From 691d91ca2611f5f3f6f05fbb919016fe717a9058 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 6 May 2005 18:10:20 +0000 Subject: [PATCH] Build + client side changes from HEAD --- build/top.mk | 2 + clients/tools/Makefile.in | 2 +- clients/tools/common.c | 2 +- clients/tools/ldapcompare.c | 1 + clients/tools/ldapmodify.c | 1 + configure.in | 14 ++++++ doc/man/man1/ldapcompare.1 | 15 ------ doc/man/man1/ldapdelete.1 | 16 ------ doc/man/man1/ldapmodify.1 | 18 ------- doc/man/man1/ldapmodrdn.1 | 15 ------ doc/man/man1/ldapsearch.1 | 15 ------ doc/man/man3/ldap_bind.3 | 66 +++---------------------- doc/man/man3/ldap_bind.3.links | 5 -- doc/man/man5/slapd.conf.5 | 7 --- doc/man/man8/slurpd.8 | 11 +---- include/ldap.h | 33 +++++++++++-- libraries/libldap/Makefile.in | 4 +- libraries/libldap/result.c | 24 ++++----- libraries/libldap/turn.c | 88 +++++++++++++++++++++++++++++++++ libraries/libldap_r/Makefile.in | 4 +- 20 files changed, 161 insertions(+), 182 deletions(-) create mode 100644 libraries/libldap/turn.c diff --git a/build/top.mk b/build/top.mk index 82e3ff1db9..57af87d6c5 100644 --- a/build/top.mk +++ b/build/top.mk @@ -58,6 +58,8 @@ INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 INSTALL_SCRIPT = $(INSTALL) +STRIP = -s + LINT = lint 5LINT = 5lint diff --git a/clients/tools/Makefile.in b/clients/tools/Makefile.in index 2776e673f1..fe208fc0b4 100644 --- a/clients/tools/Makefile.in +++ b/clients/tools/Makefile.in @@ -98,7 +98,7 @@ install-local: FORCE -$(MKDIR) $(DESTDIR)$(bindir) @( \ for prg in $(PROGRAMS); do \ - $(LTINSTALL) $(INSTALLFLAGS) -s -m 755 $$prg$(EXEEXT) \ + $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 $$prg$(EXEEXT) \ $(DESTDIR)$(bindir); \ done \ ) diff --git a/clients/tools/common.c b/clients/tools/common.c index 083fbcdf8f..b6bc01aad2 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -140,7 +140,7 @@ N_(" ppolicy\n") #endif N_(" [!]postread[=] (a comma-separated attribute list)\n") N_(" [!]preread[=] (a comma-separated attribute list)\n"), -N_(" abandon, cancel (SIGINT sends abandon/cancel (not really controls)\n") +N_(" abandon, cancel (SIGINT sends abandon/cancel; not really controls)\n") N_(" -f file read operations from `file'\n"), N_(" -h host LDAP server\n"), N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"), diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c index a7a20a4f14..619b7e811a 100644 --- a/clients/tools/ldapcompare.c +++ b/clients/tools/ldapcompare.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #ifdef HAVE_FCNTL_H diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index f4da605fb7..60fffe3cd3 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -42,6 +42,7 @@ #include #include #include +#include #ifdef HAVE_SYS_STAT_H #include diff --git a/configure.in b/configure.in index 07384b14a1..28d5571160 100644 --- a/configure.in +++ b/configure.in @@ -536,6 +536,7 @@ BUILD_SYNCPROV=no BUILD_TRANSLUCENT=no BUILD_UNIQUE=no +SLAPD_STATIC_OVERLAYS= SLAPD_DYNAMIC_OVERLAYS= SLAPD_MODULES_LDFLAGS= @@ -2771,6 +2772,7 @@ if test "$ol_enable_denyop" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_DENYOP,$MFLAG,[define for Dynamic Group overlay]) fi @@ -2782,6 +2784,7 @@ if test "$ol_enable_dyngroup" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dyngroup.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dyngroup.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNGROUP,$MFLAG,[define for Dynamic Group overlay]) fi @@ -2793,6 +2796,7 @@ if test "$ol_enable_dynlist" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS dynlist.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS dynlist.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay]) fi @@ -2804,6 +2808,7 @@ if test "$ol_enable_glue" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS glue.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS glue.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_GLUE,$MFLAG,[define for Backend Glue overlay]) fi @@ -2815,6 +2820,7 @@ if test "$ol_enable_lastmod" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_LASTMOD,$MFLAG,[define for Last Modification overlay]) fi @@ -2826,6 +2832,7 @@ if test "$ol_enable_ppolicy" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS ppolicy.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS ppolicy.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_PPOLICY,$MFLAG,[define for Password Policy overlay]) fi @@ -2837,6 +2844,7 @@ if test "$ol_enable_proxycache" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS pcache.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS pcache.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_PROXYCACHE,$MFLAG,[define for Proxy Cache overlay]) fi @@ -2848,6 +2856,7 @@ if test "$ol_enable_refint" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS refint.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS refint.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_REFINT,$MFLAG,[define for Referential Integrity overlay]) fi @@ -2860,6 +2869,7 @@ if test "$ol_enable_rwm" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS rwm.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS rwm_x.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_RWM,$MFLAG,[define for Rewrite/Remap overlay]) fi @@ -2871,6 +2881,7 @@ if test "$ol_enable_syncprov" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS syncprov.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS syncprov.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_SYNCPROV,$MFLAG,[define for Syncrepl Provider overlay]) fi @@ -2882,6 +2893,7 @@ if test "$ol_enable_translucent" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS translucent.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS translucent.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_TRANSLUCENT,$MFLAG,[define for Translucent Proxy overlay]) fi @@ -2893,6 +2905,7 @@ if test "$ol_enable_unique" != no ; then SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS unique.la" else MFLAG=SLAPD_MOD_STATIC + SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS unique.o" fi AC_DEFINE_UNQUOTED(SLAPD_OVER_UNIQUE,$MFLAG,[define for Attribute Uniqueness overlay]) fi @@ -2982,6 +2995,7 @@ AC_SUBST(SLAPD_MODULES_LDFLAGS) AC_SUBST(SLAPD_NO_STATIC) AC_SUBST(SLAPD_STATIC_BACKENDS) AC_SUBST(SLAPD_DYNAMIC_BACKENDS) +AC_SUBST(SLAPD_STATIC_OVERLAYS) AC_SUBST(SLAPD_DYNAMIC_OVERLAYS) AC_SUBST(PERL_CPPFLAGS) diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1 index 4ba466e918..4e957f0849 100644 --- a/doc/man/man1/ldapcompare.1 +++ b/doc/man/man1/ldapcompare.1 @@ -13,10 +13,6 @@ ldapcompare \- LDAP compare tool [\c .BR \-z ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-M[M] ] [\c .BI \-d \ debuglevel\fR] @@ -86,17 +82,6 @@ Run in verbose mode, with many diagnostics written to standard output. Run in quiet mode, no output is written. You must check the return status. Useful in shell scripts. .TP -.B \-k -Use Kerberos IV authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. -.B ldapcompare -must be compiled with Kerberos support for this option to have any effect. -.TP -.B \-K -Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your Kerberos Domain Controller(s). -.TP .B \-M[M] Enable manage DSA IT control. .B \-MM diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1 index 71f04ff8ea..8750ea4dff 100644 --- a/doc/man/man1/ldapdelete.1 +++ b/doc/man/man1/ldapdelete.1 @@ -11,10 +11,6 @@ ldapdelete \- LDAP delete entry tool [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-c ] [\c .BR \-M[M] ] @@ -83,18 +79,6 @@ debugging in conjunction with -v. .B \-v Use verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos IV authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. This option -only has effect if -.B ldapdelete -is compiled with Kerberos support. -.TP -.B \-K -Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your Kerberos Domain Controller(s). -.TP .B \-c Continuous operation mode. Errors are reported, but .B ldapdelete diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1 index b91241def3..c92d16578f 100644 --- a/doc/man/man1/ldapmodify.1 +++ b/doc/man/man1/ldapmodify.1 @@ -17,10 +17,6 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-M[M] ] [\c .BI \-d \ debuglevel\fR] @@ -71,10 +67,6 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-M[M] ] [\c .BI \-d \ debuglevel\fR] @@ -155,16 +147,6 @@ debugging in conjunction with -v. .B \-v Use verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos IV authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. You must -compile with Kerberos support for this option to have any effect. -.TP -.B \-K -Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your Kerberos Domain Controller(s). -.TP .B \-F Force application of all changes regardless of the contents of input lines that begin with diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1 index 0ec4a74897..c6159ac30d 100644 --- a/doc/man/man1/ldapmodrdn.1 +++ b/doc/man/man1/ldapmodrdn.1 @@ -13,10 +13,6 @@ ldapmodrdn \- LDAP rename entry tool [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-c ] [\c .BR \-M[M] ] @@ -85,17 +81,6 @@ debugging in conjunction with -v. .B \-v Use verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos IV authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. -.B ldapmodrdn -must be compiled with Kerberos support for this option to have effect. -.TP -.B \-K -Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your Kerberos Domain Controller(s). -.TP .B \-c Continuous operation mode. Errors are reported, but ldapmodrdn will continue with modifications. The default is to exit after diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index cdb952bb67..df4cf7227d 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -13,10 +13,6 @@ ldapsearch \- LDAP search tool [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-t ] [\c .BR \-A ] @@ -106,17 +102,6 @@ in the output. .B \-v Run in verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos IV authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. -.B ldapsearch -must be compiled with Kerberos support for this option to have any effect. -.TP -.B \-K -Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your Kerberos Domain Controller(s). -.TP .B \-t Write retrieved non-printable values to a set of temporary files. This is useful for dealing with values containing non-character data such as diff --git a/doc/man/man3/ldap_bind.3 b/doc/man/man3/ldap_bind.3 index 7f8b94bc8a..a2e1f5e29f 100644 --- a/doc/man/man3/ldap_bind.3 +++ b/doc/man/man3/ldap_bind.3 @@ -3,7 +3,7 @@ .\" Copyright 1998-2005 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME -ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_kerberos_bind_s, ldap_kerberos_bind1, ldap_kerberos_bind1_s, ldap_kerberos_bind2, ldap_kerberos_bind2_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines +ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, -lldap) .SH SYNOPSIS @@ -24,16 +24,6 @@ OpenLDAP LDAP (libldap, -lldap) .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP -.BI "int ldap_kerberos_bind_s(LDAP *" ld ", const char *" who ");" -.LP -.BI "int ldap_kerberos_bind1(LDAP *" ld ", const char *" who ");" -.LP -.BI "int ldap_kerberos_bind1_s(LDAP *" ld ", const char *" who ");" -.LP -.BI "int ldap_kerberos_bind2(LDAP *" ld ", const char *" who ");" -.LP -.BI "int ldap_kerberos_bind2_s(LDAP *" ld ", const char *" who ");" -.LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," @@ -78,9 +68,10 @@ attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP -There are many types of bind calls, providing simple authentication, Kerberos -version 4 authentication, and general routines to do either one, as -well as calls using +There are three types of bind calls, ones providing simple authentication, +ones providing SASL authentication, and general routines capable of doing +either simple or SASL authentication. +.LP .B SASL (Simple Authentication and Security Layer) that can negotiate one of many different kinds of authentication. @@ -89,12 +80,6 @@ call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .LP -Kerberos version 4 has been superseded by Kerberos version 5, and the -Kerberos version 4 support is only provided for backward compatibility. The -SASL interfaces should be used for new applications. SASL provides -a general interface for using Kerberos versions 4 and 5 and many other -security systems. -.LP .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . @@ -109,41 +94,6 @@ taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). -.SH KERBEROS AUTHENTICATION -If the LDAP library and LDAP server being contacted have been -compiled with the KERBEROS option defined, -Kerberos version 4 authentication can be performed. As mentioned above, -these Kerberos routines are provided only for backward compatibility. -.LP -These routines assume the user already -has obtained a ticket granting ticket. The routines take \fIwho\fP, the DN -of the entry to bind as. The -.B ldap_kerberos_bind_s() -routine does both steps of the Kerberos binding process synchronously. The -.B ldap_kerberos_bind1_s() -and -.B ldap_kerberos_bind2_s() -routines allow synchronous access to the -individual steps, authenticating to the LDAP server and X.500 DSA, respectively. -The -.B ldap_kerberos_bind1() -and -.B ldap_kerberos_bind2() -routines provide equivalent asynchronous access. -.LP -The -.B ldap_kerberos_bind_s() -routine is used to perform both authentication steps when contacting -an LDAP server that is a gateway to an X.500 DSA. This kind of server -configuration is only supported in the (very old) University of Michigan LDAP -release. The OpenLDAP package no longer provides this gateway server. -The standalone LDAP server provided in OpenLDAP may still be configured -with Kerberos version 4 support, but it only requires one authentication -step, and will return an error if the second step is attempted. Therefore, -only the -.B ldap_kerberos_bind1() -routine or its synchronous equivalent may be used when contacting an -OpenLDAP server. .SH GENERAL AUTHENTICATION The .B ldap_bind() @@ -152,10 +102,8 @@ and routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication -method to use. It should be set to one of LDAP_AUTH_SIMPLE, -LDAP_AUTH_KRBV41, or LDAP_AUTH_KRBV42, to select simple authentication, -Kerberos authentication to the LDAP server, or Kerberos authentication -to the X.500 DSA, respectively. +method to use. It should be set to LDAP_AUTH_SIMPLE +to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() diff --git a/doc/man/man3/ldap_bind.3.links b/doc/man/man3/ldap_bind.3.links index 793eb8d66a..998fa7573e 100644 --- a/doc/man/man3/ldap_bind.3.links +++ b/doc/man/man3/ldap_bind.3.links @@ -3,11 +3,6 @@ ldap_simple_bind.3 ldap_simple_bind_s.3 ldap_sasl_bind.3 ldap_sasl_bind_s.3 -ldap_kerberos_bind_s.3 -ldap_kerberos_bind1.3 -ldap_kerberos_bind1_s.3 -ldap_kerberos_bind2.3 -ldap_kerberos_bind2_s.3 ldap_unbind.3 ldap_unbind_ext.3 ldap_unbind_s.3 diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 287caa9b9f..f19dd7018d 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -409,8 +409,6 @@ disallow (default none). disables acceptance of anonymous bind requests. .B bind_simple disables simple (bind) authentication. -.B bind_krbv4 -disables Kerberos V4 (bind) authentication. .B tls_2_anon disables Start TLS from forcing session to anonymous status (see also .BR tls_authc ). @@ -842,11 +840,6 @@ The default is 262143. Specify the maximum incoming LDAP PDU size for authenticated sessions. The default is 4194303. .TP -.B srvtab -Specify the srvtab file in which the kerberos keys necessary for -authenticating clients using kerberos can be found. This option is only -meaningful if you are using Kerberos authentication. -.TP .B threads Specify the maximum size of the primary thread pool. The default is 16. diff --git a/doc/man/man8/slurpd.8 b/doc/man/man8/slurpd.8 index ef37997590..1c2fe8af26 100644 --- a/doc/man/man8/slurpd.8 +++ b/doc/man/man8/slurpd.8 @@ -7,7 +7,7 @@ slurpd \- Standalone LDAP Update Replication Daemon .SH SYNOPSIS .B LIBEXECDIR/slurpd [\-d debug\-level] .B [\-f slapd\-config\-file] [\-r slapd\-replog\-file] -.B [\-t temp\-dir] [\-o] [\-k srvtab\-file] +.B [\-t temp\-dir] [\-o] .B .SH DESCRIPTION .LP @@ -121,15 +121,6 @@ temporary files may contain sensitive information. This option allows you to specify the location of these temporary files. The default is .BR LOCALSTATEDIR/openldap-slurp . -.TP -.BI \-k " srvtab\-file" -Specify the location of the kerberos srvtab file which contains keys -for the replica -.I slapd -instances. Overrides the srvtab argument to the -replica directive in the -.I slapd -configuration file. .SH EXAMPLES To start .I slurpd diff --git a/include/ldap.h b/include/ldap.h index 849f054b25..4d8d71ff36 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -309,8 +309,13 @@ typedef struct ldapcontrol { #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U) -#define LDAP_EXOP_X_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" -#define LDAP_EXOP_X_CANCEL "1.3.6.1.1.8" +#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" +#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I + +#define LDAP_EXOP_CANCEL "1.3.6.1.1.8" +#define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL + +#define LDAP_EXOP_X_TURN "1.3.6.1.4.1.4203.666.6.4" /* LDAP Grouping of Related Operations *//* a work in progress */ #ifdef LDAP_DEVEL @@ -1838,12 +1843,32 @@ ldap_cancel LDAP_P(( LDAP *ld, int *msgidp )); LDAP_F( int ) -ldap_cancel_s LDAP_P(( - LDAP *ld, +ldap_cancel_s LDAP_P(( LDAP *ld, int cancelid, LDAPControl **sctrl, LDAPControl **cctrl )); +/* + * LDAP Turn Extended Operation + * in turn.c + */ +#define LDAP_API_FEATURE_TURN 1000 + +LDAP_F( int ) +ldap_turn LDAP_P(( LDAP *ld, + int mutual, + LDAP_CONST char* identifier, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp )); + +LDAP_F( int ) +ldap_turn_s LDAP_P(( LDAP *ld, + int mutual, + LDAP_CONST char* identifier, + LDAPControl **sctrl, + LDAPControl **cctrl )); + /* * LDAP Server Side Sort * in sortctrl.c diff --git a/libraries/libldap/Makefile.in b/libraries/libldap/Makefile.in index 42e47dab10..47d81ddc07 100644 --- a/libraries/libldap/Makefile.in +++ b/libraries/libldap/Makefile.in @@ -26,7 +26,7 @@ SRCS = bind.c open.c result.c error.c compare.c search.c \ request.c os-ip.c url.c sortctrl.c vlvctrl.c \ init.c options.c print.c string.c util-int.c schema.c \ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ - groupings.c txn.c ppolicy.c + turn.c groupings.c txn.c ppolicy.c OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ controls.lo messages.lo references.lo extended.lo cyrus.lo \ @@ -37,7 +37,7 @@ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ init.lo options.lo print.lo string.lo util-int.lo schema.lo \ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ - groupings.lo txn.lo ppolicy.lo + turn.lo groupings.lo txn.lo ppolicy.lo LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index c695755b63..851080512b 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -178,6 +178,7 @@ chkResponseList( } if ( lm->lm_chain == NULL ) { + assert(lm->lm_chain_tail == lm); if ((lm->lm_msgtype == LDAP_RES_SEARCH_ENTRY) || (lm->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) || (lm->lm_msgtype == LDAP_RES_INTERMEDIATE)) { @@ -186,6 +187,8 @@ chkResponseList( tmp = lm; } } else { + assert(lm->lm_chain_tail); + assert(lm->lm_chain_tail->lm_chain); if ((lm->lm_chain_tail->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY) || (lm->lm_chain_tail->lm_chain->lm_msgtype @@ -217,8 +220,11 @@ chkResponseList( ? lm->lm_chain : lm->lm_next); } if ( all == LDAP_MSG_ONE && lm->lm_chain != NULL ) { - lm->lm_chain->lm_next = lm->lm_next; - lm->lm_chain = NULL; + lm->lm_chain->lm_next = lm->lm_next; + lm->lm_chain->lm_chain_tail = ( lm->lm_chain_tail != lm ) ? lm->lm_chain_tail : lm->lm_chain; + assert(lm->lm_chain->lm_chain_tail); + lm->lm_chain = NULL; + lm->lm_chain_tail = NULL; } lm->lm_next = NULL; } @@ -852,17 +858,11 @@ lr->lr_res_matched ? lr->lr_res_matched : "" ); /* part of a search response - add to end of list of entries */ if (l->lm_chain == NULL) { - if ((l->lm_msgtype == LDAP_RES_SEARCH_ENTRY) || - (l->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) || - (l->lm_msgtype == LDAP_RES_INTERMEDIATE)) { - /* do not advance lm_chain_tail in this case */ - l->lm_chain = new; - } else { - /*FIXME: ldap_msgfree( l );*/ - l = new; - l->lm_chain_tail = new; - } + assert(l->lm_chain_tail == l); + l->lm_chain = new; } else { + assert(l->lm_chain_tail); + assert(l->lm_chain_tail->lm_chain); if ((l->lm_chain_tail->lm_chain->lm_msgtype == LDAP_RES_SEARCH_ENTRY) || (l->lm_chain_tail->lm_chain->lm_msgtype diff --git a/libraries/libldap/turn.c b/libraries/libldap/turn.c new file mode 100644 index 0000000000..085a4dc24b --- /dev/null +++ b/libraries/libldap/turn.c @@ -0,0 +1,88 @@ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 2005 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This program was orignally developed by Kurt D. Zeilenga for inclusion in + * OpenLDAP Software. + */ + +/* + * LDAPv3 Turn Operation Request + */ + +#include "portable.h" + +#include +#include + +#include +#include +#include + +#include "ldap-int.h" +#include "ldap_log.h" + +int +ldap_turn( + LDAP *ld, + int mutual, + LDAP_CONST char* identifier, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp ) +{ + BerElement *turnvalber = NULL; + struct berval *turnvalp = NULL; + int rc; + + turnvalber = ber_alloc_t( LBER_USE_DER ); + if( mutual ) { + ber_printf( turnvalber, "{bs}", mutual, identifier ); + } else { + ber_printf( turnvalber, "{s}", identifier ); + } + ber_flatten( turnvalber, &turnvalp ); + + rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN, + turnvalp, sctrls, cctrls, msgidp ); + ber_free( turnvalber, 1 ); + return rc; +} + +int +ldap_turn_s( + LDAP *ld, + int mutual, + LDAP_CONST char* identifier, + LDAPControl **sctrls, + LDAPControl **cctrls ) +{ + BerElement *turnvalber = NULL; + struct berval *turnvalp = NULL; + int rc; + + turnvalber = ber_alloc_t( LBER_USE_DER ); + if( mutual ) { + ber_printf( turnvalber, "{bs}", 0xFF, identifier ); + } else { + ber_printf( turnvalber, "{s}", identifier ); + } + ber_flatten( turnvalber, &turnvalp ); + + rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TURN, + turnvalp, sctrls, cctrls, NULL, NULL ); + ber_free( turnvalber, 1 ); + return rc; +} + diff --git a/libraries/libldap_r/Makefile.in b/libraries/libldap_r/Makefile.in index 2e63c77fb1..09554ea9ad 100644 --- a/libraries/libldap_r/Makefile.in +++ b/libraries/libldap_r/Makefile.in @@ -28,7 +28,7 @@ XXSRCS = apitest.c test.c \ request.c os-ip.c url.c sortctrl.c vlvctrl.c \ init.c options.c print.c string.c util-int.c schema.c \ charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ - groupings.c txn.c ppolicy.c + turn.c groupings.c txn.c ppolicy.c SRCS = threads.c rdwr.c tpool.c rq.c \ thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \ thr_pth.c thr_stub.c @@ -44,7 +44,7 @@ OBJS = threads.lo rdwr.lo tpool.lo rq.lo \ request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ init.lo options.lo print.lo string.lo util-int.lo schema.lo \ charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ - groupings.lo txn.lo ppolicy.lo + turn.lo groupings.lo txn.lo ppolicy.lo LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries -- 2.39.5