Commit 96e453e9 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Changes

    Updated libldap TLS certificate checking
    Updated client tool argument handling
    Updated test suite
    Updated liblutil detach handling
    Added libldap ldap_whoami routines
    Added liblber ber_flatten2 routine
    Added liblutil passwd sanity checks
    Fixed liblber PROTOS bugs
    Fixed ber_flush debug level
    Fixed libldap NULL cred bug
    Build Environment
        Check back-bdb requirement for BDB 4.1
parent 626e7bb9
OpenLDAP 2.1 Change Log
OpenLDAP 2.1.13 Engineering
Updated libldap TLS certificate checking
Updated client tool argument handling
Updated test suite
Updated liblutil detach handling
Added libldap ldap_whoami routines
Added liblber ber_flatten2 routine
Added liblutil passwd sanity checks
Fixed liblber PROTOS bugs
Fixed ber_flush debug level
Fixed libldap NULL cred bug
Build Environment
Check back-bdb requirement for BDB 4.1
OpenLDAP 2.1.12 Release
Build Environment
Update version number
......
......@@ -88,12 +88,17 @@
# include <stddef.h>
#endif
#ifndef LDAP_REL_ENG
#if (LDAP_VENDOR_VERSION == 000000) && !defined(LDAP_DEVEL)
#define LDAP_DEVEL
#endif
#if defined(LDAP_DEVEL) && !defined(LDAP_TEST)
#define LDAP_TEST
#endif
#if defined(LDAP_TEST) && !defined(LDAP_DEBUG)
#define LDAP_DEBUG
#endif
#endif
#ifdef HAVE_EBCDIC
/* ASCII/EBCDIC converting replacements for stdio funcs
......
......@@ -312,6 +312,8 @@ dnl Try to locate appropriate library
AC_DEFUN([OL_BERKELEY_DB_LINK],
[ol_cv_lib_db=no
OL_BERKELEY_DB_TRY(ol_cv_db_none)
OL_BERKELEY_DB_TRY(ol_cv_db_db41,[-ldb41])
OL_BERKELEY_DB_TRY(ol_cv_db_db_41,[-ldb-41])
OL_BERKELEY_DB_TRY(ol_cv_db_db4,[-ldb4])
OL_BERKELEY_DB_TRY(ol_cv_db_db_4,[-ldb-4])
OL_BERKELEY_DB_TRY(ol_cv_db_db,[-ldb])
......@@ -433,9 +435,12 @@ AC_DEFUN([OL_BDB_COMPAT],
#ifndef DB_VERSION_MAJOR
# define DB_VERSION_MAJOR 1
#endif
#ifndef DB_VERSION_MINOR
# define DB_VERSION_MINOR 0
#endif
/* require 4.0 or later */
#if DB_VERSION_MAJOR >= 4
#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
__db_version_compat
#endif
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
......
......@@ -3,13 +3,15 @@
## Makefile for LDAP tools
##
SRCS = ldapsearch.c ldapmodify.c ldapdelete.c ldapmodrdn.c \
ldappasswd.c ldapwhoami.c ldapcompare.c
ldappasswd.c ldapwhoami.c ldapcompare.c common.c
OBJS = ldapsearch.o ldapmodify.o ldapdelete.o ldapmodrdn.o \
ldappasswd.o ldapwhoami.o ldapcompare.o
ldappasswd.o ldapwhoami.o ldapcompare.o common.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
MKVOPTS = -s
XLIBS = $(LDAP_LIBLDIF_A) $(LDAP_L)
XXLIBS = $(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)
......@@ -21,58 +23,58 @@ PROGRAMS = ldapsearch ldapmodify ldapdelete ldapmodrdn ldapadd \
ldapsearch: ldsversion.o
$(LTLINK) -o $@ ldapsearch.o ldsversion.o $(LIBS)
$(LTLINK) -o $@ ldapsearch.o common.o ldsversion.o $(LIBS)
ldapmodify: ldmversion.o
$(LTLINK) -o $@ ldapmodify.o ldmversion.o $(LIBS)
$(LTLINK) -o $@ ldapmodify.o common.o ldmversion.o $(LIBS)
ldapdelete: lddversion.o
$(LTLINK) -o $@ ldapdelete.o lddversion.o $(LIBS)
$(LTLINK) -o $@ ldapdelete.o common.o lddversion.o $(LIBS)
ldapmodrdn: ldrversion.o
$(LTLINK) -o $@ ldapmodrdn.o ldrversion.o $(LIBS)
$(LTLINK) -o $@ ldapmodrdn.o common.o ldrversion.o $(LIBS)
ldappasswd: ldpversion.o
$(LTLINK) -o $@ ldappasswd.o ldpversion.o $(LIBS)
$(LTLINK) -o $@ ldappasswd.o common.o ldpversion.o $(LIBS)
ldapwhoami: ldwversion.o
$(LTLINK) -o $@ ldapwhoami.o ldwversion.o $(LIBS)
$(LTLINK) -o $@ ldapwhoami.o common.o ldwversion.o $(LIBS)
ldapcompare: ldcversion.o
$(LTLINK) -o $@ ldapcompare.o ldcversion.o $(LIBS)
$(LTLINK) -o $@ ldapcompare.o common.o ldcversion.o $(LIBS)
ldapadd: ldapmodify
@-$(RM) $@$(EXEEXT)
$(LN_H) ldapmodify$(EXEEXT) ldapadd$(EXEEXT)
ldsversion.c: ldapsearch.o $(XLIBS)
ldsversion.c: ldapsearch.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapsearch > $@
$(MKVERSION) $(MKVOPTS) ldapsearch > $@
ldmversion.c: ldapmodify.o $(XLIBS)
ldmversion.c: ldapmodify.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapmodify > $@
$(MKVERSION) $(MKVOPTS) ldapmodify > $@
lddversion.c: ldapdelete.o $(XLIBS)
lddversion.c: ldapdelete.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapdelete > $@
$(MKVERSION) $(MKVOPTS) ldapdelete > $@
ldpversion.c: ldappasswd.o $(XLIBS)
ldpversion.c: ldappasswd.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldappasswd > $@
$(MKVERSION) $(MKVOPTS) ldappasswd > $@
ldrversion.c: ldapmodrdn.o $(XLIBS)
ldrversion.c: ldapmodrdn.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapmodrdn > $@
$(MKVERSION) $(MKVOPTS) ldapmodrdn > $@
ldwversion.c: ldapwhoami.o $(XLIBS)
ldwversion.c: ldapwhoami.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapwhoami > $@
$(MKVERSION) $(MKVOPTS) ldapwhoami > $@
ldcversion.c: ldapcompare.o $(XLIBS)
ldcversion.c: ldapcompare.o common.o $(XLIBS)
@-$(RM) $@
$(MKVERSION) ldapcompare > $@
$(MKVERSION) $(MKVOPTS) ldapcompare > $@
install-local: FORCE
......
/* $OpenLDAP$ */
/*
* Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* common.c - common routines for the ldap client tools */
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/signal.h>
#include <ac/string.h>
#include <ac/unistd.h>
#include <ac/errno.h>
#include <ldap.h>
#include "lutil_ldap.h"
#include "common.h"
int authmethod = -1;
char *binddn = NULL;
int contoper = 0;
int debug = 0;
char *infile = NULL;
char *ldapuri = NULL;
char *ldaphost = NULL;
int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
char *sasl_mech = NULL;
char *sasl_secprops = NULL;
#endif
int use_tls = 0;
char *authzid = NULL;
int manageDSAit = 0;
int noop = 0;
int not = 0;
int want_bindpw = 0;
struct berval passwd = { 0, NULL };
char *pw_file = NULL;
int referrals = 0;
int protocol = -1;
int verbose = 0;
int version = 0;
/* Set in main() */
char *prog = NULL;
void
tool_common_usage( void )
{
static const char *const descriptions[] = {
" -c continuous operation mode (do not stop on errors)\n",
" -C chase referrals\n",
" -d level set LDAP debugging level to `level'\n",
" -D binddn bind DN\n",
" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
" [!]manageDSAit (alternate form, see -M)\n"
" [!]noop\n",
" -f file read operations from `file'\n",
" -h host LDAP server\n",
" -H URI LDAP Uniform Resource Indentifier(s)\n",
" -I use SASL Interactive mode\n",
" -k use Kerberos authentication\n",
" -K like -k, but do only step 1 of the Kerberos bind\n",
" -M enable Manage DSA IT control (-MM to make critical)\n",
" -n show what would be done but don't actually do it\n",
" -O props SASL security properties\n",
" -p port port on LDAP server\n",
" -P version procotol version (default: 3)\n",
" -Q use SASL Quiet mode\n",
" -R realm SASL realm\n",
" -U authcid SASL authentication identity\n",
" -v run in verbose mode (diagnostics to standard output)\n",
" -V print version info (-VV only)\n",
" -w passwd bind passwd (for simple authentication)\n",
" -W prompt for bind passwd\n",
" -x Simple authentication\n",
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n",
" -y file Read passwd from file\n",
" -Y mech SASL mechanism\n",
" -Z Start TLS request (-ZZ to require successful response)\n",
NULL
};
const char *const *cpp;
fputs( "Common options:\n", stderr );
for( cpp = descriptions; *cpp != NULL; cpp++ ) {
if( strchr( options, (*cpp)[3] ) ) {
fputs( *cpp, stderr );
}
}
}
void
tool_args( int argc, char **argv )
{
int i;
while (( i = getopt( argc, argv, options )) != EOF )
{
int crit;
char *control, *cvalue;
switch( i ) {
case 'c': /* continuous operation mode */
contoper = 1;
break;
case 'C':
referrals = 1;
break;
case 'd':
debug |= atoi( optarg );
break;
case 'D': /* bind DN */
if( binddn != NULL ) {
fprintf( stderr, "%s: -D previously specified\n", prog );
exit( EXIT_FAILURE );
}
binddn = ber_strdup( optarg );
break;
case 'e': /* general controls */
/* should be extended to support comma separated list of
* [!]key[=value] parameters, e.g. -e !foo,bar=567
*/
crit = 0;
cvalue = NULL;
if( optarg[0] == '!' ) {
crit = 1;
optarg++;
}
control = ber_strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
if ( strcasecmp( control, "authzid" ) == 0 ) {
if( authzid != NULL ) {
fprintf( stderr, "authzid control previously specified\n");
exit( EXIT_FAILURE );
}
if( cvalue == NULL ) {
fprintf( stderr, "authzid: control value expected\n" );
usage();
}
if( !crit ) {
fprintf( stderr, "authzid: must be marked critical\n" );
usage();
}
assert( authzid == NULL );
authzid = cvalue;
} else if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
if( manageDSAit ) {
fprintf( stderr,
"manageDSAit control previously specified\n");
exit( EXIT_FAILURE );
}
if( cvalue != NULL ) {
fprintf( stderr,
"manageDSAit: no control value expected\n" );
usage();
}
manageDSAit = 1 + crit;
} else if ( strcasecmp( control, "noop" ) == 0 ) {
if( noop ) {
fprintf( stderr, "noop control previously specified\n");
exit( EXIT_FAILURE );
}
if( cvalue != NULL ) {
fprintf( stderr, "noop: no control value expected\n" );
usage();
}
noop = 1 + crit;
} else {
fprintf( stderr, "Invalid general control name: %s\n",
control );
usage();
}
break;
case 'f': /* read from file */
if( infile != NULL ) {
fprintf( stderr, "%s: -f previously specified\n", prog );
exit( EXIT_FAILURE );
}
infile = ber_strdup( optarg );
break;
case 'h': /* ldap host */
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n", prog );
exit( EXIT_FAILURE );
}
ldaphost = ber_strdup( optarg );
break;
case 'H': /* ldap URI */
if( ldapuri != NULL ) {
fprintf( stderr, "%s: -H previously specified\n", prog );
exit( EXIT_FAILURE );
}
ldapuri = ber_strdup( optarg );
break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_flags = LDAP_SASL_INTERACTIVE;
break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( authmethod != -1 ) {
fprintf( stderr, "%s: -k incompatible with previous "
"authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
exit( EXIT_FAILURE );
#endif
break;
case 'K': /* kerberos bind, part one only */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( authmethod != -1 ) {
fprintf( stderr, "%s: incompatible with previous "
"authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
exit( EXIT_FAILURE );
#endif
break;
case 'M':
/* enable Manage DSA IT */
manageDSAit = 1;
break;
case 'n': /* print operations, don't actually do them */
not = 1;
break;
case 'O':
#ifdef HAVE_CYRUS_SASL
if( sasl_secprops != NULL ) {
fprintf( stderr, "%s: -O previously specified\n", prog );
exit( EXIT_FAILURE );
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_secprops = ber_strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
break;
case 'p':
if( ldapport ) {
fprintf( stderr, "%s: -p previously specified\n", prog );
exit( EXIT_FAILURE );
}
ldapport = atoi( optarg );
break;
case 'P':
switch( atoi(optarg) ) {
case 2:
if( protocol == LDAP_VERSION3 ) {
fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
prog, protocol );
exit( EXIT_FAILURE );
}
protocol = LDAP_VERSION2;
break;
case 3:
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
prog, protocol );
exit( EXIT_FAILURE );
}
protocol = LDAP_VERSION3;
break;
default:
fprintf( stderr, "%s: protocol version should be 2 or 3\n",
prog );
usage();
}
break;
case 'Q':
#ifdef HAVE_CYRUS_SASL
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_flags = LDAP_SASL_QUIET;
break;
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
case 'R':
#ifdef HAVE_CYRUS_SASL
if( sasl_realm != NULL ) {
fprintf( stderr, "%s: -R previously specified\n", prog );
exit( EXIT_FAILURE );
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_realm = ber_strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
break;
case 'U':
#ifdef HAVE_CYRUS_SASL
if( sasl_authc_id != NULL ) {
fprintf( stderr, "%s: -U previously specified\n", prog );
exit( EXIT_FAILURE );
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible previous "
"authentication choice\n",
prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_authc_id = ber_strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
break;
case 'v': /* verbose mode */
verbose = 1;
break;
case 'V': /* version */
version++;
break;
case 'w': /* password */
passwd.bv_val = ber_strdup( optarg );
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'W':
want_bindpw = 1;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
fprintf( stderr, "%s: -Y previously specified\n", prog );
exit( EXIT_FAILURE );
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: incompatible with authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_mech = ber_strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n",
prog );
exit( EXIT_FAILURE );
#endif
break;
case 'x':
if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
fprintf( stderr, "%s: incompatible with previous "
"authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SIMPLE;
break;
case 'X':
#ifdef HAVE_CYRUS_SASL
if( sasl_authz_id != NULL ) {
fprintf( stderr, "%s: -X previously specified\n", prog );
exit( EXIT_FAILURE );
}
if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: -X incompatible with "
"authentication choice\n", prog );
exit( EXIT_FAILURE );
}
authmethod = LDAP_AUTH_SASL;
sasl_authz_id = ber_strdup( optarg );
#else
fprintf( stderr, "%s: not compiled with SASL support\n", prog );
exit( EXIT_FAILURE );
#endif
break;
case 'Z':
#ifdef HAVE_TLS
use_tls = 1;
#else
fprintf( stderr, "%s: not compiled with TLS support\n", prog );
exit( EXIT_FAILURE );
#endif
break;
default:
if( handle_private_option( i ) )
break;
fprintf( stderr, "%s: unrecognized option -%c\n",
prog, optopt );
usage();
}
}
if (version) {
fprintf( stderr, "%s: %s", prog, __Version );
if (version > 1) exit( EXIT_SUCCESS );
}
if (protocol == -1)