Commit e3a22ab0 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Update to latest devel codes

parent 56629f44
......@@ -317,9 +317,10 @@ main( int argc, char **argv )
}
}
if (want_bindpw)
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
}
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......
......@@ -381,9 +381,10 @@ main( int argc, char **argv )
}
}
if (want_bindpw)
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
}
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......
......@@ -364,9 +364,10 @@ main(int argc, char **argv)
}
}
if (want_bindpw)
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
}
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......
This diff is collapsed.
This diff is collapsed.
Individual Submission to LDAPExt Working Group R. Harrison
Internet Draft Novell, Inc.
Document: draft-rharrison-ldap-extpartresp-00.txt October, 1999
Document: draft-rharrison-ldap-extpartresp-01.txt June, 2000
Category: Proposed Standard
......@@ -48,27 +49,25 @@ Status of this Memo
protocol without requiring a new revision of the protocol.
The LDAP v3 Extended Operation allows for a single extended response
to each extended request, but this paradigm may not be efficient
enough for some directory operations. For instance, the LDAP search
to each extended request, but this paradigm may not be sufficient
for some directory operations. For instance, the LDAP search
operation is a directory operation that is much more efficient when
multiple partial responses are used to service a single request. The
Harrison Individual Submission û Expires April 14, 2000 1
LDAP v3 Extended Partial Response October, 1999
LDAP v3 Extended Partial Response June, 2000
extended partial response generalizes the current extended operation
definition to give LDAP server implementers the ability to make use
of a single-request-multiple-response paradigm for extended LDAP
operations that would benefit from it.
operations that require it or that would benefit from it.
4. Element of Protocol
The ExtendedPartialResponse is defined as
ExtendedPartialResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAPOID,
responseName [0] LDAPOID OPTIONAL,
response [1] OCTET STRING OPTIONAL }
An LDAP server responds to an LDAP v3 ExtendedRequest with zero or
......@@ -111,17 +110,27 @@ Harrison Individual Submission
Roger Harrison
Novell, Inc.
Harrison Individual Submission û Expires April 14, 2000 2
LDAP v3 Extended Partial Response October, 1999
LDAP v3 Extended Partial Response June, 2000
122 E. 1700 S.
1800 S. Novell Place
Provo, UT 84606
+1 801 861 2642
roger_harrison@novell.com
Appendix A - Document Revision History
A.1 draft-rharrison-ldap-extPartResp-00.doc
Initial revision of draft.
A.2 draft-rharrison-ldap-extPartResp-01.doc
Changed responseName to be optional to align with [LDAPv3]
definition of ExtendedResponse.
Full Copyright Statement
"Copyright (C) The Internet Society (date). All Rights Reserved.
......@@ -148,29 +157,3 @@ Full Copyright Statement
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Harrison Individual Submission û Expires April 14, 2000 3
......@@ -168,9 +168,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Request the use of TLS (Transport Layer Security). If you use
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will fail if TLS negotiation does not succeed for some reason.
, the command will require the operation to be successful.
.SH EXAMPLE
The following command:
.LP
......
......@@ -233,9 +233,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Request the use of TLS (Transport Layer Security). If you use
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will fail if TLS negotiation does not succeed for some reason.
, the command will require the operation to be successful.
.SH INPUT FORMAT
The contents of \fIfile\fP (or standard input if no \-f flag is given on
the command line) should conform to the format defined in
......
......@@ -164,9 +164,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Request the use of TLS (Transport Layer Security). If you use
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will fail if TLS negotiation does not succeed for some reason.
, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
......
......@@ -139,9 +139,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Request the use of TLS (Transport Layer Security). If you use
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will fail if TLS negotiation does not succeed for some reason.
, the command will require the operation to be successful.
.SH SEE ALSO
.BR ldap_bind (3)
.SH ACKNOWLEDGEMENTS
......
......@@ -276,9 +276,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Request the use of TLS (Transport Layer Security). If you use
Issue StartTLS (Transport Layer Security) extended operation. If you use
.B \-ZZ\c
, the command will fail if TLS negotiation does not succeed for some reason.
, the command will require the operation to be successful.
.SH OUTPUT FORMAT
If one or more entries are found, each entry is written to standard output
in the form:
......
......@@ -3,7 +3,7 @@
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap - Lightweight Directory Access Protocol package
ldap - OpenLDAP Lightweight Directory Access Protocol API
.SH SYNOPSIS
.nf
.ft B
......@@ -22,7 +22,7 @@ overview of the LDAP library routines.
.LP
Both synchronous and asynchronous APIs are provided. Also included are
various routines to parse the results returned from these routines.
These routines are found in the libldap.a library.
These routines are found in the \-lldap library.
.LP
The basic interaction is as follows. A connection is made to an LDAP
server by calling
......@@ -108,10 +108,7 @@ the ldap search routines. The
.BR ldap_friendly (3)
routines are
used to map from short two letter country codes (or other strings)
to longer "friendlier" names. The
.BR ldap_charset (3)
routines can be used to translate to and from the T.61 character
set used for many character strings in the LDAP protocol.
to longer "friendlier" names.
.SH CONNECTIONLESS ACCESS
The
.BR cldap_search_s (3)
......
.TH SLAPPASSWD 8C "15 June 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slappassword \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
.B [\-v]
.B [\-s secret]
.B [\-h hash]
.B
.LP
.SH DESCRIPTION
.LP
.B Slappasswd
is used to compute a hashed password suitable for use
as a userPassword value
.BR slapd.conf (5)
.BR rootpw .
.SH OPTIONS
.TP
.B \-v
enable verbose mode.
.TP
.BI \-s " secret"
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
.TP
.BI \-h " hash"
The hash algorithm to use. Algorithms supported include
.IR {CRYPT} ,
.IR {MD5} ,
.IR {SMD5} ,
.IR {SSHA} ", and"
.IR {SHA} .
The default is
.IR {SSHA} .
.SH LIMITATIONS
The practice storing hashed passwords in userPassword
violates Standard Track schema and may hinder
interoperability.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
should be inplace before using LDAP simple bind. The
hashed password values should be protected as if they
were clear text passwords.
.SH "SEE ALSO"
.BR ldapmodify (3),
.BR slapd (8)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
This is an index of RFC contained in this directory:
STD Standard
DS Draft Standard
PS Proposed Standard
I Information
E Experimental
rfc1274.txt COSINE and Internet X.500 Schema (PS)
rfc1275.txt X.500 Replication Requirements (I)
rfc1279.txt X.500 and Domains (E)
rfc1308.txt Executive Intro to Directory Services - X.500 (FYI13)
rfc1309.txt Technical Overview of Directory Services - X.500 (FYI14)
rfc1430.txt Plan for Deploying an Internet X.500 Directory Service (I)
rfc1617.txt Naming and Structuring Guidelines for X.500 Directory Pilots (I)
rfc1777.txt Lightweight Directory Access Protocol (DS)
rfc1778.txt LDAP String Representation of Attribute Types (DS)
rfc1779.txt LDAP String Representation of DNs (DS)
rfc1781.txt Using the OSI Directory to Achieve User Friendly Naming (PS)
rfc1798.txt Connection-less LDAP (PS)
rfc1823.txt LDAP C API (I)
rfc1959.txt LDAP URL Format (PS)
rfc1960.txt LDAP String Representation of Search Filters (DS)
rfc2079.txt X.500 Attribute Type and an Object Class to Hold URIs (PS)
rfc2119.txt Key words (BCP14)
rfc2164.txt X.500/LDAP MIXER address mapping (PS)
rfc2218.txt Common Schema for the Internet White Pages Service (PS)
rfc2222.txt Simple Authentication and Security Layer (PS)
rfc2247.txt Using Domains in LDAP DNs (PS)
rfc2251.txt LDAPv3 Protocol (PS)
rfc2252.txt LDAPv3 Attribute Types (PS)
rfc2253.txt LDAPv3 Disinguished Name (PS)
rfc2254.txt LDAPv3 Search Filters (PS)
rfc2255.txt LDAPv3 URI (PS)
rfc2256.txt X.500(96) Schema for LDAPv3 (PS)
rfc2279.txt UTF-8 (DS)
rfc2293.txt Tables and Subtrees in the X.500 Directory (PS)
rfc2294.txt O/R Address hierarchy in the X.500 DIT (PS)
rfc2307.txt LDAP Network Information Services Schema (I)
rfc2377.txt LDAP Naming Plan (I)
rfc2559.txt Internet X.509 PKI Operational Protocols - LDAPv2 (PS)
rfc2587.txt Internet X.509 PKI LDAPv2 Schema (PS)
rfc2589.txt LDAPv3: Dynamic Directory Services Extensions (PS)
rfc2596.txt Use of Language Codes in LDAP (PS)
rfc2649.txt LDAPv3 Operational Signatures (E)
rfc2657.txt LDAPv2 Client vs. the Index Mesh (E)
rfc2696.txt LDAP Simple Paged Result Control (PS)
rfc2713.txt LDAP Java schema (I)
rfc2714.txt LDAP COBRA schema (I)
rfc2798.txt LDAP inetOrgPerson schema (I)
rfc2829.txt LDAPv3/Authentication Methods (PS)
rfc2830.txt LDAPv3/StartTLS (PS)
rfc2831.txt SASL/DIGEST-MD5 (PS)
rfc2849.txt LDIFv1 (PS)
This diff is collapsed.
......@@ -205,12 +205,12 @@ Please try again later.\r\n"
#define SLAPD_LDBM_MIN_MAXIDS (8192-4)
/* the following DNs must be normalized! */
/* dn of the special "schema" entry */
#define SLAPD_SCHEMA_DN "cn=Schema"
/* dn of the default subschema subentry */
#define SLAPD_SCHEMA_DN "cn=Subschema"
#if 0
/* dn of the special "monitor" entry */
/* dn of the default "monitor" subentry */
#define SLAPD_MONITOR_DN "cn=Monitor"
/* dn of the special "config" entry */
/* dn of the default "config" subentry */
#define SLAPD_CONFIG_DN "cn=Config"
#endif
......
......@@ -231,9 +231,9 @@ ber_flush( Sockbuf *sb, BerElement *ber, int freeit )
if ( sb->sb_debug ) {
ber_log_printf( LDAP_DEBUG_ANY, sb->sb_debug,
"ber_flush: %ld bytes to sd %ld%s\n", towrite,
(long) sb->sb_fd, ber->ber_rwptr != ber->ber_buf ?
" (re-flush)" : "" );
"ber_flush: %ld bytes to sd %ld%s\n",
towrite, (long) sb->sb_fd,
ber->ber_rwptr != ber->ber_buf ? " (re-flush)" : "" );
ber_log_bprint( LDAP_DEBUG_PACKETS, sb->sb_debug,
ber->ber_rwptr, towrite );
}
......@@ -523,8 +523,10 @@ ber_get_next(
}
do {
/* reading the tag... */
if (ber_int_sb_read( sb, ber->ber_rwptr, 1)<=0)
if (ber_int_sb_read( sb, ber->ber_rwptr, 1)<=0) {
return LBER_DEFAULT;
}
if (! (ber->ber_rwptr[0] & LBER_MORE_TAG_MASK) ) {
ber->ber_tag>>=sizeof(ber->ber_tag) -
((char *) &ber->ber_tag - ber->ber_rwptr);
......@@ -532,6 +534,7 @@ ber_get_next(
goto get_lenbyte;
}
} while( PTR_IN_VAR(ber->ber_rwptr, ber->ber_tag ));
errno = ERANGE; /* this is a serious error. */
return LBER_DEFAULT;
}
......
......@@ -124,7 +124,7 @@ ldap_add_ext(
for ( i = 0; attrs[i] != NULL; i++ ) {
if ( ( attrs[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
rc = ber_printf( ber, "{s[V]}", attrs[i]->mod_type,
attrs[i]->mod_values );
attrs[i]->mod_bvalues );
} else {
rc = ber_printf( ber, "{s[v]}", attrs[i]->mod_type,
attrs[i]->mod_values );
......
......@@ -95,9 +95,9 @@ ldap_pvt_ndelay_off(LDAP *ld, int fd)
}
static ber_socket_t
ldap_pvt_socket(LDAP *ld)
ldap_pvt_socket(LDAP *ld, int family)
{
ber_socket_t s = socket(AF_INET, SOCK_STREAM, 0);
ber_socket_t s = socket(family, SOCK_STREAM, 0);
osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
return ( s );
}
......@@ -183,7 +183,7 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
#undef TRACE
static int
ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_in *sin, int async)
ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr *sin, socklen_t addrlen, int async)
{
struct timeval tv, *opt_tv=NULL;
fd_set wfds, *z=NULL;
......@@ -202,7 +202,7 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_in *sin, int async)
if ( ldap_pvt_ndelay_on(ld, s) == -1 )
return ( -1 );
if ( connect(s, (struct sockaddr *) sin, sizeof(struct sockaddr_in)) == 0 )
if ( connect(s, sin, addrlen) == 0 )
{
if ( ldap_pvt_ndelay_off(ld, s) == -1 )
return ( -1 );
......@@ -289,13 +289,61 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
osip_debug(ld, "ldap_connect_to_host\n",0,0,0);
if (host != NULL) {
#ifdef HAVE_GETADDRINFO
char serv[7];
struct addrinfo hints, *res, *sai;
memset( &hints, '\0', sizeof(hints) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
snprintf(serv, sizeof serv, "%d", ntohs(port));
if ( getaddrinfo(host, serv, &hints, &res) ) {
osip_debug(ld, "ldap_connect_to_host:getaddrinfo failed\n",0,0,0);
return -1;
}
sai = res;
rc = -1;
do {
s = ldap_pvt_socket( ld, sai->ai_family );
if ( s == -1 ) {
continue;
}
switch (sai->ai_family) {
#ifdef LDAP_PF_INET6
case AF_INET6: {
char addr[INET6_ADDRSTRLEN];
inet_ntop( AF_INET6,
&((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr,
addr, sizeof addr);
osip_debug(ld, "ldap_connect_to_host: Trying %s %s\n",
addr, serv, 0);
} break;
#endif
case AF_INET: {
char addr[INET_ADDRSTRLEN];
inet_ntop( AF_INET,
&((struct sockaddr_in *)sai->ai_addr)->sin_addr,
addr, sizeof addr);
osip_debug(ld, "ldap_connect_to_host: Trying %s:%s\n",
addr, serv, 0);
} break;
}
rc = ldap_pvt_connect(ld, s, sai->ai_addr, sai->ai_addrlen, async);
if ( (rc == 0) || (rc == -2) ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
break;
}
ldap_pvt_close_socket(ld, s);
} while ((sai = sai->ai_next) != NULL);
freeaddrinfo(res);
return rc;
#else
if (! inet_aton( host, &in) ) {
rc = ldap_pvt_gethostbyname_a(host, &he_buf, &ha_buf,
&hp, &local_h_errno);
if ( rc < 0 )
; /*XXX NO MEMORY? */
if ( (rc < 0) || (hp == NULL) ) {
#ifdef HAVE_WINSOCK
ldap_pvt_set_errno( WSAGetLastError() );
......@@ -309,14 +357,17 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
use_hp = 1;
}
address = in.s_addr;
#endif
}
rc = s = -1;
for ( i = 0; !use_hp || (hp->h_addr_list[i] != 0); ++i, rc = -1 ) {
if ( (s = ldap_pvt_socket( ld )) == -1 )
s = ldap_pvt_socket( ld, AF_INET );
if ( s == -1 ) {
/* use_hp ? continue : break; */
break;
}
if ( ldap_pvt_prepare_socket(ld, s) == -1 ) {
ldap_pvt_close_socket(ld, s);
......@@ -334,7 +385,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
inet_ntoa(sin.sin_addr),ntohs(sin.sin_port),0);
rc = ldap_pvt_connect(ld, s, &sin, async);
rc = ldap_pvt_connect(ld, s, (struct sockaddr *)&sin, sizeof(struct sockaddr_in), async);
if ( (rc == 0) || (rc == -2) ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
......@@ -356,7 +407,8 @@ ldap_host_connected_to( Sockbuf *sb )
{
struct hostent *hp;
socklen_t len;
struct sockaddr_in sin;
struct sockaddr sa;
char *addr;
/* buffers for gethostbyaddr_r */
struct hostent he_buf;
......@@ -365,11 +417,11 @@ ldap_host_connected_to( Sockbuf *sb )
ber_socket_t sd;
#define DO_RETURN(x) if (ha_buf) LDAP_FREE(ha_buf); return (x);
(void)memset( (char *)&sin, '\0', sizeof( struct sockaddr_in ));
len = sizeof( sin );
(void)memset( (char *)&sa, '\0', sizeof( struct sockaddr ));
len = sizeof( sa );
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
if ( getpeername( sd, (struct sockaddr *)&sin, &len ) == -1 ) {
if ( getpeername( sd, (struct sockaddr *)&sa, &len ) == -1 ) {
return( NULL );
}
......@@ -378,9 +430,24 @@ ldap_host_connected_to( Sockbuf *sb )
* this is necessary for kerberos to work right, since the official
* hostname is used as the kerberos instance.
*/
if ((ldap_pvt_gethostbyaddr_a( (char *) &sin.sin_addr,
sizeof( sin.sin_addr ),
AF_INET, &he_buf, &ha_buf,
switch (sa.sa_family) {
#ifdef LDAP_PF_INET6
case AF_INET6:
addr = (char *) &((struct sockaddr_in6 *)&sa)->sin6_addr;
len = sizeof( struct in6_addr );
break;
#endif
case AF_INET:
addr = (char *) &((struct sockaddr_in *)&sa)->sin_addr;
len = sizeof( struct in_addr );
break;
default:
return( NULL );
break;
}
if ((ldap_pvt_gethostbyaddr_a( addr, len,
sa.sa_family, &he_buf, &ha_buf,
&hp,&local_h_errno ) ==0 ) && (hp != NULL) )
{
if ( hp->h_name != NULL ) {
......
......@@ -464,6 +464,15 @@ try_read1msg(
}
}
}
if( lr->lr_res_matched != NULL ) {
LDAP_FREE( lr->lr_res_matched );
lr->lr_res_matched = NULL;
}
if( lr->lr_res_error != NULL ) {
LDAP_FREE( lr->lr_res_error );
lr->lr_res_error = NULL;
}
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment