Bug 629710 - escape_string does not check '\<HEX><HEX>'
agmtlist_shutdown (repl5_agmtlist.c) had an illegal access defect.
Bug 633168 - Share backend dbEnv with the replication changelog
Bug 633168 - Share backend dbEnv with the replication changelog
Bug 631862 - crash - delete entries not in cache + referint
Bug 625014 - SubTree Renames: ModRDN operation fails and the server hangs if the entry is moved to "under" the same DN.
Bug 558099 - Enhancement request: Log more information about the search result being a paged one
Bug 635987 - Incorrect sub scope search result with
Bug 606920 - anonymous resource limit- nstimelimit -
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 639289 - Adding a new CN entry with UpperCase UTF-8 Character
Bug 640027 - Naming attribute with a special char sequence parsing bug
Bug 640854 - changelog db: _cl5WriteOperation: failed to
Bug 637852 - sasl_io_start_packet: failed - read only 3 bytes
Bug 586966 - Sample update script has syntax errors
Bug 586973 - Sample update ldif points to non-existent directory
Bug 602456 - Allow to add any cn=config attributes;
Bug 244229 - targetattr not verified against schema when setting an aci
Bug 643532 - Incorrect DNs sometimes returned on searches
Bug 592397 - Upgrade tool dn2rdn: it does not clean up
Rich Megginson (120):
Net::LDAP password modify extop breaks; msgid in response is 0xFF
Clean up assert for entrydn
Bug 543080 - Bitwise plugin fails to return the exact matched entries for Bitwise search filter
Bug 537466 - nsslapd-distribution-plugin should not require plugin name to begin with "lib"
bump version to 1.2.6.a2
Do not use syntax plugins directly for filters, indexing
wrap new style matching rule plugins for use in old style indexing code
change extensible filter code to use new syntax function style mr funcs
change syntax plugins to register required matching rule plugins
crash looking up compat syntax; numeric string syntax using integer; make octet string ordering work correctly
fix memory leak in attr replace when replacement fails
fix dso linking issues found by fedora 13 linking
problems linking with -z defs
389 DS segfaults on libsyntax-plugin.so - part 1
389 DS segfaults on libsyntax-plugin.so - part 2
389 DS segfaults on libsyntax-plugin.so - part 3
Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location on non-RHEL/Fedora OS
Bug 568196 - Install DS8.2 on Solaris fails
Bug 568196 - Install DS8.2 on Solaris fails - part 2
Bug 551198 - LDAPI: incorrect logging to access log
bump version to 1.2.6.a3
fix various memory leaks
Bug 551198 - LDAPI: incorrect logging to access log - part 2
Bug 554573 - ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
cleanup build warnings
Bug 571514 - upgrade to 1.2.6 should upgrade 05rfc4523.ldif (cert schema)
Bug 570905 - postalAddress syntax should allow empty lines (should allow $$)
Add support for additional schema/matching rules included with 389
Bug 572677 - Memory leak in searches including GER control
Bug 571677 - Busy replica on consumers when directly deleting a replication conflict
Bug 576074 - search filters with parentheses fail
Bug 567429 - slapd didn't close connection and get into CLOSE_WAIT state
Bug 578167 - repl. of mod/replace deletes multi-valued attrs
Bug 561575 - setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile
Bug 572162 - the string "|*" within a search filter on a non-indexed attribute returns all elements.
Bug 576644 - segfault while multimaster replication (paired node won't find deleted entries)
start of 1.2.6.a4
Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
Fix too few args for format warning in acllas
Bug 586571 - DS Console shows escaped DNs
Bug 591685 - Server instances Fail to Start on Solaris due to Library Path and pcre
bump console version to 1.2.3
Repl Session API needs to check for NULL api before init
Bug 593392 - setup-ds-admin.pl -k creates world readable file
Bug 595874 - 99user.ldif getting overpopulated
bump version to 1.2.6.a5
bump version to 1.2.6.rc1
bump version to 1.2.6.rc2
bump version to 1.2.6.rc3
Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Bug 603942 - null deref in _ger_parse_control() for subjectdn
bump version to 1.2.6.rc4
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 602530 - coverity: op_shared_modify: compare pre, post and original entries before freeing them
Bug 602531 - coverity: op_shared_delete: compare preop entry and GLUE_PARENT_ENTRY before freeing them
Bug 609590 - fix coverity Defect Type: Memory - corruptions issues
Bug 610177 - fix coverity Defect Type: Uninitialized variables issues
Bug 610276 - fix coverity Defect Type: API usage errors issues
Bug 611850 - fix coverity Defect Type: Error handling issues
Bug 614242 - C99/ANSI C++ related compile errors on HP-UX
Bug 547503 - replication broken again, with 389 MMR replication and TCP errors
Bug 617013 - repl-monitor.pl use cpu upto 90%
fix build failures due to libtool problems
Bug 617629 - Missing aliases in new schema files
Bug 617862 - Replication: Unable to delete tombstone errors
bump version to 1.2.7.a1
Bug 610281 - fix coverity Defect Type: Control flow issues - daemon.c:write_function()
Bug 610281 - fix coverity Defect Type: Control flow issues - last repl init status
postalAddress syntax does not accept empty values
ger should support both "dn" and "distinguishedName"
openldap - ldap_url_parse_ext is not part of the public api
fix memleak in ldbm_config_read_instance_entries
Add -x option to ldap tools when using openldap
openldap - add support for missing controls, add ldif api, fix NSS usage
port client tools to use openldap API
use the mozldap versions of the proxy auth control create function
document slapi wrappers for openldap/mozldap functions that differ
fix some compiler warnings
use strcasecmp with ptype and type->bv_val
ber_printf 'o' cannot handle NULL bv_val
fix the url_parse logic when looking for a missing suffix DN
openldap ldapsearch uses -LLL to suppress # version: N
add ldaptool_opts for the non BUNDLE case in Makefile.am
openldap ldapsearch returns empty line at end of LDIF output
have to use LDAP_OPT_X_TLS_NEVER to defeat cert hostname checking
openldap_read_function needs to set EWOULDBLOCK if the buffer is empty
do not terminate unwrapped LDIF line with another newline
slapi_ldap_url_parse must handle multiple host:port in url
convert mozldap host list to openldap uri list
move the out pointer back if continuation lines were removed
check src < *out only; only check for \nspace if src < *out - 2
use slapi_ldap_url_parse in the acl code
do not un-null-terminate normalized DN until new url is constructed
implement slapi_ldap_explode_dn and slapi_ldap_explode_rdn
use slapi_pblock_set to set the ldap result code for the be postop plugins
pass the string copy to slapi_dn_normalize_original
bug 614511 - fix coverity null reference - revert macro aci $dn logic
fix compiler warnings - unused vars/funcs, invalid casts
use slapi_mods_init_passin/get_ldapmods_passout if modifying the smods
Have to explicitly set protocol version to 3
Only check modrdn ops for backend/suffix correctness if not the default backend
Bug 634561 - Server crushes when using Windows Sync Agreement
openldap ber_init will assert if the bv->bv_val is NULL
add the account policy plugin and related server code, schema, and config
fix pblock memory leak
do not register pre/post op plugins if disabled
add support for global inactivity limit
fix typos in Makefile.am, acctpolicy schema
bump version to 1.2.7.a2
remove extra format argument; use %lu for size_t printf format
Bug 644013 - uniqueness plugin segfault bug
root (1):
Bug 480787 - Autoconf parameter --with and --without
---
.gitignore | 1
Makefile.am | 116
Makefile.in | 4821 +
VERSION.sh | 7
aclocal.m4 | 6884 --
compile | 21
config.guess | 302
config.h.in | 9
config.sub | 232
configure |30118 +++++-------
configure.ac | 59
depcomp | 172
include/base/dbtbase.h | 2
include/base/lexer.h | 126
include/i18n.h | 115
include/ldaputil/ldaputil.h | 10
include/libaccess/aclerror.h | 1
include/libaccess/aclproto.h | 15
include/libaccess/aclstruct.h | 2
include/libaccess/dbtlibaccess.h | 3
include/public/nsacl/aclapi.h | 7
install-sh | 517
ldap/admin/src/scripts/10cleanupldapi.pl | 23
ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif | 5
ldap/admin/src/scripts/60upgradeschemafiles.pl | 2
ldap/admin/src/scripts/80upgradednformat.pl | 171
ldap/admin/src/scripts/81changelog.pl | 29
ldap/admin/src/scripts/90subtreerename.pl | 6
ldap/admin/src/scripts/DSCreate.pm.in | 136
ldap/admin/src/scripts/DSDialogs.pm | 4
ldap/admin/src/scripts/DSMigration.pm.in | 11
ldap/admin/src/scripts/DSUpdate.pm.in | 12
ldap/admin/src/scripts/DSUtil.pm.in | 106
ldap/admin/src/scripts/Inf.pm | 53
ldap/admin/src/scripts/Migration.pm.in | 19
ldap/admin/src/scripts/Setup.pm.in | 19
ldap/admin/src/scripts/exampleupdate.ldif | 2
ldap/admin/src/scripts/exampleupdate.sh | 10
ldap/admin/src/scripts/migrate-ds.pl.in | 13
ldap/admin/src/scripts/remove-ds.pl.in | 28
ldap/admin/src/scripts/repl-monitor.pl.in | 3
ldap/admin/src/scripts/restart-dirsrv.in | 25
ldap/admin/src/scripts/setup-ds.pl.in | 7
ldap/admin/src/scripts/setup-ds.res.in | 9
ldap/admin/src/scripts/start-dirsrv.in | 32
ldap/admin/src/scripts/stop-dirsrv.in | 27
ldap/admin/src/scripts/template-bak2db.in | 36
ldap/admin/src/scripts/template-bak2db.pl.in | 4
ldap/admin/src/scripts/template-db2bak.in | 40
ldap/admin/src/scripts/template-db2bak.pl.in | 4
ldap/admin/src/scripts/template-db2index.in | 2
ldap/admin/src/scripts/template-db2index.pl.in | 8
ldap/admin/src/scripts/template-db2ldif.in | 2
ldap/admin/src/scripts/template-db2ldif.pl.in | 4
ldap/admin/src/scripts/template-dbverify.in | 2
ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in | 4
ldap/admin/src/scripts/template-fixup-memberof.pl.in | 4
ldap/admin/src/scripts/template-ldif2db.in | 2
ldap/admin/src/scripts/template-ldif2db.pl.in | 4
ldap/admin/src/scripts/template-ldif2ldap.in | 4
ldap/admin/src/scripts/template-monitor.in | 4
ldap/admin/src/scripts/template-ns-accountstatus.pl.in | 8
ldap/admin/src/scripts/template-ns-activate.pl.in | 8
ldap/admin/src/scripts/template-ns-inactivate.pl.in | 8
ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in | 6
ldap/admin/src/scripts/template-restart-slapd.in | 2
ldap/admin/src/scripts/template-restoreconfig.in | 4
ldap/admin/src/scripts/template-saveconfig.in | 4
ldap/admin/src/scripts/template-schema-reload.pl.in | 4
ldap/admin/src/scripts/template-start-slapd.in | 3
ldap/admin/src/scripts/template-stop-slapd.in | 2
ldap/admin/src/scripts/template-suffix2instance.in | 4
ldap/admin/src/scripts/template-syntax-validate.pl.in | 4
ldap/admin/src/scripts/template-upgradedb.in | 4
ldap/admin/src/scripts/template-upgradednformat.in | 56
ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in | 4
ldap/admin/src/scripts/template-vlvindex.in | 4
ldap/admin/src/slapd.inf.in | 2
ldap/include/ldaplog.h | 1
ldap/ldif/template-baseacis.ldif.in | 2
ldap/ldif/template-bitwise.ldif.in | 6
ldap/ldif/template-dse.ldif.in | 30
ldap/ldif/template-suffix-db.ldif.in | 1
ldap/schema/00core.ldif | 60
ldap/schema/01core389.ldif | 3
ldap/schema/02common.ldif | 4
ldap/schema/05rfc4523.ldif | 14
ldap/schema/05rfc4524.ldif | 30
ldap/schema/06inetorgperson.ldif | 5
ldap/schema/10mep-plugin.ldif | 104
ldap/schema/30ns-common.ldif | 4
ldap/schema/60acctpolicy.ldif | 47
ldap/schema/60qmail.ldif | 4
ldap/servers/plugins/acctpolicy/acct_config.c | 143
ldap/servers/plugins/acctpolicy/acct_init.c | 191
ldap/servers/plugins/acctpolicy/acct_plugin.c | 314
ldap/servers/plugins/acctpolicy/acct_util.c | 257
ldap/servers/plugins/acctpolicy/acctpolicy.h | 81
ldap/servers/plugins/acctpolicy/sampleconfig.ldif | 40
ldap/servers/plugins/acctpolicy/samplepolicy.ldif | 27
ldap/servers/plugins/acl/acl.c | 105
ldap/servers/plugins/acl/acl.h | 15
ldap/servers/plugins/acl/acl_ext.c | 29
ldap/servers/plugins/acl/aclanom.c | 1
ldap/servers/plugins/acl/acleffectiverights.c | 54
ldap/servers/plugins/acl/aclgroup.c | 9
ldap/servers/plugins/acl/acllas.c | 379
ldap/servers/plugins/acl/acllist.c | 14
ldap/servers/plugins/acl/aclparse.c | 590
ldap/servers/plugins/acl/aclplugin.c | 27
ldap/servers/plugins/acl/aclproxy.c | 232
ldap/servers/plugins/acl/aclutil.c | 103
ldap/servers/plugins/bitwise/bitwise.c | 20
ldap/servers/plugins/chainingdb/cb_bind.c | 2
ldap/servers/plugins/chainingdb/cb_config.c | 13
ldap/servers/plugins/chainingdb/cb_controls.c | 12
ldap/servers/plugins/chainingdb/cb_init.c | 4
ldap/servers/plugins/chainingdb/cb_instance.c | 68
ldap/servers/plugins/chainingdb/cb_utils.c | 3
ldap/servers/plugins/collation/collate.c | 22
ldap/servers/plugins/cos/cos_cache.c | 242
ldap/servers/plugins/deref/deref.c | 8
ldap/servers/plugins/dna/dna.c | 550
ldap/servers/plugins/http/http_impl.c | 81
ldap/servers/plugins/linkedattrs/fixup_task.c | 4
ldap/servers/plugins/linkedattrs/linked_attrs.c | 17
ldap/servers/plugins/memberof/memberof.c | 444
ldap/servers/plugins/memberof/memberof.h | 5
ldap/servers/plugins/memberof/memberof_config.c | 230
ldap/servers/plugins/mep/mep.c | 2264
ldap/servers/plugins/mep/mep.h | 124
ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 17
ldap/servers/plugins/passthru/ptconfig.c | 43
ldap/servers/plugins/pwdstorage/smd5_pwd.c | 9
ldap/servers/plugins/referint/referint.c | 700
ldap/servers/plugins/replication/cl5_api.c | 1467
ldap/servers/plugins/replication/cl5_api.h | 77
ldap/servers/plugins/replication/cl5_clcache.c | 18
ldap/servers/plugins/replication/cl5_clcache.h | 2
ldap/servers/plugins/replication/cl5_config.c | 181
ldap/servers/plugins/replication/legacy_consumer.c | 1
ldap/servers/plugins/replication/repl-session-plugin.h | 119
ldap/servers/plugins/replication/repl5.h | 40
ldap/servers/plugins/replication/repl5_agmt.c | 96
ldap/servers/plugins/replication/repl5_agmtlist.c | 11
ldap/servers/plugins/replication/repl5_connection.c | 119
ldap/servers/plugins/replication/repl5_inc_protocol.c | 27
ldap/servers/plugins/replication/repl5_init.c | 26
ldap/servers/plugins/replication/repl5_plugins.c | 12
ldap/servers/plugins/replication/repl5_prot_private.h | 4
ldap/servers/plugins/replication/repl5_protocol.c | 99
ldap/servers/plugins/replication/repl5_protocol_util.c | 506
ldap/servers/plugins/replication/repl5_replica.c | 73
ldap/servers/plugins/replication/repl5_replica_config.c | 1
ldap/servers/plugins/replication/repl5_ruv.c | 52
ldap/servers/plugins/replication/repl5_tot_protocol.c | 28
ldap/servers/plugins/replication/repl5_total.c | 22
ldap/servers/plugins/replication/repl_compare.c | 1
ldap/servers/plugins/replication/repl_controls.c | 2
ldap/servers/plugins/replication/repl_extop.c | 262
ldap/servers/plugins/replication/repl_init.c | 1
ldap/servers/plugins/replication/repl_objset.c | 9
ldap/servers/plugins/replication/repl_session_plugin.c | 188
ldap/servers/plugins/replication/replutil.c | 26
ldap/servers/plugins/replication/test_repl_session_plugin.c | 335
ldap/servers/plugins/replication/urp.c | 1
ldap/servers/plugins/replication/windows_connection.c | 133
ldap/servers/plugins/replication/windows_inc_protocol.c | 27
ldap/servers/plugins/replication/windows_private.c | 53
ldap/servers/plugins/replication/windows_protocol_util.c | 270
ldap/servers/plugins/replication/windows_tot_protocol.c | 33
ldap/servers/plugins/replication/windowsrepl.h | 2
ldap/servers/plugins/replication/winsync-plugin.h | 2
ldap/servers/plugins/retrocl/retrocl.c | 3
ldap/servers/plugins/retrocl/retrocl_create.c | 13
ldap/servers/plugins/retrocl/retrocl_po.c | 11
ldap/servers/plugins/retrocl/retrocl_trim.c | 15
ldap/servers/plugins/rever/des.c | 72
ldap/servers/plugins/rever/rever.c | 8
ldap/servers/plugins/roles/roles_cache.c | 21
ldap/servers/plugins/schema_reload/schema_reload.c | 5
ldap/servers/plugins/shared/plugin-utils.h | 112
ldap/servers/plugins/shared/utils.c | 508
ldap/servers/plugins/statechange/statechange.c | 7
ldap/servers/plugins/syntaxes/bin.c | 142
ldap/servers/plugins/syntaxes/bitstring.c | 36
ldap/servers/plugins/syntaxes/ces.c | 140
ldap/servers/plugins/syntaxes/cis.c | 288
ldap/servers/plugins/syntaxes/dn.c | 42
ldap/servers/plugins/syntaxes/int.c | 64
ldap/servers/plugins/syntaxes/nameoptuid.c | 41
ldap/servers/plugins/syntaxes/numericstring.c | 118
ldap/servers/plugins/syntaxes/string.c | 198
ldap/servers/plugins/syntaxes/syntax.h | 57
ldap/servers/plugins/syntaxes/syntax_common.c | 117
ldap/servers/plugins/syntaxes/tel.c | 62
ldap/servers/plugins/syntaxes/validate.c | 17
ldap/servers/plugins/syntaxes/value.c | 116
ldap/servers/plugins/uiduniq/7bit.c | 7
ldap/servers/plugins/uiduniq/plugin-utils.h | 96
ldap/servers/plugins/uiduniq/uid.c | 9
ldap/servers/plugins/uiduniq/utils.c | 249
ldap/servers/plugins/usn/usn.c | 68
ldap/servers/plugins/usn/usn.h | 2
ldap/servers/plugins/usn/usn_cleanup.c | 13
ldap/servers/plugins/views/views.c | 6
ldap/servers/slapd/add.c | 87
ldap/servers/slapd/agtmmap.c | 56
ldap/servers/slapd/attr.c | 76
ldap/servers/slapd/attrlist.c | 6
ldap/servers/slapd/attrsyntax.c | 81
ldap/servers/slapd/auth.c | 73
ldap/servers/slapd/back-ldbm/ancestorid.c | 10
ldap/servers/slapd/back-ldbm/archive.c | 72
ldap/servers/slapd/back-ldbm/back-ldbm.h | 33
ldap/servers/slapd/back-ldbm/cache.c | 4
ldap/servers/slapd/back-ldbm/dbhelp.c | 12
ldap/servers/slapd/back-ldbm/dblayer.c | 1177
ldap/servers/slapd/back-ldbm/dblayer.h | 12
ldap/servers/slapd/back-ldbm/dbtest.c | 2
ldap/servers/slapd/back-ldbm/dbversion.c | 47
ldap/servers/slapd/back-ldbm/dn2entry.c | 12
ldap/servers/slapd/back-ldbm/filterindex.c | 98
ldap/servers/slapd/back-ldbm/findentry.c | 72
ldap/servers/slapd/back-ldbm/id2entry.c | 154
ldap/servers/slapd/back-ldbm/idl.c | 17
ldap/servers/slapd/back-ldbm/idl_new.c | 18
ldap/servers/slapd/back-ldbm/import-merge.c | 28
ldap/servers/slapd/back-ldbm/import-threads.c | 1070
ldap/servers/slapd/back-ldbm/import.c | 393
ldap/servers/slapd/back-ldbm/import.h | 19
ldap/servers/slapd/back-ldbm/index.c | 127
ldap/servers/slapd/back-ldbm/init.c | 6
ldap/servers/slapd/back-ldbm/instance.c | 31
ldap/servers/slapd/back-ldbm/ldbm_add.c | 94
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 247
ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 56
ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c | 2
ldap/servers/slapd/back-ldbm/ldbm_config.c | 101
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 77
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 523
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 106
ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 225
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 53
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 121
ldap/servers/slapd/back-ldbm/ldbm_search.c | 32
ldap/servers/slapd/back-ldbm/ldbm_usn.c | 71
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 540
ldap/servers/slapd/back-ldbm/matchrule.c | 26
ldap/servers/slapd/back-ldbm/misc.c | 223
ldap/servers/slapd/back-ldbm/monitor.c | 14
ldap/servers/slapd/back-ldbm/nextid.c | 17
ldap/servers/slapd/back-ldbm/perfctrs.c | 24
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 21
ldap/servers/slapd/back-ldbm/sort.c | 12
ldap/servers/slapd/back-ldbm/start.c | 29
ldap/servers/slapd/back-ldbm/vlv.c | 206
ldap/servers/slapd/back-ldbm/vlv_srch.c | 6
ldap/servers/slapd/back-ldbm/vlv_srch.h | 3
ldap/servers/slapd/back-ldif/modrdn.c | 12
ldap/servers/slapd/backend.c | 53
ldap/servers/slapd/backend_manager.c | 8
ldap/servers/slapd/bind.c | 255
ldap/servers/slapd/charray.c | 6
ldap/servers/slapd/compare.c | 31
ldap/servers/slapd/configdse.c | 58
ldap/servers/slapd/connection.c | 124
ldap/servers/slapd/control.c | 7
ldap/servers/slapd/csngen.c | 6
ldap/servers/slapd/daemon.c | 57
ldap/servers/slapd/delete.c | 82
ldap/servers/slapd/dn.c | 1047
ldap/servers/slapd/dse.c | 22
ldap/servers/slapd/dynalib.c | 29
ldap/servers/slapd/entry.c | 471
ldap/servers/slapd/entrywsi.c | 54
ldap/servers/slapd/eventq.c | 4
ldap/servers/slapd/extendop.c | 37
ldap/servers/slapd/factory.c | 1
ldap/servers/slapd/fe.h | 5
ldap/servers/slapd/fedse.c | 19
ldap/servers/slapd/filter.c | 2
ldap/servers/slapd/filter.h | 1
ldap/servers/slapd/filtercmp.c | 25
ldap/servers/slapd/filterentry.c | 27
ldap/servers/slapd/index_subsystem.c | 18
ldap/servers/slapd/ldaputil.c | 634
ldap/servers/slapd/lenstr.c | 6
ldap/servers/slapd/libglobs.c | 140
ldap/servers/slapd/libslapd.def | 1
ldap/servers/slapd/log.c | 3
ldap/servers/slapd/main.c | 174
ldap/servers/slapd/mapping_tree.c | 258
ldap/servers/slapd/match.c | 57
ldap/servers/slapd/modify.c | 210
ldap/servers/slapd/modrdn.c | 215
ldap/servers/slapd/modutil.c | 30
ldap/servers/slapd/opshared.c | 100
ldap/servers/slapd/pagedresults.c | 54
ldap/servers/slapd/passwd_extop.c | 97
ldap/servers/slapd/pblock.c | 242
ldap/servers/slapd/plugin.c | 193
ldap/servers/slapd/plugin_internal_op.c | 12
ldap/servers/slapd/plugin_mr.c | 472
ldap/servers/slapd/plugin_syntax.c | 352
ldap/servers/slapd/protect_db.c | 18
ldap/servers/slapd/protect_db.h | 5
ldap/servers/slapd/proto-slap.h | 42
ldap/servers/slapd/proxyauth.c | 247
ldap/servers/slapd/psearch.c | 1
ldap/servers/slapd/pw.c | 149
ldap/servers/slapd/pw_mgmt.c | 136
ldap/servers/slapd/rdn.c | 14
ldap/servers/slapd/regex.c | 3
ldap/servers/slapd/result.c | 15
ldap/servers/slapd/rootdse.c | 4
ldap/servers/slapd/sasl_io.c | 167
ldap/servers/slapd/sasl_map.c | 53
ldap/servers/slapd/saslbind.c | 122
ldap/servers/slapd/schema.c | 62
ldap/servers/slapd/search.c | 35
ldap/servers/slapd/slap.h | 79
ldap/servers/slapd/slapi-plugin-compat4.h | 6
ldap/servers/slapd/slapi-plugin.h | 414
ldap/servers/slapd/slapi-private.h | 25
ldap/servers/slapd/slapi_counter.c | 6
ldap/servers/slapd/snmp_collator.c | 3
ldap/servers/slapd/str2filter.c | 1
ldap/servers/slapd/task.c | 94
ldap/servers/slapd/tools/dbscan.c | 72
ldap/servers/slapd/tools/ldclt/data.c | 50
ldap/servers/slapd/tools/ldclt/ldapfct.c | 150
ldap/servers/slapd/tools/ldclt/ldclt.c | 33
ldap/servers/slapd/tools/ldclt/ldclt.h | 2
ldap/servers/slapd/tools/ldclt/ldcltU.c | 24
ldap/servers/slapd/tools/ldclt/parser.c | 19
ldap/servers/slapd/tools/ldclt/scalab01.c | 49
ldap/servers/slapd/tools/ldif.c | 4
ldap/servers/slapd/tools/mmldif.c | 9
ldap/servers/slapd/tools/pwenc.c | 2
ldap/servers/slapd/tools/rsearch/addthread.c | 25
ldap/servers/slapd/tools/rsearch/searchthread.c | 62
ldap/servers/slapd/utf8compare.c | 2
ldap/servers/slapd/util.c | 162
ldap/servers/slapd/value.c | 26
ldap/servers/slapd/valueset.c | 68
ldap/servers/slapd/vattr.c | 60
ldap/servers/snmp/ldap-agent.c | 26
ldap/servers/snmp/main.c | 9
ldap/systools/idsktune.c | 17
lib/base/crit.cpp | 6
lib/base/ereport.cpp | 2
lib/base/lexer.cpp | 1015
lib/base/plist.cpp | 3
lib/base/util.cpp | 13
lib/ldaputil/cert.c | 4
lib/ldaputil/certmap.c | 409
lib/ldaputil/dbconf.c | 1
lib/ldaputil/utest/Makefile | 149
lib/ldaputil/utest/auth.cpp | 611
lib/ldaputil/utest/authtest | 138
lib/ldaputil/utest/certmap.conf | 68
lib/ldaputil/utest/dblist.conf | 47
lib/ldaputil/utest/example.c | 153
lib/ldaputil/utest/plugin.c | 152
lib/ldaputil/utest/plugin.h | 57
lib/ldaputil/utest/stubs.c | 144
lib/ldaputil/utest/stubs.cpp | 139
lib/ldaputil/utest/test.ref | 480
lib/ldaputil/vtable.c | 2
lib/libaccess/acl.tab.cpp | 21
lib/libaccess/aclcache.cpp | 105
lib/libaccess/aclflush.cpp | 1
lib/libaccess/aclpriv.h | 1
lib/libaccess/acltools.cpp | 1724
lib/libaccess/authdb.cpp | 112
lib/libaccess/lasdns.cpp | 7
lib/libaccess/lasip.cpp | 16
lib/libaccess/nseframe.cpp | 1
lib/libaccess/oneeval.cpp | 17
lib/libaccess/permhash.h | 11
lib/libaccess/register.cpp | 50
lib/libaccess/usrcache.cpp | 14
lib/libaccess/utest/.purify | 19
lib/libaccess/utest/Makefile | 147
lib/libaccess/utest/acl.dat | 44
lib/libaccess/utest/aclfile0 | 87
lib/libaccess/utest/aclfile1 | 43
lib/libaccess/utest/aclfile10 | 45
lib/libaccess/utest/aclfile11 | 43
lib/libaccess/utest/aclfile12 | 43
lib/libaccess/utest/aclfile13 | 43
lib/libaccess/utest/aclfile14 | 43
lib/libaccess/utest/aclfile15 | 43
lib/libaccess/utest/aclfile16 | 43
lib/libaccess/utest/aclfile17 | 43
lib/libaccess/utest/aclfile18 | 51
lib/libaccess/utest/aclfile19 | 46
lib/libaccess/utest/aclfile2 | 43
lib/libaccess/utest/aclfile3 | 43
lib/libaccess/utest/aclfile4 | 43
lib/libaccess/utest/aclfile5 | 43
lib/libaccess/utest/aclfile6 | 55
lib/libaccess/utest/aclfile7 | 43
lib/libaccess/utest/aclfile8 | 43
lib/libaccess/utest/aclfile9 | 43
lib/libaccess/utest/aclgrp0 | 42
lib/libaccess/utest/aclgrp1 | 42
lib/libaccess/utest/aclgrp2 | 42
lib/libaccess/utest/aclgrp3 | 42
lib/libaccess/utest/aclgrp4 | 42
lib/libaccess/utest/acltest.cpp | 794
lib/libaccess/utest/onetest.cpp | 77
lib/libaccess/utest/shexp.cpp | 331
lib/libaccess/utest/shexp.h | 168
lib/libaccess/utest/test.ref | 217
lib/libaccess/utest/testmain.cpp | 89
lib/libaccess/utest/twotest.cpp | 87
lib/libaccess/utest/ustubs.cpp | 331
lib/libadmin/error.c | 2
lib/libadmin/template.c | 2
lib/libadmin/util.c | 48
lib/libsi18n/coreres.c | 141
lib/libsi18n/coreres.h | 52
lib/libsi18n/getlang.c | 330
lib/libsi18n/getstrmem.c | 160
lib/libsi18n/getstrmem.h | 1
lib/libsi18n/getstrprop.c | 85
lib/libsi18n/makstrdb.c | 21
lib/libsi18n/propset.c | 442
lib/libsi18n/propset.h | 80
lib/libsi18n/reshash.c | 21
ltmain.sh | 8473 +--
m4/db.m4 | 21
m4/fhs.m4 | 4
m4/icu.m4 | 25
m4/kerberos.m4 | 4
m4/mozldap.m4 | 38
m4/netsnmp.m4 | 15
m4/nspr.m4 | 17
m4/nss.m4 | 17
m4/openldap.m4 | 23
m4/pcre.m4 | 28
m4/sasl.m4 | 25
m4/selinux.m4 | 16
m4/svrcore.m4 | 41
man/man8/restart-dirsrv.8 | 50
man/man8/start-dirsrv.8 | 50
man/man8/stop-dirsrv.8 | 50
missing | 104
selinux/dirsrv.fc.in | 2
selinux/dirsrv.if | 41
selinux/dirsrv.te | 11
wrappers/initscript.in | 201
wrappers/migratecred.in | 2
wrappers/mmldif.in | 2
wrappers/pwdhash.in | 2
457 files changed, 46724 insertions(+), 47284 deletions(-)
---
13 years, 6 months
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/dblayer.c | 11 ++++
ldap/servers/slapd/back-ldbm/id2entry.c | 20 +++++---
ldap/servers/slapd/back-ldbm/import-threads.c | 9 ++-
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 2
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 62 +++++++++++++++++++-------
ldap/servers/slapd/entry.c | 13 +++++
ldap/servers/slapd/slapi-plugin.h | 12 +++++
7 files changed, 101 insertions(+), 28 deletions(-)
New commits:
commit f0e4ce1965c5be37c5535febf06e5051f281f862
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Oct 19 09:58:27 2010 -0700
Bug 592397 - Upgrade tool dn2rdn: it does not clean up
the entrydn in id2entry
https://bugzilla.redhat.com/show_bug.cgi?id=592397
Description: If entries created by the 389 v1.2.5 or older,
the primary db (id2entry.db4) contains "entrydn: <normalized dn>".
Upgrading from the old version to v1.2.6 keeps the entrydn
attribute type and its value even though v1.2.6 is not supposed
to store the entrydn in the database.
1) This patch drops the entrydn attribute and value in upgrading
the db.
2) If an ldif file contains entrydn attribute type and value,
import (ldif2db[.pl]) ignores it.
3) A leak was found in the export (db2ldif[.pl]) which is fixed.
4) When nsslapd-subtree-rename-switch configuration attribute has
the value "on", entrydn is not used nor created. But the
server accepted reindexing entrydn request and generated an
entrydn index file. This patch rejects it.
5) Entry and dn cache clear calls (cache_clear) are added to
dblayer_instance_close in "#if defined(_USE_VALGRIND)", which
is not defined. To enable the code, the server needs to be
rebuilt with defining the macro. This is purely for debugging.
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 95d57a0..5c1f6e6 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -2520,6 +2520,17 @@ int dblayer_instance_close(backend *be)
if (NULL == inst)
return -1;
+#if defined(_USE_VALGRIND)
+ /* When running a memory leak checking tool (e.g., valgrind),
+ it reduces the noise by enabling this code. */
+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up entry cache\n",
+ inst->inst_name);
+ cache_clear(&inst->inst_cache, CACHE_TYPE_ENTRY);
+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up dn cache\n",
+ inst->inst_name);
+ cache_clear(&inst->inst_dncache, CACHE_TYPE_DN);
+#endif
+
if (attrcrypt_cleanup_private(inst)) {
LDAPDebug(LDAP_DEBUG_ANY,
"Error: failed to clean up attrcrypt system for %s\n",
diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c
index b58591e..71ea940 100644
--- a/ldap/servers/slapd/back-ldbm/id2entry.c
+++ b/ldap/servers/slapd/back-ldbm/id2entry.c
@@ -359,7 +359,7 @@ id2entry( backend *be, ID id, back_txn *txn, int *err )
rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn);
if (rc) {
/* data.dptr may not include rdn: ..., try "dn: ..." */
- ee = slapi_str2entry( data.dptr, 0 );
+ ee = slapi_str2entry( data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN );
} else {
char *dn = NULL;
struct backdn *bdn = dncache_find_id(&inst->inst_dncache, id);
@@ -380,13 +380,19 @@ id2entry( backend *be, ID id, back_txn *txn, int *err )
}
sdn = slapi_sdn_new_dn_byval((const char *)dn);
bdn = backdn_init(sdn, id, 0);
- CACHE_ADD( &inst->inst_dncache, bdn, NULL );
- CACHE_RETURN(&inst->inst_dncache, &bdn);
- slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
- "entryrdn_lookup_dn returned: %s, "
- "and set to dn cache (id %d)\n", dn, id);
+ if (CACHE_ADD( &inst->inst_dncache, bdn, NULL )) {
+ backdn_free(&bdn);
+ slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
+ "%s is already in the dn cache\n", dn);
+ } else {
+ CACHE_RETURN(&inst->inst_dncache, &bdn);
+ slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY,
+ "entryrdn_lookup_dn returned: %s, "
+ "and set to dn cache (id %d)\n", dn, id);
+ }
}
- ee = slapi_str2entry_ext( (const char *)dn, data.dptr, 0 );
+ ee = slapi_str2entry_ext( (const char *)dn, data.dptr,
+ SLAPI_STR2ENTRY_NO_ENTRYDN );
slapi_ch_free_string(&rdn);
slapi_ch_free_string(&dn);
}
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index d8153d7..a8f5f5d 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -535,7 +535,7 @@ import_producer(void *param)
FREE(estr);
continue;
}
- e = slapi_str2entry_ext(dn, estr, flags);
+ e = slapi_str2entry_ext(dn, estr, flags|SLAPI_STR2ENTRY_NO_ENTRYDN);
slapi_ch_free_string(&dn);
} else {
e = slapi_str2entry(estr, flags);
@@ -1004,7 +1004,7 @@ index_producer(void *param)
rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn);
if (rc) {
/* data.dptr may not include rdn: ..., try "dn: ..." */
- e = slapi_str2entry( data.dptr, 0 );
+ e = slapi_str2entry( data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN );
if (job->flags & FLAG_DN2RDN) {
int len = 0;
int options = SLAPI_DUMP_STATEINFO | SLAPI_DUMP_UNIQUEID |
@@ -1092,7 +1092,8 @@ index_producer(void *param)
"entryrdn_lookup_dn returned: %s, "
"and set to dn cache\n", dn);
}
- e = slapi_str2entry_ext( dn, data.dptr, 0 );
+ e = slapi_str2entry_ext(dn, data.dptr,
+ SLAPI_STR2ENTRY_NO_ENTRYDN);
slapi_ch_free_string(&rdn);
}
} else {
@@ -3391,7 +3392,7 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info,
"from Slapi_RDN\n", rdn, id);
goto bail;
}
- e = slapi_str2entry_ext( dn, data.dptr, 0 );
+ e = slapi_str2entry_ext(dn, data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN);
(*curr_entry)++;
rc = index_set_entry_to_fifo(info, e, id, total_id, *curr_entry);
if (rc) {
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 9431291..6698d83 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1145,7 +1145,7 @@ bail:
if (0 != myrc) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_lookup_dn: Failed to close cursor: %s(%d)\n",
- dblayer_strerror(rc), rc);
+ dblayer_strerror(myrc), myrc);
}
}
if (db) {
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index e0b09fb..0a13c25 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -1358,7 +1358,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn);
if (rc) {
/* data.dptr may not include rdn: ..., try "dn: ..." */
- ep->ep_entry = slapi_str2entry( data.dptr, str2entry_options );
+ ep->ep_entry = slapi_str2entry( data.dptr,
+ str2entry_options | SLAPI_STR2ENTRY_NO_ENTRYDN );
} else {
char *pid_str = NULL;
char *pdn = NULL;
@@ -1447,10 +1448,10 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
slapi_ch_free_string(&pdn);
}
slapi_rdn_done(&psrdn);
- /* dn is not dup'ed in slapi_sdn_new_dn_byref.
+ /* dn is not dup'ed in slapi_sdn_new_dn_passin.
* It's set to bdn and put in the dn cache. */
/* don't free dn */
- sdn = slapi_sdn_new_dn_byref(dn);
+ sdn = slapi_sdn_new_dn_passin(dn);
bdn = backdn_init(sdn, temp_id, 0);
myrc = CACHE_ADD( &inst->inst_dncache, bdn, NULL );
if (myrc) {
@@ -1465,8 +1466,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
"and set to dn cache\n", dn);
}
}
- ep->ep_entry =
- slapi_str2entry_ext( dn, data.dptr, str2entry_options );
+ ep->ep_entry = slapi_str2entry_ext( dn, data.dptr,
+ str2entry_options | SLAPI_STR2ENTRY_NO_ENTRYDN );
slapi_ch_free_string(&rdn);
}
} else {
@@ -1751,11 +1752,36 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
CONFIG_ENTRYRDN_SWITCH);
}
LDAPDebug(LDAP_DEBUG_ANY,
- "%s: Requested to index %s, but %s is off",
+ "%s: Requested to index %s, but %s is off\n",
inst->inst_name, LDBM_ENTRYRDN_STR,
CONFIG_ENTRYRDN_SWITCH);
goto err_out;
}
+ } else if (strcasecmp(attrs[i]+1, LDBM_ENTRYDN_STR) == 0) {
+ if (entryrdn_get_switch()) { /* subtree-rename: on */
+ if (task) {
+ slapi_task_log_notice(task,
+ "%s: Requested to index %s, but %s is on",
+ inst->inst_name, LDBM_ENTRYDN_STR,
+ CONFIG_ENTRYRDN_SWITCH);
+ }
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "%s: Requested to index %s, but %s is on\n",
+ inst->inst_name, LDBM_ENTRYDN_STR,
+ CONFIG_ENTRYRDN_SWITCH);
+ goto err_out;
+ } else {
+ charray_add(&indexAttrs, attrs[i]+1);
+ ai->ai_indexmask |= INDEX_OFFLINE;
+ if (task) {
+ slapi_task_log_notice(task,
+ "%s: Indexing attribute: %s",
+ inst->inst_name, attrs[i]+1);
+ }
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "%s: Indexing attribute: %s\n",
+ inst->inst_name, attrs[i] + 1);
+ }
} else {
charray_add(&indexAttrs, attrs[i]+1);
ai->ai_indexmask |= INDEX_OFFLINE;
@@ -1763,8 +1789,9 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
slapi_task_log_notice(task, "%s: Indexing attribute: %s",
inst->inst_name, attrs[i]+1);
}
- LDAPDebug(LDAP_DEBUG_ANY, "%s: Indexing attribute: %s\n",
- inst->inst_name, attrs[i]+1, 0);
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "%s: Indexing attribute: %s\n",
+ inst->inst_name, attrs[i]+1);
}
dblayer_erase_index_file(be, ai, i/* chkpt; 1st time only */);
break;
@@ -1789,8 +1816,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
slapi_task_log_notice(task, "%s: Indexing VLV: %s",
inst->inst_name, attrs[i]+1);
}
- LDAPDebug(LDAP_DEBUG_ANY, "%s: Indexing VLV: %s\n",
- inst->inst_name, attrs[i]+1, 0);
+ LDAPDebug2Args(LDAP_DEBUG_ANY, "%s: Indexing VLV: %s\n",
+ inst->inst_name, attrs[i]+1);
}
break;
}
@@ -1911,7 +1938,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn);
if (rc) {
/* data.dptr may not include rdn: ..., try "dn: ..." */
- ep->ep_entry = slapi_str2entry( data.dptr, 0 );
+ ep->ep_entry = slapi_str2entry( data.dptr,
+ SLAPI_STR2ENTRY_NO_ENTRYDN );
} else {
char *pid_str = NULL;
char *pdn = NULL;
@@ -1991,10 +2019,10 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
rdn, pdn?",":"", pdn?pdn:"");
slapi_ch_free_string(&pdn);
}
- /* dn is not dup'ed in slapi_sdn_new_dn_byref.
+ /* dn is not dup'ed in slapi_sdn_new_dn_passin.
* It's set to bdn and put in the dn cache. */
/* don't free dn */
- sdn = slapi_sdn_new_dn_byref(dn);
+ sdn = slapi_sdn_new_dn_passin(dn);
bdn = backdn_init(sdn, temp_id, 0);
myrc = CACHE_ADD( &inst->inst_dncache, bdn, NULL );
if (myrc) {
@@ -2010,7 +2038,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
}
}
slapi_rdn_done(&psrdn);
- ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, 0 );
+ ep->ep_entry = slapi_str2entry_ext( dn, data.dptr,
+ SLAPI_STR2ENTRY_NO_ENTRYDN );
slapi_ch_free_string(&rdn);
}
} else {
@@ -3162,7 +3191,8 @@ _get_and_add_parent_rdns(backend *be,
"(rdn: %s, ID: %d) from Slapi_RDN\n", rdn, id);
goto bail;
}
- ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, 0 );
+ ep->ep_entry = slapi_str2entry_ext( dn, data.dptr,
+ SLAPI_STR2ENTRY_NO_ENTRYDN );
ep->ep_id = id;
slapi_ch_free_string(&dn);
}
@@ -3296,7 +3326,7 @@ _export_or_index_parents(ldbm_instance *inst,
int myrc = 0;
/* pdn is put in DN cache. No need to free it here,
* since it'll be free'd when evicted from the cache. */
- psdn = slapi_sdn_new_dn_byref(pdn);
+ psdn = slapi_sdn_new_dn_passin(pdn);
bdn = backdn_init(psdn, pid, 0);
myrc = CACHE_ADD(&inst->inst_dncache, bdn, NULL);
if (myrc) {
diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
index 82fbbb2..22f4ae0 100644
--- a/ldap/servers/slapd/entry.c
+++ b/ldap/servers/slapd/entry.c
@@ -351,6 +351,12 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
continue;
}
+ /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */
+ if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) &&
+ PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) {
+ if (freeval) slapi_ch_free_string(&value.bv_val);
+ continue;
+ }
/* retrieve uniqueid */
if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){
@@ -854,6 +860,13 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo )
continue;
}
+ /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */
+ if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) &&
+ strcasecmp( type, "entrydn" ) == 0 ) {
+ if (freeval) slapi_ch_free_string(&bvvalue.bv_val);
+ continue;
+ }
+
/* retrieve uniqueid */
if ( strcasecmp (type, SLAPI_ATTR_UNIQUEID) == 0 ){
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 8df6ec0..266fb93 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -786,6 +786,9 @@ void slapi_pblock_destroy( Slapi_PBlock *pb );
* \arg #SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES
* \arg #SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF
* \arg #SLAPI_STR2ENTRY_NO_SCHEMA_LOCK
+ * \arg #SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT
+ * \arg #SLAPI_STR2ENTRY_NO_ENTRYDN
+ *
* \return A pointer to the #Slapi_Entry structure representing the entry.
* \return \c NULL if the string cannot be converted; for example, if no DN is
* specified in the string.
@@ -897,6 +900,15 @@ Slapi_Entry *slapi_str2entry_ext( const char *dn, char *s, int flags );
#define SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT 512
/**
+ * Do not include entrydn attribute value in the in-memory entry
+ *
+ * If this flag is set, entrydn in the source string is ignored.
+ *
+ * \see slapi_str2entry()
+ */
+#define SLAPI_STR2ENTRY_NO_ENTRYDN 1024
+
+/**
* Generates a description of an entry as an LDIF string.
*
* This function behaves much like slapi_entry2str(); however, you can specify
13 years, 6 months
Changes to 'refs/tags/389-adminutil-1.1.12'
by Richard Allen Megginson
Changes since the dawn of time:
Nathan Kinder (5):
Fixed parsing of supported emulations in nsarch
Resolves: 213070
Related: 213070
Resolves: 246124
Resolves: 247192
Noriko Hosoi (20):
[161407] Fixed the library path for the 64-bit build on Solaris.
libadminutil##.<ext> should not link SSL related ldapsdk libraries.
*** empty log message ***
[172166] Admin Util RPM
[172166] Admin Util build (64-bit)
[172166] Admin Util build (IPF)
[Bug 172166] Admin Util build (IPF)
[Bug 172166] Admin Util build (IPF)
[179394] HP-UX PA-RISC support
[179394] HP-UX IPF/PA-RISC support
upgraded LDAP C SDK: v5.16 -> v5.17
Replaced PL_Free with PR_Free.
[161099] admin passwd in clear text in adm.conf
[172166] Admin Util build (RPM)
[195258] Changes for the internal build
Removed the link arg to link with libCrun.so.1 since there is no C++ code
Resolves: #186280
Resolves: Bug 237356
Fixed a minor bug introduced in the revision 1.6.
Resolves: #191834
Rich Megginson (49):
change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup
Bug(s) fixed: 171799
make PERL5 use perl from PATH on Linux
The correct naming convention for RHEL is
1) Fix moz objdir name for generic linux x86_64
Bug(s) fixed: 186280
Bug: 186280
use new ldapcsdk 6.0.0; upgrade other components
Reviewed by: nhosoi (Thanks!)
Bug(s) fixed: 213788
Bug: 213788
Resolves: bug 234420
Resolves: bug 239475
bump version to 1.1.1
bump version to 1.1.1
add support for -version-number when building shared libs; fix a couple of minor issues brought up in fedora package review
pkgconfig is a requires, not a build requires
final spec fix for fedora
Resolves: bug 235293
Resolves: bug 245208
Resolves: bug 245208
Resolves: bug 245396
bump version to 1.1.2
bump version to 1.1.3
Resolves: bug 250526
Resolves: bug 323381
bump version to 1.1.5
Resolves: bug 245248
bump version to 1.1.6
Resolves: bug 413531
Resolves: bug 454060
the correct function name is admldapSetDirectoryURL
bump version to 1.1.7
Resolves: bug 462411
compiler warning clean up
Resolves: bug 466137
fix compiler warning
bump version to 1.1.8
the 1.1.8 release
Rename adminutil to 389-adminutil
added .gitignore
use icu genrb from path if no icu_bin given or found
Bug 460168 - FedoraDS' adminutil requires non-existent "icu.pc" on non-RH/Fedora OS
remove adminutil.pc.in
bump version to 1.1.10
Bug 614690 - adminutil ICU RB generation can fail
Port adminutil to use openldap
allow building with mozldap again
bump version to 1.1.12
foxworth (1):
Internal Red Hat CVS project for adminutil: core
13 years, 6 months