From 5f20cf1ed542af63ff2ce7b1464678169250e882 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sun, 25 Jun 2000 00:35:17 +0000 Subject: [PATCH] Modify ldapsearch(1) significantly. Now handles LDAPv3 search references, extended results, and extended partial results. LDIF extended to support these new features and reported version 2. -L now limits output to LDIFv1 for compatibility reasons. No -L is now LDIFv2. Old alternative form is no longer supported. Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded file://tmp/ --- clients/tools/ldapdelete.c | 13 +- clients/tools/ldapmodify.c | 365 +++++---------------- clients/tools/ldapmodrdn.c | 17 +- clients/tools/ldapsearch.c | 565 ++++++++++++++++++++------------- clients/ud/auth.c | 2 +- doc/devel/args | 3 +- doc/man/man1/ldapsearch.1 | 2 - include/ldap_config.h.in | 7 + include/ldap_config.nt | 7 + include/ldap_defaults.h | 5 + libraries/libldap/error.c | 4 +- libraries/libldap/getentry.c | 2 +- libraries/libldap/os-local.c | 3 +- libraries/libldif/line64.c | 5 +- libraries/liblutil/tempnam.c | 2 +- servers/slapd/daemon.c | 6 +- servers/slapd/tools/ldbmtest.c | 2 +- tests/data/acl.out.master | 2 + tests/data/modify.out.master | 1 + tests/data/modrdn.out.master | 1 + tests/data/modrdn.out.master.0 | 1 + tests/data/modrdn.out.master.1 | 1 + tests/data/modrdn.out.master.2 | 1 + tests/data/modrdn.out.master.3 | 1 + tests/data/search.out.master | 4 + tests/data/test.ldif | 1 + tests/scripts/acfilter.sh | 4 +- 27 files changed, 496 insertions(+), 531 deletions(-) diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 9c2215efec..229a63b5fd 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -63,7 +63,7 @@ usage( const char *s ) " -M\t\tenable Manage DSA IT control (-MM to make it critical)\n" " -n\t\tshow what would be done but don't actually delete\n" " -p port\t\tport on LDAP server\n" -" -P version\tprocotol version (2 or 3)\n" +" -P version\tprocotol version (default: 3)\n" " -r\t\tdelete recursively\n" " -U user\t\tSASL authentication identity (username)\n" " -v\t\trun in verbose mode (diagnostics to standard output)\n" @@ -303,10 +303,15 @@ main( int argc, char **argv ) /* don't chase referrals */ ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF ); - if (version != -1 && - ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + if (version == -1 ) { + version = 3; + } + + if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) + != LDAP_OPT_SUCCESS ) { - fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version ); } if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index 5624b30101..45e87892ca 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -45,7 +45,7 @@ static int sasl_integrity = 0; static int sasl_privacy = 0; #endif static int use_tls = 0; -static int new, replace, not, verbose, contoper, force, valsfromfiles; +static int ldapadd, replace, not, verbose, contoper, force; static LDAP *ld; #define LDAPMOD_MAXLINE 4096 @@ -71,14 +71,12 @@ static LDAP *ld; static void usage LDAP_P(( const char *prog )) LDAP_GCCATTR((noreturn)); -static int process_ldapmod_rec LDAP_P(( char *rbuf )); static int process_ldif_rec LDAP_P(( char *rbuf, int count )); static void addmodifyop LDAP_P(( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen )); static int domodify LDAP_P(( char *dn, LDAPMod **pmods, int newentry )); static int dodelete LDAP_P(( char *dn )); static int domodrdn LDAP_P(( char *dn, char *newrdn, int deleteoldrdn )); -static int fromfile LDAP_P(( char *path, struct berval *bv )); static char *read_one_record LDAP_P(( FILE *fp )); static void @@ -104,7 +102,7 @@ usage( const char *prog ) " -k\t\tuse Kerberos authentication\n" " -K\t\tlike -k, but do only step 1 of the Kerberos bind\n" " -M\t\tenable Manage DSA IT control (-MM to make it critical)\n" -" -n\t\tprint adds, don't actually do them\n" +" -n\t\tprint changes, don't actually do them\n" " -p port\t\tport on LDAP server\n" " -r\t\treplace values\n" " -U user\t\tSASL authentication identity (username)\n" @@ -121,9 +119,9 @@ usage( const char *prog ) int main( int argc, char **argv ) { - char *infile, *rbuf, *start, *p, *q; + char *infile, *rbuf, *start; FILE *fp; - int rc, i, use_ldif, authmethod, version, want_bindpw, debug, manageDSAit; + int rc, i, authmethod, version, want_bindpw, debug, manageDSAit; int count; if (( prog = strrchr( argv[ 0 ], *LDAP_DIRSEP )) == NULL ) { @@ -133,23 +131,19 @@ main( int argc, char **argv ) } /* Print usage when no parameters */ - if( argc < 2 ) - usage( prog ); + if( argc < 2 ) usage( prog ); - new = ( strcmp( prog, "ldapadd" ) == 0 ); + ldapadd = ( strcmp( prog, "ldapadd" ) == 0 ); infile = NULL; - not = verbose = valsfromfiles = want_bindpw = debug = manageDSAit = 0; + not = verbose = want_bindpw = debug = manageDSAit = 0; authmethod = LDAP_AUTH_SIMPLE; version = -1; - while (( i = getopt( argc, argv, "abcD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) { + while (( i = getopt( argc, argv, "acD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) { switch( i ) { case 'a': /* add */ - new = 1; - break; - case 'b': /* read values from files (for binary attributes) */ - valsfromfiles = 1; + ldapadd = 1; break; case 'c': /* continuous operation */ contoper = 1; @@ -359,18 +353,18 @@ main( int argc, char **argv ) return( EXIT_FAILURE ); } - /* this seems prudent */ - { - int deref = LDAP_DEREF_NEVER; - ldap_set_option( ld, LDAP_OPT_DEREF, &deref); - } /* don't chase referrals */ ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF ); - if (version != -1 && - ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + if (version == -1 ) { + version = 3; + } + + if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) + != LDAP_OPT_SUCCESS ) { - fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION to %d\n", version ); + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version ); } if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { @@ -464,49 +458,18 @@ main( int argc, char **argv ) while (( rc == 0 || contoper ) && ( rbuf = read_one_record( fp )) != NULL ) { count++; - /* - * we assume record is ldif/slapd.replog if the first line - * has a colon that appears to the left of any equal signs, OR - * if the first line consists entirely of digits (an entry id) - */ -#ifdef LDAP_LDIF - use_ldif = 1; -#else - use_ldif = ( *rbuf == '#' ) || - (( p = strchr( rbuf, ':' )) != NULL && - ( q = strchr( rbuf, '\n' )) != NULL && p < q && - (( q = strchr( rbuf, '=' )) == NULL || p < q )); -#endif start = rbuf; - if ( !use_ldif && ( q = strchr( rbuf, '\n' )) != NULL ) { - for ( p = rbuf; p < q; ++p ) { - if ( !isdigit( (unsigned char) *p )) { - break; - } - } - if ( p >= q ) { - use_ldif = 1; - start = q + 1; - } - } - - if ( use_ldif ) { - rc = process_ldif_rec( start, count ); - } else { - rc = process_ldapmod_rec( start ); - } + rc = process_ldif_rec( start, count ); if( rc ) - fprintf( stderr, "%s() = %d\n", - use_ldif ? "ldif_rec" : "ldapmod_rec" , rc ); - - free( rbuf ); + fprintf( stderr, "ldif_record() = %d\n", rc ); + free( rbuf ); } if ( !not ) { - ldap_unbind( ld ); + ldap_unbind( ld ); } return( rc ); @@ -525,7 +488,7 @@ process_ldif_rec( char *rbuf, int count ) LDAPMod **pmods; int version; - new_entry = new; + new_entry = ldapadd; rc = got_all = saw_replica = delete_entry = modop = expect_modop = 0; expect_deleteoldrdn = expect_newrdn = expect_newsup = 0; @@ -617,7 +580,7 @@ process_ldif_rec( char *rbuf, int count ) rc = LDAP_PARAM_ERROR; } goto end_line; - } else if ( new ) { /* missing changetype => add */ + } else if ( ldapadd ) { /* missing changetype => add */ new_entry = 1; modop = LDAP_MOD_ADD; } else { @@ -730,190 +693,85 @@ end_line: } -static int -process_ldapmod_rec( char *rbuf ) +static void +addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen ) { - char *line, *dn, *p, *q, *attr, *value; - int rc, linenum, modop; - LDAPMod **pmods; - - pmods = NULL; - dn = NULL; - linenum = 0; - line = rbuf; - rc = 0; - - while ( rc == 0 && rbuf != NULL && *rbuf != '\0' ) { - ++linenum; - if (( p = strchr( rbuf, '\n' )) == NULL ) { - rbuf = NULL; - } else { - if ( *(p-1) == '\\' ) { /* lines ending in '\' are continued */ - SAFEMEMCPY( p - 1, p, strlen( p ) + 1 ); - rbuf = p; - continue; - } - *p++ = '\0'; - rbuf = p; + LDAPMod **pmods; + int i, j; + struct berval *bvp; + + pmods = *pmodsp; + modop |= LDAP_MOD_BVALUES; + + i = 0; + if ( pmods != NULL ) { + for ( ; pmods[ i ] != NULL; ++i ) { + if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 && + pmods[ i ]->mod_op == modop ) + { + break; + } + } } - if ( dn == NULL ) { /* first line contains DN */ - if (( dn = strdup( line )) == NULL ) { - perror( "strdup" ); - exit( EXIT_FAILURE ); - } - } else { - if (( p = strchr( line, '=' )) == NULL ) { - value = NULL; - p = line + strlen( line ); - } else { - *p++ = '\0'; - value = p; - } - - for ( attr = line; - *attr != '\0' && isspace( (unsigned char) *attr ); ++attr ) { - ; /* skip attribute leading white space */ - } - - for ( q = p - 1; q > attr && isspace( (unsigned char) *q ); --q ) { - *q = '\0'; /* remove attribute trailing white space */ - } - - if ( value != NULL ) { - while ( isspace( (unsigned char) *value )) { - ++value; /* skip value leading white space */ - } - for ( q = value + strlen( value ) - 1; q > value && - isspace( (unsigned char) *q ); --q ) { - *q = '\0'; /* remove value trailing white space */ - } - if ( *value == '\0' ) { - value = NULL; + if ( pmods == NULL || pmods[ i ] == NULL ) { + if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) * + sizeof( LDAPMod * ))) == NULL ) + { + perror( "realloc" ); + exit( EXIT_FAILURE ); } - } + *pmodsp = pmods; + pmods[ i + 1 ] = NULL; - if ( value == NULL && new ) { - fprintf( stderr, "%s: missing value on line %d (attr=\"%s\")\n", - prog, linenum, attr ); - rc = LDAP_PARAM_ERROR; - } else { - switch ( *attr ) { - case '-': - modop = LDAP_MOD_DELETE; - ++attr; - break; - case '+': - modop = LDAP_MOD_ADD; - ++attr; - break; - default: - modop = replace ? LDAP_MOD_REPLACE : LDAP_MOD_ADD; + pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod )); + if ( pmods[ i ] == NULL ) { + perror( "calloc" ); + exit( EXIT_FAILURE ); } - addmodifyop( &pmods, modop, attr, value, - ( value == NULL ) ? 0 : strlen( value )); - } - } - - line = rbuf; - } - - if ( rc == 0 ) { - if ( dn == NULL ) { - rc = LDAP_PARAM_ERROR; - } else if (( rc = domodify( dn, pmods, new )) == LDAP_SUCCESS ) { - rc = 0; + pmods[ i ]->mod_op = modop; + pmods[ i ]->mod_type = ber_strdup( attr ); + if ( pmods[ i ]->mod_type == NULL ) { + perror( "strdup" ); + exit( EXIT_FAILURE ); + } } - } - - if ( pmods != NULL ) { - ldap_mods_free( pmods, 1 ); - } - if ( dn != NULL ) { - free( dn ); - } - return( rc ); -} - - -static void -addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen ) -{ - LDAPMod **pmods; - int i, j; - struct berval *bvp; - - pmods = *pmodsp; - modop |= LDAP_MOD_BVALUES; + if ( value != NULL ) { + j = 0; + if ( pmods[ i ]->mod_bvalues != NULL ) { + for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) { + /* Empty */; + } + } - i = 0; - if ( pmods != NULL ) { - for ( ; pmods[ i ] != NULL; ++i ) { - if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 && - pmods[ i ]->mod_op == modop ) { - break; - } - } - } + pmods[ i ]->mod_bvalues = (struct berval **) ber_memrealloc( + pmods[ i ]->mod_bvalues, (j + 2) * sizeof( struct berval * )); + if ( pmods[ i ]->mod_bvalues == NULL ) { + perror( "ber_realloc" ); + exit( EXIT_FAILURE ); + } - if ( pmods == NULL || pmods[ i ] == NULL ) { - if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) * - sizeof( LDAPMod * ))) == NULL ) { - perror( "realloc" ); - exit( EXIT_FAILURE ); - } - *pmodsp = pmods; - pmods[ i + 1 ] = NULL; - if (( pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod ))) - == NULL ) { - perror( "calloc" ); - exit( EXIT_FAILURE ); - } - pmods[ i ]->mod_op = modop; - if (( pmods[ i ]->mod_type = ber_strdup( attr )) == NULL ) { - perror( "strdup" ); - exit( EXIT_FAILURE ); - } - } + pmods[ i ]->mod_bvalues[ j + 1 ] = NULL; + bvp = (struct berval *)ber_memalloc( sizeof( struct berval )); + if ( bvp == NULL ) { + perror( "ber_memalloc" ); + exit( EXIT_FAILURE ); + } + pmods[ i ]->mod_bvalues[ j ] = bvp; - if ( value != NULL ) { - j = 0; - if ( pmods[ i ]->mod_bvalues != NULL ) { - for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) { - ; - } - } - if (( pmods[ i ]->mod_bvalues = - (struct berval **)ber_memrealloc( pmods[ i ]->mod_bvalues, - (j + 2) * sizeof( struct berval * ))) == NULL ) { - perror( "ber_realloc" ); - exit( EXIT_FAILURE ); - } - pmods[ i ]->mod_bvalues[ j + 1 ] = NULL; - if (( bvp = (struct berval *)ber_memalloc( sizeof( struct berval ))) - == NULL ) { - perror( "ber_memalloc" ); - exit( EXIT_FAILURE ); - } - pmods[ i ]->mod_bvalues[ j ] = bvp; + bvp->bv_len = vlen; + bvp->bv_val = (char *)ber_memalloc( vlen + 1 ); + if ( bvp->bv_val == NULL ) { + perror( "malloc" ); + exit( EXIT_FAILURE ); + } - if ( valsfromfiles && *value == '/' ) { /* get value from file */ - if ( fromfile( value, bvp ) < 0 ) { - exit( EXIT_FAILURE ); - } - } else { - bvp->bv_len = vlen; - if (( bvp->bv_val = (char *)ber_memalloc( vlen + 1 )) == NULL ) { - perror( "malloc" ); - exit( EXIT_FAILURE ); - } - SAFEMEMCPY( bvp->bv_val, value, vlen ); - bvp->bv_val[ vlen ] = '\0'; + SAFEMEMCPY( bvp->bv_val, value, vlen ); + bvp->bv_val[ vlen ] = '\0'; } - } } @@ -1032,55 +890,6 @@ domodrdn( char *dn, char *newrdn, int deleteoldrdn ) } -static int -fromfile( char *path, struct berval *bv ) -{ - FILE *fp; - long rlen; - int eof; - - if (( fp = fopen( path, "r" )) == NULL ) { - perror( path ); - return( -1 ); - } - - if ( fseek( fp, 0L, SEEK_END ) != 0 ) { - perror( path ); - fclose( fp ); - return( -1 ); - } - - bv->bv_len = ftell( fp ); - - if (( bv->bv_val = (char *)ber_memalloc( bv->bv_len )) == NULL ) { - perror( "malloc" ); - fclose( fp ); - return( -1 ); - } - - if ( fseek( fp, 0L, SEEK_SET ) != 0 ) { - perror( path ); - fclose( fp ); - ber_memfree( bv->bv_val ); - bv->bv_val = NULL; - return( -1 ); - } - - rlen = fread( bv->bv_val, 1, bv->bv_len, fp ); - eof = feof( fp ); - fclose( fp ); - - if ( (unsigned long) rlen != bv->bv_len ) { - perror( path ); - ber_memfree( bv->bv_val ); - bv->bv_val = NULL; - return( -1 ); - } - - return( bv->bv_len ); -} - - static char * read_one_record( FILE *fp ) { diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 40615d047c..2291503702 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -75,7 +75,7 @@ usage( const char *s ) " -M\t\tenable Manage DSA IT control (-MM to make it critical)\n" " -n\t\tshow what would be done but don't actually do it\n" " -p port\t\tport on LDAP server\n" -" -P version\tprocotol version (2 or 3)\n" +" -P version\tprocotol version (default: 3)\n" " -r\t\tremove old RDN\n" " -s newsuperior\tnew superior entry\n" " -U user\t\tSASL authentication identity (username)\n" @@ -341,19 +341,18 @@ main(int argc, char **argv) return( EXIT_FAILURE ); } - /* this seems prudent */ - { - int deref = LDAP_DEREF_NEVER; - ldap_set_option( ld, LDAP_OPT_DEREF, &deref); - } /* don't chase referrals */ ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF ); + if (version == -1 ) { + version = 3; + } - if (version != -1 && - ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) + != LDAP_OPT_SUCCESS ) { - fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version ); } if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index b1d5879a44..eace40916a 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -30,64 +30,73 @@ #include #include "ldif.h" +#include "lutil.h" #include "ldap_defaults.h" static void usage( const char *s ) { fprintf( stderr, -"usage: %s [options] filter [attributes...]\nwhere:\n" -" filter\tRFC-1558 compliant LDAP search filter\n" -" attributes\twhitespace-separated list of attributes to retrieve\n" -"\t\t1.1 -- no attributes\n" -"\t\t* -- all user attributes\n" -"\t\t+ -- all operational attributes\n" -"\t\tempty list -- all non-operational attributes\n" +"usage: %s [options] [filter [attributes...]]\nwhere:\n" +"\tfilter\tRFC-2254 compliant LDAP search filter\n" +"\tattributes\twhitespace-separated list of attribute descriptions\n" +"\t which may include:\n" +"\t\t1.1 -- no attributes\n" +"\t\t* -- all user attributes\n" +"\t\t+ -- all operational attributes\n" "options:\n" -" -a deref\tone of `never', `always', `search', or `find' (alias\n" -" \tdereferencing)\n" -" -A\t\tretrieve attribute names only (no values)\n" -" -b basedn\tbase dn for search\n" -" -d level\tset LDAP debugging level to `level'\n" -" -D binddn\tbind DN\n" -" -E\t\trequest SASL privacy (-EE to make it critical)\n" -" -f file\t\tperform sequence of searches listed in `file'\n" -" -h host\t\tLDAP server\n" -" -I\t\trequest SASL integrity checking (-II to make it\n" -" \tcritical)\n" -" -k\t\tuse Kerberos authentication\n" -" -K\t\tlike -k, but do only step 1 of the Kerberos bind\n" -" -l limit\ttime limit (in seconds) for search\n" -" -L\t\tprint entries in LDIF format (default)\n" -" -LL\t\tprint entries in LDIF format without comments\n" -" -LLL\t\tprint entries in LDIF format without comments and\n" -" \tversion\n" -" -M\t\tenable Manage DSA IT control (-MM to make critical)\n" -" -n\t\tshow what would be done but don't actually search\n" -" -p port\t\tport on LDAP server\n" -" -P version\tprocotol version (2 or 3)\n" -" -R\t\tdo not automatically follow referrals\n" -" -s scope\tone of base, one, or sub (search scope)\n" -" -S attr\t\tsort the results by attribute `attr'\n" -" -t\t\twrite binary values to files in TMPDIR\n" -" -tt\t\twrite all values to files in TMPDIR\n" -" -T path\t\twrite files to directory specified by path (default:\n" -" \t\"/tmp\")\n" -" -u\t\tinclude User Friendly entry names in the output\n" -" -U user\t\tSASL authentication identity (username)\n" -" -v\t\trun in verbose mode (diagnostics to standard output)\n" -" -V prefix\tURL prefix for files (default: \"file://tmp/\")\n" -" -w passwd\tbind passwd (for simple authentication)\n" -" -W\t\tprompt for bind passwd\n" -" -X id\t\tSASL authorization identity (\"dn:\" or \"u:\")\n" -" -Y mech\t\tSASL mechanism\n" -" -z limit\tsize limit (in entries) for search\n" -" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n" -, s ); +"\t-a deref\tdereference aliases: never (default), always, search, or find\n" +"\t-A\t\tretrieve attribute names only (no values)\n" +"\t-b basedn\tbase dn for search\n" +"\t-d level\tset LDAP debugging level to `level'\n" +"\t-D binddn\tbind DN\n" +"\t-E\t\trequest SASL privacy (-EE to make it critical)\n" +"\t-f file\t\tperform sequence of searches listed in `file'\n" +"\t-h host\t\tLDAP server\n" +"\t-I\t\trequest SASL integrity checking (-II to make it\n" +"\t\t\tcritical)\n" +"\t-k\t\tuse Kerberos authentication\n" +"\t-K\t\tlike -k, but do only step 1 of the Kerberos bind\n" +"\t-l limit\ttime limit (in seconds) for search\n" +"\t-L\t\tprint responses in LDIFv1 format\n" +"\t-LL\t\tprint responses in LDIF format without comments\n" +"\t-LLL\t\tprint responses in LDIF format without comments\n" +"\t\t\tand version\n" +"\t-M\t\tenable Manage DSA IT control (-MM to make critical)\n" +"\t-n\t\tshow what would be done but don't actually search\n" +"\t-p port\t\tport on LDAP server\n" +"\t-P version\tprocotol version (default: 3)\n" +"\t-R\t\tdo not automatically follow referrals\n" +"\t-s scope\tone of base, one, or sub (search scope)\n" +"\t-S attr\t\tsort the results by attribute `attr'\n" +"\t-t\t\twrite binary values to files in temporary directory\n" +"\t-tt\t\twrite all values to files in temporary directory\n" +"\t-T path\t\twrite files to directory specified by path (default:\n" +"\t\t\t\"" LDAP_TMPDIR "\")\n" +"\t-u\t\tinclude User Friendly entry names in the output\n" +"\t-U user\t\tSASL authentication identity (username)\n" +"\t-v\t\trun in verbose mode (diagnostics to standard output)\n" +"\t-V prefix\tURL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n" +"\t-w passwd\tbind passwd (for simple authentication)\n" +"\t-W\t\tprompt for bind passwd\n" +"\t-X id\t\tSASL authorization identity (\"dn:\" or \"u:\")\n" +"\t-Y mech\t\tSASL mechanism\n" +"\t-z limit\tsize limit (in entries) for search\n" +"\t-Z\t\tissue Start TLS request (-ZZ to require successful response)\n" +, s ); exit( EXIT_FAILURE ); } +static void print_entry LDAP_P(( + LDAP *ld, + LDAPMessage *entry, + int attrsonly)); + +static void print_reference( + LDAP *ld, + LDAPMessage *reference ); + static void print_extended( LDAP *ld, LDAPMessage *extended ); @@ -96,14 +105,13 @@ static void print_partial( LDAP *ld, LDAPMessage *partial ); -static void print_reference( +static int print_result( LDAP *ld, - LDAPMessage *reference ); + LDAPMessage *result, + int search ); -static void print_entry LDAP_P(( - LDAP *ld, - LDAPMessage *entry, - int attrsonly)); +static void print_ctrls( + LDAPControl **ctrls ); static int write_ldif LDAP_P(( int type, @@ -120,9 +128,6 @@ static int dosearch LDAP_P(( char *filtpatt, char *value)); -#define TMPDIR "/tmp" -#define URLPRE "file:/tmp/" - static char *tmpdir = NULL; static char *urlpre = NULL; @@ -140,13 +145,12 @@ static int sasl_privacy = 0; #endif static int use_tls = 0; static char *sortattr = NULL; -static int skipsortattr = 0; static int verbose, not, includeufn, vals2tmp, ldif; int main( int argc, char **argv ) { - char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; + char *infile, *filtpattern, **attrs, line[BUFSIZ]; FILE *fp = NULL; int rc, i, first, scope, deref, attrsonly, manageDSAit; int referrals, timelimit, sizelimit, debug; @@ -198,7 +202,7 @@ main( int argc, char **argv ) case 'u': /* include UFN */ ++includeufn; break; - case 't': /* write attribute values to /tmp files */ + case 't': /* write attribute values to TMPDIR files */ ++vals2tmp; break; case 'M': @@ -243,11 +247,11 @@ main( int argc, char **argv ) } break; - case 'T': /* field separator */ + case 'T': /* tmpdir */ if( tmpdir ) free( tmpdir ); tmpdir = strdup( optarg ); break; - case 'V': /* field separator */ + case 'V': /* uri prefix */ if( urlpre ) free( urlpre ); urlpre = strdup( optarg ); break; @@ -257,7 +261,7 @@ main( int argc, char **argv ) case 'h': /* ldap host */ ldaphost = strdup( optarg ); break; - case 'b': /* searchbase */ + case 'b': /* search base */ base = strdup( optarg ); break; case 'D': /* bind DN */ @@ -369,9 +373,6 @@ main( int argc, char **argv ) } } - /* no alternative format */ - if( ldif == 0 ) ldif = 1; - if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod == LDAP_AUTH_KRBV41 ) ) { if( version > LDAP_VERSION2 ) { @@ -405,28 +406,15 @@ main( int argc, char **argv ) } if ( argc - optind < 1 ) { - usage( argv[ 0 ] ); + filtpattern = "(objectclass=*)"; + } else { + filtpattern = strdup( argv[optind++] ); } - filtpattern = strdup( argv[ optind ] ); - - if ( argv[ optind + 1 ] == NULL ) { + if ( argv[optind] == NULL ) { attrs = NULL; } else if ( sortattr == NULL || *sortattr == '\0' ) { - attrs = &argv[ optind + 1 ]; - } else { - for ( i = optind + 1; i < argc; i++ ) { - if ( strcasecmp( argv[ i ], sortattr ) == 0 ) { - break; - } - } - if ( i == argc ) { - skipsortattr = 1; - argv[ optind ] = sortattr; - } else { - optind++; - } - attrs = &argv[ optind ]; + attrs = &argv[optind]; } if ( infile != NULL ) { @@ -443,7 +431,7 @@ main( int argc, char **argv ) && (tmpdir = getenv("TMP")) == NULL && (tmpdir = getenv("TEMP")) == NULL ) { - tmpdir = "/tmp"; + tmpdir = LDAP_TMPDIR; } if( urlpre == NULL ) { @@ -603,7 +591,7 @@ main( int argc, char **argv ) } if ( verbose ) { - fprintf( stderr, "filter%s: %s\nreturning: ", + fprintf( stderr, "filter%s: %s\nrequesting: ", infile != NULL ? " pattern" : "", filtpattern ); @@ -618,11 +606,11 @@ main( int argc, char **argv ) } if (ldif < 3 ) { - printf( "version: 2\n\n"); + printf( "version: %d\n\n", ldif ? 1 : 2 ); } if (ldif < 2 ) { - printf( "#\n# filter%s: %s\n# returning: ", + printf( "#\n# filter%s: %s\n# requesting: ", infile != NULL ? " pattern" : "", filtpattern ); @@ -633,6 +621,12 @@ main( int argc, char **argv ) printf( "%s ", attrs[ i ] ); } } + + if ( manageDSAit ) { + printf("\n# with manageDSAit %scontrol", + manageDSAit > 1 ? "critical " : "" ); + } + printf( "\n#\n\n" ); } @@ -642,7 +636,7 @@ main( int argc, char **argv ) } else { rc = 0; first = 1; - while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) { + while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) { line[ strlen( line ) - 1 ] = '\0'; if ( !first ) { putchar( '\n' ); @@ -688,7 +682,7 @@ static int dosearch( fprintf( stderr, "filter is: (%s)\n", filter ); } - if( ldif == 1 ) { + if( ldif < 2 ) { printf( "#\n# filter: %s\n#\n", filter ); } @@ -697,7 +691,7 @@ static int dosearch( } if ( not ) { - return( LDAP_SUCCESS ); + return LDAP_SUCCESS; } msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ); @@ -723,55 +717,37 @@ static int dosearch( msg != NULL; msg = ldap_next_message( ld, msg ) ) { - nresponses++; + if( nresponses++ ) putchar('\n'); switch( ldap_msgtype( msg ) ) { case LDAP_RES_SEARCH_ENTRY: - if( nresponses > 1 ) putchar('\n'); nentries++; print_entry( ld, msg, attrsonly ); break; case LDAP_RES_SEARCH_REFERENCE: - if( nresponses > 1 ) putchar('\n'); nreferences++; print_reference( ld, msg ); break; case LDAP_RES_EXTENDED: - if( nresponses > 1 ) putchar('\n'); nextended++; print_extended( ld, msg ); - rc = ldap_result2error( ld, msg, 0 ); - - if( rc != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_search" ); - } - if( ldap_msgid( msg ) == 0 ) { /* unsolicited extended operation */ goto done; } - break; case LDAP_RES_EXTENDED_PARTIAL: - if( nresponses > 1 ) putchar('\n'); npartial++; print_partial( ld, msg ); break; case LDAP_RES_SEARCH_RESULT: - /* if( nresponses > 1 ) putchar('\n'); */ - rc = ldap_result2error( ld, msg, 0 ); - - if( rc != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_search" ); - } - + rc = print_result( ld, msg, 1 ); goto done; - } } @@ -784,101 +760,17 @@ static int dosearch( } done: - if ( verbose ) { - printf( "%d responses\n", nresponses ); + if ( ldif < 2 ) { + printf( "\n# numResponses: %d\n", nresponses ); + if( nentries ) printf( "# numEntries: %d\n", nentries ); + if( nextended ) printf( "# numExtended: %d\n", nextended ); + if( npartial ) printf( "# numPartial: %d\n", npartial ); + if( nreferences ) printf( "# numReferences: %d\n", nreferences ); } return( rc ); } - -static void print_reference( - LDAP *ld, - LDAPMessage *reference ) -{ - int rc, i; - char **refs = NULL; - - if( ldif == 1 ) { - printf("# search reference\n"); - } - - rc = ldap_parse_reference( ld, reference, &refs, NULL, 0 ); - - for( i=0; refs[i] != NULL; i++ ) { - write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) ); - } - - ber_memvfree( (void **) refs ); - - if( rc != LDAP_SUCCESS ) { - ldap_perror(ld, "ldap_parse_reference"); - exit( EXIT_FAILURE ); - } -} - -static void print_extended( - LDAP *ld, - LDAPMessage *extended ) -{ - char rst[16]; - int rc; - char *retoid = NULL; - struct berval *retdata = NULL; - - if( ldif == 1 ) { - printf("# extended result response\n"); - } - - rc = ldap_parse_extended_result( ld, extended, - &retoid, &retdata, 0 ); - - write_ldif( LDIF_PUT_VALUE, "extended", - retoid, retoid ? strlen(retoid) : 0 ); - - if(retdata) { - write_ldif( LDIF_PUT_BINARY, "data", - retdata->bv_val, retdata->bv_len ); - } - - sprintf( rst, "%ld", (long) rst ); - write_ldif( LDIF_PUT_VALUE, "result", rst, strlen(rst)); - - if( rc != LDAP_SUCCESS ) { - ldap_perror(ld, "ldap_parse_extended_result"); - exit( EXIT_FAILURE ); - } -} - -static void print_partial( - LDAP *ld, - LDAPMessage *partial ) -{ - int rc; - char *retoid = NULL; - struct berval *retdata = NULL; - - if( ldif == 1 ) { - printf("# extended partial response\n"); - } - - rc = ldap_parse_extended_partial( ld, partial, - &retoid, &retdata, NULL, 0 ); - - write_ldif( LDIF_PUT_VALUE, "partial", - retoid, retoid ? strlen(retoid) : 0 ); - - if(retdata) { - write_ldif( LDIF_PUT_BINARY, "data", - retdata->bv_val, retdata->bv_len ); - } - - if( rc != LDAP_SUCCESS ) { - ldap_perror(ld, "ldap_parse_extended_partial"); - exit( EXIT_FAILURE ); - } -} - static void print_entry( LDAP *ld, @@ -888,33 +780,39 @@ print_entry( char *a, *dn, *ufn; char tmpfname[ 256 ]; char url[ 256 ]; - int i; + int i, rc; BerElement *ber = NULL; struct berval **bvals; + LDAPControl **ctrls = NULL; FILE *tmpfp; dn = ldap_get_dn( ld, entry ); ufn = NULL; - if ( ldif == 1 ) { + if ( ldif < 2 ) { ufn = ldap_dn2ufn( dn ); write_ldif( LDIF_PUT_COMMENT, NULL, ufn, ufn ? strlen( ufn ) : 0 ); } - if ( ldif ) { - write_ldif( LDIF_PUT_VALUE, "dn", dn, dn ? strlen( dn ) : 0); - } else { - printf( "%s\n", dn ); + write_ldif( LDIF_PUT_VALUE, "dn", dn, dn ? strlen( dn ) : 0); + + rc = ldap_get_entry_controls( ld, entry, &ctrls ); + + if( rc != LDAP_SUCCESS ) { + fprintf(stderr, "print_entry: %d\n", rc ); + ldap_perror( ld, "ldap_get_entry_controls" ); + exit( EXIT_FAILURE ); + } + + if( ctrls ) { + print_ctrls( ctrls ); + ldap_controls_free( ctrls ); } if ( includeufn ) { if( ufn == NULL ) { ufn = ldap_dn2ufn( dn ); } - if ( ldif ) { - write_ldif( LDIF_PUT_VALUE, "ufn", ufn, ufn ? strlen( ufn ) : 0 ); - } else { - printf( "%s\n", ufn ); - } + write_ldif( LDIF_PUT_VALUE, "ufn", ufn, ufn ? strlen( ufn ) : 0 ); } if( ufn != NULL ) ldap_memfree( ufn ); @@ -923,16 +821,8 @@ print_entry( for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL; a = ldap_next_attribute( ld, entry, ber ) ) { - if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) { - continue; - } - if ( attrsonly ) { - if ( ldif ) { - write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 ); - } else { - printf( "%s\n", a ); - } + write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 ); } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) { for ( i = 0; bvals[i] != NULL; i++ ) { @@ -989,6 +879,241 @@ print_entry( } } +static void print_reference( + LDAP *ld, + LDAPMessage *reference ) +{ + int rc; + char **refs = NULL; + LDAPControl **ctrls; + + if( ldif < 2 ) { + printf("# search reference\n"); + } + + rc = ldap_parse_reference( ld, reference, &refs, &ctrls, 0 ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror(ld, "ldap_parse_reference"); + exit( EXIT_FAILURE ); + } + + if( refs ) { + int i; + for( i=0; refs[i] != NULL; i++ ) { + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE, + "ref", refs[i], strlen(refs[i]) ); + } + ber_memvfree( (void **) refs ); + } + + if( ctrls ) { + print_ctrls( ctrls ); + ldap_controls_free( ctrls ); + } +} + +static void print_extended( + LDAP *ld, + LDAPMessage *extended ) +{ + int rc; + char *retoid = NULL; + struct berval *retdata = NULL; + + if( ldif < 2 ) { + printf("# extended result response\n"); + } + + rc = ldap_parse_extended_result( ld, extended, + &retoid, &retdata, 0 ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror(ld, "ldap_parse_extended_result"); + exit( EXIT_FAILURE ); + } + + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE, + "extended", retoid, retoid ? strlen(retoid) : 0 ); + ber_memfree( retoid ); + + if(retdata) { + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY, + "data", retdata->bv_val, retdata->bv_len ); + ber_bvfree( retdata ); + } + + print_result( ld, extended, 0 ); +} + +static void print_partial( + LDAP *ld, + LDAPMessage *partial ) +{ + int rc; + char *retoid = NULL; + struct berval *retdata = NULL; + LDAPControl **ctrls = NULL; + + if( ldif < 2 ) { + printf("# extended partial response\n"); + } + + rc = ldap_parse_extended_partial( ld, partial, + &retoid, &retdata, &ctrls, 0 ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror(ld, "ldap_parse_extended_partial"); + exit( EXIT_FAILURE ); + } + + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE, + "partial", retoid, retoid ? strlen(retoid) : 0 ); + + ber_memfree( retoid ); + + if( retdata ) { + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY, + "data", + retdata->bv_val, retdata->bv_len ); + + ber_bvfree( retdata ); + } + + if( ctrls ) { + print_ctrls( ctrls ); + ldap_controls_free( ctrls ); + } +} + +static int print_result( + LDAP *ld, + LDAPMessage *result, int search ) +{ + char rst[BUFSIZ]; + int rc; + int err; + char *matcheddn = NULL; + char *text = NULL; + char **refs = NULL; + LDAPControl **ctrls = NULL; + + if( search ) { + if ( ldif < 2 ) { + printf("# search result\n"); + } + if ( ldif < 1 ) { + printf("%s: %d\n", "search", ldap_msgid(result) ); + } + } + + rc = ldap_parse_result( ld, result, + &err, &matcheddn, &text, &refs, &ctrls, 0 ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror(ld, "ldap_parse_result"); + exit( EXIT_FAILURE ); + } + + + if( !ldif ) { + printf( "result: %d %s\n", err, ldap_err2string(err) ); + + } else if ( err != LDAP_SUCCESS ) { + fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err ); + } + + if( matcheddn && *matcheddn ) { + if( !ldif ) { + write_ldif( LDIF_PUT_VALUE, + "matchedDN", matcheddn, strlen(matcheddn) ); + } else { + fprintf( stderr, "Matched DN: %s\n", matcheddn ); + } + + ber_memfree( matcheddn ); + } + + if( text && *text ) { + if( !ldif ) { + write_ldif( LDIF_PUT_TEXT, "text", + text, strlen(text) ); + } else { + fprintf( stderr, "Additional information: %s\n", text ); + } + + ber_memfree( text ); + } + + if( refs ) { + int i; + for( i=0; refs[i] != NULL; i++ ) { + if( !ldif ) { + write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) ); + } else { + fprintf( stderr, "Referral: %s", refs[i] ); + } + } + + ber_memvfree( (void **) refs ); + } + + if( ctrls ) { + print_ctrls( ctrls ); + ldap_controls_free( ctrls ); + } + + return err; +} + +void print_ctrls( LDAPControl **ctrls ) { + int i; + for(i=0; ctrls[i] != NULL; i++ ) { + /* control: OID criticality base64value */ + struct berval *b64 = NULL; + ber_len_t len; + char *str; + + len = strlen( ctrls[i]->ldctl_oid ); + + /* add enough for space after OID and the critical value itself */ + len += ctrls[i]->ldctl_iscritical + ? sizeof("true") : sizeof("false"); + + /* convert to base64 */ + if( ctrls[i]->ldctl_value.bv_len ) { + b64 = ber_memalloc( sizeof(struct berval) ); + + b64->bv_len = LUTIL_BASE64_ENCODE_LEN( + ctrls[i]->ldctl_value.bv_len ) + 1; + b64->bv_val = ber_memalloc( b64->bv_len + 1 ); + + b64->bv_len = lutil_b64_ntop( + ctrls[i]->ldctl_value.bv_val, ctrls[i]->ldctl_value.bv_len, + b64->bv_val, b64->bv_len ); + } + + if( b64 ) { + len += 1 + b64->bv_len; + } + + str = malloc( len + 1 ); + strcpy( str, ctrls[i]->ldctl_oid ); + strcat( str, ctrls[i]->ldctl_iscritical + ? " true" : " false" ); + + if( b64 ) { + strcat(str, " "); + strcat(str, b64->bv_val ); + } + + write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE, + "control", str, len ); + + free( str ); + ber_bvfree( b64 ); + } +} static int write_ldif( int type, char *name, char *value, ber_len_t vallen ) diff --git a/clients/ud/auth.c b/clients/ud/auth.c index 5ae44ef154..337015c356 100644 --- a/clients/ud/auth.c +++ b/clients/ud/auth.c @@ -164,7 +164,7 @@ auth( char *who, int implicit ) /* if we're running as a server (e.g., out of inetd) */ if ( ! isatty( 1 ) ) { - strcpy( tktpath, "/tmp/ud_tktXXXXXX" ); + strcpy( tktpath, LDAP_TMPDIR LDAP_DEFSEP "ud_tktXXXXXX" ); mktemp( tktpath ); krb_set_tkt_string( tktpath ); } diff --git a/doc/devel/args b/doc/devel/args index 4a114acea4..ff5172f496 100644 --- a/doc/devel/args +++ b/doc/devel/args @@ -3,7 +3,7 @@ ldapdelete *DE I K M P U WXYZ cd f h k n p vw ldapmodify *DEF I K M P U WXYZabcd f h k n p r t vw ldapmodrdn *DE I K M P U WXYZ cd f h k n p rs vw ldappasswd A *DE I S U WXYZa d h s vw -ldapsearch AB*DEF I KLM P RSTUVWXYZab*d f h kl n p stuvw z +ldapsearch A *DE I KLM P RSTUVWXYZab*d f h kl n p stuvw z Other Clients ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz fax500 f h m @@ -44,7 +44,6 @@ ud D V cd f l p s uv /* to be implemented */ -C Chase Referrals - -c Chase Search Rerefences * LDAPv2+ Only -K LDAPv2 Kerberos Bind (Step 1 only) (depecated) diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index 1b7ecdff31..96e4ec9f70 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -21,8 +21,6 @@ ldapsearch \- LDAP search tool [\c .BR \-A ] [\c -.BR \-B ] -[\c .BR \-L[L[L]] ] [\c .BR \-M[M] ] diff --git a/include/ldap_config.h.in b/include/ldap_config.h.in index 63b604f6ea..59b5c673f3 100644 --- a/include/ldap_config.h.in +++ b/include/ldap_config.h.in @@ -26,6 +26,13 @@ #endif #endif +/* directory for temporary files */ +#if defined( _P_tmpdir ) +#define LDAP_TMPDIR _P_tmpdir +#else +#define LDAP_TMPDIR LDAP_DIRSEP "tmp" +#endif + /* directories */ #ifndef LDAP_BINDIR #define LDAP_BINDIR "%BINDIR%" diff --git a/include/ldap_config.nt b/include/ldap_config.nt index cee39be0b4..f19eb38016 100644 --- a/include/ldap_config.nt +++ b/include/ldap_config.nt @@ -22,6 +22,13 @@ #define LDAP_DIRSEP "\\" #endif +/* directory for temporary files */ +#if defined( _P_tmpdir ) +#define LDAP_TMPDIR _P_tmpdir +#else +#define LDAP_TMPDIR "\\" +#endif + /* directories */ #ifndef LDAP_PREFIX #define LDAP_PREFIX "C:\\OpenLDAP" diff --git a/include/ldap_defaults.h b/include/ldap_defaults.h index 0d0919ff8c..c02734465d 100644 --- a/include/ldap_defaults.h +++ b/include/ldap_defaults.h @@ -35,6 +35,11 @@ #define LDAP_USERRC_FILE "ldaprc" #define LDAP_ENV_PREFIX "LDAP" +/* default ldapi:// socket */ +#define LDAPI_SOCK LDAP_TMPDIR LDAP_DIRSEP ".ldapi_sock" + +/* default file: URI prefix */ +#define LDAP_FILE_URI_PREFIX "file://" LDAP_TMPDIR LDAP_DIRSEP /* * SHARED DEFINITIONS - other things you can change diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c index 5b771f9fad..8594c849af 100644 --- a/libraries/libldap/error.c +++ b/libraries/libldap/error.c @@ -92,7 +92,7 @@ static const struct ldaperror ldap_errlist[] = { {LDAP_CLIENT_LOOP, "Client Loop" }, {LDAP_REFERRAL_LIMIT_EXCEEDED, "Referral Limit Exceeded" }, - {-1, 0 } + {-1, NULL } }; static const struct ldaperror * @@ -150,7 +150,7 @@ ldap_perror( LDAP *ld, LDAP_CONST char *str ) } if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) { - fprintf( stderr, "\tmatched: \"%s\"\n", + fprintf( stderr, "\tmatched DN: \"%s\"\n", ld->ld_matched ); } diff --git a/libraries/libldap/getentry.c b/libraries/libldap/getentry.c index 2cf17681d8..dee482cfec 100644 --- a/libraries/libldap/getentry.c +++ b/libraries/libldap/getentry.c @@ -99,7 +99,7 @@ ldap_get_entry_controls( assert( sctrls != NULL ); if ( ld == NULL || sctrls == NULL || - entry == NULL || entry->lm_msgtype == LDAP_RES_SEARCH_ENTRY ) + entry == NULL || entry->lm_msgtype != LDAP_RES_SEARCH_ENTRY ) { return LDAP_PARAM_ERROR; } diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c index 6d45b2589a..5ad819eccf 100644 --- a/libraries/libldap/os-local.c +++ b/libraries/libldap/os-local.c @@ -33,6 +33,7 @@ #endif /* HAVE_IO_H */ #include "ldap-int.h" +#include "ldap_defaults.h" /* int ldap_int_tblsize = 0; */ @@ -191,7 +192,7 @@ ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async) } if ( path == NULL || path[0] == '\0' ) { - path = "/tmp/.ldap-sock"; + path = LDAPI_SOCK; } else { if ( strlen(path) > (sizeof( server.sun_path ) - 1) ) { ldap_pvt_set_errno( ENAMETOOLONG ); diff --git a/libraries/libldif/line64.c b/libraries/libldif/line64.c index 7ee83d8e6a..e4a85a226d 100644 --- a/libraries/libldif/line64.c +++ b/libraries/libldif/line64.c @@ -314,18 +314,15 @@ ldif_sput( /* prefix */ switch( type ) { case LDIF_PUT_COMMENT: - if( name != NULL ) break; - *(*out)++ = '#'; len++; if( vlen ) { *(*out)++ = ' '; len++; - break; } - /* no value, fall-thru */ + break; case LDIF_PUT_SEP: *(*out)++ = '\n'; diff --git a/libraries/liblutil/tempnam.c b/libraries/liblutil/tempnam.c index 024f1fd725..fa455c0c75 100644 --- a/libraries/liblutil/tempnam.c +++ b/libraries/liblutil/tempnam.c @@ -17,7 +17,7 @@ char * char *s; if ( dir == NULL ) { - dir = "/tmp"; + dir = LDAP_TMPDIR; } /* diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index 61a7989be5..7e9c6931b9 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -247,9 +247,9 @@ static Listener * open_listener( const char* url ) # ifdef LDAP_PF_UNIX if ( ldap_pvt_url_scheme2proto(lud->lud_scheme) == LDAP_PROTO_IPC ) { if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) { - err = getaddrinfo(NULL, "/tmp/.ldap-sock", &hints, &res); + err = getaddrinfo(NULL, LDAPI_SOCK, &hints, &res); if (!err) - unlink( "/tmp/.ldap-sock" ); + unlink( LDAPI_SOCK ); } else { err = getaddrinfo(NULL, lud->lud_host, &hints, &res); if (!err) @@ -297,7 +297,7 @@ static Listener * open_listener( const char* url ) /* hack: overload the host to be the path */ if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) { - strcpy( l.sl_sa.sa_un_addr.sun_path, "/tmp/.ldap-sock" ); + strcpy( l.sl_sa.sa_un_addr.sun_path, LDAPI_SOCK ); } else { if ( strlen(lud->lud_host) > (sizeof(l.sl_sa.sa_un_addr.sun_path) - 1) ) { Debug( LDAP_DEBUG_ANY, diff --git a/servers/slapd/tools/ldbmtest.c b/servers/slapd/tools/ldbmtest.c index 39e6c7432a..ab95138393 100644 --- a/servers/slapd/tools/ldbmtest.c +++ b/servers/slapd/tools/ldbmtest.c @@ -506,7 +506,7 @@ edit_entry( char c, Datum *data ) WAITSTATUSTYPE status; #endif - strcpy( tmpname, "/tmp/dbtestXXXXXX" ); + strcpy( tmpname, LDAP_TMPDIR LDAP_DEFSEP "dbtestXXXXXX" ); #ifndef HAVE_MKSTEMP if ( (fd = open( mktemp( tmpname ), O_RDWR|O_CREAT|O_EXCL, 0600 )) == -1 ) { perror( tmpname ); diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index 967a64073c..f94cd7c4fc 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -18,6 +18,7 @@ pager: +1 313 555 3923 mail: jaj@mail.alumni.umich.edu facsimiletelephonenumber: +1 313 555 4332 telephonenumber: +1 313 555 0895 + dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US member: cn=Manager, o=University of Michigan, c=US member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un @@ -210,3 +211,4 @@ postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 09 $ US telephonenumber: +1 313 764-1817 associateddomain: umich.edu + diff --git a/tests/data/modify.out.master b/tests/data/modify.out.master index 429d901fa6..e3901bee28 100644 --- a/tests/data/modify.out.master +++ b/tests/data/modify.out.master @@ -292,3 +292,4 @@ homephone: +1 313 555 8421 pager: +1 313 555 2844 facsimiletelephonenumber: +1 313 555 9700 telephonenumber: +1 313 555 5331 + diff --git a/tests/data/modrdn.out.master b/tests/data/modrdn.out.master index 3e794d32c4..8d62e2a3ed 100644 --- a/tests/data/modrdn.out.master +++ b/tests/data/modrdn.out.master @@ -312,3 +312,4 @@ homephone: +1 313 555 8421 pager: +1 313 555 2844 facsimiletelephonenumber: +1 313 555 9700 telephonenumber: +1 313 555 5331 + diff --git a/tests/data/modrdn.out.master.0 b/tests/data/modrdn.out.master.0 index 3e794d32c4..8d62e2a3ed 100644 --- a/tests/data/modrdn.out.master.0 +++ b/tests/data/modrdn.out.master.0 @@ -312,3 +312,4 @@ homephone: +1 313 555 8421 pager: +1 313 555 2844 facsimiletelephonenumber: +1 313 555 9700 telephonenumber: +1 313 555 5331 + diff --git a/tests/data/modrdn.out.master.1 b/tests/data/modrdn.out.master.1 index dfd8633d28..0483a50cc4 100644 --- a/tests/data/modrdn.out.master.1 +++ b/tests/data/modrdn.out.master.1 @@ -20,3 +20,4 @@ pager: +1 313 555 3923 mail: jaj@mail.alumni.umich.edu facsimiletelephonenumber: +1 313 555 4332 telephonenumber: +1 313 555 0895 + diff --git a/tests/data/modrdn.out.master.2 b/tests/data/modrdn.out.master.2 index 65279ea171..b83d0fc0f1 100644 --- a/tests/data/modrdn.out.master.2 +++ b/tests/data/modrdn.out.master.2 @@ -18,3 +18,4 @@ postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103 pager: +1 313 555 2833 facsimiletelephonenumber: +1 313 555 8688 telephonenumber: +1 313 555 7334 + diff --git a/tests/data/modrdn.out.master.3 b/tests/data/modrdn.out.master.3 index 0345196c24..ebe0fba843 100644 --- a/tests/data/modrdn.out.master.3 +++ b/tests/data/modrdn.out.master.3 @@ -19,3 +19,4 @@ pager: +1 313 555 3923 mail: jaj@mail.alumni.umich.edu facsimiletelephonenumber: +1 313 555 4332 telephonenumber: +1 313 555 0895 + diff --git a/tests/data/search.out.master b/tests/data/search.out.master index ebadd3d27c..29e465a4bc 100644 --- a/tests/data/search.out.master +++ b/tests/data/search.out.master @@ -42,6 +42,7 @@ homephone: +1 313 555 5444 pager: +1 313 555 4474 facsimiletelephonenumber: +1 313 555 2177 telephonenumber: +1 313 555 0355 + dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US member: cn=Manager, o=University of Michigan, c=US member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un @@ -122,6 +123,7 @@ pager: +1 313 555 3923 mail: jaj@mail.alumni.umich.edu facsimiletelephonenumber: +1 313 555 4332 telephonenumber: +1 313 555 0895 + dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US member: cn=Manager, o=University of Michigan, c=US member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un @@ -167,6 +169,7 @@ owner: cn=Manager, o=University of Michigan, c=US description: All Alumni Assoc Staff cn: Alumni Assoc Staff objectclass: groupofnames + dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US member: cn=Manager, o=University of Michigan, c=US member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un @@ -263,3 +266,4 @@ postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 09 $ US telephonenumber: +1 313 764-1817 associateddomain: umich.edu + diff --git a/tests/data/test.ldif b/tests/data/test.ldif index 919bdd6726..188512a332 100644 --- a/tests/data/test.ldif +++ b/tests/data/test.ldif @@ -311,3 +311,4 @@ homephone: +1 313 555 8421 pager: +1 313 555 2844 facsimiletelephonenumber: +1 313 555 9700 telephonenumber: +1 313 555 5331 + diff --git a/tests/scripts/acfilter.sh b/tests/scripts/acfilter.sh index 7e3659e568..975460cd61 100755 --- a/tests/scripts/acfilter.sh +++ b/tests/scripts/acfilter.sh @@ -1,6 +1,6 @@ #! /bin/sh # $OpenLDAP$ # -# Strip operational attributes +# Strip comments # -egrep -iv '^modifiersname:|^modifytimestamp:|^creatorsname:|^createtimestamp' +egrep -iv '^#' -- 2.39.5