Commit dda62b2b authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Import latest from devel

parent 0c7768fe
......@@ -32,3 +32,6 @@ to the University of Michigan at Ann Arbor. The name of the University
may not be used to endorse or promote products derived from this
software without specific prior written permission. This software
is provided ``as is'' without express or implied warranty.
---
$OpenLDAP$
......@@ -90,7 +90,7 @@ these steps:
7. install the binaries and man pages. You may need to be superuser to
do this (depending on where you are installing things):
% su root -c make install
% su root -c 'make install'
That's it!
......@@ -107,10 +107,10 @@ these steps:
ldaptemplates.conf - display template definitions
Server configuration files:
ldapd.conf - LDAP - X.500 daemon
slapd.conf - Standalone LDAP daemon
slapd.conf - Standalone LDAP daemon configuration
schema/*.schema - Schema Definitions
There are section 5 man pages for all of these files.
There are section 5 man pages for these configuration files.
Building LDAP For More Than One Platform
......@@ -138,8 +138,6 @@ Follow these steps for each different platform:
4. Continue as above (starting at step 6).
Note: make depend in VPATH environment is not yet supported.
CONFIGURE OPTIONS
......@@ -224,4 +222,5 @@ HINTS
./configure
End of OpenLDAP INSTALL file.
---
$OpenLDAP$
The OpenLDAP Public License
Version 2.2.1, 1 March 2000
Version 2.3, 28 July 2000
Redistribution and use of this software and associated documentation
("Software"), with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain copyright statements
and notices. Redistributions must also contain a copy of this
document.
and notices.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
2. Redistributions in binary form must reproduce applicable copyright
statements and notices, this list of conditions, and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
3. The name "OpenLDAP" must not be used to endorse or promote
3. Redistributions must contain a verbatim copy of this document.
4. The name "OpenLDAP" must not be used to endorse or promote
products derived from this Software without prior written permission
of the OpenLDAP Foundation.
4. Products derived from this Software may not be called "OpenLDAP"
5. Products derived from this Software may not be called "OpenLDAP"
nor may "OpenLDAP" appear in their names without prior written
permission of the OpenLDAP Foundation.
5. Due credit should be given to the OpenLDAP Project
6. Due credit should be given to the OpenLDAP Project
(http://www.openldap.org/).
6. The OpenLDAP Foundation may revise this license from time to
7. The OpenLDAP Foundation may revise this license from time to
time. Each revision is distinguished by a version number. You
may use the Software under terms of this license revision or under
the terms of any subsequent revision of the license.
......
......@@ -74,3 +74,6 @@ SUPPORT / FEEDBACK / PROBLEM REPORTS / DISCUSSIONS
by sending mail to OpenLDAP-its@OpenLDAP.org. Do not use
this system for general or software equiries. Please direct
these to the appropriate mailing list.
---
$OpenLDAP$
......@@ -139,11 +139,12 @@ main( int argc, char **argv )
#ifdef GO500_HOSTNAME
strcpy( myhost, GO500_HOSTNAME );
#else
if ( myhost[0] == '\0' && gethostname( myhost, sizeof(myhost) )
if ( myhost[0] == '\0' && gethostname( myhost, sizeof(myhost)-1 )
== -1 ) {
perror( "gethostname" );
exit( EXIT_FAILURE );
}
myhost[sizeof(myhost)-1] = '\0';
#endif
#ifdef HAVE_SYSCONF
......@@ -213,7 +214,7 @@ main( int argc, char **argv )
}
#ifdef LDAP_PROCTITLE
setproctitle( hp == NULL ? inet_ntoa( from.sin_addr ) :
setproctitle( "%s", hp == NULL ? inet_ntoa( from.sin_addr ) :
hp->h_name );
#endif
}
......@@ -344,7 +345,7 @@ wait4child( int sig )
; /* NULL */
#endif
(void) SIGNAL( SIGCHLD, wait4child );
(void) SIGNAL_REINSTALL ( SIGCHLD, wait4child );
}
static void
......
......@@ -176,11 +176,12 @@ main (int argc, char **argv )
#ifdef GO500GW_HOSTNAME
strcpy( myhost, GO500GW_HOSTNAME );
#else
if ( myhost[0] == '\0' && gethostname( myhost, sizeof(myhost) )
if ( myhost[0] == '\0' && gethostname( myhost, sizeof(myhost)-1 )
== -1 ) {
perror( "gethostname" );
exit( EXIT_FAILURE );
}
myhost[sizeof(myhost)-1] = '\0';
#endif
/* detach if stderr is redirected or no debugging */
......@@ -236,7 +237,7 @@ main (int argc, char **argv )
}
#ifdef LDAP_PROCTITLE
setproctitle( hp == NULL ? inet_ntoa( from.sin_addr ) :
setproctitle( "%s", hp == NULL ? inet_ntoa( from.sin_addr ) :
hp->h_name );
#endif
}
......@@ -370,7 +371,7 @@ wait4child( int sig )
; /* NULL */
#endif
(void) SIGNAL( SIGCHLD, wait4child );
(void) SIGNAL_REINSTALL ( SIGCHLD, wait4child );
}
static void
......
......@@ -17,18 +17,22 @@
#include <ac/unistd.h>
#include <ldap.h>
#include "lutil_ldap.h"
#include "ldap_defaults.h"
static char *prog;
static char *binddn = NULL;
static struct berval passwd = { 0, NULL};
static struct berval passwd = { 0, NULL };
static char *ldaphost = NULL;
static int ldapport = 0;
static int prune = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_mech = NULL;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
static char *sasl_mech = NULL;
static int sasl_integrity = 0;
static int sasl_privacy = 0;
static char *sasl_secprops = NULL;
#endif
static int use_tls = 0;
static int not, verbose, contoper;
......@@ -50,30 +54,32 @@ usage( const char *s )
"usage: %s [options] [dn]...\n"
" dn: list of DNs to delete. If not given, it will be readed from stdin\n"
" or from the file specified with \"-f file\".\n"
"options:\n"
" -c\t\tcontinuous operation mode (do not stop on errors)\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
" -f file\t\tdelete DNs listed in `file'\n"
" -h host\t\tLDAP server\n"
" -I\t\trequest SASL integrity checking (-II to make it\n"
" \tcritical)\n"
" -k\t\tuse Kerberos authentication\n"
" -K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
" -M\t\tenable Manage DSA IT control (-MM to make it critical)\n"
" -n\t\tshow what would be done but don't actually delete\n"
" -p port\t\tport on LDAP server\n"
" -P version\tprocotol version (default: 3)\n"
" -r\t\tdelete recursively\n"
" -U user\t\tSASL authentication identity (username)\n"
" -v\t\trun in verbose mode (diagnostics to standard output)\n"
" -w passwd\tbind passwd (for simple authentication)\n"
" -W\t\tprompt for bind passwd\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
"Delete Options:\n"
" -r delete recursively\n"
"Common options:\n"
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -f file read operations from `file'\n"
" -h host LDAP server\n"
" -I use SASL Interactive mode\n"
" -k use Kerberos authentication\n"
" -K like -k, but do only step 1 of the Kerberos bind\n"
" -M enable Manage DSA IT control (-MM to make critical)\n"
" -n show what would be done but don't actually search\n"
" -O props SASL security properties\n"
" -p port port on LDAP server\n"
" -P version procotol version (default: 3)\n"
" -Q use SASL Quiet mode\n"
" -R realm SASL realm\n"
" -U user SASL authentication identity (username)\n"
" -v run in verbose mode (diagnostics to standard output)\n"
" -w passwd bind passwd (for simple authentication)\n"
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X id SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
......@@ -89,190 +95,362 @@ main( int argc, char **argv )
not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
fp = NULL;
authmethod = LDAP_AUTH_SIMPLE;
authmethod = -1;
version = -1;
while (( i = getopt( argc, argv, "cCD:d:Ef:h:IKMnP:p:rU:vWw:X:Y:Z" )) != EOF ) {
prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : ++prog;
while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
return( EXIT_FAILURE );
#endif
break;
case 'K': /* kerberos bind, part one only */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
return( EXIT_FAILURE );
#endif
break;
/* Delete Specific Options */
case 'c': /* continuous operation mode */
++contoper;
break;
case 'C':
referrals++;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'w': /* password */
passwd.bv_val = strdup( optarg );
{
char* p;
for( p = optarg; *p == '\0'; p++ ) {
*p = '*';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'f': /* read DNs from a file */
if( fp != NULL ) {
fprintf( stderr, "%s: -f previously specified\n" );
return EXIT_FAILURE;
}
if (( fp = fopen( optarg, "r" )) == NULL ) {
perror( optarg );
exit( EXIT_FAILURE );
}
break;
case 'r':
prune = 1;
break;
/* Common Options */
case 'C':
referrals++;
break;
case 'd':
debug |= atoi( optarg );
break;
case 'p':
ldapport = atoi( optarg );
case 'D': /* bind DN */
if( binddn != NULL ) {
fprintf( stderr, "%s: -D previously specified\n" );
return EXIT_FAILURE;
}
binddn = strdup( optarg );
break;
case 'n': /* print deletes, don't actually do them */
++not;
case 'h': /* ldap host */
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
case 'r':
prune = 1;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -I incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
case 'v': /* verbose mode */
verbose++;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 ) {
fprintf( stderr, "%s: -k incompatible with previous "
"authentication choice\n", prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
return EXIT_FAILURE;
#endif
break;
case 'K': /* kerberos bind, part one only */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 ) {
fprintf( stderr, "%s: incompatible with previous "
"authentication choice\n", prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
return( EXIT_FAILURE );
#endif
break;
case 'M':
/* enable Manage DSA IT */
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -M incompatible with LDAPv%d\n",
prog, version );
return EXIT_FAILURE;
}
manageDSAit++;
version = LDAP_VERSION3;
break;
case 'W':
want_bindpw++;
case 'n': /* print deletes, don't actually do them */
++not;
break;
case 'O':
#ifdef HAVE_CYRUS_SASL
if( sasl_secprops != NULL ) {
fprintf( stderr, "%s: -O previously specified\n" );
return EXIT_FAILURE;
}
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -O incompatible with LDAPv%d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n", prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_secprops = strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
break;
case 'p':
if( ldapport ) {
fprintf( stderr, "%s: -p previously specified\n" );
return EXIT_FAILURE;
}
ldapport = atoi( optarg );
break;
case 'P':
switch( atoi(optarg) )
{
switch( atoi(optarg) ) {
case 2:
if( version == LDAP_VERSION3 ) {
fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
version = LDAP_VERSION2;
break;
case 3:
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
version = LDAP_VERSION3;
break;
default:
fprintf( stderr, "protocol version should be 2 or 3\n" );
usage( argv[0] );
fprintf( stderr, "%s: protocol version should be 2 or 3\n",
prog );
usage( prog );
return( EXIT_FAILURE );
}
break;
case 'I':
} break;
case 'Q':
#ifdef HAVE_CYRUS_SASL
sasl_integrity++;
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -Q incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s was not compiled with SASL support\n",
argv[0] );
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
break;
case 'E':
case 'R':
#ifdef HAVE_CYRUS_SASL
sasl_privacy++;
if( sasl_realm != NULL ) {
fprintf( stderr, "%s: -R previously specified\n" );
return EXIT_FAILURE;
}
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -R incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_realm = strdup( optarg );
#else
fprintf( stderr, "%s was not compiled with SASL support\n",
argv[0] );
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
break;
case 'Y':
case 'U':
#ifdef HAVE_CYRUS_SASL
if ( strcasecmp( optarg, "any" ) && strcmp( optarg, "*" ) ) {
sasl_mech = strdup( optarg );
if( sasl_authc_id != NULL ) {
fprintf( stderr, "%s: -U previously specified\n" );
return EXIT_FAILURE;
}
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -U incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_authc_id = strdup( optarg );
#else
fprintf( stderr, "%s was not compiled with SASL support\n",
argv[0] );
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
break;
case 'U':
case 'v': /* verbose mode */
verbose++;
break;
case 'w': /* password */
passwd.bv_val = strdup( optarg );
{
char* p;
for( p = optarg; *p == '\0'; p++ ) {
*p = '\0';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'W':
want_bindpw++;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
sasl_authc_id = strdup( optarg );
if( sasl_mech != NULL ) {
fprintf( stderr, "%s: -Y previously specified\n" );
return EXIT_FAILURE;
}
if( version == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -Y incompatible with version %d\n",
prog, version );
return EXIT_FAILURE;
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible with authentication choice\n", prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
sasl_mech = strdup( optarg );
#else
fprintf( stderr, "%s was not compiled with SASL support\n",
argv[0] );
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
return( EXIT_FAILURE );
#endif
break;
case 'x':
if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
fprintf( stderr, "%s: incompatible with previous "
"authentication choice\n", prog );
return EXIT_FAILURE;
}
authmethod = LDAP_AUTH_SIMPLE;
break;
case 'X':
#ifdef HAVE_CYRUS_SASL