From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 19 Aug 2009 20:15:39 +0000 (+0000)
Subject: another 'round
X-Git-Tag: ACLCHECK_0~265
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=2813d6bc3c91aa5e58243e0d660b55875234725e;p=openldap

another 'round
---

diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index d760f418c6..8c9b5ee913 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -378,49 +378,63 @@ This option is OpenLDAP specific.
 .SH SASL OPTIONS
 The SASL options are OpenLDAP specific.
 .TP
-.B LDAP_OPT_X_SASL_MECH
-Gets the SASL mechanism;
+.B LDAP_OPT_X_SASL_AUTHCID
+Gets the SASL authentication identity;
 .BR outvalue
 must be a
 .BR "char **" ,
 its content needs to be freed by the caller.
 .TP
-.B LDAP_OPT_X_SASL_REALM
-Gets the SASL realm;
+.B LDAP_OPT_X_SASL_AUTHZID
+Gets the SASL authorization identity;
 .BR outvalue
 must be a
 .BR "char **" ,
 its content needs to be freed by the caller.
 .TP
-.B LDAP_OPT_X_SASL_AUTHCID
-Gets the SASL authentication identity;
+.B LDAP_OPT_X_SASL_MAXBUFSIZE
+Gets/sets SASL maximum buffer size;
+.BR invalue
+must be
+.BR "const ber_len_t *" ,
+while
 .BR outvalue
-must be a
-.BR "char **" ,
-its content needs to be freed by the caller.
+must be
+.BR "ber_len_t *" .
+See also
+.BR LDAP_OPT_X_SASL_SECPROPS .
 .TP
-.B LDAP_OPT_X_SASL_AUTHZID
-Gets the SASL authorization identity;
+.B LDAP_OPT_X_SASL_MECH
+Gets the SASL mechanism;
 .BR outvalue
 must be a
 .BR "char **" ,
 its content needs to be freed by the caller.
 .TP
-.B LDAP_OPT_X_SASL_SSF
-Gets the SASL SSF;
+.B LDAP_OPT_X_SASL_MECHLIST
+Gets the list of the available mechanisms,
+in form of a NULL-terminated array of strings;
 .BR outvalue
-must be a
-.BR "int *" .
+must be
+.BR "char ***" .
 .TP
-.B LDAP_OPT_X_SASL_SSF_EXTERNAL
-Sets the SASL SSF value related to an authentication
-performed using an EXTERNAL mechanism;
-.BR invalue
+.B LDAP_OPT_X_SASL_NOCANON	
+Sets/gets the NOCANON flag.
+When unset, the hostname is canonicalized.
+The value should either be
+.BR LDAP_OPT_OFF
+or
+.BR LDAP_OPT_ON .
+.TP
+.B LDAP_OPT_X_SASL_REALM
+Gets the SASL realm;
+.BR outvalue
 must be a
-.BR "ber_len_t *" .
+.BR "char **" ,
+its content needs to be freed by the caller.
 .TP
 .B LDAP_OPT_X_SASL_SECPROPS
-Set the SASL secprops;
+Sets the SASL secprops;
 .BR invalue
 must be a
 .BR "char *" ,
@@ -435,23 +449,20 @@ Legal values are:
 .BR noanonymous ,
 .BR minssf=<minssf> ,
 .BR maxssf=<maxssf> ,
-.BR maxbufsize=<maxbufsize> ,
-with
-.BR "minssf >= 0" ,
-.BR "maxssf <= 2**31 - 1" ,
-.BR "maxbufsize <= 65536" .
+.BR maxbufsize=<maxbufsize> .
 .TP
-.B LDAP_OPT_X_SASL_SSF_MIN
-Gets/sets SASL minimum SSF;
-.BR invalue
-must be
-.BR "const ber_len_t *" ,
-while
+.B LDAP_OPT_X_SASL_SSF
+Gets the SASL SSF;
 .BR outvalue
-must be
+must be a
+.BR "ber_len_t *" .
+.TP
+.B LDAP_OPT_X_SASL_SSF_EXTERNAL
+Sets the SASL SSF value related to an authentication
+performed using an EXTERNAL mechanism;
+.BR invalue
+must be a
 .BR "ber_len_t *" .
-See also
-.BR LDAP_OPT_X_SASL_SECPROPS .
 .TP
 .B LDAP_OPT_X_SASL_SSF_MAX
 Gets/sets SASL maximum SSF;
@@ -465,8 +476,8 @@ must be
 See also
 .BR LDAP_OPT_X_SASL_SECPROPS .
 .TP
-.B LDAP_OPT_X_SASL_MAXBUFSIZE
-Gets/sets SASL maximum buffer size;
+.B LDAP_OPT_X_SASL_SSF_MIN
+Gets/sets SASL minimum SSF;
 .BR invalue
 must be
 .BR "const ber_len_t *" ,
@@ -477,79 +488,75 @@ must be
 See also
 .BR LDAP_OPT_X_SASL_SECPROPS .
 .TP
-.B LDAP_OPT_X_SASL_MECHLIST
-Gets the list of the available mechanisms,
-in form of a NULL-terminated array of strings;
-.BR outvalue
-must be
-.BR "char ***" .
-.TP
-.B LDAP_OPT_X_SASL_NOCANON	
-Sets/gets the NOCANON flag.
-When unset, the hostname is canonicalized.
-The value should either be
-.BR LDAP_OPT_OFF
-or
-.BR LDAP_OPT_ON .
-.TP
 .B LDAP_OPT_X_SASL_USERNAME
 Gets the SASL username;
 .BR outvalue
 must be a
 .BR "char **" .
-It points to memory that belongs to the handle;
-the caller must not muck with it.
+Its content needs to be freed by the caller.
 .SH TLS OPTIONS
 The TLS options are OpenLDAP specific.
+.\".TP
+.\".B LDAP_OPT_X_TLS
+.\"Sets/gets the TLS mode.
 .TP
-.B LDAP_OPT_X_TLS
-Sets/gets the TLS mode, one of
-.BR LDAP_OPT_X_TLS_NEVER ,
-.BR LDAP_OPT_X_TLS_HARD ,
-.BR LDAP_OPT_X_TLS_DEMAND ,
-.BR LDAP_OPT_X_TLS_ALLOW ,
-.BR LDAP_OPT_X_TLS_TRY .
-.TP
-.B LDAP_OPT_X_TLS_CTX
-Sets/gets the OpenSSL CTX.
+.B LDAP_OPT_X_TLS_CACERTDIR
+Sets/gets the path of the directory containing CA certificates.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
 .TP
 .B LDAP_OPT_X_TLS_CACERTFILE
 Sets/gets the full-path CA certificate file.
-.TP
-.B LDAP_OPT_X_TLS_CACERTDIR
-Sets/gets the path of the directory containing CA certificates.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
 .TP
 .B LDAP_OPT_X_TLS_CERTFILE
 Sets/gets the full-path certificate file.
-.TP
-.B LDAP_OPT_X_TLS_KEYFILE
-Sets/gets the full-path certificate key file.
-.TP
-.B LDAP_OPT_X_TLS_REQUIRE_CERT
-Sets/gets the peer certificate checking strategy,
-one of
-.BR LDAP_OPT_X_TLS_NEVER ,
-.BR LDAP_OPT_X_TLS_HARD ,
-.BR LDAP_OPT_X_TLS_DEMAND ,
-.BR LDAP_OPT_X_TLS_ALLOW ,
-.BR LDAP_OPT_X_TLS_TRY .
-.TP
-.B LDAP_OPT_X_TLS_PROTOCOL_MIN
-Sets/gets the minimum protocol version.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
 .TP
 .B LDAP_OPT_X_TLS_CIPHER_SUITE
 Sets/gets the allowed cipher suite.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
 .TP
-.B LDAP_OPT_X_TLS_RANDOM_FILE
-Sets/gets the random file when
-.I /dev/random
-and
-.I /dev/urandom
-are not available.
-Ignored by GNUtls.
+.B LDAP_OPT_X_TLS_CONNECT_ARG
+Sets/gets the connection callback argument.
+.BR invalue
+must be
+.BR "const void *" ;
+.BR outvalue
+must be
+.BR "void **" .
 .TP
-.B LDAP_OPT_X_TLS_SSL_CTX
-Sets/gets the OpenSSL SSL CTX.
+.B LDAP_OPT_X_TLS_CONNECT_CB
+Sets/gets the connection callback handle.
+.BR invalue
+must be
+.BR "const LDAP_TLS_CONNECT_CB *" ;
+.BR outvalue
+must be
+.BR "LDAP_TLS_CONNECT_CB **" .
 .TP
 .B LDAP_OPT_X_TLS_CRLCHECK
 Sets/gets the CRL evaluation strategy, one of
@@ -557,30 +564,103 @@ Sets/gets the CRL evaluation strategy, one of
 .BR LDAP_OPT_X_TLS_CRL_PEER ,
 or
 .BR LDAP_OPT_X_TLS_CRL_ALL .
+.BR invalue
+must be
+.BR "const int *" ;
+.BR outvalue
+must be
+.BR "int *" .
 Requires OpenSSL.
 .TP
-.B LDAP_OPT_X_TLS_CONNECT_CB
-Sets/gets the connection callback.
-Currently not implemented.
+.B LDAP_OPT_X_TLS_CRLFILE
+Sets/gets the full-path of the CRL file.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+This option is only valid for GNUtls.
 .TP
-.B LDAP_OPT_X_TLS_CONNECT_ARG
-Sets/gets the connection callback argument.
-Currently not implemented.
+.B LDAP_OPT_X_TLS_CTX
+Sets/gets the OpenSSL CTX.
+.BR invalue
+must be
+.BR "const void *" ;
+.BR outvalue
+must be
+.BR "void **" .
 .TP
 .B LDAP_OPT_X_TLS_DHFILE
 Gets/sets the full-path of the file containing the parameters
 for Diffie-Hellman ephemeral key exchange.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
 Ignored by GNUtls.
 .TP
+.B LDAP_OPT_X_TLS_KEYFILE
+Sets/gets the full-path certificate key file.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+.TP
 .B LDAP_OPT_X_TLS_NEWCTX
 Instructs the library to create a new TLS CTX.
-A non-zero
+.BR invalue
+must be
+.BR "const int *" .
+A non-zero value pointed to by
 .BR invalue
 tells the library to create a CTX for a server.
 .TP
-.B LDAP_OPT_X_TLS_CRLFILE
-Sets/gets the full-path of the CRL file.
-This option is only valid for GNUtls.
+.B LDAP_OPT_X_TLS_PROTOCOL_MIN
+Sets/gets the minimum protocol version.
+.BR invalue
+must be
+.BR "const int *" ;
+.BR outvalue
+must be
+.BR "int *" .
+.TP
+.B LDAP_OPT_X_TLS_RANDOM_FILE
+Sets/gets the random file when
+.I /dev/random
+and
+.I /dev/urandom
+are not available.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+Ignored by GNUtls.
+.TP
+.B LDAP_OPT_X_TLS_REQUIRE_CERT
+Sets/gets the peer certificate checking strategy,
+one of
+.BR LDAP_OPT_X_TLS_NEVER ,
+.BR LDAP_OPT_X_TLS_HARD ,
+.BR LDAP_OPT_X_TLS_DEMAND ,
+.BR LDAP_OPT_X_TLS_ALLOW ,
+.BR LDAP_OPT_X_TLS_TRY .
+.TP
+.B LDAP_OPT_X_TLS_SSL_CTX
+Gets the OpenSSL SSL CTX;
+.BR outvalue
+must be
+.BR "void **" .
 .SH ERRORS
 On success, the functions return
 .BR LDAP_OPT_SUCCESS ,