October 2010 - 389-commits - Fedora Mailing-Lists

by Noriko Hosoi

ldap/servers/plugins/retrocl/retrocl.h | 2 +- ldap/servers/plugins/retrocl/retrocl_trim.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) New commits: commit b065fb3e3fa6ded5569b01bc9ed7a2fda532883d Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Oct 20 18:30:10 2010 -0700 Bug 629681 - Retro Changelog trimming does not behave as expected https://bugzilla.redhat.com/show_bug.cgi?id=629681 Description: As reporter Oliver Thalmann (oliver.thalmann(a)chuv.ch) pointed out, retrocl_init_trimming was repeating the retrocl_ housekeeping event every 5000 minutes instead of 5 minutes. This patch fixes it to 5 minutes. diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h index c4354d4..276912b 100644 --- a/ldap/servers/plugins/retrocl/retrocl.h +++ b/ldap/servers/plugins/retrocl/retrocl.h @@ -80,7 +80,7 @@ typedef struct _cnumRet { /* * How often the changelog trimming thread runs. This is the minimum trim age. */ -#define CHANGELOGDB_TRIM_INTERVAL 300*1000 /* 5 minutes */ +#define CHANGELOGDB_TRIM_INTERVAL 300*1000 /* 5 minutes in milliseconds */ #if defined(__hpux) && defined(__ia64) #define RETROCL_DLL_DEFAULT_THREAD_STACKSIZE 524288L diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c index 7e97736..756f13b 100644 --- a/ldap/servers/plugins/retrocl/retrocl_trim.c +++ b/ldap/servers/plugins/retrocl/retrocl_trim.c @@ -516,8 +516,9 @@ void retrocl_init_trimming (void) retrocl_trimming = 1; retrocl_trim_ctx = slapi_eq_repeat(retrocl_housekeeping, - NULL,(time_t)0, - CHANGELOGDB_TRIM_INTERVAL * 1000); + NULL, (time_t)0, + /* in milliseconds */ + CHANGELOGDB_TRIM_INTERVAL); }

13 years, 6 months

1
0
0 / 0

Changes to 'refs/tags/389-dsgw-1.1.6'

by Richard Allen Megginson

Changes since the dawn of time: Nathan Kinder (3): Added orgchart to dsgw. General templating work for DSGW CGI URI's. Added dsgw.tmpl template Noriko Hosoi (1): openldap porting snapshot Rich Megginson (56): Initial import of code from ldapserver, modified to use autoconf for build cleaned up build and setup scripts update of autotool files based on recent ldapserver and adminserver Initial pass at using adminutil for CGI code Check ldapquery for NULL Still need to unescape some form vars added manuals; fixed code that displays manuals; added initial tests get phonebook and orgchart working; use memmove instead of overlapping strcpy; fix memory error in dsgw_dn_parent Renamed setup to setup-ds-dsgw to be consistent with other setup scripts fix build issues and compiler warnings on HP-UX added CXXLINK stuff for HP-UX add dummy c++ file to force automake to define CXXLINK include config.h in dsgw.h so all of the dsgw code will include it do not check for GNU compatible realloc better method of choosing suffix enhance setup - move to sbin, check for already configured, add reconfig option to force reconfig, add support for users and groups add pthread lib for HP-UX attributes in LDIF may be in mixed case - sed cannot portably do case insensitive matching - just use a simple sed search and replace for ldif attributes added perlpath for bundled installs actually use perlpath in the generated files setup will print messages showing what it is doing - setup will copy in the admin server home page html fragment files to enable using dsgw, phonebook, and orgchart from the admin server home page remove the hp host:port cgi parameter added a lot of tests do not print empty message add domodify tests 1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument. 1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute. clean up org chart code - added tests for org chart Resolves: bug 171353 Resolves: Bug 146294 additional cleanup - my last org chart commit broke org chart, this fixes it, and cleans up some other stuff, and adds some more tests Resolves: bug 435230 Resolves: bug 435230 Resolves: bug 435230 Resolves: bug 450134 Resolves: bug 450588 Resolves: bug 450894 Resolves: bug 450898 Resolves: bug 450971 Resolves: bug 452018 Resolves: bug 453052 Resolves: bug 171353 Resolves: bug 413531 this is the 1.1.1 release Resolves: bug 471681 Resolves: bug 472092 for the 1.1.2 release rename to 389 remove directory server exception from license bump version to 1.1.3 for fedora review bump version to 1.1.4 - require 389-adminutil - fix adminutil.m4 - fix remaining licensing problems make sure we can find ICU genrb on all platforms port dsgw to use openldap org cannot use LDAP_URL_OPT_SECURE; ldap_sasl_bind result check not correct openldap does not use global MozNSS context Bug 553636 - dsgw and ds has problems in schema

13 years, 6 months

1
0
0 / 0

ldap/admin

by Noriko Hosoi

ldap/admin/src/scripts/60upgradeschemafiles.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 904698eaf466a865c0edb9a0743469f23c97bab8 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Oct 20 13:21:28 2010 -0700 Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif are not upgraded in the server instance schema dir https://bugzilla.redhat.com/show_bug.cgi?id=645061 Description: To replace 06inetorgperson.ldif and 05rfc4524.ldif in teh server instance schema dir, adding the 2 schema files to the toremove list in the schema upgrade script 60upgradeschemafiles.pl. diff --git a/ldap/admin/src/scripts/60upgradeschemafiles.pl b/ldap/admin/src/scripts/60upgradeschemafiles.pl index 97d6a94..99373dc 100644 --- a/ldap/admin/src/scripts/60upgradeschemafiles.pl +++ b/ldap/admin/src/scripts/60upgradeschemafiles.pl @@ -11,7 +11,7 @@ sub runinst { # these schema files are obsolete, or we want to replace # them with newer versions - my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif); + my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif); # these hashes will be used to check for obsolete schema # in 99user.ldif

13 years, 6 months

1
0
0 / 0

VERSION.sh

by Richard Allen Megginson

VERSION.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 22276b9cb08e256b4311bfa4d30c5bd406019cec Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Oct 20 14:47:34 2010 -0600 bump version to 1.1.12.a2 diff --git a/VERSION.sh b/VERSION.sh index 0e8352a..13dd113 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -15,7 +15,7 @@ VERSION_MAINT=12 # if this is a PRERELEASE, set VERSION_PREREL # otherwise, comment it out # be sure to include the dot prefix in the prerel -VERSION_PREREL=.a1 +VERSION_PREREL=.a2 # NOTES on VERSION_PREREL # use aN for an alpha release e.g. a1, a2, etc. # use rcN for a release candidate e.g. rc1, rc2, etc.

13 years, 6 months

1
0
0 / 0

Changes to 'refs/tags/389-admin-1.1.12.a1'

by Richard Allen Megginson

13 years, 6 months

1
0
0 / 0

6 commits - admserv/cfgstuff admserv/cgi-src40 config.h.in configure configure.ac include/libadmin include/libdsa lib/libadmin lib/libdsa ltmain.sh m4/mozldap.m4 m4/openldap.m4 Makefile.am Makefile.in mod_admserv/mod_admserv.c mod_admserv/mod_admserv.h selinux/dirsrv-admin.fc.in tests/ds_create tests/htmladmin tests/setup.sh tests/ugdsconfig tests/viewdata tests/viewlog

by Richard Allen Megginson

Makefile.am | 39 + Makefile.in | 76 ++- admserv/cfgstuff/start-ds-admin.in | 25 - admserv/cgi-src40/admlib.mk | 119 ----- admserv/cgi-src40/admpw.c | 67 --- admserv/cgi-src40/dllglue.c | 42 - admserv/cgi-src40/dsconfig.c | 9 admserv/cgi-src40/htmladmin.c | 166 ++++--- admserv/cgi-src40/security.c | 2 admserv/cgi-src40/viewdata.c | 150 +++---- admserv/cgi-src40/viewlog.c | 21 config.h.in | 12 configure | 778 +++++++++++++++++++++++++++++++++---- configure.ac | 15 include/libadmin/libadmin.h | 62 ++ include/libdsa/dsalib.h | 6 lib/libadmin/dllglue.c | 77 --- lib/libadmin/util.c | 732 ++++++++++++++++++++++++++++++++++ lib/libdsa/dsalib_conf.c | 15 lib/libdsa/dsalib_confs.c | 68 ++- m4/mozldap.m4 | 109 +++-- m4/openldap.m4 | 131 ++++++ mod_admserv/mod_admserv.c | 153 +++---- mod_admserv/mod_admserv.h | 15 selinux/dirsrv-admin.fc.in | 5 tests/ds_create/testget.1 | 2 tests/htmladmin/testget.2 | 2 tests/htmladmin/testget.3 | 2 tests/htmladmin/testget.4 | 2 tests/htmladmin/testget.5 | 2 tests/htmladmin/testget.6 | 2 tests/htmladmin/testget.7 | 2 tests/htmladmin/testget.8 | 2 tests/setup.sh | 250 ++++++++--- tests/ugdsconfig/testget.10 | 2 tests/viewdata/testget.2 | 2 tests/viewdata/testget.3 | 2 tests/viewdata/testget.4 | 2 tests/viewlog/testget.3 | 2 tests/viewlog/testget.4 | 2 40 files changed, 2368 insertions(+), 804 deletions(-) New commits: commit 24fd9c4c1af99b2a3c067b633c26c76bf672fb31 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Oct 20 11:14:24 2010 -0600 Bug 618454 - mod_admserv should only clear NSS caches and shutdown if NSS is initialized https://bugzilla.redhat.com/show_bug.cgi?id=618454 Resolves: bug 618454 Bug Description: mod_admserv should only clear NSS caches and shutdown if NSS is initialized Branch: master Fix Description: Check NSS_IsInitialized before clearing caches. We also do an NSS_Shutdown here - with the new NSS fips mode, you cannot load the softoken after a fork unless you have first shutdown NSS - Apache loads and unloads its modules several times during the startup phase, so we have to make sure we completely shutdown NSS when the module is unloaded so that we can load it again and start the NSS engine when the module is re-loaded. Finally, change ldap_unbind_ext_s to just ldap_unbind_ext - ldap_unbind is always asynchronous. This should also fix https://bugzilla.redhat.com/show_bug.cgi?id=555296 Platforms tested: RHEL5 x86_64, Fedora 14 x86_64 Flag Day: no Doc impact: no diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c index b1da00d..ec7397c 100644 --- a/mod_admserv/mod_admserv.c +++ b/mod_admserv/mod_admserv.c @@ -504,7 +504,7 @@ ldapu_find_userdn (LDAP *ld, const char *uid, const char *base, static void closeLDAPConnection(LDAP *server) { - ldap_unbind_ext_s(server, NULL, NULL); + ldap_unbind_ext(server, NULL, NULL); } static LDAP * @@ -2227,19 +2227,23 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog, static apr_status_t mod_admserv_unload(void *data) { - SECStatus status; - - SSL_ClearSessionCache(); - status = NSS_Shutdown(); - if (status != SECSuccess) { - PRErrorCode prerr = PR_GetError(); - if (prerr == SEC_ERROR_NOT_INITIALIZED) { - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, - "Unable to shutdown NSS - not initialized"); - } else { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, - "Unable to shutdown NSS - [%d:%s]", - prerr, SSL_Strerror(prerr)); + if (NSS_IsInitialized()) { + SECStatus status; + SSL_ClearSessionCache(); + status = NSS_Shutdown(); + if (status != SECSuccess) { + PRErrorCode prerr = PR_GetError(); + if (prerr == SEC_ERROR_NOT_INITIALIZED) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "Unable to shutdown NSS - not initialized"); + } else if (prerr == SEC_ERROR_BUSY) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "Unable to shutdown NSS - still busy - assume mod_nss is holding references - continuing"); + } else { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, + "Unable to shutdown NSS - [%d:%s]", + prerr, SSL_Strerror(prerr)); + } } } return OK; commit 5785ac192b0664945cfd4ec297cfe2ef1236e419 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Oct 15 17:18:14 2010 -0600 add even more nss debugging diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c index 4e14a0f..b1da00d 100644 --- a/mod_admserv/mod_admserv.c +++ b/mod_admserv/mod_admserv.c @@ -87,6 +87,7 @@ #include "nss.h" #include "ssl.h" +#include "secerr.h" #include "mod_admserv.h" @@ -2226,7 +2227,21 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog, static apr_status_t mod_admserv_unload(void *data) { + SECStatus status; + SSL_ClearSessionCache(); + status = NSS_Shutdown(); + if (status != SECSuccess) { + PRErrorCode prerr = PR_GetError(); + if (prerr == SEC_ERROR_NOT_INITIALIZED) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "Unable to shutdown NSS - not initialized"); + } else { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, + "Unable to shutdown NSS - [%d:%s]", + prerr, SSL_Strerror(prerr)); + } + } return OK; } commit bfe1d9a242050ba4a9a2d00a2be362a422a23fc7 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Oct 15 15:07:09 2010 -0600 add more log information if nss init fails diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c index 90f81eb..4e14a0f 100644 --- a/mod_admserv/mod_admserv.c +++ b/mod_admserv/mod_admserv.c @@ -784,7 +784,8 @@ sslinit(AdmldapInfo info, const char *configdir) we still have to perform our own TLS/SSL client init */ if (ADMSSL_Init(info, (char *)configdir, 0)) { ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, - "sslinit: NSS is required to use LDAPS, but security initialization failed. Cannot start server"); + "sslinit: NSS is required to use LDAPS, but security initialization failed [%d:%s]. Cannot start server", + PR_GetError(), SSL_Strerror(PR_GetError())); exit(1); } } else { commit c378a9f681050ac02c19a9a81d4adf2033497307 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Oct 15 12:28:59 2010 -0600 skip LD_PRELOAD if using openldap Because Apache can be linked directly against the openldap libraries, we had to LD_PRELOAD the mozldap libraries in order to force them to be used instead of openldap - now that we can use openldap, we can omit this step diff --git a/Makefile.am b/Makefile.am index ae8190e..22af4b2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -137,6 +137,7 @@ LIBCRUN=@LIBCRUN@ if OPENLDAP LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@ +use_openldap = 1 else LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 endif @@ -514,6 +515,7 @@ fixupcmd = sed \ -e 's,@LIBPATH\@,$(LIBPATH),g' \ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ + -e 's,@use_openldap\@,$(use_openldap),g' \ -e 's,@admmoddir\@,$(admmoddir),g' \ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \ -e 's,@instconfigdir\@,$(instconfigdir),g' \ @@ -572,6 +574,7 @@ fixupcmd = sed \ -e 's,@LIBPATH\@,$(LIBPATH),g' \ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ + -e 's,@use_openldap\@,$(use_openldap),g' \ -e 's,@admmoddir\@,$(admmoddir),g' \ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \ -e 's,@instconfigdir\@,$(instconfigdir),g' \ diff --git a/Makefile.in b/Makefile.in index c55491d..4094360 100644 --- a/Makefile.in +++ b/Makefile.in @@ -570,6 +570,7 @@ noinst_LIBRARIES = libdsa.a admmod_LTLIBRARIES = mod_admserv.la mod_restartd.la @OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 @OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@ +@OPENLDAP_TRUE@use_openldap = 1 DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \ @icu_lib@ -licui18n -licuuc -licudata \ $(LDAPSDK_LINK) \ @@ -873,6 +874,7 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \ @BUNDLE_FALSE@ -e 's,@LIBPATH\@,$(LIBPATH),g' \ @BUNDLE_FALSE@ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \ @BUNDLE_FALSE@ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ +@BUNDLE_FALSE@ -e 's,@use_openldap\@,$(use_openldap),g' \ @BUNDLE_FALSE@ -e 's,@admmoddir\@,$(admmoddir),g' \ @BUNDLE_FALSE@ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \ @BUNDLE_FALSE@ -e 's,@instconfigdir\@,$(instconfigdir),g' \ @@ -940,6 +942,7 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \ @BUNDLE_TRUE@ -e 's,@LIBPATH\@,$(LIBPATH),g' \ @BUNDLE_TRUE@ -e 's,@nss_libdir\@,$(runtime_nss_libdir),g' \ @BUNDLE_TRUE@ -e 's,@ldapsdk_libdir\@,$(runtime_ldapsdk_libdir),g' \ +@BUNDLE_TRUE@ -e 's,@use_openldap\@,$(use_openldap),g' \ @BUNDLE_TRUE@ -e 's,@admmoddir\@,$(admmoddir),g' \ @BUNDLE_TRUE@ -e 's,@nssmoddir\@,$(runtime_nssmoddir),g' \ @BUNDLE_TRUE@ -e 's,@instconfigdir\@,$(instconfigdir),g' \ diff --git a/admserv/cfgstuff/start-ds-admin.in b/admserv/cfgstuff/start-ds-admin.in index f95de9a..8258b08 100644 --- a/admserv/cfgstuff/start-ds-admin.in +++ b/admserv/cfgstuff/start-ds-admin.in @@ -32,21 +32,24 @@ LIBPATH=@LIBPATH@:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; exp SHLIB_PATH=@LIBPATH@:${SHLIB_PATH}; export SHLIB_PATH HTTPD=@HTTPD@ - -# see if httpd is linked with the openldap libraries - we need to override them OS=`uname -s` -if [ $OS = "Linux" ]; then - hasol=0 - /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 +# see if httpd is linked with the openldap libraries - we need to override them if +# using mozldap +if [ -z "@use_openldap@" ] ; then + if [ $OS = "Linux" ]; then + hasol=0 + + /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1 - if [ $hasol -eq 1 ] ; then - LD_PRELOAD="@ldapsdk_libdir(a)/libldap60.so" - ssl_lib="@nss_libdir(a)/libssl3.so" - if [ -f "$ssl_lib" ] ; then - LD_PRELOAD="$ssl_lib $LD_PRELOAD" + if [ $hasol -eq 1 ] ; then + LD_PRELOAD="@ldapsdk_libdir(a)/libldap60.so" + ssl_lib="@nss_libdir(a)/libssl3.so" + if [ -f "$ssl_lib" ] ; then + LD_PRELOAD="$ssl_lib $LD_PRELOAD" + fi + export LD_PRELOAD fi - export LD_PRELOAD fi fi commit be01871d71a678a1b47f4441c738cdf9740154e2 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Mon Oct 11 11:16:53 2010 -0600 add selinux policy for dsgw This adds selinux policy for dsgw - this assumes the use of the admin server to run dsgw i.e. no standalone policy for standalone dsgw diff --git a/Makefile.am b/Makefile.am index 1e79eb0..ae8190e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,6 +85,11 @@ logdir = $(localstatedir)@admlogdir@/$(instancename) endif updatedir = $(datadir)@updatedir@ +# needed for selinux policy +dsgwcgibindir = $(libdir)@dsgwcgibindir@ +dsgwconfigdir = $(instconfigdir)/dsgw +dsgwcookiedir = $(localstatedir)@dsgwcookiedir@ + libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \ lib/base/system.cpp lib/base/nscputil.cpp @@ -534,7 +539,10 @@ fixupcmd = sed \ -e 's,@adminutilpath\@,$(adminutilpath),g' \ -e 's,@initconfigdir\@,$(initconfigdir),g' \ -e 's,@updatedir\@,$(updatedir),g' \ - -e 's,@with_selinux\@,@with_selinux@,g' + -e 's,@with_selinux\@,@with_selinux@,g' \ + -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \ + -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \ + -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g' else fixupcmd = sed \ -e 's,@ECHO_C\@,$(ECHO_C),g' \ @@ -589,7 +597,10 @@ fixupcmd = sed \ -e 's,@adminutilpath\@,$(adminutilpath),g' \ -e 's,@initconfigdir\@,$(initconfigdir),g' \ -e 's,@updatedir\@,$(updatedir),g' \ - -e 's,@with_selinux\@,@with_selinux@,g' + -e 's,@with_selinux\@,@with_selinux@,g' \ + -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \ + -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \ + -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g' endif # because the source may be either httpd.conf.in or httpd-2.2.conf.in diff --git a/Makefile.in b/Makefile.in index 08d626f..c55491d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -415,6 +415,10 @@ cgibindir = $(libdir)@cgibindir@ cmdbindir = $(sbindir) datadir = @datadir@ debug_defs = @debug_defs@ + +# needed for selinux policy +dsgwcgibindir = $(libdir)@dsgwcgibindir@ +dsgwcookiedir = $(localstatedir)@dsgwcookiedir@ dslibdir = @dslibdir@ exec_prefix = @exec_prefix@ extra_cppflags = @extra_cppflags@ @@ -528,6 +532,7 @@ configdir = $(instconfigdir)/$(instancename) securitydir = $(configdir) @BUNDLE_FALSE@logdir = $(localstatedir)@admlogdir@/$(instancename) @BUNDLE_TRUE@logdir = $(localstatedir)@admlogdir@ +dsgwconfigdir = $(instconfigdir)/dsgw libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \ lib/base/system.cpp lib/base/nscputil.cpp @@ -893,7 +898,10 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \ @BUNDLE_FALSE@ -e 's,@adminutilpath\@,$(adminutilpath),g' \ @BUNDLE_FALSE@ -e 's,@initconfigdir\@,$(initconfigdir),g' \ @BUNDLE_FALSE@ -e 's,@updatedir\@,$(updatedir),g' \ -@BUNDLE_FALSE@ -e 's,@with_selinux\@,@with_selinux@,g' +@BUNDLE_FALSE@ -e 's,@with_selinux\@,@with_selinux@,g' \ +@BUNDLE_FALSE@ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \ +@BUNDLE_FALSE@ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \ +@BUNDLE_FALSE@ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g' # these are for the config files and scripts that we need to generate and replace @@ -957,7 +965,10 @@ property_DATA = admserv/newinst/src/setup-ds-admin.res \ @BUNDLE_TRUE@ -e 's,@adminutilpath\@,$(adminutilpath),g' \ @BUNDLE_TRUE@ -e 's,@initconfigdir\@,$(initconfigdir),g' \ @BUNDLE_TRUE@ -e 's,@updatedir\@,$(updatedir),g' \ -@BUNDLE_TRUE@ -e 's,@with_selinux\@,@with_selinux@,g' +@BUNDLE_TRUE@ -e 's,@with_selinux\@,@with_selinux@,g' \ +@BUNDLE_TRUE@ -e 's,@dsgwcgibindir\@,$(dsgwcgibindir),g' \ +@BUNDLE_TRUE@ -e 's,@dsgwconfigdir\@,$(dsgwconfigdir),g' \ +@BUNDLE_TRUE@ -e 's,@dsgwcookiedir\@,$(dsgwcookiedir),g' all: $(BUILT_SOURCES) config.h $(MAKE) $(AM_MAKEFLAGS) all-am diff --git a/configure b/configure index b682415..1d154f6 100755 --- a/configure +++ b/configure @@ -466,7 +466,7 @@ ac_includes_default="\ #endif" ac_default_prefix=/opt/dirsrv -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir updatedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir updatedir dsgwcgibindir dsgwcookiedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -25817,6 +25817,7 @@ if test "$with_fhs_opt" = "yes"; then # relative to libdir # CGI program directory cgibindir=/cgi-bin + dsgwcgibindir=/dsgw-cgi-bin # where our private Apache modules will go admmoddir=/modules perldir=/perl @@ -25826,6 +25827,8 @@ if test "$with_fhs_opt" = "yes"; then piddir=/$PACKAGE_BASE_NAME/$instancename/run # location of property/resource files, relative to datadir propertydir=/properties + # relative to $localstatedir + dsgwcookiedir=/$PACKAGE_BASE_NAME/dsgw/cookies else if test "$with_fhs" = "yes"; then ac_default_prefix=/usr @@ -25844,6 +25847,7 @@ else # relative to libdir # CGI program directory cgibindir=/$PACKAGE_BASE_NAME/cgi-bin + dsgwcgibindir=/$PACKAGE_BASE_NAME/dsgw-cgi-bin # where our private Apache modules will go admmoddir=/$PACKAGE_BASE_NAME/modules perldir=/$PACKAGE_BASE_NAME/perl @@ -25853,6 +25857,8 @@ else piddir=/run/$PACKAGE_BASE_NAME # location of property/resource files, relative to datadir propertydir=/$PACKAGE_BASE_NAME/properties + # relative to $localstatedir + dsgwcookiedir=/run/$PACKAGE_BASE_NAME/dsgw/cookies fi pidfile=$instancename.pid @@ -25921,6 +25927,9 @@ pidfile=$instancename.pid +# these are needed for selinux policy for the dsgw + + @@ -26860,6 +26869,8 @@ s,@nssmoddir@,$nssmoddir,;t t s,@infdir@,$infdir,;t t s,@perldir@,$perldir,;t t s,@updatedir@,$updatedir,;t t +s,@dsgwcgibindir@,$dsgwcgibindir,;t t +s,@dsgwcookiedir@,$dsgwcookiedir,;t t s,@brand@,$brand,;t t s,@capbrand@,$capbrand,;t t s,@vendor@,$vendor,;t t diff --git a/configure.ac b/configure.ac index 5d19e81..6d72542 100644 --- a/configure.ac +++ b/configure.ac @@ -319,6 +319,7 @@ if test "$with_fhs_opt" = "yes"; then # relative to libdir # CGI program directory cgibindir=/cgi-bin + dsgwcgibindir=/dsgw-cgi-bin # where our private Apache modules will go admmoddir=/modules perldir=/perl @@ -328,6 +329,8 @@ if test "$with_fhs_opt" = "yes"; then piddir=/$PACKAGE_BASE_NAME/$instancename/run # location of property/resource files, relative to datadir propertydir=/properties + # relative to $localstatedir + dsgwcookiedir=/$PACKAGE_BASE_NAME/dsgw/cookies else if test "$with_fhs" = "yes"; then ac_default_prefix=/usr @@ -348,6 +351,7 @@ else # relative to libdir # CGI program directory cgibindir=/$PACKAGE_BASE_NAME/cgi-bin + dsgwcgibindir=/$PACKAGE_BASE_NAME/dsgw-cgi-bin # where our private Apache modules will go admmoddir=/$PACKAGE_BASE_NAME/modules perldir=/$PACKAGE_BASE_NAME/perl @@ -357,6 +361,8 @@ else piddir=/run/$PACKAGE_BASE_NAME # location of property/resource files, relative to datadir propertydir=/$PACKAGE_BASE_NAME/properties + # relative to $localstatedir + dsgwcookiedir=/run/$PACKAGE_BASE_NAME/dsgw/cookies fi pidfile=$instancename.pid @@ -425,6 +431,9 @@ AC_SUBST(nssmoddir) AC_SUBST(infdir) AC_SUBST(perldir) AC_SUBST(updatedir) +# these are needed for selinux policy for the dsgw +AC_SUBST(dsgwcgibindir) +AC_SUBST(dsgwcookiedir) AC_SUBST(brand) AC_SUBST(capbrand) diff --git a/selinux/dirsrv-admin.fc.in b/selinux/dirsrv-admin.fc.in index d00380b..f97a606 100644 --- a/selinux/dirsrv-admin.fc.in +++ b/selinux/dirsrv-admin.fc.in @@ -5,6 +5,7 @@ # Configuration @configdir(a)(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0) +@dsgwconfigdir(a)(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0) # Log dir @logdir(a)(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) @@ -14,3 +15,7 @@ # CGIs @cgibindir(a)(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0) +@dsgwcgibindir(a)(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0) + +# DSGW cookies +@dsgwcookiedir(a)(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) commit 64991f3154db313bb5fee22f2c003f56580d09d3 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Tue Sep 28 08:53:25 2010 -0600 initial support for openldap This adds support for using openldap instead of mozldap diff --git a/Makefile.am b/Makefile.am index 15484ea..1e79eb0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -90,11 +90,11 @@ libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \ libsi18n_a_SOURCES = lib/libsi18n/getstrprop.c -libadmin_a_SOURCES = lib/libadmin/cluster.c lib/libadmin/dllglue.c \ +libadmin_a_SOURCES = lib/libadmin/cluster.c \ lib/libadmin/error.c lib/libadmin/form_get.c lib/libadmin/httpcon.c lib/libadmin/install.c \ lib/libadmin/referer.c lib/libadmin/template.c lib/libadmin/util.c -AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) @adminutil_inc@ @icu_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 \ +AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) @adminutil_inc@ @icu_inc@ @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 \ -I$(srcdir)/include -I$(srcdir)/include/base if WINNT AM_CPPFLAGS += -DXP_WINNT @@ -130,9 +130,15 @@ LIBNSL=@LIBNSL@ LIBCSTD=@LIBCSTD@ LIBCRUN=@LIBCRUN@ +if OPENLDAP +LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@ +else +LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 +endif + DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \ @icu_lib@ -licui18n -licuuc -licudata \ - @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 \ + $(LDAPSDK_LINK) \ @sasl_lib@ -lsasl2 \ @nss_lib@ -lsmime3 -lssl3 -lnss3 -lsoftokn3 \ @nspr_lib@ -lplds4 -lplc4 -lnspr4 \ @@ -263,8 +269,7 @@ libdsa_a_SOURCES = lib/libdsa/dsalib_conf.c \ lib/libdsa/dsalib_db.c \ lib/libdsa/dsalib_util.c -libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -libdsa_a_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) +libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ # source files for our CGI programs download_SOURCES = admserv/cgi-src40/download.c @@ -352,7 +357,7 @@ ds_snmpctrl_LINK = $(MYLINK) mod_admserv_la_SOURCES = mod_admserv/mod_admserv.c mod_admserv_la_CPPFLAGS = -I@apache_inc@ @apr_inc@ $(AM_CPPFLAGS) @extra_cppflags@ mod_admserv_la_LDFLAGS = -module -avoid-version -mod_admserv_la_LIBADD = $(DEFAULT_LIBS_NOCGI) +mod_admserv_la_LIBADD = $(DEFAULT_LIBS) mod_admserv_la_LINK = $(MYLINK) $(mod_admserv_la_LDFLAGS) ############## mod_restartd ################ @@ -408,14 +413,14 @@ perlpath=$(perldir) $(libdir)/perl/arch $(libdir)/perl else # need to create the LD_LIBRARY_PATH,SHLIB_PATH string to use in scripts # sort also strips out duplicates -LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir) +LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(openldap_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir) LIBDIRS = $(call mysort,-ru,$(LIBDIRLIST)) # now put it in the canonical form LIBPATH = $(subst $(SPACE),$(COLON),$(LIBDIRS)) # nssmoddir is the same runtime_nssmoddir=$(nssmoddir) runtime_nss_libdir=$(nss_libdir) -runtime_ldapsdk_libdir=$(ldapsdk_libdir) +runtime_ldapsdk_libdir=$(openldap_libdir) $(ldapsdk_libdir) perlpath=$(perldir) endif # this is primarily needed for HP-UX and the other platforms diff --git a/Makefile.in b/Makefile.in old mode 100755 new mode 100644 index 2e325c0..08d626f --- a/Makefile.in +++ b/Makefile.in @@ -61,10 +61,10 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/fhs.m4 \ $(top_srcdir)/m4/fortitude.m4 $(top_srcdir)/m4/httpd.m4 \ $(top_srcdir)/m4/nspr.m4 $(top_srcdir)/m4/nss.m4 \ - $(top_srcdir)/m4/sasl.m4 $(top_srcdir)/m4/mozldap.m4 \ - $(top_srcdir)/m4/icu.m4 $(top_srcdir)/m4/adminutil.m4 \ - $(top_srcdir)/m4/mod_nss.m4 $(top_srcdir)/m4/selinux.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/sasl.m4 $(top_srcdir)/m4/openldap.m4 \ + $(top_srcdir)/m4/mozldap.m4 $(top_srcdir)/m4/icu.m4 \ + $(top_srcdir)/m4/adminutil.m4 $(top_srcdir)/m4/mod_nss.m4 \ + $(top_srcdir)/m4/selinux.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ @@ -75,7 +75,7 @@ CONFIG_CLEAN_FILES = LIBRARIES = $(noinst_LIBRARIES) ARFLAGS = cru libdsa_a_AR = $(AR) $(ARFLAGS) -libdsa_a_DEPENDENCIES = +libdsa_a_LIBADD = am__dirstamp = $(am__leading_dot)dirstamp am_libdsa_a_OBJECTS = lib/libdsa/libdsa_a-dsalib_conf.$(OBJEXT) \ lib/libdsa/libdsa_a-dsalib_debug.$(OBJEXT) \ @@ -109,18 +109,19 @@ libds_admin_serv_la_DEPENDENCIES = am__objects_1 = lib/base/file.lo lib/base/nscperror.lo \ lib/base/system.lo lib/base/nscputil.lo am__objects_2 = lib/libsi18n/getstrprop.lo -am__objects_3 = lib/libadmin/cluster.lo lib/libadmin/dllglue.lo \ - lib/libadmin/error.lo lib/libadmin/form_get.lo \ - lib/libadmin/httpcon.lo lib/libadmin/install.lo \ - lib/libadmin/referer.lo lib/libadmin/template.lo \ - lib/libadmin/util.lo +am__objects_3 = lib/libadmin/cluster.lo lib/libadmin/error.lo \ + lib/libadmin/form_get.lo lib/libadmin/httpcon.lo \ + lib/libadmin/install.lo lib/libadmin/referer.lo \ + lib/libadmin/template.lo lib/libadmin/util.lo am_libds_admin_serv_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ $(am__objects_3) libds_admin_serv_la_OBJECTS = $(am_libds_admin_serv_la_OBJECTS) am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -mod_admserv_la_DEPENDENCIES = $(am__DEPENDENCIES_2) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +am__DEPENDENCIES_3 = libds-admin-serv.la $(am__DEPENDENCIES_2) +mod_admserv_la_DEPENDENCIES = $(am__DEPENDENCIES_3) am_mod_admserv_la_OBJECTS = mod_admserv/mod_admserv_la-mod_admserv.lo mod_admserv_la_OBJECTS = $(am_mod_admserv_la_OBJECTS) mod_restartd_la_LIBADD = @@ -131,7 +132,6 @@ cgibinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(cgibin_PROGRAMS) am_ReadLog_OBJECTS = admserv/cgi-src40/ReadLog.$(OBJEXT) ReadLog_OBJECTS = $(am_ReadLog_OBJECTS) -am__DEPENDENCIES_3 = libds-admin-serv.la $(am__DEPENDENCIES_2) ReadLog_DEPENDENCIES = $(am__DEPENDENCIES_3) am_admpw_OBJECTS = admserv/cgi-src40/admpw.$(OBJEXT) admpw_OBJECTS = $(am_admpw_OBJECTS) @@ -350,6 +350,8 @@ MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ OBJEXT = @OBJEXT@ +OPENLDAP_FALSE = @OPENLDAP_FALSE@ +OPENLDAP_TRUE = @OPENLDAP_TRUE@ PACKAGE = @PACKAGE@ PACKAGE_BASE_NAME = @PACKAGE_BASE_NAME@ PACKAGE_BASE_VERSION = @PACKAGE_BASE_VERSION@ @@ -460,7 +462,11 @@ nss_lib = @nss_lib@ nss_libdir = @nss_libdir@ nssmoddir = @nssmoddir@ nsspcache = @nsspcache@ +ol_libver = @ol_libver@ oldincludedir = @oldincludedir@ +openldap_inc = @openldap_inc@ +openldap_lib = @openldap_lib@ +openldap_libdir = @openldap_libdir@ perldir = $(libdir)@perldir@ perlexec = @perlexec@ piddir = $(localstatedir)@piddir@ @@ -526,14 +532,14 @@ libbase_a_SOURCES = lib/base/file.cpp lib/base/nscperror.c \ lib/base/system.cpp lib/base/nscputil.cpp libsi18n_a_SOURCES = lib/libsi18n/getstrprop.c -libadmin_a_SOURCES = lib/libadmin/cluster.c lib/libadmin/dllglue.c \ +libadmin_a_SOURCES = lib/libadmin/cluster.c \ lib/libadmin/error.c lib/libadmin/form_get.c lib/libadmin/httpcon.c lib/libadmin/install.c \ lib/libadmin/referer.c lib/libadmin/template.c lib/libadmin/util.c AM_CPPFLAGS = $(DEBUG_DEFINES) $(PATH_DEFINES) $(OTHER_DEFINES) \ - @adminutil_inc@ @icu_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ \ - -DUSE_ADMSERV=1 -I$(srcdir)/include -I$(srcdir)/include/base \ - $(am__append_1) $(am__append_2) \ + @adminutil_inc@ @icu_inc@ @openldap_inc@ @ldapsdk_inc@ \ + @nss_inc@ @nspr_inc@ -DUSE_ADMSERV=1 -I$(srcdir)/include \ + -I$(srcdir)/include/base $(am__append_1) $(am__append_2) \ -DPROPERTYDIR=\"$(propertydir)\" -DLIBDIR=\"$(libdir)\" \ -DPIDDIR=\"$(piddir)\" -DHTMLDIR=\"$(htmldir)\" \ -DICONDIR=\"$(icondir)\" -DCMDBINDIR=\"$(cmdbindir)\" \ @@ -557,9 +563,11 @@ noinst_LIBRARIES = libdsa.a # Apache modules admmod_LTLIBRARIES = mod_admserv.la mod_restartd.la +@OPENLDAP_FALSE@LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 +@OPENLDAP_TRUE@LDAPSDK_LINK = @openldap_lib@ -lldap@ol_libver@ -lldif@ol_libver@ DEFAULT_LIBS_NOCGI = @adminutil_lib@ -ladmsslutil@adminutil_ver@ -ladminutil@adminutil_ver@ \ @icu_lib@ -licui18n -licuuc -licudata \ - @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60 \ + $(LDAPSDK_LINK) \ @sasl_lib@ -lsasl2 \ @nss_lib@ -lsmime3 -lssl3 -lnss3 -lsoftokn3 \ @nspr_lib@ -lplds4 -lplc4 -lnspr4 \ @@ -667,8 +675,7 @@ libdsa_a_SOURCES = lib/libdsa/dsalib_conf.c \ lib/libdsa/dsalib_db.c \ lib/libdsa/dsalib_util.c -libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @ldapsdk_inc@ @nss_inc@ @nspr_inc@ -libdsa_a_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) +libdsa_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include/libdsa @openldap_inc@ @ldapsdk_inc@ @nss_inc@ @nspr_inc@ # source files for our CGI programs download_SOURCES = admserv/cgi-src40/download.c @@ -750,7 +757,7 @@ ds_snmpctrl_LINK = $(MYLINK) mod_admserv_la_SOURCES = mod_admserv/mod_admserv.c mod_admserv_la_CPPFLAGS = -I@apache_inc@ @apr_inc@ $(AM_CPPFLAGS) @extra_cppflags@ mod_admserv_la_LDFLAGS = -module -avoid-version -mod_admserv_la_LIBADD = $(DEFAULT_LIBS_NOCGI) +mod_admserv_la_LIBADD = $(DEFAULT_LIBS) mod_admserv_la_LINK = $(MYLINK) $(mod_admserv_la_LDFLAGS) ############## mod_restartd ################ @@ -799,13 +806,13 @@ mysort = $(shell echo -e $(subst $(SPACE),$(NL),$2) | grep -v -- -e | sort $1 -k @BUNDLE_TRUE@runtime_nssmoddir = $(admmoddir) @BUNDLE_FALSE@runtime_nss_libdir = $(nss_libdir) @BUNDLE_TRUE@runtime_nss_libdir = $(libdir) -@BUNDLE_FALSE@runtime_ldapsdk_libdir = $(ldapsdk_libdir) +@BUNDLE_FALSE@runtime_ldapsdk_libdir = $(openldap_libdir) $(ldapsdk_libdir) @BUNDLE_TRUE@runtime_ldapsdk_libdir = $(libdir) @BUNDLE_FALSE@perlpath = $(perldir) @BUNDLE_TRUE@perlpath = $(perldir) $(libdir)/perl/arch $(libdir)/perl # need to create the LD_LIBRARY_PATH,SHLIB_PATH string to use in scripts # sort also strips out duplicates -@BUNDLE_FALSE@LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir) +@BUNDLE_FALSE@LIBDIRLIST = $(nspr_libdir) $(nss_libdir) $(openldap_libdir) $(ldapsdk_libdir) $(sasl_libdir) $(adminutil_libdir) $(icu_libdir) $(libdir) @BUNDLE_FALSE@LIBDIRS = $(call mysort,-ru,$(LIBDIRLIST)) # this is primarily needed for HP-UX and the other platforms # where we bundle all of the components together @@ -1125,8 +1132,6 @@ lib/libadmin/$(DEPDIR)/$(am__dirstamp): @: > lib/libadmin/$(DEPDIR)/$(am__dirstamp) lib/libadmin/cluster.lo: lib/libadmin/$(am__dirstamp) \ lib/libadmin/$(DEPDIR)/$(am__dirstamp) -lib/libadmin/dllglue.lo: lib/libadmin/$(am__dirstamp) \ - lib/libadmin/$(DEPDIR)/$(am__dirstamp) lib/libadmin/error.lo: lib/libadmin/$(am__dirstamp) \ lib/libadmin/$(DEPDIR)/$(am__dirstamp) lib/libadmin/form_get.lo: lib/libadmin/$(am__dirstamp) \ @@ -1491,8 +1496,6 @@ mostlyclean-compile: -rm -f lib/base/system.lo -rm -f lib/libadmin/cluster.$(OBJEXT) -rm -f lib/libadmin/cluster.lo - -rm -f lib/libadmin/dllglue.$(OBJEXT) - -rm -f lib/libadmin/dllglue.lo -rm -f lib/libadmin/error.$(OBJEXT) -rm -f lib/libadmin/error.lo -rm -f lib/libadmin/form_get.$(OBJEXT) @@ -1558,7 +1561,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@lib/base/$(DEPDIR)/nscputil.Plo(a)am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@lib/base/$(DEPDIR)/system.Plo(a)am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/cluster.Plo(a)am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/dllglue.Plo(a)am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/error.Plo(a)am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/form_get.Plo(a)am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@lib/libadmin/$(DEPDIR)/httpcon.Plo(a)am__quote@ diff --git a/admserv/cgi-src40/admlib.mk b/admserv/cgi-src40/admlib.mk deleted file mode 100644 index 5241bdf..0000000 --- a/admserv/cgi-src40/admlib.mk +++ /dev/null @@ -1,119 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; version 2 -# of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# - -# END COPYRIGHT BLOCK -ifneq ($(ARCH), WINNT) - -OLD_BUILD_ROOT := $(BUILD_ROOT) -BUILD_ROOT := $(shell cd $(OLD_BUILD_ROOT); pwd) -SRCDIR=$(BUILD_ROOT)/admserv/cgi-src40 - -ifeq ($(ARCH), OSF1) -EXTRA_LIBS += -Wl,-rpath,../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), Linux) -EXTRA_LIBS += -Wl,-rpath,../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), IRIX) -EXTRA_LIBS += -lgen -rpath ../../lib:../..:../../../../lib -endif - - -ifeq ($(ARCH), SOLARIS) -EXTRA_LIBS += -lgen -R../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), SONY) -EXTRA_LIBS += -rpath ../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), NECSVR4) -EXTRA_LIBS += -L../../lib -L../.. -endif - -ifeq ($(ARCH), HPUX) -EXTRA_LIBS += -Wl,+b,../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), AIX) -#LDAPLINK=-L../.. -L../../../../lib $(addprefix -l, $(LDAP_LIBNAMES)) -EXTRA_LIBS+= -blibpath:../../lib:.:../../:../../../../lib:$(DEF_LIBPATH) -brtl -endif - -ifdef USE_LD_RUN_PATH -EXTRA_LIBS += -L. -export LD_RUN_PATH=../../lib:../..:../../../../lib -endif - -ifeq ($(ARCH), SUNOS4) -EXTRA_LIBS += -L../../lib -L../.. -endif - -EXTRA_LIBS += $(MATHLIB) - -ifndef LDAPLINK -LDAPLINK = -L$(LDAPSDK_LIBPATH) $(addprefix -l, $(addsuffix $(DLL_PRESUF), $(LDAP_LIBNAMES))) -endif - -GLUEOBJS=$(OBJDIR)/admin-lib/dllglue.o - -ifeq ($(ARCH), AIX) -DEPLINK+=-bE:$(OBJDIR)/admin-lib/dllglue.exp -endif - -ifeq ($(ARCH), AIX) -$(GLUEOBJS): dllglue.c - $(CC) -c $(CFLAGS) $(MCC_INCLUDE) dllglue.c \ - -o $(OBJDIR)/admin-lib/dllglue.o - nm -B -g $(OBJDIR)/admin-lib/dllglue.o \ - | awk '/ [T,D,B] / {print $$3}' \ - | sed -e 's/^\.//' \ - | sort -u > $(OBJDIR)/admin-lib/dllglue.exp - echo func_standard >> $(OBJDIR)/admin-lib/dllglue.exp - -else -# -# Puzzled! If this is not seperated, secglue.o will be removed after -# compiling the cgi programs! -# -$(GLUEOBJS): dllglue.c - $(CC) -c $(CFLAGS) $(MCC_INCLUDE) dllglue.c \ - -o $(OBJDIR)/admin-lib/dllglue.o -endif - -$(OBJDIR)/admin-lib: - mkdir -p $(OBJDIR)/admin-lib - -# -# 10/01/96 achan -# The dependency rules for ADMLIB is really defined in ../src/unixso.mk -# So go there and check! -# -# 5/12/97 achan -# Remove the check for whether ns-admin.so should be rebuilt since it will -# sometimes remake it for no reason. -# -$(ADMLIB): FORCEIT - -FORCEIT: - -endif diff --git a/admserv/cgi-src40/admpw.c b/admserv/cgi-src40/admpw.c index 540a720..cbba671 100644 --- a/admserv/cgi-src40/admpw.c +++ b/admserv/cgi-src40/admpw.c @@ -66,7 +66,6 @@ static void output_admuid(AdmldapInfo admInfo); static void update_uidpwd(); static void update_admpwd(char *newuid, char *newpw, const char *filename); -static void update_ds(char *newpw); static char * sha1_pw_enc(const char *pwd) @@ -315,7 +314,6 @@ static void update_uidpwd(AdmldapInfo admInfo) { NULL, NULL); } - update_ds(newpw); update_admpwd(newuid, sha1_pw_enc(newpw), filename); } else { @@ -350,68 +348,3 @@ static void update_admpwd(char *newuid, char *newpw, const char *filename) { fclose(f); } - -/* - * Modify userpassword in the DS - */ -static void update_ds(char *pwd) { - - int err, rv, errorCode; - PsetHndl pset; - char *username = 0; - char *localAdmin = 0; - char *binddn = 0; - char *bindpw = 0; - char error_info[128]; - char *configdir = util_get_conf_dir(); - - /* Get UserDN and User Password */ - - rv = ADM_GetUserDNString(&err, &binddn); - if (rv < 0 || !binddn || !*binddn) { - rv = ADM_GetCurrentUsername(&err, &username); - if (rv < 0 || !username || !*username) { - rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERNAME, "No User Name"), NULL, NULL); - } - else { - /* No DN, maybe it is local super */ - localAdmin = admGetLocalAdmin(NULL, &rv); - if (localAdmin) { - if (strcmp(username, localAdmin)) { - rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERDN, "No User DN"), NULL, NULL); - } - else { - binddn = NULL; - bindpw = NULL; - } - } - else { - rpt_err(ELEM_MISSING, i18nMsg(DBT_NO_USERDN, "No User DN"), NULL, NULL); - } - } - } - - if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw); - - /* Initialize the pset */ - - pset = psetCreateSSL("admin-serv", - /* configRoot */ configdir, - /* userDN */ binddn, - /* passwd */ bindpw, - /* errorcode */ &rv); - - if (!pset) { - PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_PSET_ERROR,"PSETERROR: %d"), rv); - rpt_err(APP_ERROR, i18nMsg(DBT_PSET_CREATE, "PSET Creation Failed"), NULL, error_info); - } - - errorCode = psetSetSingleValueAttr(pset, "userpassword", pwd); - - if (errorCode) { - logMsg("psetErr=%d\n", errorCode); - psetDelete(pset); - PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_PSET_ERROR,"PSETERROR: %d"), errorCode); - rpt_err(APP_ERROR, "PSET SET Failed", NULL, error_info); - } -} diff --git a/admserv/cgi-src40/dllglue.c b/admserv/cgi-src40/dllglue.c deleted file mode 100644 index f86dd3e..0000000 --- a/admserv/cgi-src40/dllglue.c +++ /dev/null @@ -1,42 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; version 2 - * of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - * END COPYRIGHT BLOCK **/ -/* - * dllglue.c: Glue routines for the httpd.so shared object. These are - * necessary because on many system no garbage collection is performed for - * shared objects. - * - * Rob McCool - */ - - -#ifdef XP_UNIX - -#include "base/systems.h" - -char *func_standard; -void magnus_atrestart(void) {} -#ifdef AIX -void aix_dlopen(void) {} -void aix_dlclose(void) {} -void aix_dlerror(void) {} -void aix_dlsym(void) {} -#endif -#endif diff --git a/admserv/cgi-src40/dsconfig.c b/admserv/cgi-src40/dsconfig.c index 80a206b..899836b 100644 --- a/admserv/cgi-src40/dsconfig.c +++ b/admserv/cgi-src40/dsconfig.c @@ -238,13 +238,14 @@ static void handle_getconfig() int rc; LDAPURLDesc *ludp; char *ldapurl = NULL; + int ssl; logMsg("In handle_getconfig\n"); ldapurl = get_ldap_url(); logMsg("baseurl=%s\n", ldapurl); - if (( rc = ldap_url_parse( ldapurl, &ludp )) != 0 ) { + if (( rc = util_ldap_url_parse( ldapurl, &ludp, 0, &ssl )) != 0 ) { char error_info[128]; PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BAD_LDAPURL, "LDAP URL (%s) is invalid"), ldapurl); @@ -252,7 +253,6 @@ static void handle_getconfig() rpt_err(SYSTEM_ERROR, error_info, NULL, NULL); } else { - int ssl; fprintf(stdout, "Content-type: text/html\n\n"); @@ -262,7 +262,6 @@ static void handle_getconfig() fprintf(stdout, "dsconfig.port:%d\n", ludp->lud_port); logMsg("dsconfig.port:%d\n", ludp->lud_port); - ssl = (ludp->lud_options & LDAP_URL_OPT_SECURE); fprintf(stdout, "dsconfig.ssl:%s\n", ssl ? "true" : "false"); logMsg("dsconfig.ssl:%s\n", ssl ? "true" : "false"); @@ -337,7 +336,7 @@ static char* create_new_ldapurl(char *new_host, int new_port, char *new_basedn, curldapurl = get_ldap_url(); logMsg("baseurl=%s\n", curldapurl); - if (( rc = ldap_url_parse( curldapurl, &ludp )) != 0 ) { + if (( rc = util_ldap_url_parse( curldapurl, &ludp, 0, &sslflag )) != 0 ) { logMsg("ldap_url_parse(%s) failed, rc=%d\n", curldapurl, rc); rpt_err(SYSTEM_ERROR, i18nMsg(DBT_BAD_LDAPURL,"Bad ldap url in adm.conf"), NULL, NULL); } @@ -347,7 +346,7 @@ static char* create_new_ldapurl(char *new_host, int new_port, char *new_basedn, host = (new_host != NULL) ? new_host : ludp->lud_host; port = (new_port != -1) ? new_port : ludp->lud_port; basedn = (new_basedn != NULL) ? new_basedn : ludp->lud_dn; - sslflag = (new_ssl != -1) ? new_ssl : (ludp->lud_options & LDAP_URL_OPT_SECURE); + sslflag = (new_ssl != -1) ? new_ssl : sslflag; ssl = (sslflag) ? (char *)"s" : (char *)""; PR_snprintf(url, sizeof(url), "ldap%s://%s:%d/%s", ssl, host, port, basedn); diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c index e6d9eee..71e1437 100644 --- a/admserv/cgi-src40/htmladmin.c +++ b/admserv/cgi-src40/htmladmin.c @@ -36,7 +36,6 @@ #include "libadmsslutil/admsslutil.h" #include "libadmin/cluster.h" #include "ldap.h" -#include <ldap_ssl.h> #include "prnetdb.h" #include "plstr.h" @@ -336,7 +335,11 @@ int sorted_search( char *sortattr, LDAP *ld, const char *base, int scope, const char *filter, char **attrs, int attrsonly, LDAPMessage **res ) { int rv; +#if defined(USE_OPENLDAP) + LDAPSortKey **key; +#else LDAPsortkey **key; +#endif LDAPControl *control; LDAPControl **controls; @@ -403,8 +406,9 @@ char *get_admin_url(LDAP *server, char *sie) { * Get the server host here. */ - if((ldapError = ldap_search_s(server, group, LDAP_SCOPE_SUBTREE, - ADMIN_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, group, LDAP_SCOPE_SUBTREE, + ADMIN_OBJTYPE, NULL, 0, + NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS) return NULL; entry = ldap_first_entry(server, result); @@ -412,9 +416,9 @@ char *get_admin_url(LDAP *server, char *sie) { return NULL; } - if((vals = ldap_get_values(server, entry, ADMIN_HOST)) != NULL) { + if((vals = util_ldap_get_values(server, entry, ADMIN_HOST)) != NULL) { host = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } @@ -428,8 +432,9 @@ char *get_admin_url(LDAP *server, char *sie) { * Get the ISIE entry */ - if((ldapError = ldap_search_s(server, isie, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &result)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, isie, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS) return NULL; entry = ldap_first_entry(server, result); @@ -441,8 +446,9 @@ char *get_admin_url(LDAP *server, char *sie) { * Now search the SIE's configuration object to get the port and the security status. */ - if((ldapError = ldap_search_s(server, ldap_get_dn(server, entry), LDAP_SCOPE_SUBTREE, - ADMINCONF_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, ldap_get_dn(server, entry), LDAP_SCOPE_SUBTREE, + ADMINCONF_OBJTYPE, NULL, 0, + NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS) return NULL; entry = ldap_first_entry(server, result); @@ -450,14 +456,14 @@ char *get_admin_url(LDAP *server, char *sie) { return NULL; } - if((vals = ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) { + if((vals = util_ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) { port = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, ADMINCONF_SECURITY)) != NULL) { + if((vals = util_ldap_get_values(server, entry, ADMINCONF_SECURITY)) != NULL) { security = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } /* Construct URL. */ @@ -487,15 +493,15 @@ int get_host_and_port(LDAP *server, char *sie, LDAPMessage *sie_entry, char **ho *host=NULL; *port=NULL; - if((vals = ldap_get_values(server, sie_entry, ADMIN_HOST)) != NULL) { + if((vals = util_ldap_get_values(server, sie_entry, ADMIN_HOST)) != NULL) { *host = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, sie_entry, ADMINCONF_PORT)) != NULL) { + if((vals = util_ldap_get_values(server, sie_entry, ADMINCONF_PORT)) != NULL) { *port = (int *)malloc(sizeof(int)); (*port)[0] = atoi(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } if(*host && *port) @@ -504,21 +510,22 @@ int get_host_and_port(LDAP *server, char *sie, LDAPMessage *sie_entry, char **ho PR_snprintf(sie_conf, BIG_LINE, "cn=configuration, %s", sie); - if((ldapError = ldap_search_s(server, sie_conf, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &result)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, sie_conf, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS) return 0; entry = ldap_first_entry(server, result); - if((vals = ldap_get_values(server, entry, ADMIN_HOST)) != NULL) { + if((vals = util_ldap_get_values(server, entry, ADMIN_HOST)) != NULL) { *host = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) { + if((vals = util_ldap_get_values(server, entry, ADMINCONF_PORT)) != NULL) { *port = (int *)malloc(sizeof(int)); (*port)[0] = atoi(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } if(*host && *port) @@ -622,8 +629,9 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) { } PR_snprintf(filter, BIG_LINE, "(&(objectclass=nscustomview))"); - ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, - filter, NULL, 0, &result); + ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE, + filter, NULL, 0, + NULL, NULL, NULL, -1, &result); if(ldapError != LDAP_SUCCESS) /* fatal error, bail */ @@ -634,7 +642,7 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) { entry != NULL; entry = ldap_next_entry(server, entry)) { - vals = ldap_get_values(server, entry, "nsdisplayname"); + vals = util_ldap_get_values(server, entry, "nsdisplayname"); if(!vals || !vals[0]) break; @@ -655,8 +663,9 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) { /* Next, search public views */ PR_snprintf(dn, BIG_LINE, "ou=Global Preferences, %s", ptr3); - ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, - filter, NULL, 0, &result); + ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE, + filter, NULL, 0, + NULL, NULL, NULL, -1, &result); if((ldapError != LDAP_SUCCESS) && (ldapError != LDAP_NO_SUCH_OBJECT)) /* fatal error, bail */ return NULL; @@ -665,7 +674,7 @@ char **get_all_users_views(LDAP *server, char *binddn, AdmldapInfo ldapInfo) { entry != NULL; entry = ldap_next_entry(server, entry)) { - vals = ldap_get_values(server, entry, "nsdisplayname"); + vals = util_ldap_get_values(server, entry, "nsdisplayname"); if(!vals || !vals[0]) break; @@ -722,26 +731,28 @@ char **get_view_list(LDAP *server, char *view, char *binddn, AdmldapInfo ldapInf contain values like = () etc. */ escape_filter_value(filter, -1, escaped_filter); - ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, - escaped_filter, NULL, 0, &result); + ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE, + escaped_filter, NULL, 0, + NULL, NULL, NULL, -1, &result); if(ldapError != LDAP_SUCCESS) /* fatal error, bail */ return NULL; - vals = ldap_get_values(server, result, "nsviewconfiguration"); + vals = util_ldap_get_values(server, result, "nsviewconfiguration"); if(!vals || !strcmp(vals[0], "<none>")) { /* not in the private views, maybe in the public views? */ PR_snprintf(dn, sizeof(dn), "ou=Global Preferences, %s", ptr3); - ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, - escaped_filter, NULL, 0, &result); + ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_SUBTREE, + escaped_filter, NULL, 0, + NULL, NULL, NULL, -1, &result); if(ldapError != LDAP_SUCCESS) /* fatal error, bail */ return NULL; - vals = ldap_get_values(server, result, "nsviewconfiguration"); + vals = util_ldap_get_values(server, result, "nsviewconfiguration"); if(!vals || !strcmp(vals[0], "<none>")) return NULL; } @@ -766,28 +777,18 @@ char **get_view_list(LDAP *server, char *view, char *binddn, AdmldapInfo ldapInf } -LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw) { +LDAP *server_bind(const char *securitydir, char *host, int port, int security, char *binddn, char *bindpw) { - int ver = LDAP_VERSION3; - int rv; int ldapError; LDAP *server; - if(security) { - if(!(server = ldapssl_init(host, port, 1))) - return NULL; - } - else { - if(!(server = ldap_init(host, port))) + + if(!(server = util_ldap_init(securitydir, NULL, host, port, security, 0, NULL))) { return NULL; } - rv = ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver); - if(rv != LDAP_SUCCESS) - return NULL; - - if ((ldapError = ldap_simple_bind_s(server, binddn, bindpw)) + if ((ldapError = util_ldap_bind(server, binddn, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS ) { switch (ldapError) { case LDAP_INAPPROPRIATE_AUTH: @@ -795,16 +796,21 @@ LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw case LDAP_INSUFFICIENT_ACCESS: /* authenticate failed: Should not continue */ #ifdef LDAP_DEBUG - ldap_perror( ld, "ldap_simple_bind_s" ); + util_ldap_perror( ld, "util_ldap_bind:" ); #endif + ldap_unbind_ext(server, NULL, NULL); return NULL; case LDAP_NO_SUCH_OBJECT: case LDAP_ALIAS_PROBLEM: case LDAP_INVALID_DN_SYNTAX: +#ifdef LDAP_DEBUG + util_ldap_perror( ld, "util_ldap_bind:" ); +#endif /* Not a good DN */ + ldap_unbind_ext(server, NULL, NULL); return NULL; default: - ldap_unbind(server); + ldap_unbind_ext(server, NULL, NULL); return NULL; } } @@ -897,6 +903,7 @@ int output_topology(AdmldapInfo ldapInfo, char *host = admldapGetHost(ldapInfo); int port = admldapGetPort(ldapInfo); int security = admldapGetSecurity(ldapInfo); + char *securitydir = admldapGetSecurityDir(ldapInfo); LDAP *server; int ldapError; @@ -913,7 +920,9 @@ int output_topology(AdmldapInfo ldapInfo, int first_servergroup; int legacy; - server = server_bind(host, port, security, binddn, bindpw); + server = server_bind(securitydir, host, port, security, binddn, bindpw); + PL_strfree(securitydir); + securitydir = NULL; if(!server) return -1; @@ -942,11 +951,11 @@ int output_topology(AdmldapInfo ldapInfo, continue; - if((vals = ldap_get_values(server, domain_entry, DOMAIN_ATTR)) != NULL) { + if((vals = util_ldap_get_values(server, domain_entry, DOMAIN_ATTR)) != NULL) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_DOMAIN_IMAGE), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } else return -1; @@ -965,11 +974,11 @@ int output_topology(AdmldapInfo ldapInfo, continue; - if((vals = ldap_get_values(server, host_entry, HOST_ATTR)) != NULL) { + if((vals = util_ldap_get_values(server, host_entry, HOST_ATTR)) != NULL) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_HOST_IMAGE), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } else return -1; @@ -989,7 +998,7 @@ int output_topology(AdmldapInfo ldapInfo, continue; legacy = 0; - if((vals = ldap_get_values(server, servergroup_entry, "objectclass")) != NULL) { + if((vals = util_ldap_get_values(server, servergroup_entry, "objectclass")) != NULL) { int count=0; while(vals[count]) { if(!strcasecmp(vals[count], "nslegacyadmingroup")) { @@ -998,10 +1007,10 @@ int output_topology(AdmldapInfo ldapInfo, } count++; } - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, servergroup_entry, SERVERGROUP_ATTR)) != NULL) { + if((vals = util_ldap_get_values(server, servergroup_entry, SERVERGROUP_ATTR)) != NULL) { if(first_servergroup) { first_servergroup = 0; } @@ -1010,7 +1019,7 @@ int output_topology(AdmldapInfo ldapInfo, fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_SERVER_GROUP_IMAGE), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } else return -1; @@ -1028,7 +1037,7 @@ int output_topology(AdmldapInfo ldapInfo, if(!within_view(view_list, ldap_get_dn(server, isie_entry))) continue; - if((vals = ldap_get_values(server, isie_entry, ISIE_PRODNAME_ATTR)) != NULL) { + if((vals = util_ldap_get_values(server, isie_entry, ISIE_PRODNAME_ATTR)) != NULL) { char *img; char *version; @@ -1050,7 +1059,7 @@ int output_topology(AdmldapInfo ldapInfo, img = strdup("oldservic.gif"); } - if((vals2 = ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR))) { + if((vals2 = util_ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR))) { version = (char *)malloc(4+strlen(vals2[0])); sprintf(version, " %s", vals2[0]); } @@ -1066,8 +1075,8 @@ int output_topology(AdmldapInfo ldapInfo, version); free(img); free(version); - ldap_value_free(vals); - ldap_value_free(vals2); + util_ldap_value_free(vals); + util_ldap_value_free(vals2); } else return -1; @@ -1088,7 +1097,7 @@ int output_topology(AdmldapInfo ldapInfo, if(view) PR_snprintf(viewparam, sizeof(viewparam), "&view=%s", view); - if((vals = ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) != NULL) { + if((vals = util_ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) != NULL) { char *admin_url; char *server_host; @@ -1101,7 +1110,7 @@ int output_topology(AdmldapInfo ldapInfo, if(legacy) { /* show server id, link to 3.x Admin Server page and move on */ - if((vals2 = ldap_get_values(server, sie_entry, ADMIN_LEGACY_URL)) != NULL) { + if((vals2 = util_ldap_get_values(server, sie_entry, ADMIN_LEGACY_URL)) != NULL) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_LEGACY_SERVER_ID), @@ -1109,9 +1118,9 @@ int output_topology(AdmldapInfo ldapInfo, vals2[0] ); - ldap_value_free(vals2); + util_ldap_value_free(vals2); } - ldap_value_free(vals); + util_ldap_value_free(vals); continue; } @@ -1323,7 +1332,7 @@ int output_topology(AdmldapInfo ldapInfo, fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER)); - ldap_value_free(vals); + util_ldap_value_free(vals); } else return -1; @@ -1650,17 +1659,19 @@ int main(int argc, char *argv[]) char **selections = NULL; int i; int found; + char *securitydir; ldapInfo = get_adm_ldapinfo(configdir, secdir); if(!get_bindinfo(&binddn, &bindpw)) exit(0); - server = server_bind(admldapGetHost(ldapInfo), + securitydir = admldapGetSecurityDir(ldapInfo); + server = server_bind(securitydir, admldapGetHost(ldapInfo), admldapGetPort(ldapInfo), admldapGetSecurity(ldapInfo), binddn, bindpw); - + PL_strfree(securitydir); if(server) selections = get_all_users_views(server, binddn, ldapInfo); @@ -1718,6 +1729,7 @@ int main(int argc, char *argv[]) char **serverid; char *sie; int count, max_count; + char *securitydir; if (object) { sie = strdup(object); @@ -1726,22 +1738,24 @@ int main(int argc, char *argv[]) goto output_topology; } - server = server_bind(admldapGetHost(ldapInfo), + securitydir = admldapGetSecurityDir(ldapInfo); + server = server_bind(securitydir, admldapGetHost(ldapInfo), admldapGetPort(ldapInfo), admldapGetSecurity(ldapInfo), binddn, bindpw); - + PL_strfree(securitydir); if(!server) goto output_topology; - if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE, - SIE_OBJTYPE, NULL, 0, &result)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE, + SIE_OBJTYPE, NULL, 0, + NULL, NULL, NULL, -1, &result)) != LDAP_SUCCESS) goto output_topology; sie_entry = ldap_first_entry(server, result); - if((serverid = ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) == NULL) + if((serverid = util_ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) == NULL) goto output_topology; if(!get_host_and_port(server, sie, sie_entry, &host, &ports)) diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c index 14e3c53..c53f065 100644 --- a/admserv/cgi-src40/security.c +++ b/admserv/cgi-src40/security.c @@ -496,7 +496,7 @@ getSecurityDir(AdmldapInfo info, const char *sie) } psetDelete(pset); - pset = psetRealCreateSSL(host, port, security, DSCONFIGENTRY, + pset = psetRealCreateSSL(info, host, port, security, DSCONFIGENTRY, binddn, bindpw, NULL, &rval); securitydir = psetGetAttrSingleValue(pset, DSSECURITYDIR, &rval); PL_strfree(host); diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c index 81e706f..05a6c1d 100644 --- a/admserv/cgi-src40/viewdata.c +++ b/admserv/cgi-src40/viewdata.c @@ -41,7 +41,6 @@ #include "libadmsslutil/admsslutil.h" #include "libadmin/libadmin.h" #include "libadmin/cluster.h" -#include <ldap_ssl.h> #define MY_PAGE "viewdata.html" @@ -155,28 +154,18 @@ int get_bindinfo(char **binddn, char **bindpw) { } -LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw) { +LDAP *server_bind(const char *securitydir, char *host, int port, int security, char *binddn, char *bindpw) { - int ver = LDAP_VERSION3; - int rv; int ldapError; LDAP *server; - if(security) { - if(!(server = ldapssl_init(host, port, 1))) - return NULL; - } - else { - if(!(server = ldap_init(host, port))) + + if(!(server = util_ldap_init(securitydir, NULL, host, port, security, 0, NULL))) { return NULL; } - rv = ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver); - if(rv != LDAP_SUCCESS) - return NULL; - - if ((ldapError = ldap_simple_bind_s(server, binddn, bindpw)) + if ((ldapError = util_ldap_bind(server, binddn, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS ) { switch (ldapError) { case LDAP_INAPPROPRIATE_AUTH: @@ -184,16 +173,21 @@ LDAP *server_bind(char *host, int port, int security, char *binddn, char *bindpw case LDAP_INSUFFICIENT_ACCESS: /* authenticate failed: Should not continue */ #ifdef LDAP_DEBUG - ldap_perror( ld, "ldap_simple_bind_s" ); + util_ldap_perror( ld, "util_ldap_bind:" ); #endif + ldap_unbind_ext(server, NULL, NULL); return NULL; case LDAP_NO_SUCH_OBJECT: case LDAP_ALIAS_PROBLEM: case LDAP_INVALID_DN_SYNTAX: +#ifdef LDAP_DEBUG + util_ldap_perror( ld, "util_ldap_bind:" ); +#endif /* Not a good DN */ + ldap_unbind_ext(server, NULL, NULL); return NULL; default: - ldap_unbind(server); + ldap_unbind_ext(server, NULL, NULL); return NULL; } } @@ -250,20 +244,21 @@ int get_product_url(LDAP *server, char *sie, char **text, char **url) { dn = PR_smprintf("%s, %s", base, domain); - if((ldapError = ldap_search_s(server, dn, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) { + if((ldapError = ldap_search_ext_s(server, dn, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) { PR_smprintf_free(dn); return 1; } PR_smprintf_free(dn); - if((vals = ldap_get_values(server, entry, "nshtmladminproducturl"))) { + if((vals = util_ldap_get_values(server, entry, "nshtmladminproducturl"))) { *url = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nshtmladminproducttext"))) { + if((vals = util_ldap_get_values(server, entry, "nshtmladminproducttext"))) { *text = strdup(vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } if(*url && *text) @@ -283,64 +278,71 @@ void output_data(LDAP *server, char *sie) { /* SIE has some data... */ - if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) return; - if((vals = ldap_get_values(server, entry, "serverproductname"))) { + if((vals = util_ldap_get_values(server, entry, "serverproductname"))) { fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PRODUCT_NAME), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "installationtimestamp"))) { + if((vals = util_ldap_get_values(server, entry, "installationtimestamp"))) { struct tm tm; char buf[BIG_LINE]; + int rc; /* only PARSE YYYYmmddHHMMSS */ - sscanf(vals[0], "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, - &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec); - - tm.tm_year -= 1900; /* the number of years since 1900 */ - tm.tm_mon -= 1; /* The number of month since January, in the range 0 to 11 */ + rc = sscanf(vals[0], "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, + &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec); + + if (rc < 6) { + PR_snprintf(buf, sizeof(buf), "Error: date [%s] not in YYYYmmddHHMMSS format", vals[0]); + } else { + tm.tm_year -= 1900; /* the number of years since 1900 */ + tm.tm_mon -= 1; /* The number of month since January, in the range 0 to 11 */ #ifdef LINUX - strftime(buf, BIG_LINE, "%b %d, %Y %T %p", &tm); - tzset(); - PR_snprintf(buf, sizeof(buf), "%s %s", buf, daylight ? tzname[1] : tzname[0]); + strftime(buf, BIG_LINE, "%b %d, %Y %T %p", &tm); + tzset(); + PR_snprintf(buf, sizeof(buf), "%s %s", buf, daylight ? tzname[1] : tzname[0]); #else - strftime(buf, sizeof(buf), "%b %d, %Y %T %p %Z", &tm); + strftime(buf, sizeof(buf), "%b %d, %Y %T %p %Z", &tm); #endif + } - + util_ldap_value_free(vals); + vals = NULL; fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_DATE), buf); - ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "serverroot"))) { + if((vals = util_ldap_get_values(server, entry, "serverroot"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_ROOT), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if(!(vals = ldap_get_values(server, entry, "nsserverport"))) { + if(!(vals = util_ldap_get_values(server, entry, "nsserverport"))) { /* argh, port can be in the configuration object */ char *config_buf = PR_smprintf("cn=configuration, %s", sie); - - if((ldapError = ldap_search_s(server, config_buf, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) { + + if((ldapError = ldap_search_ext_s(server, config_buf, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) { PR_smprintf_free(config_buf); return; } PR_smprintf_free(config_buf); - vals = ldap_get_values(server, entry, "nsserverport"); + vals = util_ldap_get_values(server, entry, "nsserverport"); } if(vals) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PORT), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } /* ... and ISIE has the rest. */ @@ -350,43 +352,44 @@ void output_data(LDAP *server, char *sie) { while(*isie == ' ') isie++; /* eliminate spaces */ - if((ldapError = ldap_search_s(server, isie, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, isie, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, + NULL, NULL, NULL, -1, &entry)) != LDAP_SUCCESS) return; - if((vals = ldap_get_values(server, entry, "nsproductname"))) { + if((vals = util_ldap_get_values(server, entry, "nsproductname"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_NAME), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nsvendor"))) { + if((vals = util_ldap_get_values(server, entry, "nsvendor"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_VENDOR), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nsproductversion"))) { + if((vals = util_ldap_get_values(server, entry, "nsproductversion"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_VERSION), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nsbuildnumber"))) { + if((vals = util_ldap_get_values(server, entry, "nsbuildnumber"))) { fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_NUMBER), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nsbuildsecurity"))) { + if((vals = util_ldap_get_values(server, entry, "nsbuildsecurity"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_SECURITY), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "nsrevisionnumber"))) { + if((vals = util_ldap_get_values(server, entry, "nsrevisionnumber"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_REVISION_NUMBER), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } - if((vals = ldap_get_values(server, entry, "description"))) { + if((vals = util_ldap_get_values(server, entry, "description"))) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_DESCRIPTION), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } } @@ -405,6 +408,7 @@ int main(int argc, char *argv[]) int ldapError; const char *configdir = util_get_conf_dir(); const char *secdir = util_get_security_dir(); + char *securitydir = NULL; AdmldapInfo ldapInfo = get_adm_ldapinfo(configdir, secdir); @@ -413,7 +417,9 @@ int main(int argc, char *argv[]) if(!get_bindinfo(&binddn, &bindpw)) exit(0); - server = server_bind(admldapGetHost(ldapInfo), + securitydir = admldapGetSecurityDir(ldapInfo); + server = server_bind(securitydir, + admldapGetHost(ldapInfo), admldapGetPort(ldapInfo), admldapGetSecurity(ldapInfo), binddn, @@ -421,6 +427,13 @@ int main(int argc, char *argv[]) fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n"); + if (!server) { + char buf[BUFSIZ]; + PR_snprintf(buf, sizeof(buf), "Error: could not open connection to [%s:%d]\n", + admldapGetHost(ldapInfo), admldapGetPort(ldapInfo)); + rpt_err(NETWORK_ERROR, buf, NULL, NULL); + } + if(qs) { get_begin(qs); sie=get_cgi_var("sie", NULL, NULL); @@ -439,13 +452,14 @@ int main(int argc, char *argv[]) } else if(directive_is(line, "ID_TITLE")) { char **vals; - if((ldapError = ldap_search_s(server, sie, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) + if((ldapError = ldap_search_ext_s(server, sie, LDAP_SCOPE_BASE, + "(objectclass=*)", NULL, 0, NULL, + NULL, NULL, -1, &entry)) != LDAP_SUCCESS) continue; - if((vals = ldap_get_values(server, entry, "nsserverid"))) { + if((vals = util_ldap_get_values(server, entry, "nsserverid"))) { fprintf(stdout, (const char*)getResourceString(DBT_MAIN_SERVER_ID), vals[0]); - ldap_value_free(vals); + util_ldap_value_free(vals); } } else if(directive_is(line, "SHOW_URL")) { diff --git a/admserv/cgi-src40/viewlog.c b/admserv/cgi-src40/viewlog.c index caf76dc..6ec93f2 100644 --- a/admserv/cgi-src40/viewlog.c +++ b/admserv/cgi-src40/viewlog.c @@ -255,14 +255,33 @@ getLogDir(AdmldapInfo info, const char *id) } psetDelete(pset); - pset = psetRealCreateSSL(host, port, security, DSCONFIGENTRY, + pset = psetRealCreateSSL(info, host, port, security, DSCONFIGENTRY, binddn, bindpw, NULL, &rval); + if (!pset) { +#ifdef LDAP_DEBUG + char buf[BUFSIZ]; + fprintf(stderr, "Error: could not open pset to [%s:%d] dn (%s) as (%s): %d (%s)\n", + host, port, DSCONFIGENTRY, binddn, rval, + psetErrorString(rval, acceptLanguage, buf, sizeof(buf), NULL)); +#endif + goto done; + } logdir = psetGetAttrSingleValue(pset, DSERRORLOGDIR, &rval); + if (!logdir) { +#ifdef LDAP_DEBUG + char buf[BUFSIZ]; + fprintf(stderr, "Error: could not read logdir from [%s:%d] dn (%s) as (%s): %d (%s)\n", + host, port, DSCONFIGENTRY, binddn, rval, + psetErrorString(rval, acceptLanguage, buf, sizeof(buf), NULL)); +#endif + goto done; + } p = strstr(logdir, "/errors"); if (p) { *p = '\0'; } +done: PL_strfree(host); PL_strfree(sport); PL_strfree(ssecport); diff --git a/config.h.in b/config.h.in index 9c47173..3ca04f2 100644 --- a/config.h.in +++ b/config.h.in @@ -71,6 +71,12 @@ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H +/* have the function ldap_url_parse_ext */ +#undef HAVE_LDAP_URL_PARSE_EXT + +/* have the function ldap_url_parse_no_defaults */ +#undef HAVE_LDAP_URL_PARSE_NO_DEFAULTS + /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R @@ -311,6 +317,12 @@ /* Define to 1 if your <sys/time.h> declares `struct tm'. */ #undef TM_IN_SYS_TIME +/* If defined, using MozLDAP for LDAP SDK */ +#undef USE_MOZLDAP + +/* If defined, using OpenLDAP for LDAP SDK */ +#undef USE_OPENLDAP + /* package version */ #undef VERSION diff --git a/configure b/configure index 2582ca3..b682415 100755 --- a/configure +++ b/configure @@ -466,7 +466,7 @@ ac_includes_default="\ #endif" ac_default_prefix=/opt/dirsrv -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir updatedir brand capbrand vendor vendorurl WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS PACKAGE_BASE_NAME PACKAGE_BASE_VERSION debug_defs BUNDLE_TRUE BUNDLE_FALSE LIBSOCKET LIBNSL LIBCSTD LIBCRUN initdir perlexec CXXLINK_REQUIRED_TRUE CXXLINK_REQUIRED_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE initconfigdir HTTPD APXS APR_CONFIG PKG_CONFIG ICU_CONFIG GENRB nsspcache with_selinux SELINUX_TRUE SELINUX_FALSE instconfigdir dslibdir nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir sasl_inc sasl_lib sasl_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir openldap_inc openldap_lib openldap_libdir ol_libver adminutil_inc adminutil_lib adminutil_libdir adminutil_ver icu_lib icu_libdir icu_inc icu_bin apr_inc apache_inc apache_conf apache_prefix apache_bin extra_cppflags ap_ver_suf instancename cgibindir cmdbindir moddir modnssbindir propertydir htmldir icondir manualdir httpdconf httpdconfdir mimemagic httpduser httpdgroup admlogdir piddir pidfile admservport admservip ldifdir admmoddir nssmoddir infdir perldir updatedir brand capbrand vendor vendorurl OPENLDAP_TRUE OPENLDAP_FALSE WINNT_TRUE WINNT_FALSE APACHE22_TRUE APACHE22_FALSE LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1077,9 +1077,16 @@ Optional Packages: --with-sasl=PATH Use sasl from supplied path --with-sasl-inc=PATH SASL include file directory --with-sasl-lib=PATH SASL library directory - --with-ldapsdk=PATH Mozilla LDAP SDK directory - --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory - --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory + --with-openldap[=PATH] + Use OpenLDAP - optional PATH is path to OpenLDAP SDK + --with-openldap-inc=PATH + OpenLDAP SDK include directory + --with-openldap-lib=PATH + OpenLDAP SDK library directory + --with-ldapsdk[=PATH] + Mozilla LDAP SDK directory + --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory + --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory --with-icu=PATH ICU directory --with-icu-inc=PATH ICU include directory --with-icu-lib=PATH ICU library directory @@ -4358,7 +4365,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4361 "configure"' > conftest.$ac_ext + echo '#line 4368 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5493,7 +5500,7 @@ fi # Provide some information about the compiler. -echo "$as_me:5496:" \ +echo "$as_me:5503:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 @@ -6556,11 +6563,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6559: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6566: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6563: \$? = $ac_status" >&5 + echo "$as_me:6570: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6824,11 +6831,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6827: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6834: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6831: \$? = $ac_status" >&5 + echo "$as_me:6838: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6928,11 +6935,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6931: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6938: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6935: \$? = $ac_status" >&5 + echo "$as_me:6942: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8397,7 +8404,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 8400 "configure"' > conftest.$ac_ext + echo '#line 8407 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9294,7 +9301,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9297 "configure" +#line 9304 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9394,7 +9401,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9397 "configure" +#line 9404 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11737,11 +11744,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11740: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11747: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11744: \$? = $ac_status" >&5 + echo "$as_me:11751: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11841,11 +11848,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11844: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11851: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11848: \$? = $ac_status" >&5 + echo "$as_me:11855: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12377,7 +12384,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 12380 "configure"' > conftest.$ac_ext + echo '#line 12387 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -13435,11 +13442,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13438: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13445: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13442: \$? = $ac_status" >&5 + echo "$as_me:13449: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13539,11 +13546,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13542: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13549: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13546: \$? = $ac_status" >&5 + echo "$as_me:13553: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14988,7 +14995,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 14991 "configure"' > conftest.$ac_ext + echo '#line 14998 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -15766,11 +15773,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15769: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15776: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15773: \$? = $ac_status" >&5 + echo "$as_me:15780: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16034,11 +16041,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16037: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16044: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16041: \$? = $ac_status" >&5 + echo "$as_me:16048: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16138,11 +16145,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16141: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16148: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16145: \$? = $ac_status" >&5 + echo "$as_me:16152: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17607,7 +17614,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17610 "configure"' > conftest.$ac_ext + echo '#line 17617 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -24330,6 +24337,564 @@ echo "$as_me: error: sasl not found, specify with --with-sasl." >&2;} fi # BEGIN COPYRIGHT BLOCK +# Copyright (C) 2009 Red Hat, Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# END COPYRIGHT BLOCK + +{ echo "$as_me:$LINENO: checking for OpenLDAP..." >&5 +echo "$as_me: checking for OpenLDAP..." >&6;} + +# check for --with-openldap +echo "$as_me:$LINENO: checking for --with-openldap" >&5 +echo $ECHO_N "checking for --with-openldap... $ECHO_C" >&6 + +# Check whether --with-openldap or --without-openldap was given. +if test "${with_openldap+set}" = set; then + withval="$with_openldap" + + if test "$withval" = yes + then + echo "$as_me:$LINENO: result: using system OpenLDAP" >&5 +echo "${ECHO_T}using system OpenLDAP" >&6 + elif test "$withval" = no + then + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib + then + echo "$as_me:$LINENO: result: using $withval" >&5 +echo "${ECHO_T}using $withval" >&6 + OPENLDAPDIR=$withval + openldap_incdir="$OPENLDAPDIR/include" + openldap_inc="-I$openldap_incdir" + openldap_lib="-L$OPENLDAPDIR/lib" + openldap_libdir="$OPENLDAPDIR/lib" + with_openldap=yes + else + echo + { { echo "$as_me:$LINENO: error: $withval not found" >&5 +echo "$as_me: error: $withval not found" >&2;} + { (exit 1); exit 1; }; } + fi + +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; + +# check for --with-openldap-inc +echo "$as_me:$LINENO: checking for --with-openldap-inc" >&5 +echo $ECHO_N "checking for --with-openldap-inc... $ECHO_C" >&6 + +# Check whether --with-openldap-inc or --without-openldap-inc was given. +if test "${with_openldap_inc+set}" = set; then + withval="$with_openldap_inc" + + if test -e "$withval"/ldap.h + then + echo "$as_me:$LINENO: result: using $withval" >&5 +echo "${ECHO_T}using $withval" >&6 + openldap_incdir="$withval" + openldap_inc="-I$withval" + with_openldap=yes + else + echo + { { echo "$as_me:$LINENO: error: $withval not found" >&5 +echo "$as_me: error: $withval not found" >&2;} + { (exit 1); exit 1; }; } + fi + +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; + +# check for --with-openldap-lib +echo "$as_me:$LINENO: checking for --with-openldap-lib" >&5 +echo $ECHO_N "checking for --with-openldap-lib... $ECHO_C" >&6 + +# Check whether --with-openldap-lib or --without-openldap-lib was given. +if test "${with_openldap_lib+set}" = set; then + withval="$with_openldap_lib" + + if test -d "$withval" + then + echo "$as_me:$LINENO: result: using $withval" >&5 +echo "${ECHO_T}using $withval" >&6 + openldap_lib="-L$withval" + openldap_libdir="$withval" + with_openldap=yes + else + echo + { { echo "$as_me:$LINENO: error: $withval not found" >&5 +echo "$as_me: error: $withval not found" >&2;} + { (exit 1); exit 1; }; } + fi + +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; + +# if OPENLDAP is not found yet, try pkg-config + +if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths + if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir"; then + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG + +if test -n "$PKG_CONFIG"; then + echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 +echo "${ECHO_T}$PKG_CONFIG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + echo "$as_me:$LINENO: checking for OpenLDAP with pkg-config" >&5 +echo $ECHO_N "checking for OpenLDAP with pkg-config... $ECHO_C" >&6 + if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then + openldap_inc=`$PKG_CONFIG --cflags-only-I openldap` + openldap_lib=`$PKG_CONFIG --libs-only-L openldap` + openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//` + openldap_incdir=`$PKG_CONFIG --variable=includedir openldap` + echo "$as_me:$LINENO: result: using system OpenLDAP from pkg-config" >&5 +echo "${ECHO_T}using system OpenLDAP from pkg-config" >&6 + else + openldap_incdir="/usr/include" + openldap_inc="-I$openldap_incdir" + echo "$as_me:$LINENO: result: no OpenLDAP pkg-config files" >&5 +echo "${ECHO_T}no OpenLDAP pkg-config files" >&6 + fi + fi +fi + + +if test "$with_openldap" = yes ; then + save_cppflags="$CPPFLAGS" + CPPFLAGS="$openldap_inc $nss_inc $nspr_inc" + if test "${ac_cv_header_ldap_features_h+set}" = set; then + echo "$as_me:$LINENO: checking for ldap_features.h" >&5 +echo $ECHO_N "checking for ldap_features.h... $ECHO_C" >&6 +if test "${ac_cv_header_ldap_features_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: $ac_cv_header_ldap_features_h" >&5 +echo "${ECHO_T}$ac_cv_header_ldap_features_h" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking ldap_features.h usability" >&5 +echo $ECHO_N "checking ldap_features.h usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <ldap_features.h> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking ldap_features.h presence" >&5 +echo $ECHO_N "checking ldap_features.h presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ldap_features.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: ldap_features.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: ldap_features.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: ldap_features.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: ldap_features.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: ldap_features.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: ldap_features.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: ldap_features.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: ldap_features.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: ldap_features.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap_features.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: ldap_features.h: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to http://bugzilla.redhat.com/ ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for ldap_features.h" >&5 +echo $ECHO_N "checking for ldap_features.h... $ECHO_C" >&6 +if test "${ac_cv_header_ldap_features_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_ldap_features_h=$ac_header_preproc +fi +echo "$as_me:$LINENO: result: $ac_cv_header_ldap_features_h" >&5 +echo "${ECHO_T}$ac_cv_header_ldap_features_h" >&6 + +fi +if test $ac_cv_header_ldap_features_h = yes; then + : +else + { { echo "$as_me:$LINENO: error: specified with-openldap but ldap_features.h not found" >&5 +echo "$as_me: error: specified with-openldap but ldap_features.h not found" >&2;} + { (exit 1); exit 1; }; } +fi + + + ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'` + ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'` + ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'` + ol_libver="-${ol_ver_maj}.${ol_ver_min}" + save_ldflags="$LDFLAGS" + LDFLAGS="$openldap_lib $LDFLAGS" + as_ac_Lib=`echo "ac_cv_lib_ldap$ol_libver''_ldap_initialize" | $as_tr_sh` +echo "$as_me:$LINENO: checking for ldap_initialize in -lldap$ol_libver" >&5 +echo $ECHO_N "checking for ldap_initialize in -lldap$ol_libver... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Lib+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lldap$ol_libver $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char ldap_initialize (); +int +main () +{ +ldap_initialize (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Lib=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Lib=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +if test `eval echo '${'$as_ac_Lib'}'` = yes; then + have_ldap_lib=1 +fi + + if test -z "$have_ldap_lib" ; then + echo "$as_me:$LINENO: checking for ldap_initialize in -lldap" >&5 +echo $ECHO_N "checking for ldap_initialize in -lldap... $ECHO_C" >&6 +if test "${ac_cv_lib_ldap_ldap_initialize+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lldap $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char ldap_initialize (); +int +main () +{ +ldap_initialize (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_ldap_ldap_initialize=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_ldap_ldap_initialize=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_ldap_initialize" >&5 +echo "${ECHO_T}$ac_cv_lib_ldap_ldap_initialize" >&6 +if test $ac_cv_lib_ldap_ldap_initialize = yes; then + unset ol_libver +else + { { echo "$as_me:$LINENO: error: specified with-openldap but libldap not found" >&5 +echo "$as_me: error: specified with-openldap but libldap not found" >&2;} + { (exit 1); exit 1; }; } +fi + + fi + as_ac_Lib=`echo "ac_cv_lib_ldap$ol_libver''_ldap_url_parse_ext" | $as_tr_sh` +echo "$as_me:$LINENO: checking for ldap_url_parse_ext in -lldap$ol_libver" >&5 +echo $ECHO_N "checking for ldap_url_parse_ext in -lldap$ol_libver... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Lib+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lldap$ol_libver $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char ldap_url_parse_ext (); +int +main () +{ +ldap_url_parse_ext (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Lib=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Lib=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +if test `eval echo '${'$as_ac_Lib'}'` = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_LDAP_URL_PARSE_EXT 1 +_ACEOF + +fi + + LDFLAGS="$save_ldflags" + CPPFLAGS="$save_cppflags" + + +cat >>confdefs.h <<\_ACEOF +#define USE_OPENLDAP 1 +_ACEOF + +fi + +# BEGIN COPYRIGHT BLOCK # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # @@ -24349,8 +24914,8 @@ fi # # END COPYRIGHT BLOCK -{ echo "$as_me:$LINENO: checking for LDAPSDK..." >&5 -echo "$as_me: checking for LDAPSDK..." >&6;} +{ echo "$as_me:$LINENO: checking for Mozilla LDAPSDK..." >&5 +echo "$as_me: checking for Mozilla LDAPSDK..." >&6;} # check for --with-ldapsdk echo "$as_me:$LINENO: checking for --with-ldapsdk" >&5 @@ -24360,7 +24925,15 @@ echo $ECHO_N "checking for --with-ldapsdk... $ECHO_C" >&6 if test "${with_ldapsdk+set}" = set; then withval="$with_ldapsdk" - if test -e "$withval"/include/ldap.h -a -d "$withval"/lib + if test "$withval" = yes + then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + elif test "$withval" = no + then + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib then echo "$as_me:$LINENO: result: using $withval" >&5 echo "${ECHO_T}using $withval" >&6 @@ -24368,7 +24941,7 @@ echo "${ECHO_T}using $withval" >&6 ldapsdk_inc="-I$LDAPSDKDIR/include" ldapsdk_lib="-L$LDAPSDKDIR/lib" ldapsdk_libdir="$LDAPSDKDIR/lib" - ldapsdk_bindir="$LDAPSDKDIR/bin" + with_ldapsdk=yes else echo { { echo "$as_me:$LINENO: error: $withval not found" >&5 @@ -24376,9 +24949,31 @@ echo "$as_me: error: $withval not found" >&2;} { (exit 1); exit 1; }; } fi + if test "$with_ldapsdk" = yes -a "$with_openldap" = yes + then + { { echo "$as_me:$LINENO: error: Cannot use both LDAPSDK and OpenLDAP." >&5 +echo "$as_me: error: Cannot use both LDAPSDK and OpenLDAP." >&2;} + { (exit 1); exit 1; }; } + fi + if test "$with_ldapsdk" != yes -a "$with_openldap" != yes + then + { { echo "$as_me:$LINENO: error: Either LDAPSDK or OpenLDAP must be used." >&5 +echo "$as_me: error: Either LDAPSDK or OpenLDAP must be used." >&2;} + { (exit 1); exit 1; }; } + fi + else - echo "$as_me:$LINENO: result: no" >&5 + + if test "$with_openldap" = yes + then + echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 + else + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + with_ldapsdk=yes + fi + fi; # check for --with-ldapsdk-inc @@ -24394,6 +24989,7 @@ if test "${with_ldapsdk_inc+set}" = set; then echo "$as_me:$LINENO: result: using $withval" >&5 echo "${ECHO_T}using $withval" >&6 ldapsdk_inc="-I$withval" + with_ldapsdk=yes else echo { { echo "$as_me:$LINENO: error: $withval not found" >&5 @@ -24420,6 +25016,7 @@ if test "${with_ldapsdk_lib+set}" = set; then echo "${ECHO_T}using $withval" >&6 ldapsdk_lib="-L$withval" ldapsdk_libdir="$withval" + with_ldapsdk=yes else echo { { echo "$as_me:$LINENO: error: $withval not found" >&5 @@ -24435,8 +25032,9 @@ fi; # if LDAPSDK is not found yet, try pkg-config # last resort -if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then - # Extract the first word of "pkg-config", so it can be a program name with args. +if test "$with_ldapsdk" = yes ; then + if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir"; then + # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 @@ -24475,42 +25073,37 @@ else echo "${ECHO_T}no" >&6 fi - echo "$as_me:$LINENO: checking for mozldap with pkg-config" >&5 + echo "$as_me:$LINENO: checking for mozldap with pkg-config" >&5 echo $ECHO_N "checking for mozldap with pkg-config... $ECHO_C" >&6 - if test -n "$PKG_CONFIG"; then - if $PKG_CONFIG --exists mozldap6; then - mozldappkg=mozldap6 - elif $PKG_CONFIG --exists mozldap; then - mozldappkg=mozldap - else - { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5 + if test -n "$PKG_CONFIG"; then + if $PKG_CONFIG --exists mozldap6; then + mozldappkg=mozldap6 + elif $PKG_CONFIG --exists mozldap; then + mozldappkg=mozldap + else + { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5 echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;} { (exit 1); exit 1; }; } - fi - ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg` - ldapsdk_libdir=`$PKG_CONFIG --variable=libdir $mozldappkg` - ldapsdk_lib="-L$ldapsdk_libdir" - ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg` - echo "$as_me:$LINENO: result: using system $mozldappkg" >&5 + fi + ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg` + ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg` + ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ .*$//` + echo "$as_me:$LINENO: result: using system $mozldappkg" >&5 echo "${ECHO_T}using system $mozldappkg" >&6 + fi fi fi -if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then - { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5 + +if test "$with_ldapsdk" = yes ; then + if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then + { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5 echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;} { (exit 1); exit 1; }; } -fi -if test -z "$ldapsdk_bindir" ; then - if -d $libdir/mozldap6 ; then - ldapsdk_bindir=$libdir/mozldap6 - else - ldapsdk_bindir=$libdir/mozldap fi -fi -save_cppflags="$CPPFLAGS" -CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc" -echo "$as_me:$LINENO: checking for ldap.h" >&5 + save_cppflags="$CPPFLAGS" + CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc" + echo "$as_me:$LINENO: checking for ldap.h" >&5 echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6 if test "${ac_cv_header_ldap_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -24569,12 +25162,23 @@ else fi -CPPFLAGS="$save_cppflags" + CPPFLAGS="$save_cppflags" -if test -z "$isversion6" ; then - { { echo "$as_me:$LINENO: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&5 + if test -z "$isversion6" ; then + { { echo "$as_me:$LINENO: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&5 echo "$as_me: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&2;} { (exit 1); exit 1; }; } + fi + +cat >>confdefs.h <<\_ACEOF +#define USE_MOZLDAP 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define HAVE_LDAP_URL_PARSE_NO_DEFAULTS 1 +_ACEOF + fi # BEGIN COPYRIGHT BLOCK @@ -25275,6 +25879,10 @@ pidfile=$instancename.pid + + + + # extra stuff for Apache modules @@ -25319,6 +25927,16 @@ pidfile=$instancename.pid + + +if test "$with_openldap" = "yes"; then + OPENLDAP_TRUE= + OPENLDAP_FALSE='#' +else + OPENLDAP_TRUE='#' + OPENLDAP_FALSE= +fi + # WINNT should be true if building on Windows system not using # cygnus, mingw, or the like and using cmd.exe as the shell @@ -25533,6 +26151,13 @@ echo "$as_me: error: conditional \"SELINUX\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${OPENLDAP_TRUE}" && test -z "${OPENLDAP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"OPENLDAP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"OPENLDAP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"WINNT\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -26191,6 +26816,10 @@ s,@sasl_libdir@,$sasl_libdir,;t t s,@ldapsdk_inc@,$ldapsdk_inc,;t t s,@ldapsdk_lib@,$ldapsdk_lib,;t t s,@ldapsdk_libdir@,$ldapsdk_libdir,;t t +s,@openldap_inc@,$openldap_inc,;t t +s,@openldap_lib@,$openldap_lib,;t t +s,@openldap_libdir@,$openldap_libdir,;t t +s,@ol_libver@,$ol_libver,;t t s,@adminutil_inc@,$adminutil_inc,;t t s,@adminutil_lib@,$adminutil_lib,;t t s,@adminutil_libdir@,$adminutil_libdir,;t t @@ -26235,6 +26864,8 @@ s,@brand@,$brand,;t t s,@capbrand@,$capbrand,;t t s,@vendor@,$vendor,;t t s,@vendorurl@,$vendorurl,;t t +s,@OPENLDAP_TRUE@,$OPENLDAP_TRUE,;t t +s,@OPENLDAP_FALSE@,$OPENLDAP_FALSE,;t t s,@WINNT_TRUE@,$WINNT_TRUE,;t t s,@WINNT_FALSE@,$WINNT_FALSE,;t t s,@APACHE22_TRUE@,$APACHE22_TRUE,;t t diff --git a/configure.ac b/configure.ac index c64774d..5d19e81 100644 --- a/configure.ac +++ b/configure.ac @@ -250,6 +250,7 @@ m4_include(m4/httpd.m4) m4_include(m4/nspr.m4) m4_include(m4/nss.m4) m4_include(m4/sasl.m4) +m4_include(m4/openldap.m4) m4_include(m4/mozldap.m4) m4_include(m4/icu.m4) m4_include(m4/adminutil.m4) @@ -374,6 +375,10 @@ AC_SUBST(sasl_libdir) AC_SUBST(ldapsdk_inc) AC_SUBST(ldapsdk_lib) AC_SUBST(ldapsdk_libdir) +AC_SUBST(openldap_inc) +AC_SUBST(openldap_lib) +AC_SUBST(openldap_libdir) +AC_SUBST(ol_libver) AC_SUBST(adminutil_inc) AC_SUBST(adminutil_lib) AC_SUBST(adminutil_libdir) @@ -426,6 +431,7 @@ AC_SUBST(capbrand) AC_SUBST(vendor) AC_SUBST(vendorurl) +AM_CONDITIONAL(OPENLDAP,test "$with_openldap" = "yes") # WINNT should be true if building on Windows system not using # cygnus, mingw, or the like and using cmd.exe as the shell AM_CONDITIONAL([WINNT], false) diff --git a/include/libadmin/libadmin.h b/include/libadmin/libadmin.h index 3914fce..a29c2fe 100644 --- a/include/libadmin/libadmin.h +++ b/include/libadmin/libadmin.h @@ -581,6 +581,68 @@ util_verify_file_or_dir(const char *path, PRFileType, const char *child, size_t, NSAPI_PUBLIC int util_psetHasObjectClass(PsetHndl pset, const char *ocname); +NSAPI_PUBLIC const char * +util_urlparse_err2string(int err); + +/* there are various differences among url parsers - directory server + needs the ability to parse partial URLs - those with no dn - and + needs to be able to tell if it is a secure url (ldaps) or not */ +NSAPI_PUBLIC int +util_ldap_url_parse(const char *url, LDAPURLDesc **ludpp, int require_dn, int *secure); + +NSAPI_PUBLIC int +util_ldap_get_lderrno(LDAP *ld, char **m, char **s); + +/* + Perform LDAP init and return an LDAP* handle. If ldapurl is given, + that is used as the basis for the protocol, host, port, and whether + to use starttls (given on the end as ldap://..../?????starttlsOID + If hostname is given, LDAP or LDAPS is assumed, and this will override + the hostname from the ldapurl, if any. If port is > 0, this is the + port number to use. It will override the port in the ldapurl, if any. + If no port is given in port or ldapurl, the default will be used based + on the secure setting (389 for ldap, 636 for ldaps) + secure takes 1 of 2 values - 0 means regular ldap, 1 means ldaps + filename is the ldapi file name - if this is given, and no other options + are given, ldapi is assumed. + */ +LDAP * +util_ldap_init( + const char *certdir, /* contains the key/cert dbs */ + const char *ldapurl, /* full ldap url */ + const char *hostname, /* can also use this to override + host in url */ + int port, /* can also use this to override port in url */ + int secure, /* 0 for ldap, 1 for ldaps */ + int shared, /* if true, LDAP* will be shared among multiple threads */ + const char *filename /* for ldapi */ +); + +/* + * Does the correct bind operation simple/sasl/cert depending + * on the arguments passed in. + */ +NSAPI_PUBLIC int +util_ldap_bind( + LDAP *ld, /* ldap connection */ + const char *bindid, /* usually a bind DN for simple bind */ + const char *creds, /* usually a password for simple bind */ + const char *mech, /* name of mechanism */ + LDAPControl **serverctrls, /* additional controls to send */ + LDAPControl ***returnedctrls, /* returned controls */ + struct timeval *timeout, /* timeout */ + int *msgidp /* pass in non-NULL for async handling */ +); + +NSAPI_PUBLIC void +util_ldap_perror(LDAP *ld, const char *fmt, ...); + +NSAPI_PUBLIC char ** +util_ldap_get_values(LDAP *ld, LDAPMessage *entry, const char *attrtype); + +NSAPI_PUBLIC void +util_ldap_value_free(char **vals); + NSPR_END_EXTERN_C #endif /* libadmin_h */ diff --git a/include/libdsa/dsalib.h b/include/libdsa/dsalib.h index 6596ae5..d6ffc80 100644 --- a/include/libdsa/dsalib.h +++ b/include/libdsa/dsalib.h @@ -30,6 +30,8 @@ #ifdef HPUX #include <limits.h> /* for PATH_MAX */ #endif +#include <lber.h> +#include <ldif.h> /* error types */ #define DS_FILE_ERROR 0 @@ -290,7 +292,11 @@ extern DS_EXPORT_SYMBOL void ds_set_run_dir(char *run_dir); extern DS_EXPORT_SYMBOL char *ds_get_bak_dir(); extern DS_EXPORT_SYMBOL void ds_set_bak_dir(char *bak_dir); extern DS_EXPORT_SYMBOL int ds_check_config(int type); +#if defined(USE_OPENLDAP) +extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(LDIFFP *conf); +#else extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(FILE *conf); +#endif extern DS_EXPORT_SYMBOL char *ds_get_var_name(int varnum); extern DS_EXPORT_SYMBOL char *ds_get_value(char **ds_config, char *parm, int phase, int occurance); extern DS_EXPORT_SYMBOL int ds_file_exists(char *filename); diff --git a/lib/libadmin/dllglue.c b/lib/libadmin/dllglue.c deleted file mode 100644 index 8b35ad5..0000000 --- a/lib/libadmin/dllglue.c +++ /dev/null @@ -1,77 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; version 2 - * of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - * END COPYRIGHT BLOCK **/ -/* - * dllglue.c: Glue routines for the admlib.so shared object. These are - * necessary because on many system no garbage collection is performed for - * shared objects. - * - * Rob McCool - */ - - -#ifdef XP_UNIX - -#include "base/systems.h" - -#define FUNC(name) void name (void) {} - -FUNC(DS_Alloc) -FUNC(DS_Free) -FUNC(DS_Zfree) -FUNC(MD5_HashBuf) -#ifdef THREAD_NSPR_KERNEL -FUNC(PR_GetSelectFD) -#endif -FUNC(RC4_MakeKey) -FUNC(SEC_CertTimesValid) -FUNC(SEC_CheckPassword) -FUNC(SEC_CloseKeyDB) -FUNC(SEC_DestroyPrivateKey) -FUNC(SEC_FileForRNG) -FUNC(SEC_FindCertByNickname) -FUNC(SEC_FindKeyByName) -FUNC(SEC_GetPassword) -FUNC(SEC_Init) -FUNC(SEC_NameToAscii) -FUNC(SEC_OpenCertDB) -FUNC(SEC_OpenKeyDB) -FUNC(SEC_UTCTimeToAscii) -FUNC(SSL_Accept) -FUNC(SSL_AcceptHook) -FUNC(SSL_Bind) -FUNC(SSL_Close) -FUNC(SSL_ConfigSecureServer) -FUNC(SSL_ConfigServerSessionIDCache) -FUNC(SSL_Enable) -FUNC(SSL_EnableCipher) -FUNC(SSL_GetPeerName) -FUNC(SSL_GetSockOpt) -FUNC(SSL_Import) -FUNC(SSL_IsDomestic) -FUNC(SSL_Listen) -FUNC(SSL_Read) -FUNC(SSL_SecurityCapabilities) -FUNC(SSL_SecurityStatus) -FUNC(SSL_SetSockOpt) -FUNC(SSL_Socket) -FUNC(SSL_Write) - -#endif diff --git a/lib/libadmin/util.c b/lib/libadmin/util.c index 52cd726..1a0bfea 100644 --- a/lib/libadmin/util.c +++ b/lib/libadmin/util.c @@ -28,6 +28,8 @@ #include "base/util.h" #include "private/pprio.h" #include "prprf.h" +#include "prlog.h" +#include "prerror.h" #ifdef XP_UNIX #include <dirent.h> @@ -1433,3 +1435,733 @@ util_psetHasObjectClass(PsetHndl pset, const char *ocname) return rval; } +#if defined(USE_OPENLDAP) +/* mozldap ldap_init and ldap_url_parse accept a hostname in the form + host1[:port1]SPACEhost2[:port2]SPACEhostN[:portN] + where SPACE is a single space (0x20) character + for openldap, we have to convert this to a string like this: + PROTO://host1[:port1]/SPACEPROTO://host2[:port2]/SPACEPROTO://hostN[:portN]/ + where PROTO is ldap or ldaps or ldapi + if proto is NULL, assume hostname_or_uri is really a valid ldap uri +*/ +static char * +convert_to_openldap_uri(const char *hostname_or_uri, int port, const char *proto) +{ + char *retstr = NULL; + char *my_copy = NULL; + char *start = NULL; + char *iter = NULL; + char *s = NULL; + const char *brkstr = " "; + + if (!hostname_or_uri) { + return NULL; + } + + my_copy = PL_strdup(hostname_or_uri); + /* see if hostname_or_uri is an ldap uri */ + if (!proto && !PL_strncasecmp(my_copy, "ldap", 4)) { + start = my_copy + 4; + if ((*start == 's') || (*start == 'i')) { + start++; + } + if (!PL_strncmp(start, "://", 3)) { + *start = '\0'; + proto = my_copy; + start += 3; + } else { +#ifdef DEBUG + fprintf(stderr, "convert_to_openldap_uri: The given LDAP URI [%s] is not valid\n", hostname_or_uri); +#endif + goto end; + } + } else if (!proto) { +#ifdef DEBUG + fprintf(stderr, "convert_to_openldap_uri: The given LDAP URI [%s] is not valid\n", hostname_or_uri); +#endif + goto end; + } else { + start = my_copy; /* just assume it's not a uri */ + } + + for (s = strtok_r(my_copy, brkstr, &iter); s != NULL; + s = strtok_r(NULL, brkstr, &iter)) { + char *ptr; + int last = 0; + /* strtok will grab the '/' at the end of the uri, if any, + so terminate parsing there */ + if ((ptr = strchr(s, '/'))) { + *ptr = '\0'; + last = 1; + } + if (retstr) { + retstr = PR_sprintf_append(retstr, "/ %s://%s", proto, s); + } else { + retstr = PR_smprintf("%s://%s", proto, s); + } + if (last) { + break; + } + } + + /* add the port on the last one */ + retstr = PR_sprintf_append(retstr, ":%d/", port); +end: + PL_strfree(my_copy); + return retstr; +} +#endif /* USE_OPENLDAP */ + +const char * +util_urlparse_err2string(int err) +{ + const char *s="internal error"; + + switch( err ) { + case 0: + s = "no error"; + break; + case LDAP_URL_ERR_BADSCOPE: + s = "invalid search scope"; + break; + case LDAP_URL_ERR_MEM: + s = "unable to allocate memory"; + break; + case LDAP_URL_ERR_PARAM: + s = "bad parameter to an LDAP URL function"; + break; +#if defined(USE_OPENLDAP) + case LDAP_URL_ERR_BADSCHEME: + s = "does not begin with ldap://, ldaps://, or ldapi://"; + break; + case LDAP_URL_ERR_BADENCLOSURE: + s = "missing trailing '>' in enclosure"; + break; + case LDAP_URL_ERR_BADURL: + s = "not a valid LDAP URL"; + break; + case LDAP_URL_ERR_BADHOST: + s = "hostname part of url is not valid or not given"; + break; + case LDAP_URL_ERR_BADATTRS: + s = "attribute list not formatted correctly or missing"; + break; + case LDAP_URL_ERR_BADFILTER: + s = "search filter not correct"; + break; + case LDAP_URL_ERR_BADEXTS: + s = "extensions not specified correctly"; + break; +#else /* !USE_OPENLDAP */ + case LDAP_URL_ERR_NOTLDAP: + s = "missing ldap:// or ldaps:// or ldapi://"; + break; + case LDAP_URL_ERR_NODN: + s = "missing suffix"; + break; +#endif + } + + return( s ); +} + +/* there are various differences among url parsers - directory server + needs the ability to parse partial URLs - those with no dn - and + needs to be able to tell if it is a secure url (ldaps) or not */ +int +util_ldap_url_parse(const char *url, LDAPURLDesc **ludpp, int require_dn, int *secure) +{ + PR_ASSERT(url); + PR_ASSERT(ludpp); + int rc; + const char *url_to_use = url; +#if defined(USE_OPENLDAP) + char *urlescaped = NULL; +#endif + + if (secure) { + *secure = 0; + } +#if defined(USE_OPENLDAP) + /* openldap does not support the non-standard multi host:port URLs supported + by mozldap - so we have to fake out openldap - replace all spaces with %20 - + replace all but the last colon with %3A + Go to the 3rd '/' or to the end of the string (convert only the host:port part) */ + if (url) { + char *p = strstr(url, "://"); + if (p) { + int foundspace = 0; + int coloncount = 0; + char *lastcolon = NULL; + p += 3; + for (; *p && (*p != '/'); p++) { + if (*p == ' ') { + foundspace = 1; + } + if (*p == ':') { + coloncount++; + lastcolon = p; + } + } + if (foundspace) { + char *src = NULL, *dest = NULL; + /* have to convert url */ + /* len * 3 is way too much, but acceptable */ + urlescaped = PR_Calloc(strlen(url) * 3, sizeof(char)); + dest = urlescaped; + /* copy the scheme */ + src = strstr(url, "://"); + src += 3; + memcpy(dest, url, src-url); + dest += (src-url); + /* we have to convert all spaces to %20 - we have to convert + all colons except the last one to %3A */ + for (; *src; ++src) { + if (src < p) { + if (*src == ' ') { + memcpy(dest, "%20", 3); + dest += 3; + } else if ((coloncount > 1) && (*src == ':') && (src != lastcolon)) { + memcpy(dest, "%3A", 3); + dest += 3; + } else { + *dest++ = *src; + } + } else { + *dest++ = *src; + } + } + *dest = '\0'; + url_to_use = urlescaped; + } + } + } +#endif + +#if defined(HAVE_LDAP_URL_PARSE_NO_DEFAULTS) + rc = ldap_url_parse_no_defaults(url_to_use, ludpp, require_dn); + if (!rc && *ludpp && secure) { + *secure = (*ludpp)->lud_options & LDAP_URL_OPT_SECURE; + } +#else /* openldap */ +#if defined(HAVE_LDAP_URL_PARSE_EXT) && defined(LDAP_PVT_URL_PARSE_NONE) && defined(LDAP_PVT_URL_PARSE_NOEMPTY_DN) + rc = ldap_url_parse_ext(url_to_use, ludpp, require_dn ? LDAP_PVT_URL_PARSE_NONE : LDAP_PVT_URL_PARSE_NOEMPTY_DN); +#else + rc = ldap_url_parse(url_to_use, ludpp); + if ((rc || !*ludpp) && !require_dn) { /* failed - see if failure was due to missing dn */ + size_t len = strlen(url_to_use); + /* assume the url is just scheme://host:port[/] - add the empty string + as the DN (adding a trailing / first if needed) and try to parse + again + */ + char *urlcopy = PR_smprintf("%s%s%s", url_to_use, (url_to_use[len-1] == '/' ? "" : "/"), ""); + if (*ludpp) { + ldap_free_urldesc(*ludpp); /* free the old one, if any */ + } + rc = ldap_url_parse(urlcopy, ludpp); + PL_strfree(urlcopy); + urlcopy = NULL; + if (0 == rc) { /* only problem was the DN - free it */ + PL_strfree((*ludpp)->lud_dn); + (*ludpp)->lud_dn = NULL; + } + } +#endif + if (!rc && *ludpp && secure) { + *secure = (*ludpp)->lud_scheme && !strcmp((*ludpp)->lud_scheme, "ldaps"); + } +#endif /* openldap */ + +#if defined(USE_OPENLDAP) + if (urlescaped && (*ludpp) && (*ludpp)->lud_host) { + /* have to unescape lud_host - can unescape in place */ + char *p = strstr((*ludpp)->lud_host, "://"); + if (p) { + char *dest = NULL; + p += 3; + dest = p; + /* up to the first '/', unescape the host */ + for (; *p && (*p != '/'); p++) { + if (!strncmp(p, "%20", 3)) { + *dest++ = ' '; + p += 2; + } else if (!strncmp(p, "%3A", 3)) { + *dest++ = ':'; + p += 2; + } else { + *dest++ = *p; + } + } + /* just copy the remainder of the host, if any */ + while (*p) { + *dest++ = *p++; + } + *dest = '\0'; + } + } + PL_strfree(urlescaped); +#endif + return rc; +} + +/* + Perform LDAP init and return an LDAP* handle. If ldapurl is given, + that is used as the basis for the protocol, host, port, and whether + to use starttls (given on the end as ldap://..../?????starttlsOID + If hostname is given, LDAP or LDAPS is assumed, and this will override + the hostname from the ldapurl, if any. If port is > 0, this is the + port number to use. It will override the port in the ldapurl, if any. + If no port is given in port or ldapurl, the default will be used based + on the secure setting (389 for ldap, 636 for ldaps) + secure takes 1 of 2 values - 0 means regular ldap, 1 means ldaps + filename is the ldapi file name - if this is given, and no other options + are given, ldapi is assumed. + */ +LDAP * +util_ldap_init( + const char *certdir, + const char *ldapurl, /* full ldap url */ + const char *hostname, /* can also use this to override + host in url */ + int port, /* can also use this to override port in url */ + int secure, /* 0 for ldap, 1 for ldaps */ + int shared, /* if true, LDAP* will be shared among multiple threads */ + const char *filename /* for ldapi */ +) +{ + LDAPURLDesc *ludp = NULL; + LDAP *ld = NULL; + int rc = 0; + int secureurl = 0; + int ldap_version3 = LDAP_VERSION3; + + /* if ldapurl is given, parse it */ + if (ldapurl && ((rc = util_ldap_url_parse(ldapurl, &ludp, 0, &secureurl)) || + !ludp)) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: Could not parse given LDAP URL [%s] : error [%s]\n", + ldapurl, /* ldapurl cannot be NULL here */ + util_urlparse_err2string(rc)); +#endif + goto done; + } + + /* use url host if no host given */ + if (!hostname && ludp && ludp->lud_host) { + hostname = ludp->lud_host; + } + + /* use url port if no port given */ + if (!port && ludp && ludp->lud_port) { + port = ludp->lud_port; + } + + /* use secure setting from url if none given */ + if (!secure && ludp) { + if (secureurl) { + secure = 1; + } + } + +#if defined(USE_OPENLDAP) + if (ldapurl) { + rc = ldap_initialize(&ld, ldapurl); + if (rc) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: Could not initialize LDAP connection to [%s]: %d:%s\n", + ldapurl, rc, ldap_err2string(rc)); +#endif + goto done; + } + } else { + char *makeurl = NULL; + if (filename) { + makeurl = PR_smprintf("ldapi://%s/", filename); + } else { /* host port */ + makeurl = convert_to_openldap_uri(hostname, port, (secure == 1 ? "ldaps" : "ldap")); + } + rc = ldap_initialize(&ld, makeurl); + if (rc) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: Could not initialize LDAP connection to [%s]: %d:%s\n", + makeurl, rc, ldap_err2string(rc)); +#endif + PL_strfree(makeurl); + makeurl = NULL; + goto done; + } + PL_strfree(makeurl); + makeurl = NULL; + } +#else /* !USE_OPENLDAP */ + if (filename) { + /* ldapi in mozldap client is not yet supported */ + } else if (secure == 1) { + ld = ldapssl_init(hostname, port, secure); + } else { /* regular ldap and/or starttls */ + /* + * Leverage the libprldap layer to take care of all the NSPR + * integration. + * Note that ldapssl_init() uses libprldap implicitly. + */ + ld = prldap_init(hostname, port, shared); + } +#endif /* !USE_OPENLDAP */ + + /* must explicitly set version to 3 */ + ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version3); + + if ((ld != NULL) && !filename) { + /* + * Set SSL strength (server certificate validity checking). + */ + if (secure > 0) { +#if defined(USE_OPENLDAP) + int optval = 0; +#endif /* !USE_OPENLDAP */ + int ssl_strength = 0; + LDAP *myld = NULL; + + /* we can only use the set functions below with a real + LDAP* if it has already gone through ldapssl_init - + so, use NULL if using starttls */ + if (secure == 1) { + myld = ld; + } + + /* verify certificate only */ +#if defined(USE_OPENLDAP) + ssl_strength = LDAP_OPT_X_TLS_NEVER; +#else /* !USE_OPENLDAP */ + ssl_strength = LDAPSSL_AUTH_CERT; +#endif /* !USE_OPENLDAP */ + +#if defined(USE_OPENLDAP) + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to create new TLS context\n"); +#endif + } + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to set REQUIRE_CERT option to %d\n", ssl_strength); +#endif + } + /* tell it where our cert db is */ + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, certdir))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to set CACERTDIR option to %s\n", certdir); +#endif + } +#if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN) + optval = LDAP_OPT_X_TLS_PROTOCOL_SSL3; + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, &optval))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to set minimum TLS protocol level to SSL3\n"); +#endif + } +#endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */ +#else /* !USE_OPENLDAP */ + if ((rc = ldapssl_set_strength(myld, ssl_strength)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL2, PR_FALSE)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL3, PR_TRUE)) || + (rc = ldapssl_set_option(myld, SSL_ENABLE_TLS, PR_TRUE))) { + int prerr = PR_GetError(); + +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to set SSL options (" + "error %d - %s)\n", + prerr, PR_ErrorToString(prerr, PR_LANGUAGE_I_DEFAULT)); +#endif + } + if (secure == 1) { + /* tell bind code we are using SSL */ + ldap_set_option(ld, LDAP_OPT_SSL, LDAP_OPT_ON); + } +#endif /* !USE_OPENLDAP */ + } + } + +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "Success: set up conn to [%s:%d]%s\n", + hostname, port, + secure ? " using TLS/SSL" : ""); +#endif +done: + ldap_free_urldesc(ludp); + + return( ld ); +} + +int +util_ldap_get_lderrno(LDAP *ld, char **m, char **s) +{ + int rc = LDAP_SUCCESS; + +#if defined(USE_OPENLDAP) + ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &rc); + if (m) { + ldap_get_option(ld, LDAP_OPT_MATCHED_DN, m); + } + if (s) { +#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE + ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, s); +#else + ldap_get_option(ld, LDAP_OPT_ERROR_STRING, s); +#endif + } +#else /* !USE_OPENLDAP */ + rc = ldap_get_lderrno( ld, m, s ); +#endif + return rc; +} + +#ifndef LDAP_SASL_EXTERNAL +#define LDAP_SASL_EXTERNAL "EXTERNAL" /* TLS/SSL extension */ +#endif + +/* + * Does the correct bind operation simple/sasl/cert depending + * on the arguments passed in. + */ +int +util_ldap_bind( + LDAP *ld, /* ldap connection */ + const char *bindid, /* usually a bind DN for simple bind */ + const char *creds, /* usually a password for simple bind */ + const char *mech, /* name of mechanism */ + LDAPControl **serverctrls, /* additional controls to send */ + LDAPControl ***returnedctrls, /* returned controls */ + struct timeval *timeout, /* timeout */ + int *msgidp /* pass in non-NULL for async handling */ +) +{ + int rc = LDAP_SUCCESS; + int secure = 0; + struct berval bvcreds = {0, NULL}; + LDAPMessage *result = NULL; + struct berval *servercredp = NULL; +#if defined(USE_OPENLDAP) + /* openldap doesn't have a SSL/TLS yes/no flag - so grab the + ldapurl, parse it, and see if it is a secure one */ + char *ldapurl = NULL; + + ldap_get_option(ld, LDAP_OPT_URI, &ldapurl); + if (ldapurl && !PL_strncasecmp(ldapurl, "ldaps", 5)) { + secure = 1; + } + PL_strfree(ldapurl); + ldapurl = NULL; +#else /* !USE_OPENLDAP */ + ldap_get_option(ld, LDAP_OPT_SSL, &secure); +#endif + +#ifdef EXTERNAL_AUTH_SUPPORTED + if (secure && mech && !strcmp(mech, LDAP_SASL_EXTERNAL)) { + /* SSL connections will use the server's security context + and cert for client auth */ + rc = slapd_SSL_client_auth(ld); + + if (rc != 0) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not configure the server for cert " + "auth - error %d - make sure the server is " + "correctly configured for SSL/TLS\n", rc); +#endif + goto done; + } else { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Set up conn to use client auth\n"); +#endif + } + bvcreds.bv_val = NULL; /* ignore username and passed in creds */ + bvcreds.bv_len = 0; /* for external auth */ + bindid = NULL; + } else { /* other type of auth */ +#endif /* EXTERNAL_AUTH_SUPPORTED */ + bvcreds.bv_val = (char *)creds; + bvcreds.bv_len = creds ? strlen(creds) : 0; +#ifdef EXTERNAL_AUTH_SUPPORTED + } +#endif /* EXTERNAL_AUTH_SUPPORTED */ + + /* The connection has been set up - now do the actual bind, depending on + the mechanism and arguments */ + if (!mech || (mech == LDAP_SASL_SIMPLE) || + !strcmp(mech, LDAP_SASL_EXTERNAL)) { + int mymsgid = 0; +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "attempting %s bind with id [%s] creds [%s]\n", + mech ? mech : "SIMPLE", + bindid, creds); +#endif + if ((rc = ldap_sasl_bind(ld, bindid, mech, &bvcreds, serverctrls, + NULL /* clientctrls */, &mymsgid))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not send bind request for id " + "[%s] mech [%s]: error %d (%s) %d (%s) %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc), + PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT), + errno, strerror(errno)); +#endif + goto done; + } + + if (msgidp) { /* let caller process result */ + *msgidp = mymsgid; + } else { /* process results */ + rc = ldap_result(ld, mymsgid, LDAP_MSG_ALL, timeout, &result); + if (-1 == rc) { /* error */ + rc = util_ldap_get_lderrno(ld, NULL, NULL); +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error reading bind response for id " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc)); +#endif + goto done; + } else if (rc == 0) { /* timeout */ + rc = LDAP_TIMEOUT; +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: timeout after [%ld.%ld] seconds reading " + "bind response for [%s] mech [%s]\n", + timeout ? timeout->tv_sec : 0, + timeout ? timeout->tv_usec : 0, + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE"); +#endif + goto done; + } + /* if we got here, we were able to read success result */ + /* Get the controls sent by the server if requested */ + if (returnedctrls) { + if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL, + NULL, returnedctrls, + 0)) != LDAP_SUCCESS) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not bind id " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc)); +#endif + goto done; + } + } + + /* parse the bind result and get the ldap error code */ + if ((rc = ldap_parse_sasl_bind_result(ld, result, &servercredp, + 0))) { + rc = util_ldap_get_lderrno(ld, NULL, NULL); +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not read bind results for id " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech ? mech : "SIMPLE", + rc, ldap_err2string(rc)); +#endif + goto done; + } + } + } else { + rc = -1; +#ifdef SASL_AUTH_SUPPORTED + /* a SASL mech */ + rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech, + serverctrls, returnedctrls, + msgidp); + if (LDAP_SUCCESS != rc) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_bind: " + "Error: could not perform interactive bind for id " + "[%s] mech [%s]: error %d (%s)\n", + bindid ? bindid : "(anon)", + mech, /* mech cannot be SIMPLE here */ + rc, ldap_err2string(rc)); +#endif + } +#endif /* SASL_AUTH_SUPPORTED */ + } + +done: + ber_bvfree(servercredp); + ldap_msgfree(result); + + return rc; +} + +void +util_ldap_perror(LDAP *ld, const char *fmt, ...) +{ + char *matched, *extra; + int err = util_ldap_get_lderrno(ld, &matched, &extra); + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + fprintf(stderr, ": error %d (%s)", err, ldap_err2string(err)); + if (matched) { + fprintf(stderr, ": matched DN (%s)", matched); + } + if (extra) { + fprintf(stderr, ": extra (%s)", extra); + } + fprintf(stderr, "\n"); +} + +char ** +util_ldap_get_values(LDAP *ld, LDAPMessage *entry, const char *attrtype) +{ +#if defined(USE_OPENLDAP) + struct berval **bvals = NULL; + char **vals = NULL; + int ii; + + bvals = ldap_get_values_len(ld, entry, attrtype); + + if (!bvals) { + return vals; + } + + for (ii = 0; bvals[ii]; ++ii); + vals = (char **)PR_Malloc((ii + 1) * sizeof(char *)); + for (ii = 0; vals && bvals && bvals[ii]; ++ii) { + vals[ii] = PL_strndup(bvals[ii]->bv_val, bvals[ii]->bv_len); + } + ldap_value_free_len(bvals); + if (vals) { + vals[ii] = NULL; + } + return vals; +#else + return ldap_get_values(ld, entry, attrtype); +#endif +} + +void +util_ldap_value_free(char **vals) +{ + int ii; + + for (ii = 0; vals && vals[ii]; ++ii) { + PL_strfree(vals[ii]); + } + PR_Free(vals); +} diff --git a/lib/libdsa/dsalib_conf.c b/lib/libdsa/dsalib_conf.c index 3c5bbe6..41c8204 100644 --- a/lib/libdsa/dsalib_conf.c +++ b/lib/libdsa/dsalib_conf.c @@ -52,7 +52,11 @@ ds_get_config(int type) { char conffile[PATH_MAX]; char *configdir; +#if defined(USE_OPENLDAP) + LDIFFP *sf = NULL; +#else FILE *sf = NULL; +#endif char **conf_list = NULL; if ( (type != DS_REAL_CONFIG) && (type != DS_TMP_CONFIG) ) { @@ -67,14 +71,23 @@ ds_get_config(int type) PR_snprintf(conffile, PATH_MAX, "%s/%s", configdir, DS_CONFIG_FILE); - if ( !(sf = fopen(conffile, "r")) ) { +#if defined(USE_OPENLDAP) + sf = ldif_open(conffile, "r"); +#else + sf = fopen(conffile, "r"); +#endif + if ( !sf ) { ds_send_error("could not read config file.", 1); return(NULL); } conf_list = ds_get_conf_from_file(sf); +#if defined(USE_OPENLDAP) + ldif_close(sf); +#else fclose(sf); +#endif if (!conf_list) { ds_send_error("failed to read the config file successfully.", 0); return(NULL); diff --git a/lib/libdsa/dsalib_confs.c b/lib/libdsa/dsalib_confs.c index b2b1d45..c7049bc 100644 --- a/lib/libdsa/dsalib_confs.c +++ b/lib/libdsa/dsalib_confs.c @@ -32,16 +32,43 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <lber.h> #include <ldif.h> #include <ctype.h> #include "nspr.h" #include "plstr.h" +int +dsalib_ldif_parse_line( + char *line, + struct berval *type, + struct berval *value, + int *freeval +) +{ + int rc; +#if defined(USE_OPENLDAP) + rc = ldif_parse_line2(line, type, value, freeval); + /* check that type and value are null terminated */ +#else + int vlen; + rc = ldif_parse_line(line, &type->bv_val, &value->bv_val, &vlen); + type->bv_len = type->bv_val ? strlen(type->bv_val) : 0; + value->bv_len = vlen; + *freeval = 0; /* always returns in place */ +#endif + return rc; +} + /* * Read the configuration info into a null-terminated list of strings. */ DS_EXPORT_SYMBOL char ** +#if defined(USE_OPENLDAP) +ds_get_conf_from_file(LDIFFP *conf) +#else ds_get_conf_from_file(FILE *conf) +#endif { static char config_entry[] = "dn: cn=config"; static int cfg_ent_len = sizeof(config_entry)-1; @@ -49,14 +76,21 @@ ds_get_conf_from_file(FILE *conf) char **conf_list = NULL; char *entry = 0; int lineno = 0; +#if defined(USE_OPENLDAP) + int buflen; +#endif +#if defined(USE_OPENLDAP) + while (ldif_read_record(conf, &lineno, &entry, &buflen)) { +#else while ((entry = ldif_get_entry(conf, &lineno))) { +#endif char *begin = entry; if (!PL_strncasecmp(entry, config_entry, cfg_ent_len)) { char *line = entry; while ((line = ldif_getline(&entry))) { - char *type, *value; - int vlen = 0; + struct berval type, value; + int freeval = 0; int rc; if ( *line == '\n' || *line == '\0' ) { @@ -64,10 +98,10 @@ ds_get_conf_from_file(FILE *conf) } /* this call modifies line */ - rc = ldif_parse_line(line, &type, &value, &vlen); + rc = dsalib_ldif_parse_line(line, &type, &value, &freeval); if (rc != 0) { - ds_send_error("Unknown error processing config file", 0); + ds_send_error("Unknown error processing config file", 0); free(begin); return NULL; } @@ -75,8 +109,12 @@ ds_get_conf_from_file(FILE *conf) conf_list = (char **) realloc(conf_list, ((listsize + 1) * sizeof(char *))); /* this is the format expected by ds_get_config_value */ - conf_list[listsize - 1] = PR_smprintf("%s:%s", type, value); + conf_list[listsize - 1] = PR_smprintf("%.*s:%.*s", + type.bv_len, type.bv_val, value.bv_len, value.bv_val); conf_list[listsize] = NULL; /* always null terminated */ + if (freeval) { + PL_strfree(value.bv_val); + } } } free(begin); @@ -134,8 +172,10 @@ ds_get_value(char **ds_config, char *parm, int phase, int occurance) * Use ldif_parse_line() so continuation markers are * handled correctly, etc. */ - char *type = NULL, *value = NULL, *tmpvalue = NULL; - int ldif_rc, tmpvlen = 0; + struct berval type, tmpvalue; + char *value = NULL; + int freeval = 0; + int ldif_rc; char *tmpline = strdup(line); if ( NULL == tmpline ) { @@ -145,13 +185,15 @@ ds_get_value(char **ds_config, char *parm, int phase, int occurance) return(NULL); } - ldif_rc = ldif_parse_line( tmpline, &type, &tmpvalue, &tmpvlen ); - if (ldif_rc < 0) { + ldif_rc = dsalib_ldif_parse_line( tmpline, &type, &tmpvalue, &freeval ); + if (ldif_rc) { ds_send_error("Unknown error processing config file", 0); - } else if (ldif_rc == 0) { /* value returned in place */ - value = strdup(tmpvalue); - } else { /* malloc'd value */ - value = tmpvalue; + } else { + if (freeval) { + value = tmpvalue.bv_val; + } else { + value = PL_strndup(tmpvalue.bv_val, tmpvalue.bv_len); + } } free(tmpline); return value; diff --git a/ltmain.sh b/ltmain.sh old mode 100755 new mode 100644 diff --git a/m4/mozldap.m4 b/m4/mozldap.m4 index a976d47..976e41c 100644 --- a/m4/mozldap.m4 +++ b/m4/mozldap.m4 @@ -18,35 +18,59 @@ # # END COPYRIGHT BLOCK -AC_CHECKING(for LDAPSDK) +AC_CHECKING(for Mozilla LDAPSDK) # check for --with-ldapsdk AC_MSG_CHECKING(for --with-ldapsdk) -AC_ARG_WITH(ldapsdk, [ --with-ldapsdk=PATH Mozilla LDAP SDK directory], +AC_ARG_WITH(ldapsdk, AS_HELP_STRING([--with-ldapsdk@<:@=PATH@:>@],[Mozilla LDAP SDK directory]), [ - if test -e "$withval"/include/ldap.h -a -d "$withval"/lib + if test "$withval" = yes + then + AC_MSG_RESULT(yes) + elif test "$withval" = no + then + AC_MSG_RESULT(no) + elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib then AC_MSG_RESULT([using $withval]) LDAPSDKDIR=$withval ldapsdk_inc="-I$LDAPSDKDIR/include" ldapsdk_lib="-L$LDAPSDKDIR/lib" ldapsdk_libdir="$LDAPSDKDIR/lib" - ldapsdk_bindir="$LDAPSDKDIR/bin" + with_ldapsdk=yes else echo AC_MSG_ERROR([$withval not found]) fi + + if test "$with_ldapsdk" = yes -a "$with_openldap" = yes + then + AC_MSG_ERROR([Cannot use both LDAPSDK and OpenLDAP.]) + fi + if test "$with_ldapsdk" != yes -a "$with_openldap" != yes + then + AC_MSG_ERROR([Either LDAPSDK or OpenLDAP must be used.]) + fi ], -AC_MSG_RESULT(no)) +[ + if test "$with_openldap" = yes + then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + with_ldapsdk=yes + fi +]) # check for --with-ldapsdk-inc AC_MSG_CHECKING(for --with-ldapsdk-inc) -AC_ARG_WITH(ldapsdk-inc, [ --with-ldapsdk-inc=PATH Mozilla LDAP SDK include directory], +AC_ARG_WITH(ldapsdk-inc, AS_HELP_STRING([--with-ldapsdk-inc=PATH],[Mozilla LDAP SDK include directory]), [ if test -e "$withval"/ldap.h then AC_MSG_RESULT([using $withval]) ldapsdk_inc="-I$withval" + with_ldapsdk=yes else echo AC_MSG_ERROR([$withval not found]) @@ -56,13 +80,14 @@ AC_MSG_RESULT(no)) # check for --with-ldapsdk-lib AC_MSG_CHECKING(for --with-ldapsdk-lib) -AC_ARG_WITH(ldapsdk-lib, [ --with-ldapsdk-lib=PATH Mozilla LDAP SDK library directory], +AC_ARG_WITH(ldapsdk-lib, AS_HELP_STRING([--with-ldapsdk-lib=PATH],[Mozilla LDAP SDK library directory]), [ if test -d "$withval" then AC_MSG_RESULT([using $withval]) ldapsdk_lib="-L$withval" ldapsdk_libdir="$withval" + with_ldapsdk=yes else echo AC_MSG_ERROR([$withval not found]) @@ -73,49 +98,47 @@ AC_MSG_RESULT(no)) # if LDAPSDK is not found yet, try pkg-config # last resort -if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then - AC_PATH_PROG(PKG_CONFIG, pkg-config) - AC_MSG_CHECKING(for mozldap with pkg-config) - if test -n "$PKG_CONFIG"; then - if $PKG_CONFIG --exists mozldap6; then - mozldappkg=mozldap6 - elif $PKG_CONFIG --exists mozldap; then - mozldappkg=mozldap - else - AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) +if test "$with_ldapsdk" = yes ; then + if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config) + AC_MSG_CHECKING(for mozldap with pkg-config) + if test -n "$PKG_CONFIG"; then + if $PKG_CONFIG --exists mozldap6; then + mozldappkg=mozldap6 + elif $PKG_CONFIG --exists mozldap; then + mozldappkg=mozldap + else + AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) + fi + ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg` + ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg` + ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ .*$//` + AC_MSG_RESULT([using system $mozldappkg]) fi - ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg` - ldapsdk_libdir=`$PKG_CONFIG --variable=libdir $mozldappkg` - ldapsdk_lib="-L$ldapsdk_libdir" - ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg` - AC_MSG_RESULT([using system $mozldappkg]) fi fi -if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then - AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) -fi -dnl default path for the ldap c sdk tools (see [210947] for more details) -if test -z "$ldapsdk_bindir" ; then - if [ -d $libdir/mozldap6 ] ; then - ldapsdk_bindir=$libdir/mozldap6 - else - ldapsdk_bindir=$libdir/mozldap + +if test "$with_ldapsdk" = yes ; then + if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then + AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) fi -fi -dnl make sure the ldap sdk version is 6 or greater - we do not support -dnl the old 5.x or prior versions - the ldap server code expects the new -dnl ber types and other code used with version 6 -save_cppflags="$CPPFLAGS" -CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc" -AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=], -[#include <ldap-standard.h> + dnl make sure the ldap sdk version is 6 or greater - we do not support + dnl the old 5.x or prior versions - the ldap server code expects the new + dnl ber types and other code used with version 6 + save_cppflags="$CPPFLAGS" + CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc" + AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=], + [#include <ldap-standard.h> #if LDAP_VENDOR_VERSION < 600 #error The LDAP C SDK version is not supported #endif -]) -CPPFLAGS="$save_cppflags" + ]) + CPPFLAGS="$save_cppflags" -if test -z "$isversion6" ; then - AC_MSG_ERROR([The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported]) + if test -z "$isversion6" ; then + AC_MSG_ERROR([The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported]) + fi + AC_DEFINE([USE_MOZLDAP], [1], [If defined, using MozLDAP for LDAP SDK]) + AC_DEFINE([HAVE_LDAP_URL_PARSE_NO_DEFAULTS], [1], [have the function ldap_url_parse_no_defaults]) fi diff --git a/m4/openldap.m4 b/m4/openldap.m4 new file mode 100644 index 0000000..a4e2e88 --- /dev/null +++ b/m4/openldap.m4 @@ -0,0 +1,131 @@ +# BEGIN COPYRIGHT BLOCK +# Copyright (C) 2009 Red Hat, Inc. +# All rights reserved. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# END COPYRIGHT BLOCK + +AC_CHECKING(for OpenLDAP) + +# check for --with-openldap +AC_MSG_CHECKING(for --with-openldap) +AC_ARG_WITH(openldap, AS_HELP_STRING([--with-openldap@<:@=PATH@:>@],[Use OpenLDAP - optional PATH is path to OpenLDAP SDK]), +[ + if test "$withval" = yes + then + AC_MSG_RESULT([using system OpenLDAP]) + elif test "$withval" = no + then + AC_MSG_RESULT(no) + elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib + then + AC_MSG_RESULT([using $withval]) + OPENLDAPDIR=$withval + openldap_incdir="$OPENLDAPDIR/include" + openldap_inc="-I$openldap_incdir" + openldap_lib="-L$OPENLDAPDIR/lib" + openldap_libdir="$OPENLDAPDIR/lib" + with_openldap=yes + else + echo + AC_MSG_ERROR([$withval not found]) + fi +], +AC_MSG_RESULT(no)) + +# check for --with-openldap-inc +AC_MSG_CHECKING(for --with-openldap-inc) +AC_ARG_WITH(openldap-inc, AS_HELP_STRING([--with-openldap-inc=PATH],[OpenLDAP SDK include directory]), +[ + if test -e "$withval"/ldap.h + then + AC_MSG_RESULT([using $withval]) + openldap_incdir="$withval" + openldap_inc="-I$withval" + with_openldap=yes + else + echo + AC_MSG_ERROR([$withval not found]) + fi +], +AC_MSG_RESULT(no)) + +# check for --with-openldap-lib +AC_MSG_CHECKING(for --with-openldap-lib) +AC_ARG_WITH(openldap-lib, AS_HELP_STRING([--with-openldap-lib=PATH],[OpenLDAP SDK library directory]), +[ + if test -d "$withval" + then + AC_MSG_RESULT([using $withval]) + openldap_lib="-L$withval" + openldap_libdir="$withval" + with_openldap=yes + else + echo + AC_MSG_ERROR([$withval not found]) + fi +], +AC_MSG_RESULT(no)) + +# if OPENLDAP is not found yet, try pkg-config + +if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths + if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config) + AC_MSG_CHECKING(for OpenLDAP with pkg-config) + if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then + openldap_inc=`$PKG_CONFIG --cflags-only-I openldap` + openldap_lib=`$PKG_CONFIG --libs-only-L openldap` + openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//` + openldap_incdir=`$PKG_CONFIG --variable=includedir openldap` + AC_MSG_RESULT([using system OpenLDAP from pkg-config]) + else + openldap_incdir="/usr/include" + openldap_inc="-I$openldap_incdir" + AC_MSG_RESULT([no OpenLDAP pkg-config files]) + fi + fi +fi + +dnl lets see if we can find the headers and libs + +if test "$with_openldap" = yes ; then + save_cppflags="$CPPFLAGS" + CPPFLAGS="$openldap_inc $nss_inc $nspr_inc" + AC_CHECK_HEADER([ldap_features.h], [], + [AC_MSG_ERROR([specified with-openldap but ldap_features.h not found])]) + dnl figure out which version we're using from the header file + ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'` + ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'` + ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'` + dnl full libname is libname-$maj.$min + ol_libver="-${ol_ver_maj}.${ol_ver_min}" + dnl look for ldap lib + save_ldflags="$LDFLAGS" + LDFLAGS="$openldap_lib $LDFLAGS" + AC_CHECK_LIB([ldap$ol_libver], [ldap_initialize], [have_ldap_lib=1]) + if test -z "$have_ldap_lib" ; then + AC_CHECK_LIB([ldap], [ldap_initialize], [unset ol_libver], + [AC_MSG_ERROR([specified with-openldap but libldap not found])]) + fi + dnl look for ldap_url_parse_ext + AC_CHECK_LIB([ldap$ol_libver], [ldap_url_parse_ext], + [AC_DEFINE([HAVE_LDAP_URL_PARSE_EXT], [1], [have the function ldap_url_parse_ext])]) + LDFLAGS="$save_ldflags" + CPPFLAGS="$save_cppflags" + + AC_DEFINE([USE_OPENLDAP], [1], [If defined, using OpenLDAP for LDAP SDK]) +fi diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c index d3a659a..90f81eb 100644 --- a/mod_admserv/mod_admserv.c +++ b/mod_admserv/mod_admserv.c @@ -375,8 +375,8 @@ ldapu_find (LDAP *ld, const char *base, int scope, filter = ldapu_strings[LDAPU_STR_FILTER_DEFAULT]; } - retval = ldap_search_s(ld, base, scope, filter, (char **)attrs, - attrsonly, res); + retval = ldap_search_ext_s(ld, base, scope, filter, (char **)attrs, + attrsonly, NULL, NULL, NULL, -1, res); if (retval != LDAP_SUCCESS) { @@ -503,45 +503,39 @@ ldapu_find_userdn (LDAP *ld, const char *uid, const char *base, static void closeLDAPConnection(LDAP *server) { - ldap_unbind_s(server); + ldap_unbind_ext_s(server, NULL, NULL); } static LDAP * openLDAPConnection(LdapServerData *data) { - static int falseint = 0; - LDAP *server; - if (data->secure) { - if (!(server = ldapssl_init(data->host, data->port, 1))) { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, - "openLDAPConnection(): ldapssl_init failed for %s:%d", - data->host, data->port); - return NULL; - } - } - else { - if (!(server = ldap_init(data->host, data->port))) { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, - "openLDAPConnection(): ldap_init failed for %s:%d", - data->host, data->port); - return NULL; - } - } - - if (ldap_set_option(server, LDAP_OPT_CACHE_ENABLE, (void*)&falseint) != LDAP_SUCCESS) { + if (!(server = util_ldap_init(data->securitydir, NULL, + data->host, data->port, data->secure, 1, NULL))) { ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, - "openLDAPConnection(): ldap_set_option failed to disable cache for %s:%d", + "openLDAPConnection(): util_ldap_init failed for ldap%s://%s:%d", + data->secure ? "s" : "", data->host, data->port); - closeLDAPConnection(server); return NULL; } return (server); } -static int LDAP_CALL LDAP_CALLBACK +#if defined(USE_OPENLDAP) +static int +admserv_ldap_rebind_proc( + LDAP *ld, LDAP_CONST char *url, + ber_tag_t request, ber_int_t msgid, + void *arg) +{ + RebindData *data = (RebindData*)arg; + + return util_ldap_bind(ld, data->user, data->pw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL); +} +#else /* NOT USE_OPENLDAP */ +static int admserv_ldap_rebind_proc(LDAP *ld, char **who, char **pw, int *auth, int freeit, void *arg) { RebindData *data = (RebindData*)arg; @@ -554,6 +548,7 @@ admserv_ldap_rebind_proc(LDAP *ld, char **who, char **pw, int *auth, int freeit, return LDAP_SUCCESS; } +#endif static void setLDAPRebindProc(LDAP *server, const char *user, const char *pw) @@ -664,21 +659,13 @@ admserv_ldap_auth_userdn_password(LDAP *server, const char *pw, int *pw_expiring) { - int ver = LDAP_VERSION3; - LDAPMessage *res = NULL; /* LDAP result message */ LDAPControl **ctrls = NULL; int ldapError = LDAP_SUCCESS; - int msgid = 0; /* async bind id */ - int rc = 0; /* result code of LDAP operation */ *pw_expiring = -1; setLDAPRebindProc(server, userdn, pw); - /* This is for password expiration check */ - /* set the LDAP version -- only v3 knows about controls */ - ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ver); - /* DT 9/18/98 - Fix for bind problem. Previously, if pw == null, * then the bind does not occur (connection is still anonymous), * but ldap_simple_bind() returns LDAP_SUCCESS. We want the @@ -688,32 +675,13 @@ admserv_ldap_auth_userdn_password(LDAP *server, pw = (char*)""; /* bind user asynchronously */ - if ( (msgid = ldap_simple_bind(server, userdn, pw)) == -1 ) { - /*return LDAP_OPERATIONS_ERROR;*/ - return LDAP_SERVER_DOWN; - } - - rc = ldap_result(server, msgid, 1, NULL, &res); + ldapError = util_ldap_bind(server, userdn, pw, + LDAP_SASL_SIMPLE, NULL, &ctrls, NULL, NULL); - switch (rc) { - case -1: - if (res) ldap_msgfree(res); - return ldap_get_lderrno(server, NULL, NULL); - default: - if ((ldapError = ldap_result2error(server, res, 0)) != LDAP_SUCCESS) { - if (res) ldap_msgfree(res); - return ldapError; - } - } - - if ((ldapError = ldap_parse_result(server, res, NULL, NULL, NULL, NULL, &ctrls, 0)) - != LDAP_SUCCESS) { - if (res) ldap_msgfree(res); - return ldapError; - } - - if ((ldapError = ldap_result2error(server, res, 0)) != LDAP_SUCCESS) { - if (res) ldap_msgfree(res); + if (ldapError) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0 /* status */, NULL, + "Could not bind as [%s]: ldap error %d: %s", + userdn, ldapError, ldap_err2string(ldapError)); return ldapError; } @@ -740,7 +708,6 @@ admserv_ldap_auth_userdn_password(LDAP *server, ldap_controls_free(ctrls); } - if (res) ldap_msgfree(res); return ldapError; } @@ -777,15 +744,16 @@ static int extractLdapServerData(LdapServerData *data, char *ldapURL, const server_rec *s) { LDAPURLDesc *ldapInfo = NULL; + int secure; if (!ldapURL) return extractLdapError(s, NULL); - if (ldap_url_parse(ldapURL, &ldapInfo)) { + if (util_ldap_url_parse(ldapURL, &ldapInfo, 0, &secure)) { return extractLdapError(s, NULL); } - data->secure = (ldapInfo->lud_options & LDAP_URL_OPT_SECURE); + data->secure = secure; data->port = ldapInfo->lud_port; if (!data->port) { if (data->secure) { @@ -888,6 +856,7 @@ buildUGInfo(char** errorInfo, const request_rec *r) { userGroupServer.secure = 0; userGroupServer.baseDN = NULL; userGroupServer.admservSieDN = NULL; + userGroupServer.securitydir = admldapGetSecurityDir(info); if (NULL == admldapGetLDAPHndl(info)) { /* LDAP is not available; gather info from the cache */ @@ -1166,7 +1135,7 @@ sync_task_sie_data(const char *name, char *query, void *arg, request_rec *r) for (i=0; i < servercnt; i++) { /* Create Pset for each individual server */ char *host = admldapGetHost(ldapInfo); - tmp = psetRealCreateSSL(host, + tmp = psetRealCreateSSL(ldapInfo, host, admldapGetPort(ldapInfo), admldapGetSecurity(ldapInfo), serverlist[i], @@ -1295,7 +1264,7 @@ task_update_registry_server_bindpw(char *uid, char *password, userDN = apr_table_get(r->notes, RQ_NOTES_USERDN); /* authenticate to LDAP server */ - if (LDAP_SUCCESS != (ldapError = ldap_simple_bind_s(ld, userDN, bindpw))) { + if (LDAP_SUCCESS != (ldapError = util_ldap_bind(ld, userDN, bindpw, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL))) { switch (ldapError) { case LDAP_INAPPROPRIATE_AUTH: case LDAP_INVALID_CREDENTIALS: @@ -1327,7 +1296,7 @@ task_update_registry_server_bindpw(char *uid, char *password, mod.mod_values = vals; mods[0] = &mod; mods[1] = NULL; - if (LDAP_SUCCESS != (ldapError = ldap_modify_s(ld, adminDN, mods))) { + if (LDAP_SUCCESS != (ldapError = ldap_modify_ext_s(ld, adminDN, mods, NULL, NULL))) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "task_update_registry_server_bindpw(): ldap_modify for %s failed: %s", adminDN, ldap_err2string(ldapError)); @@ -1489,8 +1458,8 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata) tries = 0; do { - ldapError = ldap_search_s(server, (char *)sieDN, LDAP_SCOPE_SUBTREE, NS_EXEC_REF_QUERY, - searchAttributes, 0, &result); + ldapError = ldap_search_ext_s(server, (char *)sieDN, LDAP_SCOPE_SUBTREE, NS_EXEC_REF_QUERY, + searchAttributes, 0, NULL, NULL, NULL, -1, &result); if(ldapError != LDAP_SERVER_DOWN && ldapError != LDAP_CONNECT_ERROR) break; @@ -1513,23 +1482,24 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata) for (e = ldap_first_entry(server, result) ; e != NULL ; e = ldap_next_entry(data->server, e)) { - char *dn, **vals, **vals2, *execRefArgs; + char *dn, *execRefArgs; + struct berval **vals, **vals2; TaskCacheEntry *cache_entry; dn = ldap_get_dn(server, e); if (!dn) continue; - vals = ldap_get_values(server, e, NS_EXEC_REF); + vals = ldap_get_values_len(server, e, NS_EXEC_REF); if (!vals) { ldap_memfree(dn); continue; } - vals2 = ldap_get_values(server, e, NS_LOG_SUPPRESS); + vals2 = ldap_get_values_len(server, e, NS_LOG_SUPPRESS); - if ((execRefArgs = strchr(vals[0], '?')) != NULL) + if (vals && vals[0] && ((execRefArgs = PL_strnchr(vals[0]->bv_val, '?', vals[0]->bv_len)) != NULL)) *(execRefArgs++) = '\0'; adm_normalize_dn(dn, normDN); @@ -1548,9 +1518,13 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata) */ } - cache_entry->execRef = apr_pstrdup(module_pool, vals[0]); + if (vals && vals[0]) { + cache_entry->execRef = apr_pstrndup(module_pool, vals[0]->bv_val, vals[0]->bv_len); + } else { + cache_entry->execRef = NULL; + } cache_entry->execRefArgs = execRefArgs ? apr_pstrdup(module_pool, execRefArgs) : NULL; - cache_entry->logSuppress = (vals2 && !STRCASECMP(vals2[0], LOG_SUPPRESS_ON_VALUE)); + cache_entry->logSuppress = (vals2 && vals[0] && !strncasecmp(vals2[0]->bv_val, LOG_SUPPRESS_ON_VALUE, vals2[0]->bv_len)); HashTableInsert(cache_entry->auth_userDNs, apr_pstrdup(module_pool, data->userDN), (char*)(data->now)); @@ -1561,9 +1535,9 @@ populate_tasks_from_server(char *serverid, const void *sieDN, void *userdata) cache_entry->execRefArgs ? cache_entry->execRefArgs : "", data->userDN); - ldap_value_free(vals); + ldap_value_free_len(vals); if (vals2) - ldap_value_free(vals2); + ldap_value_free_len(vals2); ldap_memfree(dn); } @@ -2327,7 +2301,8 @@ do_admserv_post_config(apr_pool_t *p, apr_pool_t *plog, registryServer.bindDN = ""; /* deprecated - use user credentials */ registryServer.bindPW = ""; /* deprecated - use user credentials */ registryServer.admservSieDN = admldapGetSIEDN(info); - + registryServer.securitydir = admldapGetSecurityDir(info); + destroyAdmldap(info); info = NULL; @@ -2853,7 +2828,7 @@ static int fixup_adminsdk(request_rec *r) admserv_config *cf = ap_get_module_config(r->per_dir_config, &admserv_module); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "fixup_adminsdk flag is %d", cf->adminsdk); if (!cf->adminsdk) diff --git a/mod_admserv/mod_admserv.h b/mod_admserv/mod_admserv.h index 965407b..9a041f0 100644 --- a/mod_admserv/mod_admserv.h +++ b/mod_admserv/mod_admserv.h @@ -28,13 +28,10 @@ #define _ADMSERV_PLUGIN_H #include <ldap.h> -#include <ldap_ssl.h> -#include "apr_hash.h" +#include "libadmin/libadmin.h" -typedef unsigned long DWORD; -typedef DWORD *PDWORD; -typedef DWORD *LPDWORD; +#include "apr_hash.h" #define LDAPU_SUCCESS 0 #define LDAPU_FAILED -1 @@ -137,6 +134,7 @@ typedef struct LdapServerData { char *bindDN; /* deprecated since the SIE cannot bind anymore */ char *bindPW; /* deprecated since the SIE cannot bind anymore */ char *admservSieDN; /* SIE DN of this admin server */ + char *securitydir; /* path to key/cert databases */ } LdapServerData; typedef struct ServletLookupData { @@ -153,4 +151,11 @@ typedef struct RuntimeCommandRecord { void *arg; } RuntimeCommandRecord; +#ifndef LDAP_CONTROL_PWEXPIRED +#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4" +#endif +#ifndef LDAP_CONTROL_PWEXPIRING +#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5" +#endif + #endif diff --git a/tests/ds_create/testget.1 b/tests/ds_create/testget.1 index 266503a..9abb2c4 100644 --- a/tests/ds_create/testget.1 +++ b/tests/ds_create/testget.1 @@ -1 +1 @@ -servport=38900&cfg_sspt_uid=uid%3Dadmin%2C+ou%3DAdministrators%2C+ou%3DTopologyManagement%2C+o%3DNetscapeRoot&ldap_url=ldap%3A%2F%2Flocalhost.localdomain%3A1100%2Fo%3DNetscapeRoot&servuser=SETTOYOURUSERID&cfg_sspt_uid_pw=admin&rootpw=password&servid=localhost2&start_server=1&suitespot3x_uid=admin&suffix=dc%3Dexample%2Cdc%3Dcom&servname=localhost.localdomain&rootdn=cn%3DDirectory+Manager&admin_domain=localdomain +servport=38900&cfg_sspt_uid=uid%3Dadmin%2C+ou%3DAdministrators%2C+ou%3DTopologyManagement%2C+o%3DNetscapeRoot&ldap_url=ldap%3A%2F%2FHOSTNAME%3APORT%2Fo%3DNetscapeRoot&servuser=USER&cfg_sspt_uid_pw=admin&rootpw=password&servid=localhost2&start_server=1&suitespot3x_uid=admin&suffix=dc%3Dexample%2Cdc%3Dcom&servname=HOSTNAME&rootdn=cn%3DDirectory+Manager&admin_domain=DOMAIN diff --git a/tests/htmladmin/testget.2 b/tests/htmladmin/testget.2 index 05e140f..1765055 100644 --- a/tests/htmladmin/testget.2 +++ b/tests/htmladmin/testget.2 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=topframepaint&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=topframepaint&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.3 b/tests/htmladmin/testget.3 index 7e946f8..82f3179 100644 --- a/tests/htmladmin/testget.3 +++ b/tests/htmladmin/testget.3 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=index&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=index&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.4 b/tests/htmladmin/testget.4 index 077786d..868c0f2 100644 --- a/tests/htmladmin/testget.4 +++ b/tests/htmladmin/testget.4 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=empty&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=empty&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.5 b/tests/htmladmin/testget.5 index c2ec86e..e3969c8 100644 --- a/tests/htmladmin/testget.5 +++ b/tests/htmladmin/testget.5 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=framepaint&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=framepaint&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.6 b/tests/htmladmin/testget.6 index 4647668..26a84f9 100644 --- a/tests/htmladmin/testget.6 +++ b/tests/htmladmin/testget.6 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=viewselect&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=viewselect&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.7 b/tests/htmladmin/testget.7 index 254c228..a8bb81c 100644 --- a/tests/htmladmin/testget.7 +++ b/tests/htmladmin/testget.7 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&op=serveractivate&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&op=serveractivate&view=viewparam \ No newline at end of file diff --git a/tests/htmladmin/testget.8 b/tests/htmladmin/testget.8 index 448b7d7..1fcd009 100644 --- a/tests/htmladmin/testget.8 +++ b/tests/htmladmin/testget.8 @@ -1 +1 @@ -obj=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&view=viewparam \ No newline at end of file +obj=cn%3Dslapd-INSTANCE+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&view=viewparam \ No newline at end of file diff --git a/tests/setup.sh b/tests/setup.sh index 0c05de5..c979166 100755 --- a/tests/setup.sh +++ b/tests/setup.sh @@ -1,73 +1,157 @@ #!/bin/sh testdir="$1" -#sroot=/home/$USER/11srv -sroot=/export/rmeggins/11srv -port=1100 -secport=1101 +hostname=vmhost.testdomain.com +domain=testdomain.com +sroot=/home/$USER/dsol +port=1200 +secport=1201 rootdn="cn=directory manager" +escapedrootdn='cn\\\\3Ddirectory manager' rootpw=password -#adminpw=boguspassword +adminpw=boguspassword adminpw=admin #needinstance=1 #needdata=1 -#usessl=1 -PATH=/usr/lib64/mozldap:/usr/lib/mozldap:$PATH -export PATH +usessl=1 +secdir=/home/$USER/save +#PATH=/usr/lib64/mozldap:$PATH +#export PATH +instance=ds if [ "$needinstance" ] ; then -$sroot/bin/ds_newinst.pl - <<EOF +$sroot/sbin/setup-ds.pl -s -f - <<EOF [General] -FullMachineName= localhost.localdomain +FullMachineName= $hostname SuiteSpotUserID= $USER -ServerRoot= $sroot/lib/fedora-ds [slapd] ServerPort= $port -ServerIdentifier= localhost +ServerIdentifier= $instance Suffix= o=NetscapeRoot RootDN= $rootdn RootDNPwd= $rootpw EOF + +sslconf=/tmp/sslconf.$$.ldif +cat > $sslconf <<EOF +dn: cn=encryption,cn=config +changetype: modify +replace: nsSSL3 +nsSSL3: on +- +replace: nsSSLClientAuth +nsSSLClientAuth: allowed +- +add: nsSSL3Ciphers +nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, + +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, + +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, + +tls_rsa_export1024_with_des_cbc_sha + +dn: cn=config +changetype: modify +add: nsslapd-security +nsslapd-security: on +- +replace: nsslapd-ssl-check-hostname +nsslapd-ssl-check-hostname: off +- +replace: nsslapd-secureport +nsslapd-secureport: $secport + +dn: cn=RSA,cn=encryption,cn=config +changetype: add +objectclass: top +objectclass: nsEncryptionModule +cn: RSA +nsSSLPersonalitySSL: Server-Cert +nsSSLToken: internal (software) +nsSSLActivation: on + +EOF + +ldapmodify -x -h $hostname -p $port -D "$rootdn" -w "$rootpw" -c -f $sslconf +rm -f $sslconf + +$sroot/lib/dirsrv/slapd-$instance/stop-slapd +cp $secdir/*.db $sroot/etc/dirsrv/slapd-$instance +cp $secdir/pin.txt $sroot/etc/dirsrv/slapd-$instance +$sroot/lib/dirsrv/slapd-$instance/start-slapd + fi if [ "$needdata" ] ; then -$sroot/lib/fedora-ds/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $testdir/nsroot.ldif -sleep 10 + for file in $testdir/*.ldif.tmpl $testdir/*.mod.tmpl ; do + echo processing file $file + tmpfile=/tmp/mod.$$ + sed \ + -e "s/%as_uid%/admin/g" \ + -e "s/%as_passwd%/admin/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%console_version%/0.0/g" \ + -e "s/%as_baseversion%/0.0/g" \ + -e "s/%ds_console_jar%/389-ds.jar/g" \ + -e "s/%fqdn%/$hostname/g" \ + -e "s/%ds_port%/$port/g" \ + -e "s/%ds_secure_port%/$secport/g" \ + -e "s/%ds_suffix%/$suffix/g" \ + -e "s/%ds_user%/$USER/g" \ + -e "s/%brand%/389/g" \ + -e "s/%dsid%/$instance/g" \ + -e "s,%uname_a%,`uname -a`,g" \ + -e "s/%uname_m%/`uname -m`/g" \ + -e "s/%ds_version%/0.0/g" \ + -e "s/%ds_buildnum%/0.0/g" \ + -e "s/%asid%/$instance/g" \ + -e "s/%vendor%/389/g" \ + -e "s/%timestamp%/`date +%Y%m%d%H%M%S`/g" \ + -e "s/%rootdn%/$rootdn/g" \ + -e "s/%escapedrootdn%/$escapedrootdn/g" \ + -e "s/%ds_sie%/cn=slapd-$instance,cn=389 Directory Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot/g" \ + -e "s/%as_sie%/cn=admin-serv-$instance,cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot/g" \ + -e "s/%as_version%/0.0/g" \ + -e "s/%as_buildnum%/0.0/g" \ + -e "s/%as_console_jar%/389-admin.jar/g" \ + -e "s/%as_port%/9830/g" \ + -e "s/%as_user%/$USER/g" \ + -e "s/%as_addr%/127.0.0.1/g" \ + -e "s,%admpw%,testtmp/admpw,g" \ + -e "s,%as_error%,testtmp/error,g" \ + -e "s,%as_access%,testtmp/access,g" \ + -e "s,%as_pid%,testtmp/pid,g" \ + -e "s,%as_help_path%,testtmp,g" $file > $tmpfile + ldapmodify -x -h $hostname -p $port -D "$rootdn" -w "$rootpw" -c -a -f $tmpfile + rm -f $tmpfile + done fi rm -rf testtmp mkdir testtmp if [ "$usessl" ] ; then - ldapurl="ldaps://localhost:$secport/o=NetscapeRoot" - # grab CA cert - certutil -L -d $sroot/etc/fedora-ds/slapd-localhost -n "CA certificate" -a > testtmp/cacert.asc - # pin file - echo "passwordpassword" > testtmp/pwdfile.txt - # create sec db - certutil -N -d testtmp -f testtmp/pwdfile.txt - # import CA cert - certutil -A -d testtmp -n "CA certificate" -t "CT,," -a -i testtmp/cacert.asc + ldapurl="ldaps://$hostname:$secport/o=NetscapeRoot" else - ldapurl="ldap://localhost:$port/o=NetscapeRoot" + ldapurl="ldap://$hostname:$port/o=NetscapeRoot" fi cat > testtmp/adm.conf <<EOF ldapurl: $ldapurl -ldapHost: localhost.localdomain +ldapHost: $hostname ldapPort: $port -sie: cn=admin-serv-localhost, cn=Fedora Administration Server, cn=Server Group, cn=localhost.localdomain, ou=localdomain, o=NetscapeRoot -isie: cn=Fedora Administration Server, cn=Server Group, cn=localhost.localdomain, ou=localdomain, o=NetscapeRoot -port: 32348 -ldapStart: slapd-localhost/start-slapd +sie: cn=admin-serv-$instance,cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot +isie: cn=389 Administration Server,cn=Server Group,cn=$hostname,ou=$domain,o=NetscapeRoot +port: 9830 +ldapStart: slapd-$instance/start-slapd +securitydir: $secdir EOF +cp testtmp/adm.conf testtmp/adm.conf.orig cat > testtmp/admpw <<EOF admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= EOF cat > testtmp/console.conf <<EOF -Listen localhost:54321 +Listen $hostname:9830 CustomLog testtmp/access common ErrorLog testtmp/error PidFile testtmp/pid @@ -77,11 +161,11 @@ EOF dir=`pwd` # CGI env. vars -#ADMSERV_CONF_DIR=$dir/testtmp +ADMSERV_CONF_DIR=$dir/testtmp #ADMSERV_CONF_DIR=$sroot/etc/fedora-ds/admin-serv -#export ADMSERV_CONF_DIR -#ADMSERV_LOG_DIR=$dir/testtmp -#export ADMSERV_LOG_DIR +export ADMSERV_CONF_DIR +ADMSERV_LOG_DIR=$dir/testtmp +export ADMSERV_LOG_DIR HTTP_ACCEPT_LANGUAGE=en export HTTP_ACCEPT_LANGUAGE SERVER_URL=http://localhost @@ -92,65 +176,80 @@ cat > $pwpfile <<EOF User: admin Password: $adminpw -UserDN: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot +UserDN: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot SIEPWD: $adminpw EOF -VALGRIND="valgrind --log-file=/var/tmp/vg.out --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 " +VALGRIND="valgrind -q --tool=memcheck --leak-check=yes --suppressions=/share/scripts/valgrind.supp --num-callers=40 --log-file=" GDB="gdb -x .gdbinit " #DEBUGCMD="$VALGRIND" -#DEBUGCMD="$GDB" +DEBUGCMD="$GDB" + +PROGS="help" +#PROGS="mergeConfig admpw security ugdsconfig ReadLog start_config_ds \ +# config statpingserv viewdata dsconfig monreplication restartsrv \ +# statusping viewlog htmladmin sec-activate stopsrv download help" -PROGS="mergeConfig admpw security ugdsconfig ReadLog start_config_ds \ - config statpingserv viewdata dsconfig monreplication restartsrv \ - statusping viewlog htmladmin sec-activate stopsrv download help" +#SCRIPTS=ds_create -SCRIPTS=ds_create +#$sroot/lib/dirsrv/slapd-$instance/stop-slapd # each prog has a subdir containing the GET/POST args and any other test data for prog in $PROGS ; do getlist=/tmp/gettests.$$ find $testdir/$prog -name testget.\* -print 2> /dev/null | sort -n > $getlist for test in `cat $getlist` ; do - if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi - basetest=`basename $test` - echo "Running test $test" - REQUEST_METHOD=GET ; export REQUEST_METHOD - QUERY_STRING="`cat $test`" ; export QUERY_STRING - SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME - # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST - exec 4<$pwpfile - PASSWORD_PIPE=4 ; export PASSWORD_PIPE - if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then - echo "break main" > .gdbinit - echo "run > results/$prog/$basetest.html" >> .gdbinit - ./libtool --mode execute $GDB ./$prog - else - ./libtool --mode execute $DEBUGCMD ./$prog > results/$prog/$basetest.html - fi + if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi + sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed + basetest=`basename $test` + echo "Running test $test" + REQUEST_METHOD=GET ; export REQUEST_METHOD + QUERY_STRING="`cat $test.sed`" ; export QUERY_STRING + SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME + # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST + exec 4<$pwpfile + PASSWORD_PIPE=4 ; export PASSWORD_PIPE + if [ "$DEBUGCMD" = "$VALGRIND" ] ; then + VGFILE="results/$prog/vg.$basetest" + fi + if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then + echo "break main" > .gdbinit + echo "run > results/$prog/$basetest.html" >> .gdbinit + ./libtool --mode execute $GDB ./$prog + else + ./libtool --mode execute ${DEBUGCMD}$VGFILE ./$prog > results/$prog/$basetest.html + fi + rm $test.sed done rm -f $getlist + cp -p testtmp/adm.conf.orig testtmp/adm.conf postlist=/tmp/posttests.$$ find $testdir/$prog -name testpost.\* -print 2> /dev/null | sort -n > $postlist for test in `cat $postlist` ; do - if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi - basetest=`basename $test` - echo "Running test $test" - REQUEST_METHOD=POST ; export REQUEST_METHOD - CONTENT_LENGTH=`wc -c $test | cut -f1 -d' '` ; export CONTENT_LENGTH - SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME - # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST - exec 4<$pwpfile - PASSWORD_PIPE=4 ; export PASSWORD_PIPE - if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then - echo "break main" > .gdbinit - echo "run < $test > results/$prog/$basetest.html" >> .gdbinit - ./libtool --mode execute $GDB ./$prog - else - ./libtool --mode execute $DEBUGCMD ./$prog < $test > results/$prog/$basetest.html - fi + if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi + sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed + basetest=`basename $test` + echo "Running test $test" + REQUEST_METHOD=POST ; export REQUEST_METHOD + CONTENT_LENGTH=`wc -c $test.sed | cut -f1 -d' '` ; export CONTENT_LENGTH + SCRIPT_NAME=admin-serv/Tasks/Operation/$prog ; export SCRIPT_NAME + # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST + exec 4<$pwpfile + PASSWORD_PIPE=4 ; export PASSWORD_PIPE + if [ "$DEBUGCMD" = "$VALGRIND" ] ; then + VGFILE="results/$prog/vg.$basetest" + fi + if [ -n "$DEBUGCMD" -a "$DEBUGCMD" = "$GDB" ] ; then + echo "break main" > .gdbinit + echo "run < $test.sed > results/$prog/$basetest.html" >> .gdbinit + ./libtool --mode execute $GDB ./$prog + else + ./libtool --mode execute ${DEBUGCMD}$VGFILE ./$prog < $test.sed > results/$prog/$basetest.html + fi + rm $test.sed done rm -f $postlist + cp -p testtmp/adm.conf.orig testtmp/adm.conf done for prog in $SCRIPTS ; do @@ -158,10 +257,11 @@ for prog in $SCRIPTS ; do find $testdir/$prog -name testget.\* -print 2> /dev/null | sort -n > $getlist for test in `cat $getlist` ; do if [ ! -d results/$prog ] ; then mkdir -p results/$prog ; fi + sed -e s/HOSTNAME/$hostname/g -e s/DOMAIN/$domain/g -e s/INSTANCE/$instance/g -e s/PORT/$port/g -e s/USER/$USER/g $test > $test.sed basetest=`basename $test` echo "Running test $test" REQUEST_METHOD=GET ; export REQUEST_METHOD - QUERY_STRING="`cat $test`" ; export QUERY_STRING + QUERY_STRING="`cat $test.sed`" ; export QUERY_STRING SCRIPT_NAME=slapd/Tasks/Operation/$prog ; export SCRIPT_NAME # open pwpfile for reading as file desc 4 - CGIs have to use stdin (0) for POST exec 4<$pwpfile @@ -171,8 +271,10 @@ for prog in $SCRIPTS ; do else perl -w admserv/cgi-src40/$prog fi + rm $test.sed done rm -f $getlist + cp -p testtmp/adm.conf.orig testtmp/adm.conf done rm -rf $pwpfile .gdbinit diff --git a/tests/ugdsconfig/testget.10 b/tests/ugdsconfig/testget.10 index 593e766..77ec9ea 100644 --- a/tests/ugdsconfig/testget.10 +++ b/tests/ugdsconfig/testget.10 @@ -1 +1 @@ -op=setconfig&ugdsconfig.inforef=cn%3DUserDirectory%2C+ou%3DGlobal+Preferences%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot&ugdsconfig.dirurl=ldap://newhost:newport/o=newsuffix&ugdsconfig.binddn=newbinddn&ugdsconfig.bindpw=newbindpw \ No newline at end of file +op=setconfig&ugdsconfig.inforef=cn%3DUserDirectory%2C+ou%3DGlobal+Preferences%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot&ugdsconfig.dirurl=ldap://newhost:newport/o=newsuffix&ugdsconfig.binddn=newbinddn&ugdsconfig.bindpw=newbindpw \ No newline at end of file diff --git a/tests/viewdata/testget.2 b/tests/viewdata/testget.2 index 93dc6a7..74af381 100644 --- a/tests/viewdata/testget.2 +++ b/tests/viewdata/testget.2 @@ -1 +1 @@ -sie=cn%3Dslapd-localhost%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot \ No newline at end of file +sie=cn%3Dslapd-INSTANCE%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot \ No newline at end of file diff --git a/tests/viewdata/testget.3 b/tests/viewdata/testget.3 index 5d6fcd5..d6527d8 100644 --- a/tests/viewdata/testget.3 +++ b/tests/viewdata/testget.3 @@ -1 +1 @@ -sie=cn%3Dslapd-localhost2%2C+cn%3DFedora+Directory+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot \ No newline at end of file +sie=cn%3Dslapd-INSTANCE2%2C+cn%3D389+Directory+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot \ No newline at end of file diff --git a/tests/viewdata/testget.4 b/tests/viewdata/testget.4 index 9f6cd3a..4858c39 100644 --- a/tests/viewdata/testget.4 +++ b/tests/viewdata/testget.4 @@ -1 +1 @@ -sie=cn%3Dadmin-serv-localhost%2C+cn%3DFedora+Administration+Server%2C+cn%3DServer+Group%2C+cn%3Dlocalhost.localdomain%2C+ou%3Dlocaldomain%2C+o%3DNetscapeRoot \ No newline at end of file +sie=cn%3Dadmin-serv-INSTANCE%2C+cn%3D389+Administration+Server%2C+cn%3DServer+Group%2C+cn%3DHOSTNAME%2C+ou%3DDOMAIN%2C+o%3DNetscapeRoot diff --git a/tests/viewlog/testget.3 b/tests/viewlog/testget.3 index 663e36c..ba8e2b6 100644 --- a/tests/viewlog/testget.3 +++ b/tests/viewlog/testget.3 @@ -1 +1 @@ -file=access&num=25&str=&id=slapd-localhost \ No newline at end of file +file=access&num=25&str=&id=slapd-INSTANCE diff --git a/tests/viewlog/testget.4 b/tests/viewlog/testget.4 index 4dcc43b..8b8839b 100644 --- a/tests/viewlog/testget.4 +++ b/tests/viewlog/testget.4 @@ -1 +1 @@ -file=errors&num=25&str=&id=slapd-localhost \ No newline at end of file +file=errors&num=25&str=&id=slapd-INSTANCE

13 years, 6 months

1
0
0 / 0

VERSION.sh

by Richard Allen Megginson

VERSION.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 28f83cce08acfbc615b862e762eb62b3b72cfe28 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Wed Oct 20 10:46:49 2010 -0600 bump version to 1.2.7.a3 diff --git a/VERSION.sh b/VERSION.sh index af6b06f..759b92e 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -14,7 +14,7 @@ VERSION_MAINT=7 # if this is a PRERELEASE, set VERSION_PREREL # otherwise, comment it out # be sure to include the dot prefix in the prerel -VERSION_PREREL=.a2 +VERSION_PREREL=.a3 # NOTES on VERSION_PREREL # use aN for an alpha release e.g. a1, a2, etc. # use rcN for a release candidate e.g. rc1, rc2, etc.

13 years, 6 months

1
0
0 / 0

Changes to 'refs/tags/389-ds-base-1.2.7.a2'

by Richard Allen Megginson

Changes since 389-ds-base-1.2.6.a1: Endi S. Dewata (166): Bug 545620 - Password cannot start with minus sign Bug 538525 - Ability to create instance as non-root user Bug 570542 - Root password cannot contain matching curly braces Bug 470684 - Pam_passthru plugin doesn't verify account activation Bug 573375 - MODRDN operation not logged Bug 520151 - Error when modifying userPassword with proxy user Bug 455489 - Address compiler warnings about strict-aliasing rules Bug 566320 - RFE: add exception to removal of attributes in cn=config for aci Bug 566043 - startpid file is only cleaned by initscript runs Bug 584109 - Slapd crashes while parsing DNA configuration Bug 542570 - Directory Server port number is not validated in the beginning. Bug 145181 - Plugin target/bind subtrees only take 1 value. Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 619122 - fix coverify Defect Type: Resource leaks issues CID 11975 - 12053 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverify Defect Type: Resource leaks issues CID 12094 - 12136 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 628096 - spurious error message from /sbin/service when doing a stop on no instances Bug 573889 - Migration does not remove deprecated schema Endi Sukma Dewata (16): Bug 630092 - Coverity #12117: Resource leaks issues Bug 630092 - Coverity #15478: Resource leaks issues Bug 630092 - Coverity #15479: Resource leaks issues Bug 630092 - Coverity #15481: Resource leaks issues Bug 630092 - Coverity #15482: Resource leaks issues Bug 630092 - Coverity #15483: Resource leaks issues Bug 630092 - Coverity #15484: Resource leaks issues Bug 630092 - Coverity #15485: Resource leaks issues Bug 630092 - Coverity #15487: Resource leaks issues Bug 630092 - Coverity #15490: Resource leaks issues Bug 630092 - Coverity #15497: Resource leaks issues Bug 630092 - Coverity #11991: Resource leaks issues Bug 630092 - Coverity #12000: Resource leaks issues Bug 630092 - Coverity #12003: Resource leaks issues Bug 630092 - Coverity #11985: Resource leaks issues Bug 630092 - Coverity #11992,11993: Resource leaks issues Nathan Kinder (85): Bug 549554 - Trim single-valued attributes before sending to AD Improve search for pcre header file Bug 434735 - Allow SASL ANONYMOUS mech to work Bug 570912 - Avoid selinux context conflict with httpd Allow instance name to be parsed from start-slapd Add managed entries plug-in Bug 572355 - Label instance files and ports during upgrade. Bug 578863 - Password modify extop needs to send referrals on replicas Bug 584156 - Remove ldapi socket file during upgrade Fix rsearch usage of name files for random filters Bug 584497 - Allow DNA plugin to set same value on multiple attributes Add replication session hooks Correct function prototype for repl session hook Bug 592389 - Set anonymous resource limits properly Bug 601433 - Add man pages for start-dirsrv and related commands Bug 604263 - Fix memory leak when password change is rejected Bug 612242 - membership change on DS does not show on AD Bug 613833 - Allow dirsrv_t to bind to rpc ports Bug 594745 - Get rid of dirsrv_lib_t label Bug 620927 - Allow multiple membership attributes in memberof plugin Bug 612264 - ACI issue with (targetattr='userPassword') Bug 630098 - fix coverity Defect Type: Code maintainability issues Bug 630098 - fix coverity Defect Type: Code maintainability issues Bug 630093 - (cov#15511) Don't use unintialized search_results in refint plugin Bug 630093 - (cov#15518) Need to intialize fd in ldbm2ldif code Bug 630096 - (cov#11778) check return value of ldap_parse_result Bug 630096 - (cov#15446) check return value of ber_scanf() Bug 630096 - (cov#15449,15450) Check return value of stat() Bug 630096 - (cov#15448) Check return value of cache_replace() Bug 630096 - (cov#15447) - Check return value of idl_append_extend() Bug 630090 - (cov#11974) Remove unused ACL functions Bug 630090 - (cov#15445) Fix illegal free in archive code Bug 630094 - (cov#11818) Fix unreachable return in snmp subagent Bug 630094 - (cov#15451) Get rid of unreachable free statements Bug 630094 - (cov#15452) Remove NULL checking for op_string Bug 630094 - (cov#15453) Eliminate NULL check for local_newentry Bug 630094 - (cov#15454) Fix deadcode issue in mapping tree code Bug 630094 - (cov#15455) Remove deadcode in attr_index_config() Bug 630094 - (cov#15456) Remove NULL check for srdn in import code Bug 630094 - (cov#15457) Remove deadcode in import code Bug 630094 - (cov#15458) Fix deadcode issue in moddn code Bug 630094 - (cov#15459) Remove NULL check for srdn in ldif2ldbm code Bug 630094 - (cov#15520) Fix unreachable code issue if perfctrs code Bug 630094 - (cov#15581) Add missing breaks in agt_mopen_stats() Bug 690090 - (cov#11974) Remove additional unused ACL functions Bug 630091 - (cov#15512) Fix usage of uninitialized bervals Bug 630091 - (cov#15513) Fix usage of uninitialized bervals Bug 630091 - (cov#15514) Initialize DBT in entryrdn_get_parent() Bug 630091 - (cov#15515) Use of uninitialized array in index config code Bug 630091 - (cov#15516,15517) Initialize pointers before attempting to free Bug 630091 - (cov#15519) Initialize bervals in search_easter_egg() Bug 630091 - (cov#15582) Free of uninitialized pointer in attr_index_config() Bug 630097 - (cov#11933) Fix NULL dereference in schema code Bug 630097 - (cov#11938) NULL dereference in mmldif Bug 630097 - (cov#11946) NULL dereference in ResHashCreate() Bug 630097 - (cov#11964) Remove dead code from libaccess Bug 630097 - (cov#12143) NULL dereference in cos cache code Bug 630097 - (cov#12148) NULL dereference in ruvInit() Bug 630097 - (cov#12182,12183) NULL dereference in import code Bug 630097 - (cov#15460) NULL deference in ACL URL code Bug 630097 - (cov#15461) Remove unnecessary NULL check in DNA Bug 630097 - (cov#15462) NULL dereference in mep_modrdn_post_op() Bug 630097 - (cov#15463) Remove NULL check in referint plugin Bug 630097 - (cov#15464) NULL dereference in repl code Bug 630097 - (cov#15465) Null dereference in USN code Bug 630097 - (cov#15473) NULL dereference in ResHashCreate() Bug 630097 - (cov#15505) NULL dereference in memberOf code Bug 630097 - (cov#15506) NULL dereference in dblayer code Bug 630097 - (cov#15507,15508) NULL dereference in entryrdn code Bug 630097 - (cov#15509) NULL dereference in idsktune Bug 630097 - (cov#11938) NULL dereference in mmldif Bug 630097 - (cov#15477) NULL dereference in ACL plug-in code Bug 630091 - (cov#12209) Use of uninitialized pointer in libaccess Bug 630092 - (cov#12116) Resource leak in ldclt code Bug 630092 - (cov#12105) Resource leak in pwdscheme config code Bug 630092 - (cov#12068) Resource leak in certmap code Bug 630091 - (cov#11973) Array overrun in libaccess Bug 522055 - Scope check for managed attribute fails Bug 625335 - Self-write aci has permission to invalid attribute Bug 631993 - Log authzid when proxy auth control is used Cov #16300 - Unused variable in account policy plugin Bug 544321 - remove-ds.pl should not throw error unlabelling port Bug 555955 - Allow CoS values to be merged Bug 643937 - Initialize replication version flags Bug 305131 - Allow empty modify operation Noriko Hosoi (171): 544089 - Referential Integrity Plugin does not take into account the attribute 557224 - subtree rename breaks the referential integrity plug-in 247413 - Incorrect error on multiple identical value add 559016 - Attempting to rename suffix returns inappropriate errors 555577 - Syntax validation fails for "ou=NetscapeRoot" tree Undo - 555577 - Syntax validation fails for "ou=NetscapeRoot" tree 560827 - Admin Server templates: DistinguishName validation fails 548535 - memory leak in attrcrypt 563365 - Error handling problems in the backend functions 565664 - Incorrect parameter for CACHE_RETURN() 565987 - redhat-ds-base fails to build due to undefined struct 527848 - make sure db upgrade to 4.7 and later works correctly 539618 - Replication bulk import reports Invalid read/write 567370 - dncache: assertion failure in id2entry_delete 548115 - memory leak in schema reload 555970 - missing read lock in the combination of cos and nsview 539618 - Replication bulk import reports Invalid read/write 570667 - MMR: simultaneous total updates on the masters cause Merge branch '547503' Revert "Merge branch '547503'" Bug 554573 - ACIs use bind DN from bind req rather than cert mapped DN from sasl/external 199923 - subtree search fails to find items under a db 570107 - The import of LDIFs with base-64 encoded DNs fails, 572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case) 573060 - DN normalizer: ESC HEX HEX is not normalized ( 573896 - initializing subtree with invalid syntax crashes ns-slapd 515805 - Stop "initialize Database" crashes the server 548533 - memory leak in Repl_5_Inc_Protocol_new Fixing a syntax error Update to New DN Format 585905 - ACL with targattrfilters error crashes the server 574167 - An escaped space at the end of the RDN value is not 590931 - rhds81 import - hardcoded pages_limit for nsslapd-import-cache-autosize 591336 - Implementing upgrade DN format tool 593453 - Creating password policy with ns-newpolicy.pl on Replicated 593110 - backup-restore does not ALWAYS work 593899 - adding specific ACI causes very large mem allocate request 588867 - entryusn plugin fails on solaris 593899 - adding specific ACI causes very large mem allocate request 595893 - Base DN in SASL mapping is not normalized 511112 - Password history limited to 25 values 597375 - Deleting LDBM database causes backup/restore problem 574101 - MODRDN request never returns - possible deadlock 606920 - anonymous resource limit - nstimelimit - 605827 - In-place upgrade: upgrade dn format should not run in setup-ds-admin.pl 578296 - Attribute type entrydn needs to be added when subtree 609256 - Selinux: pwdhash fails if called via Admin Server CGI 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 609255 - fix coverity Defect Type: Memory - illegal accesses issues 616618 - 389 v1.2.5 accepts 2 identical entries with different DN formats 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 610281 - fix coverity Defect Type: Control flow issues 616608 - SIGBUS in RDN index reads on platforms with strict alignments 619595 - Upgrading sub suffix under non-normalized suffix disappears 513166 - Simple Paged result doesn't provide the server's estimate 621928 - Unable to enable replica (rdn problem?) on 1.2.6 rc6 Bug 194531 - db2bak is too noisy Bug 622628 - fix coverity Defect Type: Integer handling issues Bug 622628 - fix coverity Defect Type: Integer handling issues Bug 622628 - fix coverity Defect Type: Integer handling issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 622903 - fix coverity Defect Type: Code maintainability issues Bug 623118 - Simplepaged results going in infinite loop Bug 614511 - fix coverity Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 619122 - fix coverity Defect Type: Resource leaks issues CID 11975 - 12051 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 617630 - fix coverity Defect Type: Resource leaks issues CID 12052 - 12093 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136 Bug 616500 - fix coverity Defect Type: Resource leaks issues CID 12094 - 12136 Bug 614511 - fix coverify Defect Type: Null pointer dereferences issues 11846 - 11891 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 Bug 616500 - fix coverity Defect Type: Resource leaks issues Bug 623507 - fix coverity Defect Type: Incorrect expression issues Bug 623507 - fix coverity Defect Type: Incorrect expression issues Bug 613056 - fix coverify Defect Type: Null pointer dereferences Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 610119 - fix coverify Defect Type: Null pointer dereferences issues 12167 - 12199 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Bug 611790 - fix coverify Defect Type: Null pointer dereferences issues 11940 - 12166 Removed redundant code in agmt_new_from_entry Bug 617630 - fix coverify Defect Type: Resource leaks issues CID 12052 - 12093 Bug 628300 - DN is not normalized in dn/entry cache when an entry is added, entrydn is not present in search results Bug 531642 - EntryUSN: RFE: a configuration option to make entryusn "global" Bug 627738 - The cn=monitor statistics entries for the dnentry cache do not change or change very rarely DN normalizer should check the invalid type Bug 627738 - The cn=monitor statistics entries for the dnentry cache Bug 629710 - escape_string does not check '\<HEX><HEX>' agmtlist_shutdown (repl5_agmtlist.c) had an illegal access defect. Bug 633168 - Share backend dbEnv with the replication changelog Bug 633168 - Share backend dbEnv with the replication changelog Bug 631862 - crash - delete entries not in cache + referint Bug 625014 - SubTree Renames: ModRDN operation fails and the server hangs if the entry is moved to "under" the same DN. Bug 558099 - Enhancement request: Log more information about the search result being a paged one Bug 635987 - Incorrect sub scope search result with Bug 606920 - anonymous resource limit- nstimelimit - Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self Bug 639289 - Adding a new CN entry with UpperCase UTF-8 Character Bug 640027 - Naming attribute with a special char sequence parsing bug Bug 640854 - changelog db: _cl5WriteOperation: failed to Bug 637852 - sasl_io_start_packet: failed - read only 3 bytes Bug 586966 - Sample update script has syntax errors Bug 586973 - Sample update ldif points to non-existent directory Bug 602456 - Allow to add any cn=config attributes; Bug 244229 - targetattr not verified against schema when setting an aci Bug 643532 - Incorrect DNs sometimes returned on searches Bug 592397 - Upgrade tool dn2rdn: it does not clean up Rich Megginson (120): Net::LDAP password modify extop breaks; msgid in response is 0xFF Clean up assert for entrydn Bug 543080 - Bitwise plugin fails to return the exact matched entries for Bitwise search filter Bug 537466 - nsslapd-distribution-plugin should not require plugin name to begin with "lib" bump version to 1.2.6.a2 Do not use syntax plugins directly for filters, indexing wrap new style matching rule plugins for use in old style indexing code change extensible filter code to use new syntax function style mr funcs change syntax plugins to register required matching rule plugins crash looking up compat syntax; numeric string syntax using integer; make octet string ordering work correctly fix memory leak in attr replace when replacement fails fix dso linking issues found by fedora 13 linking problems linking with -z defs 389 DS segfaults on libsyntax-plugin.so - part 1 389 DS segfaults on libsyntax-plugin.so - part 2 389 DS segfaults on libsyntax-plugin.so - part 3 Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location on non-RHEL/Fedora OS Bug 568196 - Install DS8.2 on Solaris fails Bug 568196 - Install DS8.2 on Solaris fails - part 2 Bug 551198 - LDAPI: incorrect logging to access log bump version to 1.2.6.a3 fix various memory leaks Bug 551198 - LDAPI: incorrect logging to access log - part 2 Bug 554573 - ACIs use bind DN from bind req rather than cert mapped DN from sasl/external cleanup build warnings Bug 571514 - upgrade to 1.2.6 should upgrade 05rfc4523.ldif (cert schema) Bug 570905 - postalAddress syntax should allow empty lines (should allow $$) Add support for additional schema/matching rules included with 389 Bug 572677 - Memory leak in searches including GER control Bug 571677 - Busy replica on consumers when directly deleting a replication conflict Bug 576074 - search filters with parentheses fail Bug 567429 - slapd didn't close connection and get into CLOSE_WAIT state Bug 578167 - repl. of mod/replace deletes multi-valued attrs Bug 561575 - setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile Bug 572162 - the string "|*" within a search filter on a non-indexed attribute returns all elements. Bug 576644 - segfault while multimaster replication (paired node won't find deleted entries) start of 1.2.6.a4 Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot Fix too few args for format warning in acllas Bug 586571 - DS Console shows escaped DNs Bug 591685 - Server instances Fail to Start on Solaris due to Library Path and pcre bump console version to 1.2.3 Repl Session API needs to check for NULL api before init Bug 593392 - setup-ds-admin.pl -k creates world readable file Bug 595874 - 99user.ldif getting overpopulated bump version to 1.2.6.a5 bump version to 1.2.6.rc1 bump version to 1.2.6.rc2 bump version to 1.2.6.rc3 Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll Bug 603942 - null deref in _ger_parse_control() for subjectdn bump version to 1.2.6.rc4 Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 602530 - coverity: op_shared_modify: compare pre, post and original entries before freeing them Bug 602531 - coverity: op_shared_delete: compare preop entry and GLUE_PARENT_ENTRY before freeing them Bug 609590 - fix coverity Defect Type: Memory - corruptions issues Bug 610177 - fix coverity Defect Type: Uninitialized variables issues Bug 610276 - fix coverity Defect Type: API usage errors issues Bug 611850 - fix coverity Defect Type: Error handling issues Bug 614242 - C99/ANSI C++ related compile errors on HP-UX Bug 547503 - replication broken again, with 389 MMR replication and TCP errors Bug 617013 - repl-monitor.pl use cpu upto 90% fix build failures due to libtool problems Bug 617629 - Missing aliases in new schema files Bug 617862 - Replication: Unable to delete tombstone errors bump version to 1.2.7.a1 Bug 610281 - fix coverity Defect Type: Control flow issues - daemon.c:write_function() Bug 610281 - fix coverity Defect Type: Control flow issues - last repl init status postalAddress syntax does not accept empty values ger should support both "dn" and "distinguishedName" openldap - ldap_url_parse_ext is not part of the public api fix memleak in ldbm_config_read_instance_entries Add -x option to ldap tools when using openldap openldap - add support for missing controls, add ldif api, fix NSS usage port client tools to use openldap API use the mozldap versions of the proxy auth control create function document slapi wrappers for openldap/mozldap functions that differ fix some compiler warnings use strcasecmp with ptype and type->bv_val ber_printf 'o' cannot handle NULL bv_val fix the url_parse logic when looking for a missing suffix DN openldap ldapsearch uses -LLL to suppress # version: N add ldaptool_opts for the non BUNDLE case in Makefile.am openldap ldapsearch returns empty line at end of LDIF output have to use LDAP_OPT_X_TLS_NEVER to defeat cert hostname checking openldap_read_function needs to set EWOULDBLOCK if the buffer is empty do not terminate unwrapped LDIF line with another newline slapi_ldap_url_parse must handle multiple host:port in url convert mozldap host list to openldap uri list move the out pointer back if continuation lines were removed check src < *out only; only check for \nspace if src < *out - 2 use slapi_ldap_url_parse in the acl code do not un-null-terminate normalized DN until new url is constructed implement slapi_ldap_explode_dn and slapi_ldap_explode_rdn use slapi_pblock_set to set the ldap result code for the be postop plugins pass the string copy to slapi_dn_normalize_original bug 614511 - fix coverity null reference - revert macro aci $dn logic fix compiler warnings - unused vars/funcs, invalid casts use slapi_mods_init_passin/get_ldapmods_passout if modifying the smods Have to explicitly set protocol version to 3 Only check modrdn ops for backend/suffix correctness if not the default backend Bug 634561 - Server crushes when using Windows Sync Agreement openldap ber_init will assert if the bv->bv_val is NULL add the account policy plugin and related server code, schema, and config fix pblock memory leak do not register pre/post op plugins if disabled add support for global inactivity limit fix typos in Makefile.am, acctpolicy schema bump version to 1.2.7.a2 remove extra format argument; use %lu for size_t printf format Bug 644013 - uniqueness plugin segfault bug root (1): Bug 480787 - Autoconf parameter --with and --without --- .gitignore | 1 Makefile.am | 116 Makefile.in | 4821 + VERSION.sh | 7 aclocal.m4 | 6884 -- compile | 21 config.guess | 302 config.h.in | 9 config.sub | 232 configure |30118 +++++------- configure.ac | 59 depcomp | 172 include/base/dbtbase.h | 2 include/base/lexer.h | 126 include/i18n.h | 115 include/ldaputil/ldaputil.h | 10 include/libaccess/aclerror.h | 1 include/libaccess/aclproto.h | 15 include/libaccess/aclstruct.h | 2 include/libaccess/dbtlibaccess.h | 3 include/public/nsacl/aclapi.h | 7 install-sh | 517 ldap/admin/src/scripts/10cleanupldapi.pl | 23 ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif | 5 ldap/admin/src/scripts/60upgradeschemafiles.pl | 2 ldap/admin/src/scripts/80upgradednformat.pl | 171 ldap/admin/src/scripts/81changelog.pl | 29 ldap/admin/src/scripts/90subtreerename.pl | 6 ldap/admin/src/scripts/DSCreate.pm.in | 136 ldap/admin/src/scripts/DSDialogs.pm | 4 ldap/admin/src/scripts/DSMigration.pm.in | 11 ldap/admin/src/scripts/DSUpdate.pm.in | 12 ldap/admin/src/scripts/DSUtil.pm.in | 106 ldap/admin/src/scripts/Inf.pm | 53 ldap/admin/src/scripts/Migration.pm.in | 19 ldap/admin/src/scripts/Setup.pm.in | 19 ldap/admin/src/scripts/exampleupdate.ldif | 2 ldap/admin/src/scripts/exampleupdate.sh | 10 ldap/admin/src/scripts/migrate-ds.pl.in | 13 ldap/admin/src/scripts/remove-ds.pl.in | 28 ldap/admin/src/scripts/repl-monitor.pl.in | 3 ldap/admin/src/scripts/restart-dirsrv.in | 25 ldap/admin/src/scripts/setup-ds.pl.in | 7 ldap/admin/src/scripts/setup-ds.res.in | 9 ldap/admin/src/scripts/start-dirsrv.in | 32 ldap/admin/src/scripts/stop-dirsrv.in | 27 ldap/admin/src/scripts/template-bak2db.in | 36 ldap/admin/src/scripts/template-bak2db.pl.in | 4 ldap/admin/src/scripts/template-db2bak.in | 40 ldap/admin/src/scripts/template-db2bak.pl.in | 4 ldap/admin/src/scripts/template-db2index.in | 2 ldap/admin/src/scripts/template-db2index.pl.in | 8 ldap/admin/src/scripts/template-db2ldif.in | 2 ldap/admin/src/scripts/template-db2ldif.pl.in | 4 ldap/admin/src/scripts/template-dbverify.in | 2 ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in | 4 ldap/admin/src/scripts/template-fixup-memberof.pl.in | 4 ldap/admin/src/scripts/template-ldif2db.in | 2 ldap/admin/src/scripts/template-ldif2db.pl.in | 4 ldap/admin/src/scripts/template-ldif2ldap.in | 4 ldap/admin/src/scripts/template-monitor.in | 4 ldap/admin/src/scripts/template-ns-accountstatus.pl.in | 8 ldap/admin/src/scripts/template-ns-activate.pl.in | 8 ldap/admin/src/scripts/template-ns-inactivate.pl.in | 8 ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in | 6 ldap/admin/src/scripts/template-restart-slapd.in | 2 ldap/admin/src/scripts/template-restoreconfig.in | 4 ldap/admin/src/scripts/template-saveconfig.in | 4 ldap/admin/src/scripts/template-schema-reload.pl.in | 4 ldap/admin/src/scripts/template-start-slapd.in | 3 ldap/admin/src/scripts/template-stop-slapd.in | 2 ldap/admin/src/scripts/template-suffix2instance.in | 4 ldap/admin/src/scripts/template-syntax-validate.pl.in | 4 ldap/admin/src/scripts/template-upgradedb.in | 4 ldap/admin/src/scripts/template-upgradednformat.in | 56 ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in | 4 ldap/admin/src/scripts/template-vlvindex.in | 4 ldap/admin/src/slapd.inf.in | 2 ldap/include/ldaplog.h | 1 ldap/ldif/template-baseacis.ldif.in | 2 ldap/ldif/template-bitwise.ldif.in | 6 ldap/ldif/template-dse.ldif.in | 30 ldap/ldif/template-suffix-db.ldif.in | 1 ldap/schema/00core.ldif | 60 ldap/schema/01core389.ldif | 3 ldap/schema/02common.ldif | 4 ldap/schema/05rfc4523.ldif | 14 ldap/schema/05rfc4524.ldif | 30 ldap/schema/06inetorgperson.ldif | 5 ldap/schema/10mep-plugin.ldif | 104 ldap/schema/30ns-common.ldif | 4 ldap/schema/60acctpolicy.ldif | 47 ldap/schema/60qmail.ldif | 4 ldap/servers/plugins/acctpolicy/acct_config.c | 143 ldap/servers/plugins/acctpolicy/acct_init.c | 191 ldap/servers/plugins/acctpolicy/acct_plugin.c | 314 ldap/servers/plugins/acctpolicy/acct_util.c | 257 ldap/servers/plugins/acctpolicy/acctpolicy.h | 81 ldap/servers/plugins/acctpolicy/sampleconfig.ldif | 40 ldap/servers/plugins/acctpolicy/samplepolicy.ldif | 27 ldap/servers/plugins/acl/acl.c | 105 ldap/servers/plugins/acl/acl.h | 15 ldap/servers/plugins/acl/acl_ext.c | 29 ldap/servers/plugins/acl/aclanom.c | 1 ldap/servers/plugins/acl/acleffectiverights.c | 54 ldap/servers/plugins/acl/aclgroup.c | 9 ldap/servers/plugins/acl/acllas.c | 379 ldap/servers/plugins/acl/acllist.c | 14 ldap/servers/plugins/acl/aclparse.c | 590 ldap/servers/plugins/acl/aclplugin.c | 27 ldap/servers/plugins/acl/aclproxy.c | 232 ldap/servers/plugins/acl/aclutil.c | 103 ldap/servers/plugins/bitwise/bitwise.c | 20 ldap/servers/plugins/chainingdb/cb_bind.c | 2 ldap/servers/plugins/chainingdb/cb_config.c | 13 ldap/servers/plugins/chainingdb/cb_controls.c | 12 ldap/servers/plugins/chainingdb/cb_init.c | 4 ldap/servers/plugins/chainingdb/cb_instance.c | 68 ldap/servers/plugins/chainingdb/cb_utils.c | 3 ldap/servers/plugins/collation/collate.c | 22 ldap/servers/plugins/cos/cos_cache.c | 242 ldap/servers/plugins/deref/deref.c | 8 ldap/servers/plugins/dna/dna.c | 550 ldap/servers/plugins/http/http_impl.c | 81 ldap/servers/plugins/linkedattrs/fixup_task.c | 4 ldap/servers/plugins/linkedattrs/linked_attrs.c | 17 ldap/servers/plugins/memberof/memberof.c | 444 ldap/servers/plugins/memberof/memberof.h | 5 ldap/servers/plugins/memberof/memberof_config.c | 230 ldap/servers/plugins/mep/mep.c | 2264 ldap/servers/plugins/mep/mep.h | 124 ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 17 ldap/servers/plugins/passthru/ptconfig.c | 43 ldap/servers/plugins/pwdstorage/smd5_pwd.c | 9 ldap/servers/plugins/referint/referint.c | 700 ldap/servers/plugins/replication/cl5_api.c | 1467 ldap/servers/plugins/replication/cl5_api.h | 77 ldap/servers/plugins/replication/cl5_clcache.c | 18 ldap/servers/plugins/replication/cl5_clcache.h | 2 ldap/servers/plugins/replication/cl5_config.c | 181 ldap/servers/plugins/replication/legacy_consumer.c | 1 ldap/servers/plugins/replication/repl-session-plugin.h | 119 ldap/servers/plugins/replication/repl5.h | 40 ldap/servers/plugins/replication/repl5_agmt.c | 96 ldap/servers/plugins/replication/repl5_agmtlist.c | 11 ldap/servers/plugins/replication/repl5_connection.c | 119 ldap/servers/plugins/replication/repl5_inc_protocol.c | 27 ldap/servers/plugins/replication/repl5_init.c | 26 ldap/servers/plugins/replication/repl5_plugins.c | 12 ldap/servers/plugins/replication/repl5_prot_private.h | 4 ldap/servers/plugins/replication/repl5_protocol.c | 99 ldap/servers/plugins/replication/repl5_protocol_util.c | 506 ldap/servers/plugins/replication/repl5_replica.c | 73 ldap/servers/plugins/replication/repl5_replica_config.c | 1 ldap/servers/plugins/replication/repl5_ruv.c | 52 ldap/servers/plugins/replication/repl5_tot_protocol.c | 28 ldap/servers/plugins/replication/repl5_total.c | 22 ldap/servers/plugins/replication/repl_compare.c | 1 ldap/servers/plugins/replication/repl_controls.c | 2 ldap/servers/plugins/replication/repl_extop.c | 262 ldap/servers/plugins/replication/repl_init.c | 1 ldap/servers/plugins/replication/repl_objset.c | 9 ldap/servers/plugins/replication/repl_session_plugin.c | 188 ldap/servers/plugins/replication/replutil.c | 26 ldap/servers/plugins/replication/test_repl_session_plugin.c | 335 ldap/servers/plugins/replication/urp.c | 1 ldap/servers/plugins/replication/windows_connection.c | 133 ldap/servers/plugins/replication/windows_inc_protocol.c | 27 ldap/servers/plugins/replication/windows_private.c | 53 ldap/servers/plugins/replication/windows_protocol_util.c | 270 ldap/servers/plugins/replication/windows_tot_protocol.c | 33 ldap/servers/plugins/replication/windowsrepl.h | 2 ldap/servers/plugins/replication/winsync-plugin.h | 2 ldap/servers/plugins/retrocl/retrocl.c | 3 ldap/servers/plugins/retrocl/retrocl_create.c | 13 ldap/servers/plugins/retrocl/retrocl_po.c | 11 ldap/servers/plugins/retrocl/retrocl_trim.c | 15 ldap/servers/plugins/rever/des.c | 72 ldap/servers/plugins/rever/rever.c | 8 ldap/servers/plugins/roles/roles_cache.c | 21 ldap/servers/plugins/schema_reload/schema_reload.c | 5 ldap/servers/plugins/shared/plugin-utils.h | 112 ldap/servers/plugins/shared/utils.c | 508 ldap/servers/plugins/statechange/statechange.c | 7 ldap/servers/plugins/syntaxes/bin.c | 142 ldap/servers/plugins/syntaxes/bitstring.c | 36 ldap/servers/plugins/syntaxes/ces.c | 140 ldap/servers/plugins/syntaxes/cis.c | 288 ldap/servers/plugins/syntaxes/dn.c | 42 ldap/servers/plugins/syntaxes/int.c | 64 ldap/servers/plugins/syntaxes/nameoptuid.c | 41 ldap/servers/plugins/syntaxes/numericstring.c | 118 ldap/servers/plugins/syntaxes/string.c | 198 ldap/servers/plugins/syntaxes/syntax.h | 57 ldap/servers/plugins/syntaxes/syntax_common.c | 117 ldap/servers/plugins/syntaxes/tel.c | 62 ldap/servers/plugins/syntaxes/validate.c | 17 ldap/servers/plugins/syntaxes/value.c | 116 ldap/servers/plugins/uiduniq/7bit.c | 7 ldap/servers/plugins/uiduniq/plugin-utils.h | 96 ldap/servers/plugins/uiduniq/uid.c | 9 ldap/servers/plugins/uiduniq/utils.c | 249 ldap/servers/plugins/usn/usn.c | 68 ldap/servers/plugins/usn/usn.h | 2 ldap/servers/plugins/usn/usn_cleanup.c | 13 ldap/servers/plugins/views/views.c | 6 ldap/servers/slapd/add.c | 87 ldap/servers/slapd/agtmmap.c | 56 ldap/servers/slapd/attr.c | 76 ldap/servers/slapd/attrlist.c | 6 ldap/servers/slapd/attrsyntax.c | 81 ldap/servers/slapd/auth.c | 73 ldap/servers/slapd/back-ldbm/ancestorid.c | 10 ldap/servers/slapd/back-ldbm/archive.c | 72 ldap/servers/slapd/back-ldbm/back-ldbm.h | 33 ldap/servers/slapd/back-ldbm/cache.c | 4 ldap/servers/slapd/back-ldbm/dbhelp.c | 12 ldap/servers/slapd/back-ldbm/dblayer.c | 1177 ldap/servers/slapd/back-ldbm/dblayer.h | 12 ldap/servers/slapd/back-ldbm/dbtest.c | 2 ldap/servers/slapd/back-ldbm/dbversion.c | 47 ldap/servers/slapd/back-ldbm/dn2entry.c | 12 ldap/servers/slapd/back-ldbm/filterindex.c | 98 ldap/servers/slapd/back-ldbm/findentry.c | 72 ldap/servers/slapd/back-ldbm/id2entry.c | 154 ldap/servers/slapd/back-ldbm/idl.c | 17 ldap/servers/slapd/back-ldbm/idl_new.c | 18 ldap/servers/slapd/back-ldbm/import-merge.c | 28 ldap/servers/slapd/back-ldbm/import-threads.c | 1070 ldap/servers/slapd/back-ldbm/import.c | 393 ldap/servers/slapd/back-ldbm/import.h | 19 ldap/servers/slapd/back-ldbm/index.c | 127 ldap/servers/slapd/back-ldbm/init.c | 6 ldap/servers/slapd/back-ldbm/instance.c | 31 ldap/servers/slapd/back-ldbm/ldbm_add.c | 94 ldap/servers/slapd/back-ldbm/ldbm_attr.c | 247 ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 56 ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c | 2 ldap/servers/slapd/back-ldbm/ldbm_config.c | 101 ldap/servers/slapd/back-ldbm/ldbm_delete.c | 77 ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 523 ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 106 ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 225 ldap/servers/slapd/back-ldbm/ldbm_modify.c | 53 ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 121 ldap/servers/slapd/back-ldbm/ldbm_search.c | 32 ldap/servers/slapd/back-ldbm/ldbm_usn.c | 71 ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 540 ldap/servers/slapd/back-ldbm/matchrule.c | 26 ldap/servers/slapd/back-ldbm/misc.c | 223 ldap/servers/slapd/back-ldbm/monitor.c | 14 ldap/servers/slapd/back-ldbm/nextid.c | 17 ldap/servers/slapd/back-ldbm/perfctrs.c | 24 ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 21 ldap/servers/slapd/back-ldbm/sort.c | 12 ldap/servers/slapd/back-ldbm/start.c | 29 ldap/servers/slapd/back-ldbm/vlv.c | 206 ldap/servers/slapd/back-ldbm/vlv_srch.c | 6 ldap/servers/slapd/back-ldbm/vlv_srch.h | 3 ldap/servers/slapd/back-ldif/modrdn.c | 12 ldap/servers/slapd/backend.c | 53 ldap/servers/slapd/backend_manager.c | 8 ldap/servers/slapd/bind.c | 255 ldap/servers/slapd/charray.c | 6 ldap/servers/slapd/compare.c | 31 ldap/servers/slapd/configdse.c | 58 ldap/servers/slapd/connection.c | 124 ldap/servers/slapd/control.c | 7 ldap/servers/slapd/csngen.c | 6 ldap/servers/slapd/daemon.c | 57 ldap/servers/slapd/delete.c | 82 ldap/servers/slapd/dn.c | 1047 ldap/servers/slapd/dse.c | 22 ldap/servers/slapd/dynalib.c | 29 ldap/servers/slapd/entry.c | 471 ldap/servers/slapd/entrywsi.c | 54 ldap/servers/slapd/eventq.c | 4 ldap/servers/slapd/extendop.c | 37 ldap/servers/slapd/factory.c | 1 ldap/servers/slapd/fe.h | 5 ldap/servers/slapd/fedse.c | 19 ldap/servers/slapd/filter.c | 2 ldap/servers/slapd/filter.h | 1 ldap/servers/slapd/filtercmp.c | 25 ldap/servers/slapd/filterentry.c | 27 ldap/servers/slapd/index_subsystem.c | 18 ldap/servers/slapd/ldaputil.c | 634 ldap/servers/slapd/lenstr.c | 6 ldap/servers/slapd/libglobs.c | 140 ldap/servers/slapd/libslapd.def | 1 ldap/servers/slapd/log.c | 3 ldap/servers/slapd/main.c | 174 ldap/servers/slapd/mapping_tree.c | 258 ldap/servers/slapd/match.c | 57 ldap/servers/slapd/modify.c | 210 ldap/servers/slapd/modrdn.c | 215 ldap/servers/slapd/modutil.c | 30 ldap/servers/slapd/opshared.c | 100 ldap/servers/slapd/pagedresults.c | 54 ldap/servers/slapd/passwd_extop.c | 97 ldap/servers/slapd/pblock.c | 242 ldap/servers/slapd/plugin.c | 193 ldap/servers/slapd/plugin_internal_op.c | 12 ldap/servers/slapd/plugin_mr.c | 472 ldap/servers/slapd/plugin_syntax.c | 352 ldap/servers/slapd/protect_db.c | 18 ldap/servers/slapd/protect_db.h | 5 ldap/servers/slapd/proto-slap.h | 42 ldap/servers/slapd/proxyauth.c | 247 ldap/servers/slapd/psearch.c | 1 ldap/servers/slapd/pw.c | 149 ldap/servers/slapd/pw_mgmt.c | 136 ldap/servers/slapd/rdn.c | 14 ldap/servers/slapd/regex.c | 3 ldap/servers/slapd/result.c | 15 ldap/servers/slapd/rootdse.c | 4 ldap/servers/slapd/sasl_io.c | 167 ldap/servers/slapd/sasl_map.c | 53 ldap/servers/slapd/saslbind.c | 122 ldap/servers/slapd/schema.c | 62 ldap/servers/slapd/search.c | 35 ldap/servers/slapd/slap.h | 79 ldap/servers/slapd/slapi-plugin-compat4.h | 6 ldap/servers/slapd/slapi-plugin.h | 414 ldap/servers/slapd/slapi-private.h | 25 ldap/servers/slapd/slapi_counter.c | 6 ldap/servers/slapd/snmp_collator.c | 3 ldap/servers/slapd/str2filter.c | 1 ldap/servers/slapd/task.c | 94 ldap/servers/slapd/tools/dbscan.c | 72 ldap/servers/slapd/tools/ldclt/data.c | 50 ldap/servers/slapd/tools/ldclt/ldapfct.c | 150 ldap/servers/slapd/tools/ldclt/ldclt.c | 33 ldap/servers/slapd/tools/ldclt/ldclt.h | 2 ldap/servers/slapd/tools/ldclt/ldcltU.c | 24 ldap/servers/slapd/tools/ldclt/parser.c | 19 ldap/servers/slapd/tools/ldclt/scalab01.c | 49 ldap/servers/slapd/tools/ldif.c | 4 ldap/servers/slapd/tools/mmldif.c | 9 ldap/servers/slapd/tools/pwenc.c | 2 ldap/servers/slapd/tools/rsearch/addthread.c | 25 ldap/servers/slapd/tools/rsearch/searchthread.c | 62 ldap/servers/slapd/utf8compare.c | 2 ldap/servers/slapd/util.c | 162 ldap/servers/slapd/value.c | 26 ldap/servers/slapd/valueset.c | 68 ldap/servers/slapd/vattr.c | 60 ldap/servers/snmp/ldap-agent.c | 26 ldap/servers/snmp/main.c | 9 ldap/systools/idsktune.c | 17 lib/base/crit.cpp | 6 lib/base/ereport.cpp | 2 lib/base/lexer.cpp | 1015 lib/base/plist.cpp | 3 lib/base/util.cpp | 13 lib/ldaputil/cert.c | 4 lib/ldaputil/certmap.c | 409 lib/ldaputil/dbconf.c | 1 lib/ldaputil/utest/Makefile | 149 lib/ldaputil/utest/auth.cpp | 611 lib/ldaputil/utest/authtest | 138 lib/ldaputil/utest/certmap.conf | 68 lib/ldaputil/utest/dblist.conf | 47 lib/ldaputil/utest/example.c | 153 lib/ldaputil/utest/plugin.c | 152 lib/ldaputil/utest/plugin.h | 57 lib/ldaputil/utest/stubs.c | 144 lib/ldaputil/utest/stubs.cpp | 139 lib/ldaputil/utest/test.ref | 480 lib/ldaputil/vtable.c | 2 lib/libaccess/acl.tab.cpp | 21 lib/libaccess/aclcache.cpp | 105 lib/libaccess/aclflush.cpp | 1 lib/libaccess/aclpriv.h | 1 lib/libaccess/acltools.cpp | 1724 lib/libaccess/authdb.cpp | 112 lib/libaccess/lasdns.cpp | 7 lib/libaccess/lasip.cpp | 16 lib/libaccess/nseframe.cpp | 1 lib/libaccess/oneeval.cpp | 17 lib/libaccess/permhash.h | 11 lib/libaccess/register.cpp | 50 lib/libaccess/usrcache.cpp | 14 lib/libaccess/utest/.purify | 19 lib/libaccess/utest/Makefile | 147 lib/libaccess/utest/acl.dat | 44 lib/libaccess/utest/aclfile0 | 87 lib/libaccess/utest/aclfile1 | 43 lib/libaccess/utest/aclfile10 | 45 lib/libaccess/utest/aclfile11 | 43 lib/libaccess/utest/aclfile12 | 43 lib/libaccess/utest/aclfile13 | 43 lib/libaccess/utest/aclfile14 | 43 lib/libaccess/utest/aclfile15 | 43 lib/libaccess/utest/aclfile16 | 43 lib/libaccess/utest/aclfile17 | 43 lib/libaccess/utest/aclfile18 | 51 lib/libaccess/utest/aclfile19 | 46 lib/libaccess/utest/aclfile2 | 43 lib/libaccess/utest/aclfile3 | 43 lib/libaccess/utest/aclfile4 | 43 lib/libaccess/utest/aclfile5 | 43 lib/libaccess/utest/aclfile6 | 55 lib/libaccess/utest/aclfile7 | 43 lib/libaccess/utest/aclfile8 | 43 lib/libaccess/utest/aclfile9 | 43 lib/libaccess/utest/aclgrp0 | 42 lib/libaccess/utest/aclgrp1 | 42 lib/libaccess/utest/aclgrp2 | 42 lib/libaccess/utest/aclgrp3 | 42 lib/libaccess/utest/aclgrp4 | 42 lib/libaccess/utest/acltest.cpp | 794 lib/libaccess/utest/onetest.cpp | 77 lib/libaccess/utest/shexp.cpp | 331 lib/libaccess/utest/shexp.h | 168 lib/libaccess/utest/test.ref | 217 lib/libaccess/utest/testmain.cpp | 89 lib/libaccess/utest/twotest.cpp | 87 lib/libaccess/utest/ustubs.cpp | 331 lib/libadmin/error.c | 2 lib/libadmin/template.c | 2 lib/libadmin/util.c | 48 lib/libsi18n/coreres.c | 141 lib/libsi18n/coreres.h | 52 lib/libsi18n/getlang.c | 330 lib/libsi18n/getstrmem.c | 160 lib/libsi18n/getstrmem.h | 1 lib/libsi18n/getstrprop.c | 85 lib/libsi18n/makstrdb.c | 21 lib/libsi18n/propset.c | 442 lib/libsi18n/propset.h | 80 lib/libsi18n/reshash.c | 21 ltmain.sh | 8473 +-- m4/db.m4 | 21 m4/fhs.m4 | 4 m4/icu.m4 | 25 m4/kerberos.m4 | 4 m4/mozldap.m4 | 38 m4/netsnmp.m4 | 15 m4/nspr.m4 | 17 m4/nss.m4 | 17 m4/openldap.m4 | 23 m4/pcre.m4 | 28 m4/sasl.m4 | 25 m4/selinux.m4 | 16 m4/svrcore.m4 | 41 man/man8/restart-dirsrv.8 | 50 man/man8/start-dirsrv.8 | 50 man/man8/stop-dirsrv.8 | 50 missing | 104 selinux/dirsrv.fc.in | 2 selinux/dirsrv.if | 41 selinux/dirsrv.te | 11 wrappers/initscript.in | 201 wrappers/migratecred.in | 2 wrappers/mmldif.in | 2 wrappers/pwdhash.in | 2 457 files changed, 46724 insertions(+), 47284 deletions(-) ---

13 years, 6 months

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/slapd/back-ldbm/dblayer.c | 11 ++++ ldap/servers/slapd/back-ldbm/id2entry.c | 20 +++++--- ldap/servers/slapd/back-ldbm/import-threads.c | 9 ++- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 2 ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 62 +++++++++++++++++++------- ldap/servers/slapd/entry.c | 13 +++++ ldap/servers/slapd/slapi-plugin.h | 12 +++++ 7 files changed, 101 insertions(+), 28 deletions(-) New commits: commit f0e4ce1965c5be37c5535febf06e5051f281f862 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Tue Oct 19 09:58:27 2010 -0700 Bug 592397 - Upgrade tool dn2rdn: it does not clean up the entrydn in id2entry https://bugzilla.redhat.com/show_bug.cgi?id=592397 Description: If entries created by the 389 v1.2.5 or older, the primary db (id2entry.db4) contains "entrydn: <normalized dn>". Upgrading from the old version to v1.2.6 keeps the entrydn attribute type and its value even though v1.2.6 is not supposed to store the entrydn in the database. 1) This patch drops the entrydn attribute and value in upgrading the db. 2) If an ldif file contains entrydn attribute type and value, import (ldif2db[.pl]) ignores it. 3) A leak was found in the export (db2ldif[.pl]) which is fixed. 4) When nsslapd-subtree-rename-switch configuration attribute has the value "on", entrydn is not used nor created. But the server accepted reindexing entrydn request and generated an entrydn index file. This patch rejects it. 5) Entry and dn cache clear calls (cache_clear) are added to dblayer_instance_close in "#if defined(_USE_VALGRIND)", which is not defined. To enable the code, the server needs to be rebuilt with defining the macro. This is purely for debugging. diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c index 95d57a0..5c1f6e6 100644 --- a/ldap/servers/slapd/back-ldbm/dblayer.c +++ b/ldap/servers/slapd/back-ldbm/dblayer.c @@ -2520,6 +2520,17 @@ int dblayer_instance_close(backend *be) if (NULL == inst) return -1; +#if defined(_USE_VALGRIND) + /* When running a memory leak checking tool (e.g., valgrind), + it reduces the noise by enabling this code. */ + LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up entry cache\n", + inst->inst_name); + cache_clear(&inst->inst_cache, CACHE_TYPE_ENTRY); + LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up dn cache\n", + inst->inst_name); + cache_clear(&inst->inst_dncache, CACHE_TYPE_DN); +#endif + if (attrcrypt_cleanup_private(inst)) { LDAPDebug(LDAP_DEBUG_ANY, "Error: failed to clean up attrcrypt system for %s\n", diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c index b58591e..71ea940 100644 --- a/ldap/servers/slapd/back-ldbm/id2entry.c +++ b/ldap/servers/slapd/back-ldbm/id2entry.c @@ -359,7 +359,7 @@ id2entry( backend *be, ID id, back_txn *txn, int *err ) rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn); if (rc) { /* data.dptr may not include rdn: ..., try "dn: ..." */ - ee = slapi_str2entry( data.dptr, 0 ); + ee = slapi_str2entry( data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN ); } else { char *dn = NULL; struct backdn *bdn = dncache_find_id(&inst->inst_dncache, id); @@ -380,13 +380,19 @@ id2entry( backend *be, ID id, back_txn *txn, int *err ) } sdn = slapi_sdn_new_dn_byval((const char *)dn); bdn = backdn_init(sdn, id, 0); - CACHE_ADD( &inst->inst_dncache, bdn, NULL ); - CACHE_RETURN(&inst->inst_dncache, &bdn); - slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY, - "entryrdn_lookup_dn returned: %s, " - "and set to dn cache (id %d)\n", dn, id); + if (CACHE_ADD( &inst->inst_dncache, bdn, NULL )) { + backdn_free(&bdn); + slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY, + "%s is already in the dn cache\n", dn); + } else { + CACHE_RETURN(&inst->inst_dncache, &bdn); + slapi_log_error(SLAPI_LOG_CACHE, ID2ENTRY, + "entryrdn_lookup_dn returned: %s, " + "and set to dn cache (id %d)\n", dn, id); + } } - ee = slapi_str2entry_ext( (const char *)dn, data.dptr, 0 ); + ee = slapi_str2entry_ext( (const char *)dn, data.dptr, + SLAPI_STR2ENTRY_NO_ENTRYDN ); slapi_ch_free_string(&rdn); slapi_ch_free_string(&dn); } diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index d8153d7..a8f5f5d 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -535,7 +535,7 @@ import_producer(void *param) FREE(estr); continue; } - e = slapi_str2entry_ext(dn, estr, flags); + e = slapi_str2entry_ext(dn, estr, flags|SLAPI_STR2ENTRY_NO_ENTRYDN); slapi_ch_free_string(&dn); } else { e = slapi_str2entry(estr, flags); @@ -1004,7 +1004,7 @@ index_producer(void *param) rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn); if (rc) { /* data.dptr may not include rdn: ..., try "dn: ..." */ - e = slapi_str2entry( data.dptr, 0 ); + e = slapi_str2entry( data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN ); if (job->flags & FLAG_DN2RDN) { int len = 0; int options = SLAPI_DUMP_STATEINFO | SLAPI_DUMP_UNIQUEID | @@ -1092,7 +1092,8 @@ index_producer(void *param) "entryrdn_lookup_dn returned: %s, " "and set to dn cache\n", dn); } - e = slapi_str2entry_ext( dn, data.dptr, 0 ); + e = slapi_str2entry_ext(dn, data.dptr, + SLAPI_STR2ENTRY_NO_ENTRYDN); slapi_ch_free_string(&rdn); } } else { @@ -3391,7 +3392,7 @@ import_get_and_add_parent_rdns(ImportWorkerInfo *info, "from Slapi_RDN\n", rdn, id); goto bail; } - e = slapi_str2entry_ext( dn, data.dptr, 0 ); + e = slapi_str2entry_ext(dn, data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN); (*curr_entry)++; rc = index_set_entry_to_fifo(info, e, id, total_id, *curr_entry); if (rc) { diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c index 9431291..6698d83 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c @@ -1145,7 +1145,7 @@ bail: if (0 != myrc) { slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG, "entryrdn_lookup_dn: Failed to close cursor: %s(%d)\n", - dblayer_strerror(rc), rc); + dblayer_strerror(myrc), myrc); } } if (db) { diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c index e0b09fb..0a13c25 100644 --- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c @@ -1358,7 +1358,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn); if (rc) { /* data.dptr may not include rdn: ..., try "dn: ..." */ - ep->ep_entry = slapi_str2entry( data.dptr, str2entry_options ); + ep->ep_entry = slapi_str2entry( data.dptr, + str2entry_options | SLAPI_STR2ENTRY_NO_ENTRYDN ); } else { char *pid_str = NULL; char *pdn = NULL; @@ -1447,10 +1448,10 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) slapi_ch_free_string(&pdn); } slapi_rdn_done(&psrdn); - /* dn is not dup'ed in slapi_sdn_new_dn_byref. + /* dn is not dup'ed in slapi_sdn_new_dn_passin. * It's set to bdn and put in the dn cache. */ /* don't free dn */ - sdn = slapi_sdn_new_dn_byref(dn); + sdn = slapi_sdn_new_dn_passin(dn); bdn = backdn_init(sdn, temp_id, 0); myrc = CACHE_ADD( &inst->inst_dncache, bdn, NULL ); if (myrc) { @@ -1465,8 +1466,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) "and set to dn cache\n", dn); } } - ep->ep_entry = - slapi_str2entry_ext( dn, data.dptr, str2entry_options ); + ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, + str2entry_options | SLAPI_STR2ENTRY_NO_ENTRYDN ); slapi_ch_free_string(&rdn); } } else { @@ -1751,11 +1752,36 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) CONFIG_ENTRYRDN_SWITCH); } LDAPDebug(LDAP_DEBUG_ANY, - "%s: Requested to index %s, but %s is off", + "%s: Requested to index %s, but %s is off\n", inst->inst_name, LDBM_ENTRYRDN_STR, CONFIG_ENTRYRDN_SWITCH); goto err_out; } + } else if (strcasecmp(attrs[i]+1, LDBM_ENTRYDN_STR) == 0) { + if (entryrdn_get_switch()) { /* subtree-rename: on */ + if (task) { + slapi_task_log_notice(task, + "%s: Requested to index %s, but %s is on", + inst->inst_name, LDBM_ENTRYDN_STR, + CONFIG_ENTRYRDN_SWITCH); + } + LDAPDebug(LDAP_DEBUG_ANY, + "%s: Requested to index %s, but %s is on\n", + inst->inst_name, LDBM_ENTRYDN_STR, + CONFIG_ENTRYRDN_SWITCH); + goto err_out; + } else { + charray_add(&indexAttrs, attrs[i]+1); + ai->ai_indexmask |= INDEX_OFFLINE; + if (task) { + slapi_task_log_notice(task, + "%s: Indexing attribute: %s", + inst->inst_name, attrs[i]+1); + } + LDAPDebug2Args(LDAP_DEBUG_ANY, + "%s: Indexing attribute: %s\n", + inst->inst_name, attrs[i] + 1); + } } else { charray_add(&indexAttrs, attrs[i]+1); ai->ai_indexmask |= INDEX_OFFLINE; @@ -1763,8 +1789,9 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) slapi_task_log_notice(task, "%s: Indexing attribute: %s", inst->inst_name, attrs[i]+1); } - LDAPDebug(LDAP_DEBUG_ANY, "%s: Indexing attribute: %s\n", - inst->inst_name, attrs[i]+1, 0); + LDAPDebug2Args(LDAP_DEBUG_ANY, + "%s: Indexing attribute: %s\n", + inst->inst_name, attrs[i]+1); } dblayer_erase_index_file(be, ai, i/* chkpt; 1st time only */); break; @@ -1789,8 +1816,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) slapi_task_log_notice(task, "%s: Indexing VLV: %s", inst->inst_name, attrs[i]+1); } - LDAPDebug(LDAP_DEBUG_ANY, "%s: Indexing VLV: %s\n", - inst->inst_name, attrs[i]+1, 0); + LDAPDebug2Args(LDAP_DEBUG_ANY, "%s: Indexing VLV: %s\n", + inst->inst_name, attrs[i]+1); } break; } @@ -1911,7 +1938,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) rc = get_value_from_string((const char *)data.dptr, "rdn", &rdn); if (rc) { /* data.dptr may not include rdn: ..., try "dn: ..." */ - ep->ep_entry = slapi_str2entry( data.dptr, 0 ); + ep->ep_entry = slapi_str2entry( data.dptr, + SLAPI_STR2ENTRY_NO_ENTRYDN ); } else { char *pid_str = NULL; char *pdn = NULL; @@ -1991,10 +2019,10 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) rdn, pdn?",":"", pdn?pdn:""); slapi_ch_free_string(&pdn); } - /* dn is not dup'ed in slapi_sdn_new_dn_byref. + /* dn is not dup'ed in slapi_sdn_new_dn_passin. * It's set to bdn and put in the dn cache. */ /* don't free dn */ - sdn = slapi_sdn_new_dn_byref(dn); + sdn = slapi_sdn_new_dn_passin(dn); bdn = backdn_init(sdn, temp_id, 0); myrc = CACHE_ADD( &inst->inst_dncache, bdn, NULL ); if (myrc) { @@ -2010,7 +2038,8 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) } } slapi_rdn_done(&psrdn); - ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, 0 ); + ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, + SLAPI_STR2ENTRY_NO_ENTRYDN ); slapi_ch_free_string(&rdn); } } else { @@ -3162,7 +3191,8 @@ _get_and_add_parent_rdns(backend *be, "(rdn: %s, ID: %d) from Slapi_RDN\n", rdn, id); goto bail; } - ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, 0 ); + ep->ep_entry = slapi_str2entry_ext( dn, data.dptr, + SLAPI_STR2ENTRY_NO_ENTRYDN ); ep->ep_id = id; slapi_ch_free_string(&dn); } @@ -3296,7 +3326,7 @@ _export_or_index_parents(ldbm_instance *inst, int myrc = 0; /* pdn is put in DN cache. No need to free it here, * since it'll be free'd when evicted from the cache. */ - psdn = slapi_sdn_new_dn_byref(pdn); + psdn = slapi_sdn_new_dn_passin(pdn); bdn = backdn_init(psdn, pid, 0); myrc = CACHE_ADD(&inst->inst_dncache, bdn, NULL); if (myrc) { diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c index 82fbbb2..22f4ae0 100644 --- a/ldap/servers/slapd/entry.c +++ b/ldap/servers/slapd/entry.c @@ -351,6 +351,12 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) continue; } + /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */ + if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) && + PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) { + if (freeval) slapi_ch_free_string(&value.bv_val); + continue; + } /* retrieve uniqueid */ if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){ @@ -854,6 +860,13 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) continue; } + /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */ + if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) && + strcasecmp( type, "entrydn" ) == 0 ) { + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); + continue; + } + /* retrieve uniqueid */ if ( strcasecmp (type, SLAPI_ATTR_UNIQUEID) == 0 ){ diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index 8df6ec0..266fb93 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -786,6 +786,9 @@ void slapi_pblock_destroy( Slapi_PBlock *pb ); * \arg #SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES * \arg #SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF * \arg #SLAPI_STR2ENTRY_NO_SCHEMA_LOCK + * \arg #SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT + * \arg #SLAPI_STR2ENTRY_NO_ENTRYDN + * * \return A pointer to the #Slapi_Entry structure representing the entry. * \return \c NULL if the string cannot be converted; for example, if no DN is * specified in the string. @@ -897,6 +900,15 @@ Slapi_Entry *slapi_str2entry_ext( const char *dn, char *s, int flags ); #define SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT 512 /** + * Do not include entrydn attribute value in the in-memory entry + * + * If this flag is set, entrydn in the source string is ignored. + * + * \see slapi_str2entry() + */ +#define SLAPI_STR2ENTRY_NO_ENTRYDN 1024 + +/** * Generates a description of an entry as an LDIF string. * * This function behaves much like slapi_entry2str(); however, you can specify

13 years, 6 months

1
0
0 / 0

Changes to 'refs/tags/389-adminutil-1.1.12'

by Richard Allen Megginson

Changes since the dawn of time: Nathan Kinder (5): Fixed parsing of supported emulations in nsarch Resolves: 213070 Related: 213070 Resolves: 246124 Resolves: 247192 Noriko Hosoi (20): [161407] Fixed the library path for the 64-bit build on Solaris. libadminutil##.<ext> should not link SSL related ldapsdk libraries. *** empty log message *** [172166] Admin Util RPM [172166] Admin Util build (64-bit) [172166] Admin Util build (IPF) [Bug 172166] Admin Util build (IPF) [Bug 172166] Admin Util build (IPF) [179394] HP-UX PA-RISC support [179394] HP-UX IPF/PA-RISC support upgraded LDAP C SDK: v5.16 -> v5.17 Replaced PL_Free with PR_Free. [161099] admin passwd in clear text in adm.conf [172166] Admin Util build (RPM) [195258] Changes for the internal build Removed the link arg to link with libCrun.so.1 since there is no C++ code Resolves: #186280 Resolves: Bug 237356 Fixed a minor bug introduced in the revision 1.6. Resolves: #191834 Rich Megginson (49): change binary directory naming convention to the same one we use with pre-built binary components; remove old crufty Fortezza stuff; general makefile cleanup Bug(s) fixed: 171799 make PERL5 use perl from PATH on Linux The correct naming convention for RHEL is 1) Fix moz objdir name for generic linux x86_64 Bug(s) fixed: 186280 Bug: 186280 use new ldapcsdk 6.0.0; upgrade other components Reviewed by: nhosoi (Thanks!) Bug(s) fixed: 213788 Bug: 213788 Resolves: bug 234420 Resolves: bug 239475 bump version to 1.1.1 bump version to 1.1.1 add support for -version-number when building shared libs; fix a couple of minor issues brought up in fedora package review pkgconfig is a requires, not a build requires final spec fix for fedora Resolves: bug 235293 Resolves: bug 245208 Resolves: bug 245208 Resolves: bug 245396 bump version to 1.1.2 bump version to 1.1.3 Resolves: bug 250526 Resolves: bug 323381 bump version to 1.1.5 Resolves: bug 245248 bump version to 1.1.6 Resolves: bug 413531 Resolves: bug 454060 the correct function name is admldapSetDirectoryURL bump version to 1.1.7 Resolves: bug 462411 compiler warning clean up Resolves: bug 466137 fix compiler warning bump version to 1.1.8 the 1.1.8 release Rename adminutil to 389-adminutil added .gitignore use icu genrb from path if no icu_bin given or found Bug 460168 - FedoraDS' adminutil requires non-existent "icu.pc" on non-RH/Fedora OS remove adminutil.pc.in bump version to 1.1.10 Bug 614690 - adminutil ICU RB generation can fail Port adminutil to use openldap allow building with mozldap again bump version to 1.1.12 foxworth (1): Internal Red Hat CVS project for adminutil: core

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits October 2010