Sync with HEAD for OL 2.4.5

4e32148a · Quanah Gibson-Mount · 5a9f4f49 · 4e32148a · 4e32148a · 4e32148a
Commit 4e32148a authored Sep 01, 2007 by Quanah Gibson-Mount
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -36,9 +36,11 @@ Public License.

 ---

-Portions Copyright 1999-2005 Howard Y.H. Chu.
-Portions Copyright 1999-2005 Symas Corporation.
+Portions Copyright 1999-2007 Howard Y.H. Chu.
+Portions Copyright 1999-2007 Symas Corporation.
 Portions Copyright 1998-2003 Hallvard B. Furuseth.
+Portions Copyright 2007 Gavin Henry
+Portions Copyright 2007 Suretec Systems
 All rights reserved.

 Redistribution and use in source and binary forms, with or without

--- a/README
+++ b/README
@@ -21,10 +21,6 @@ REQUIRED SOFTWARE
    SLAPD:
        BDB and HDB backends require Sleepycat Berkeley DB 4.2 or later

-    SLURPD:
-        LTHREAD compatible thread package
-            [POSIX threads, Mach Cthreads, select others]
-
    CLIENTS/CONTRIB ware:
        Depends on package.  See per package README.


--- a/build/config.guess
+++ b/build/config.guess
@@ -29,7 +29,7 @@ timestamp='2003-07-02-OpenLDAP'
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.

-## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

--- a/build/config.sub
+++ b/build/config.sub
@@ -34,7 +34,7 @@ timestamp='2003-07-04-OpenLDAP'
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.

-## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

--- a/build/ltmain.sh
+++ b/build/ltmain.sh
@@ -26,9 +26,9 @@

 # This file is distributed with OpenLDAP Software, which contains a
 # configuration script generated by Autoconf, and is distributable
-# under the same distributions terms as OpenLDAP inself.
+# under the same distributions terms as OpenLDAP itself.

-## Copyright 1998-2007 The OpenLDAP Foundation.
+## Portions Copyright 1998-2007 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -91,6 +91,7 @@ EOF
 			done
 			rm -f conftest*
 		])
+		test "$ol_cv_mkdep" = no && OL_MKDEP=":"
 	else
 		cc_cv_mkdep=yes
 		OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
@@ -627,9 +628,9 @@ main()
 	}

 #if (DB_VERSION_MAJOR > 3) || (DB_VERSION_MINOR >= 1)
-	rc = env->open( env, NULL, flags, 0 );
+	rc = (env->open)( env, NULL, flags, 0 );
 #else
-	rc = env->open( env, NULL, NULL, flags, 0 );
+	rc = (env->open)( env, NULL, NULL, flags, 0 );
 #endif

 	if ( rc == 0 ) {
@@ -736,152 +737,6 @@ fi
 ])
 dnl
 dnl ====================================================================
-dnl Check if GDBM library exists
-dnl Check for gdbm_open in standard libraries or -lgdbm
-dnl
-dnl defines ol_cv_lib_gdbm to 'yes' or '-lgdbm' or 'no'
-dnl		'yes' implies gdbm_open is in $LIBS
-dnl
-dnl uses:
-dnl		AC_CHECK_FUNC(gdbm_open)
-dnl		AC_CHECK_LIB(gdbm,gdbm_open)
-dnl
-AC_DEFUN([OL_LIB_GDBM],
-[AC_CACHE_CHECK(for GDBM library, [ol_cv_lib_gdbm],
-[	ol_LIBS="$LIBS"
-	AC_CHECK_FUNC(gdbm_open,[ol_cv_lib_gdbm=yes], [
-		AC_CHECK_LIB(gdbm,gdbm_open,[ol_cv_lib_gdbm=-lgdbm],[ol_cv_lib_gdbm=no])
-	])
-	LIBS="$ol_LIBS"
-])
-])dnl
-dnl
-dnl --------------------------------------------------------------------
-dnl Check if GDBM exists
-dnl
-dnl defines ol_cv_gdbm to 'yes' or 'no'
-dnl 
-dnl uses:
-dnl		OL_LIB_GDBM
-dnl		AC_CHECK_HEADERS(gdbm.h)
-dnl
-AC_DEFUN([OL_GDBM],
-[AC_REQUIRE([OL_LIB_GDBM])
- AC_CHECK_HEADERS(gdbm.h)
- AC_CACHE_CHECK(for db, [ol_cv_gdbm], [
-	if test $ol_cv_lib_gdbm = no || test $ac_cv_header_gdbm_h = no ; then
-		ol_cv_gdbm=no
-	else
-		ol_cv_gdbm=yes
-	fi
-])
- if test $ol_cv_gdbm = yes ; then
-	AC_DEFINE(HAVE_GDBM,1, [define if GNU DBM is available])
- fi
-])dnl
-dnl
-dnl ====================================================================
-dnl Check if MDBM library exists
-dnl Check for mdbm_open in standard libraries or -lmdbm
-dnl
-dnl defines ol_cv_lib_mdbm to 'yes' or '-lmdbm' or 'no'
-dnl		'yes' implies mdbm_open is in $LIBS
-dnl
-dnl uses:
-dnl		AC_CHECK_FUNC(mdbm_set_chain)
-dnl		AC_CHECK_LIB(mdbm,mdbm_set_chain)
-dnl
-AC_DEFUN([OL_LIB_MDBM],
-[AC_CACHE_CHECK(for MDBM library, [ol_cv_lib_mdbm],
-[	ol_LIBS="$LIBS"
-	AC_CHECK_FUNC(mdbm_set_chain,[ol_cv_lib_mdbm=yes], [
-		AC_CHECK_LIB(mdbm,mdbm_set_chain,[ol_cv_lib_mdbm=-lmdbm],[ol_cv_lib_mdbm=no])
-	])
-	LIBS="$ol_LIBS"
-])
-])dnl
-dnl
-dnl --------------------------------------------------------------------
-dnl Check if MDBM exists
-dnl
-dnl defines ol_cv_mdbm to 'yes' or 'no'
-dnl 
-dnl uses:
-dnl		OL_LIB_MDBM
-dnl		AC_CHECK_HEADERS(mdbm.h)
-dnl
-AC_DEFUN([OL_MDBM],
-[AC_REQUIRE([OL_LIB_MDBM])
- AC_CHECK_HEADERS(mdbm.h)
- AC_CACHE_CHECK(for db, [ol_cv_mdbm], [
-	if test $ol_cv_lib_mdbm = no || test $ac_cv_header_mdbm_h = no ; then
-		ol_cv_mdbm=no
-	else
-		ol_cv_mdbm=yes
-	fi
-])
- if test $ol_cv_mdbm = yes ; then
-	AC_DEFINE(HAVE_MDBM,1, [define if MDBM is available])
- fi
-])dnl
-dnl
-dnl ====================================================================
-dnl Check if NDBM library exists
-dnl Check for dbm_open in standard libraries or -lndbm or -ldbm
-dnl
-dnl defines ol_cv_lib_ndbm to 'yes' or '-lndbm' or -ldbm or 'no'
-dnl		'yes' implies ndbm_open is in $LIBS
-dnl
-dnl uses:
-dnl		AC_CHECK_FUNC(dbm_open)
-dnl		AC_CHECK_LIB(ndbm,dbm_open)
-dnl		AC_CHECK_LIB(dbm,dbm_open)
-dnl
-dnl restrictions:
-dnl		should also check SVR4 case: dbm_open() in -lucb but that
-dnl		would requiring dealing with -L/usr/ucblib
-dnl
-AC_DEFUN([OL_LIB_NDBM],
-[AC_CACHE_CHECK(for NDBM library, [ol_cv_lib_ndbm],
-[	ol_LIBS="$LIBS"
-	AC_CHECK_FUNC(dbm_open,[ol_cv_lib_ndbm=yes], [
-		AC_CHECK_LIB(ndbm,dbm_open,[ol_cv_lib_ndbm=-lndbm], [
-			AC_CHECK_LIB(dbm,dbm_open,[ol_cv_lib_ndbm=-ldbm],
-				[ol_cv_lib_ndbm=no])dnl
-		])
-	])
-	LIBS="$ol_LIBS"
-])
-])dnl
-dnl
-dnl --------------------------------------------------------------------
-dnl Check if NDBM exists
-dnl
-dnl defines ol_cv_ndbm to 'yes' or 'no'
-dnl 
-dnl uses:
-dnl		OL_LIB_NDBM
-dnl		AC_CHECK_HEADERS(ndbm.h)
-dnl
-dnl restrictions:
-dnl		Doesn't handle SVR4 case (see above)
-dnl
-AC_DEFUN([OL_NDBM],
-[AC_REQUIRE([OL_LIB_NDBM])
- AC_CHECK_HEADERS(ndbm.h)
- AC_CACHE_CHECK(for db, [ol_cv_ndbm], [
-	if test $ol_cv_lib_ndbm = no || test $ac_cv_header_ndbm_h = no ; then
-		ol_cv_ndbm=no
-	else
-		ol_cv_ndbm=yes
-	fi
-])
- if test $ol_cv_ndbm = yes ; then
-	AC_DEFINE(HAVE_NDBM,1, [define if NDBM is available])
- fi
-])dnl
-dnl
-dnl ====================================================================
 dnl Check POSIX Thread version 
 dnl
 dnl defines ol_cv_pthread_version to 4, 5, 6, 7, 8, 10, depending on the

--- a/build/top.mk
+++ b/build/top.mk
@@ -170,10 +170,8 @@ LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a

 LDAP_L = $(LDAP_LIBLUTIL_A) \
 	$(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA)
-SLURPD_L = $(LDAP_LIBLUTIL_A) \
-	$(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
 SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \
-	$(SLURPD_L)
+	$(LDAP_LIBLUTIL_A) $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)

 WRAP_LIBS = @WRAP_LIBS@
 # AutoConfig generated 
@@ -202,7 +200,6 @@ SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
 SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@

 SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
-SLURPD_LIBS = @SLURPD_LIBS@

 # Our Defaults
 CC = $(AC_CC)

--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -33,6 +33,7 @@
 #include <ac/unistd.h>
 #include <ac/errno.h>
 #include <ac/time.h>
+#include <ac/socket.h>

 #ifdef HAVE_CYRUS_SASL
 #ifdef HAVE_SASL_SASL_H
@@ -113,6 +114,13 @@ int		chaining = 0;
 static int	chainingResolve = -1;
 static int	chainingContinuation = -1;
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+static int	sessionTracking = 0;
+struct berval	stValue;
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
+LDAPControl	*unknown_ctrls = NULL;
+int		unknown_ctrls_num = 0;

 /* options */
 struct timeval	nettimeout = { -1 , 0 };
@@ -144,6 +152,53 @@ static struct tool_ctrls_t {
 static int	gotintr;
 static int	abcan;

+
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+static int
+st_value( LDAP *ld, struct berval *value )
+{
+	char		*ip = NULL, *name = NULL;
+	struct berval	id = { 0 };
+	char		namebuf[ MAXHOSTNAMELEN ];
+
+	if ( gethostname( namebuf, sizeof( namebuf ) ) == 0 ) {
+		struct hostent	*h;
+		struct in_addr	addr;
+
+		name = namebuf;
+
+		h = gethostbyname( name );
+		if ( h != NULL ) {
+			AC_MEMCPY( &addr, h->h_addr, sizeof( addr ) );
+			ip = inet_ntoa( addr );
+		}
+	}
+
+#ifdef HAVE_CYRUS_SASL
+	if ( sasl_authz_id != NULL ) {
+		ber_str2bv( sasl_authz_id, 0, 0, &id );
+
+	} else if ( sasl_authc_id != NULL ) {
+		ber_str2bv( sasl_authc_id, 0, 0, &id );
+
+	} else 
+#endif /* HAVE_CYRUS_SASL */
+	if ( binddn != NULL ) {
+		ber_str2bv( binddn, 0, 0, &id );
+	}
+
+	if ( ldap_create_session_tracking_value( ld,
+		ip, name, LDAP_CONTROL_X_SESSION_TRACKING_USERNAME,
+		&id, &stValue ) )
+	{
+		fprintf( stderr, _("Session tracking control encoding error!\n") );
+		return -1;
+	}
+
+	return 0;
+}
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
 RETSIGTYPE
 do_sig( int sig )
 {
@@ -175,7 +230,6 @@ tool_common_usage( void )
 {
 	static const char *const descriptions[] = {
 N_("  -c         continuous operation mode (do not stop on errors)\n"),
-N_("  -C         chase referrals (anonymously)\n"),
 N_("  -d level   set LDAP debugging level to `level'\n"),
 N_("  -D binddn  bind DN\n"),
 N_("  -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
@@ -199,15 +253,16 @@ N_("             ppolicy\n")
 #endif
 N_("             [!]postread[=<attrs>]  (a comma-separated attribute list)\n")
 N_("             [!]preread[=<attrs>]   (a comma-separated attribute list)\n")
-#ifdef LDAP_DEVEL
 N_("             [!]relax\n")
-#endif
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+N_("             [!]sessiontracking\n")
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
 N_("             abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
   "             or ignores response; if critical, doesn't wait for SIGINT.\n"
   "             not really controls)\n")
 N_("  -f file    read operations from `file'\n"),
 N_("  -h host    LDAP server\n"),
-N_("  -H URI     LDAP Uniform Resource Indentifier(s)\n"),
+N_("  -H URI     LDAP Uniform Resource Identifier(s)\n"),
 N_("  -I         use SASL Interactive mode\n"),
 N_("  -M         enable Manage DSA IT control (-MM to make critical)\n"),
 N_("  -n         show what would be done but don't actually do it\n"),
@@ -215,7 +270,7 @@ N_("  -O props   SASL security properties\n"),
 N_("  -o <opt>[=<optparam] general options\n"),
 N_("             nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
 N_("  -p port    port on LDAP server\n"),
-N_("  -P version procotol version (default: 3)\n"),
+N_("  -P version protocol version (default: 3)\n"),
 N_("  -Q         use SASL Quiet mode\n"),
 N_("  -R realm   SASL realm\n"),
 N_("  -U authcid SASL authentication identity\n"),
@@ -299,7 +354,7 @@ tool_args( int argc, char **argv )
 			}
 			binddn = ber_strdup( optarg );
 			break;
-		case 'e': /* general extensions (controls and such) */
+		case 'e':	/* general extensions (controls and such) */
 			/* should be extended to support comma separated list of
 			 *	[!]key[=value] parameters, e.g.  -e !foo,bar=567
 			 */
@@ -520,6 +575,55 @@ tool_args( int argc, char **argv )
 					gotintr = abcan;
 				}

+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+			} else if ( strcasecmp( control, "sessiontracking" ) == 0 ) {
+				if ( sessionTracking ) {
+					fprintf( stderr, "%s: session tracking can be only specified once\n", prog );
+					exit( EXIT_FAILURE );
+				}
+				sessionTracking = 1;
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
+			} else if ( tool_is_oid( control ) ) {
+				LDAPControl	*tmpctrls, ctrl;
+
+				tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
+					(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
+				if ( tmpctrls == NULL ) {
+					fprintf( stderr, "%s: no memory?\n", prog );
+					exit( EXIT_FAILURE );
+				}
+				unknown_ctrls = tmpctrls;
+				ctrl.ldctl_oid = control;
+				ctrl.ldctl_value.bv_val = NULL;
+				ctrl.ldctl_value.bv_len = 0;
+				ctrl.ldctl_iscritical = crit;
+
+				if ( cvalue != NULL ) {
+					struct berval	bv;
+					size_t		len = strlen( cvalue );
+					int		retcode;
+
+					bv.bv_len = LUTIL_BASE64_DECODE_LEN( len );
+					bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+
+					retcode = lutil_b64_pton( cvalue,
+						(unsigned char *)bv.bv_val,
+						bv.bv_len );
+
+					if ( retcode == -1 || retcode > bv.bv_len ) {
+						fprintf( stderr, "Unable to parse value of general control %s\n",
+							control );
+						usage();
+					}
+
+					bv.bv_len = retcode;
+					ctrl.ldctl_value = bv;
+				}
+
+				unknown_ctrls[ unknown_ctrls_num ] = ctrl;
+				unknown_ctrls_num++;
+
 			} else {
 				fprintf( stderr, "Invalid general control name: %s\n",
 					control );
@@ -893,6 +997,9 @@ tool_args( int argc, char **argv )
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 			chaining ||
 #endif
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+			sessionTracking ||
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
 			noop || ppolicy || preread || postread )
 		{
 			fprintf( stderr, "%s: -e/-M incompatible with LDAPv2\n", prog );
@@ -957,6 +1064,137 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )
 			url.lud_scope = LDAP_SCOPE_DEFAULT;

 			ldapuri = ldap_url_desc2str( &url );
+
+		} else if ( ldapuri != NULL ) {
+			LDAPURLDesc	*ludlist, **ludp;
+			char		**urls = NULL;
+			int		nurls = 0;
+
+			rc = ldap_url_parselist( &ludlist, ldapuri );
+			if ( rc != LDAP_URL_SUCCESS ) {
+				fprintf( stderr,
+					"Could not parse LDAP URI(s)=%s (%d)\n",
+					ldapuri, rc );
+				exit( EXIT_FAILURE );
+			}
+
+			for ( ludp = &ludlist; *ludp != NULL; ) {
+				LDAPURLDesc	*lud = *ludp;
+				char		**tmp;
+
+				if ( lud->lud_dn != NULL && lud->lud_dn[ 0 ] != '\0' &&
+					( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) )
+				{
+					/* if no host but a DN is provided,
+					 * use DNS SRV to gather the host list
+					 * and turn it into a list of URIs
+					 * using the scheme provided */
+					char	*domain = NULL,
+						*hostlist = NULL,
+						**hosts = NULL;
+					int	i,
+						len_proto = strlen( lud->lud_scheme );
+
+					if ( ldap_dn2domain( lud->lud_dn, &domain )
+						|| domain == NULL )
+					{
+						fprintf( stderr,
+							"DNS SRV: Could not turn "
+							"DN=\"%s\" into a domain\n",
+							lud->lud_dn );
+						goto dnssrv_free;
+					}
+					
+					rc = ldap_domain2hostlist( domain, &hostlist );
+					if ( rc ) {
+						fprintf( stderr,
+							"DNS SRV: Could not turn "
+							"domain=%s into a hostlist\n",
+							domain );
+						goto dnssrv_free;
+					}
+
+					hosts = ldap_str2charray( hostlist, " " );
+					if ( hosts == NULL ) {
+						fprintf( stderr,
+							"DNS SRV: Could not parse "
+							"hostlist=\"%s\"\n",
+							hostlist );
+						goto dnssrv_free;
+					}
+
+					for ( i = 0; hosts[ i ] != NULL; i++ )
+						/* count'em */ ;
+
+					tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
+					if ( tmp == NULL ) {
+						fprintf( stderr,
+							"DNS SRV: out of memory?\n" );
+						goto dnssrv_free;
+					}
+					urls = tmp;
+					urls[ nurls ] = NULL;
+
+					for ( i = 0; hosts[ i ] != NULL; i++ ) {
+						size_t	len = len_proto
+							+ STRLENOF( "://" )
+							+ strlen( hosts[ i ] )
+							+ 1;
+
+						urls[ nurls + i + 1 ] = NULL;
+						urls[ nurls + i ] = (char *)malloc( sizeof( char ) * len );
+						if ( urls[ nurls + i ] == NULL ) {
+							fprintf( stderr,
+								"DNS SRV: out of memory?\n" );
+							goto dnssrv_free;
+						}
+
+						snprintf( urls[ nurls + i ], len, "%s://%s",
+							lud->lud_scheme, hosts[ i ] );
+					}
+					nurls += i;
+
+dnssrv_free:;
+					ber_memvfree( (void **)hosts );
+					ber_memfree( hostlist );
+					ber_memfree( domain );
+
+				} else {
+					tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + 2 ) );
+					if ( tmp == NULL ) {
+						fprintf( stderr,
+							"DNS SRV: out of memory?\n" );
+						break;
+					}
+					urls = tmp;
+					urls[ nurls + 1 ] = NULL;
+
+					urls[ nurls ] = ldap_url_desc2str( lud );
+					if ( urls[ nurls ] == NULL ) {
+						fprintf( stderr,
+							"DNS SRV: out of memory?\n" );
+						break;
+					}
+					nurls++;
+				}
+
+				*ludp = lud->lud_next;
+
+				lud->lud_next = NULL;
+				ldap_free_urldesc( lud );
+			}
+
+			if ( ludlist != NULL ) {
+				ldap_free_urllist( ludlist );
+				exit( EXIT_FAILURE );
+
+			} else if ( urls == NULL ) {
+				exit( EXIT_FAILURE );
+			}
+
+			ldap_memfree( ldapuri );
+			ldapuri = ldap_charray2str( urls, " " );
+			ber_memvfree( (void **)urls );
 		}

 		if ( verbose ) {
@@ -1019,21 +1257,41 @@ void
 tool_bind( LDAP *ld )
 {
 	LDAPControl	**sctrlsp = NULL;
-	LDAPControl	*sctrls[2];
+	LDAPControl	*sctrls[3];
+	LDAPControl	sctrl[3];
 	int		nsctrls = 0;

 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
-	LDAPControl c;
 	if ( ppolicy ) {
+		LDAPControl c;
 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
 		c.ldctl_value.bv_val = NULL;
 		c.ldctl_value.bv_len = 0;
 		c.ldctl_iscritical = 0;
-		sctrls[nsctrls] = &c;
+		sctrl[nsctrls] = c;
+		sctrls[nsctrls] = &sctrl[nsctrls];
 		sctrls[++nsctrls] = NULL;
 	}
 #endif

+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+	if ( sessionTracking ) {
+		LDAPControl c;
+
+		if (stValue.bv_val == NULL && st_value( ld, &stValue ) ) {
+			exit( EXIT_FAILURE );
+		}
+
+		c.ldctl_oid = LDAP_CONTROL_X_SESSION_TRACKING;
+		c.ldctl_iscritical = 0;
+		ber_dupbv( &c.ldctl_value, &stValue );
+
+		sctrl[nsctrls] = c;
+		sctrls[nsctrls] = &sctrl[nsctrls];
+		sctrls[++nsctrls] = NULL;
+	}
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
 	if ( nsctrls ) {
 		sctrlsp = sctrls;
 	}
@@ -1108,7 +1366,7 @@ tool_bind( LDAP *ld )
 		rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
 			&ctrls, 1 );
 		if ( rc != LDAP_SUCCESS ) {
-			tool_perror( "ldap_bind parse result", rc, NULL, NULL, NULL, NULL );
+			tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
 			exit( LDAP_LOCAL_ERROR );
 		}

@@ -1118,8 +1376,8 @@ tool_bind( LDAP *ld )
 			int expire, grace, len = 0;
 			LDAPPasswordPolicyError pErr = -1;
 			
-			ctrl = ldap_find_control( LDAP_CONTROL_PASSWORDPOLICYRESPONSE,