OpenLDAP 2.4 Change Log
OpenLDAP 2.4.14 Engineering
+ Added libldap option to disable SASL host canonicalization (ITS#5812)
Fixed libldap deref handling (ITS#5768)
Fixed libldap peer cert memory leak (ITS#5849)
Fixed libldap_r deref building (ITS#5768)
int debug = 0;
char *infile = NULL;
int dont = 0;
+int nocanon = 0;
int referrals = 0;
int verbose = 0;
int ldif = 0;
N_(" -I use SASL Interactive mode\n"),
N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
N_(" -n show what would be done but don't actually do it\n"),
+N_(" -N do not use reverse DNS to canonicalize SASL host name\n"),
N_(" -O props SASL security properties\n"),
N_(" -o <opt>[=<optparam] general options\n"),
N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
case 'n': /* print operations, don't actually do them */
dont++;
break;
+ case 'N':
+ nocanon++;
+ break;
case 'o':
control = ber_strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
exit( EXIT_FAILURE );
}
+ /* canon */
+ if( ldap_set_option( ld, LDAP_OPT_X_SASL_NOCANON,
+ nocanon ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_NOCANON %s\n",
+ nocanon ? "on" : "off" );
+ exit( EXIT_FAILURE );
+ }
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
!= LDAP_OPT_SUCCESS )
{
const char options[] = "z"
- "Cd:D:e:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
#ifdef LDAP_CONTROL_DONTUSECOPY
int dontUseCopy = 0;
const char options[] = "r"
- "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
+ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
int
handle_private_option( int i )
const char options[] = ""
- "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "aE:rS:"
- "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "rs:"
- "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "a:As:St:T:"
- "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
- "Cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = ""
- "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *nop* vwxyz
-ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *nop* vwxyz
-ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *nop*r t vwxy
-ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *nop*rs vwxy
-ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * o * s vwxy
-ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab def*h**kl*nop* stuvwxyz
-ldapurl * E**H * * S ab f*h** * p* s
-ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *nop* vwxy
+ldapcompare * DE**HI** MNOPQR UVWXYZ de *h*** *nop* vwxyz
+ldapdelete *CDE**HI** MNOPQR UVWXYZ cdef*h*** *nop* vwxyz
+ldapexop * D **HI** NO QR UVWXYZ de *h*** *nop vwxy
+ldapmodify *CDE**HI** MNOPQRS UVWXYZabcde *h*** *nop*r t vwxy
+ldapmodrdn *CDE**HI** MNOPQR UVWXYZ cdef*h*** *nop*rs vwxy
+ldappasswd A*CDE**HI** NO QRS UVWXYZa def*h*** * o * s vwxy
+ldapsearch A*CDE**HI**LMNOPQRSTUVWXYZab def*h***l*nop* stuvwxyz
+ldapurl * E**H ** S ab f*h*** * p* s
+ldapwhoami * DE**HI** NO QR UVWXYZ def*h*** *nop* vwxy
* reserved
-x simple bind
-y Bind password-file
-w Bind password
+
+Not used
-4 IPv4 only
-6 IPv6 only
-Q SASL quiet mode (default: automatic)
-* LDAPv2+ Only (DEPRECATED)
+* LDAPv2+ Only (REMOVED)
-K LDAPv2 Kerberos Bind (Step 1 only)
-k LDAPv2 Kerberos Bind
#define LDAP_OPT_X_SASL_SSF_MAX 0x6108
#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
#define LDAP_OPT_X_SASL_MECHLIST 0x610a /* read-only */
+#define LDAP_OPT_X_SASL_NOCANON 0x610b
/* OpenLDAP GSSAPI options */
#define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200
}
{
- char *saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
+ char *saslhost;
+ int nocanon = (int)LDAP_BOOL_GET( &ld->ld_options,
+ LDAP_BOOL_SASL_NOCANON );
+
+ /* If we don't need to canonicalize just use the host
+ * from the LDAP URI.
+ */
+ if ( nocanon )
+ saslhost = ld->ld_defconn->lconn_server->lud_host;
+ else
+ saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
"localhost" );
rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
- LDAP_FREE( saslhost );
+ if ( !nocanon )
+ LDAP_FREE( saslhost );
}
if ( rc != LDAP_SUCCESS ) return rc;
case LDAP_OPT_X_SASL_MAXBUFSIZE:
*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
break;
+ case LDAP_OPT_X_SASL_NOCANON:
+ *(int *)arg = (int) LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+ break;
case LDAP_OPT_X_SASL_SECPROPS:
/* this option is write only */
int
ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
{
- if ( ld == NULL || arg == NULL )
+ if ( ld == NULL )
+ return -1;
+
+ if ( arg == NULL && option != LDAP_OPT_X_SASL_NOCANON )
return -1;
switch ( option ) {
case LDAP_OPT_X_SASL_MAXBUFSIZE:
ld->ld_options.ldo_sasl_secprops.maxbufsize = *(ber_len_t *)arg;
break;
+ case LDAP_OPT_X_SASL_NOCANON:
+ if ( arg == LDAP_OPT_OFF ) {
+ LDAP_BOOL_CLR(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+ } else {
+ LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+ }
+ break;
case LDAP_OPT_X_SASL_SECPROPS: {
int sc;
{1, ATTR_STRING, "SASL_AUTHZID", NULL,
offsetof(struct ldapoptions, ldo_def_sasl_authzid)},
{0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS},
+ {0, ATTR_BOOL, "SASL_NOCANON", NULL, LDAP_BOOL_SASL_NOCANON},
#endif
#ifdef HAVE_GSSAPI
#define LDAP_BOOL_RESTART 1
#define LDAP_BOOL_TLS 3
#define LDAP_BOOL_CONNECT_ASYNC 4
+#define LDAP_BOOL_SASL_NOCANON 5
#define LDAP_BOOLEANS unsigned long
#define LDAP_BOOL(n) ((LDAP_BOOLEANS)1 << (n))
projects / openldap / commitdiff