Commit 4e32148a authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Sync with HEAD for OL 2.4.5

parent 5a9f4f49
......@@ -36,9 +36,11 @@ Public License.
---
Portions Copyright 1999-2005 Howard Y.H. Chu.
Portions Copyright 1999-2005 Symas Corporation.
Portions Copyright 1999-2007 Howard Y.H. Chu.
Portions Copyright 1999-2007 Symas Corporation.
Portions Copyright 1998-2003 Hallvard B. Furuseth.
Portions Copyright 2007 Gavin Henry
Portions Copyright 2007 Suretec Systems
All rights reserved.
Redistribution and use in source and binary forms, with or without
......
......@@ -21,10 +21,6 @@ REQUIRED SOFTWARE
SLAPD:
BDB and HDB backends require Sleepycat Berkeley DB 4.2 or later
SLURPD:
LTHREAD compatible thread package
[POSIX threads, Mach Cthreads, select others]
CLIENTS/CONTRIB ware:
Depends on package. See per package README.
......
......@@ -29,7 +29,7 @@ timestamp='2003-07-02-OpenLDAP'
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP itself.
## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
......
......@@ -34,7 +34,7 @@ timestamp='2003-07-04-OpenLDAP'
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP itself.
## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
......
......@@ -26,9 +26,9 @@
# This file is distributed with OpenLDAP Software, which contains a
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP inself.
# under the same distributions terms as OpenLDAP itself.
## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
......
......@@ -91,6 +91,7 @@ EOF
done
rm -f conftest*
])
test "$ol_cv_mkdep" = no && OL_MKDEP=":"
else
cc_cv_mkdep=yes
OL_MKDEP_FLAGS="${MKDEP_FLAGS}"
......@@ -627,9 +628,9 @@ main()
}
#if (DB_VERSION_MAJOR > 3) || (DB_VERSION_MINOR >= 1)
rc = env->open( env, NULL, flags, 0 );
rc = (env->open)( env, NULL, flags, 0 );
#else
rc = env->open( env, NULL, NULL, flags, 0 );
rc = (env->open)( env, NULL, NULL, flags, 0 );
#endif
if ( rc == 0 ) {
......@@ -736,152 +737,6 @@ fi
])
dnl
dnl ====================================================================
dnl Check if GDBM library exists
dnl Check for gdbm_open in standard libraries or -lgdbm
dnl
dnl defines ol_cv_lib_gdbm to 'yes' or '-lgdbm' or 'no'
dnl 'yes' implies gdbm_open is in $LIBS
dnl
dnl uses:
dnl AC_CHECK_FUNC(gdbm_open)
dnl AC_CHECK_LIB(gdbm,gdbm_open)
dnl
AC_DEFUN([OL_LIB_GDBM],
[AC_CACHE_CHECK(for GDBM library, [ol_cv_lib_gdbm],
[ ol_LIBS="$LIBS"
AC_CHECK_FUNC(gdbm_open,[ol_cv_lib_gdbm=yes], [
AC_CHECK_LIB(gdbm,gdbm_open,[ol_cv_lib_gdbm=-lgdbm],[ol_cv_lib_gdbm=no])
])
LIBS="$ol_LIBS"
])
])dnl
dnl
dnl --------------------------------------------------------------------
dnl Check if GDBM exists
dnl
dnl defines ol_cv_gdbm to 'yes' or 'no'
dnl
dnl uses:
dnl OL_LIB_GDBM
dnl AC_CHECK_HEADERS(gdbm.h)
dnl
AC_DEFUN([OL_GDBM],
[AC_REQUIRE([OL_LIB_GDBM])
AC_CHECK_HEADERS(gdbm.h)
AC_CACHE_CHECK(for db, [ol_cv_gdbm], [
if test $ol_cv_lib_gdbm = no || test $ac_cv_header_gdbm_h = no ; then
ol_cv_gdbm=no
else
ol_cv_gdbm=yes
fi
])
if test $ol_cv_gdbm = yes ; then
AC_DEFINE(HAVE_GDBM,1, [define if GNU DBM is available])
fi
])dnl
dnl
dnl ====================================================================
dnl Check if MDBM library exists
dnl Check for mdbm_open in standard libraries or -lmdbm
dnl
dnl defines ol_cv_lib_mdbm to 'yes' or '-lmdbm' or 'no'
dnl 'yes' implies mdbm_open is in $LIBS
dnl
dnl uses:
dnl AC_CHECK_FUNC(mdbm_set_chain)
dnl AC_CHECK_LIB(mdbm,mdbm_set_chain)
dnl
AC_DEFUN([OL_LIB_MDBM],
[AC_CACHE_CHECK(for MDBM library, [ol_cv_lib_mdbm],
[ ol_LIBS="$LIBS"
AC_CHECK_FUNC(mdbm_set_chain,[ol_cv_lib_mdbm=yes], [
AC_CHECK_LIB(mdbm,mdbm_set_chain,[ol_cv_lib_mdbm=-lmdbm],[ol_cv_lib_mdbm=no])
])
LIBS="$ol_LIBS"
])
])dnl
dnl
dnl --------------------------------------------------------------------
dnl Check if MDBM exists
dnl
dnl defines ol_cv_mdbm to 'yes' or 'no'
dnl
dnl uses:
dnl OL_LIB_MDBM
dnl AC_CHECK_HEADERS(mdbm.h)
dnl
AC_DEFUN([OL_MDBM],
[AC_REQUIRE([OL_LIB_MDBM])
AC_CHECK_HEADERS(mdbm.h)
AC_CACHE_CHECK(for db, [ol_cv_mdbm], [
if test $ol_cv_lib_mdbm = no || test $ac_cv_header_mdbm_h = no ; then
ol_cv_mdbm=no
else
ol_cv_mdbm=yes
fi
])
if test $ol_cv_mdbm = yes ; then
AC_DEFINE(HAVE_MDBM,1, [define if MDBM is available])
fi
])dnl
dnl
dnl ====================================================================
dnl Check if NDBM library exists
dnl Check for dbm_open in standard libraries or -lndbm or -ldbm
dnl
dnl defines ol_cv_lib_ndbm to 'yes' or '-lndbm' or -ldbm or 'no'
dnl 'yes' implies ndbm_open is in $LIBS
dnl
dnl uses:
dnl AC_CHECK_FUNC(dbm_open)
dnl AC_CHECK_LIB(ndbm,dbm_open)
dnl AC_CHECK_LIB(dbm,dbm_open)
dnl
dnl restrictions:
dnl should also check SVR4 case: dbm_open() in -lucb but that
dnl would requiring dealing with -L/usr/ucblib
dnl
AC_DEFUN([OL_LIB_NDBM],
[AC_CACHE_CHECK(for NDBM library, [ol_cv_lib_ndbm],
[ ol_LIBS="$LIBS"
AC_CHECK_FUNC(dbm_open,[ol_cv_lib_ndbm=yes], [
AC_CHECK_LIB(ndbm,dbm_open,[ol_cv_lib_ndbm=-lndbm], [
AC_CHECK_LIB(dbm,dbm_open,[ol_cv_lib_ndbm=-ldbm],
[ol_cv_lib_ndbm=no])dnl
])
])
LIBS="$ol_LIBS"
])
])dnl
dnl
dnl --------------------------------------------------------------------
dnl Check if NDBM exists
dnl
dnl defines ol_cv_ndbm to 'yes' or 'no'
dnl
dnl uses:
dnl OL_LIB_NDBM
dnl AC_CHECK_HEADERS(ndbm.h)
dnl
dnl restrictions:
dnl Doesn't handle SVR4 case (see above)
dnl
AC_DEFUN([OL_NDBM],
[AC_REQUIRE([OL_LIB_NDBM])
AC_CHECK_HEADERS(ndbm.h)
AC_CACHE_CHECK(for db, [ol_cv_ndbm], [
if test $ol_cv_lib_ndbm = no || test $ac_cv_header_ndbm_h = no ; then
ol_cv_ndbm=no
else
ol_cv_ndbm=yes
fi
])
if test $ol_cv_ndbm = yes ; then
AC_DEFINE(HAVE_NDBM,1, [define if NDBM is available])
fi
])dnl
dnl
dnl ====================================================================
dnl Check POSIX Thread version
dnl
dnl defines ol_cv_pthread_version to 4, 5, 6, 7, 8, 10, depending on the
......
......@@ -170,10 +170,8 @@ LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a
LDAP_L = $(LDAP_LIBLUTIL_A) \
$(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA)
SLURPD_L = $(LDAP_LIBLUTIL_A) \
$(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \
$(SLURPD_L)
$(LDAP_LIBLUTIL_A) $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
WRAP_LIBS = @WRAP_LIBS@
# AutoConfig generated
......@@ -202,7 +200,6 @@ SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
SLURPD_LIBS = @SLURPD_LIBS@
# Our Defaults
CC = $(AC_CC)
......
......@@ -33,6 +33,7 @@
#include <ac/unistd.h>
#include <ac/errno.h>
#include <ac/time.h>
#include <ac/socket.h>
#ifdef HAVE_CYRUS_SASL
#ifdef HAVE_SASL_SASL_H
......@@ -113,6 +114,13 @@ int chaining = 0;
static int chainingResolve = -1;
static int chainingContinuation = -1;
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
static int sessionTracking = 0;
struct berval stValue;
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
LDAPControl *unknown_ctrls = NULL;
int unknown_ctrls_num = 0;
/* options */
struct timeval nettimeout = { -1 , 0 };
......@@ -144,6 +152,53 @@ static struct tool_ctrls_t {
static int gotintr;
static int abcan;
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
static int
st_value( LDAP *ld, struct berval *value )
{
char *ip = NULL, *name = NULL;
struct berval id = { 0 };
char namebuf[ MAXHOSTNAMELEN ];
if ( gethostname( namebuf, sizeof( namebuf ) ) == 0 ) {
struct hostent *h;
struct in_addr addr;
name = namebuf;
h = gethostbyname( name );
if ( h != NULL ) {
AC_MEMCPY( &addr, h->h_addr, sizeof( addr ) );
ip = inet_ntoa( addr );
}
}
#ifdef HAVE_CYRUS_SASL
if ( sasl_authz_id != NULL ) {
ber_str2bv( sasl_authz_id, 0, 0, &id );
} else if ( sasl_authc_id != NULL ) {
ber_str2bv( sasl_authc_id, 0, 0, &id );
} else
#endif /* HAVE_CYRUS_SASL */
if ( binddn != NULL ) {
ber_str2bv( binddn, 0, 0, &id );
}
if ( ldap_create_session_tracking_value( ld,
ip, name, LDAP_CONTROL_X_SESSION_TRACKING_USERNAME,
&id, &stValue ) )
{
fprintf( stderr, _("Session tracking control encoding error!\n") );
return -1;
}
return 0;
}
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
RETSIGTYPE
do_sig( int sig )
{
......@@ -175,7 +230,6 @@ tool_common_usage( void )
{
static const char *const descriptions[] = {
N_(" -c continuous operation mode (do not stop on errors)\n"),
N_(" -C chase referrals (anonymously)\n"),
N_(" -d level set LDAP debugging level to `level'\n"),
N_(" -D binddn bind DN\n"),
N_(" -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
......@@ -199,15 +253,16 @@ N_(" ppolicy\n")
#endif
N_(" [!]postread[=<attrs>] (a comma-separated attribute list)\n")
N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n")
#ifdef LDAP_DEVEL
N_(" [!]relax\n")
#endif
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
N_(" [!]sessiontracking\n")
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
" or ignores response; if critical, doesn't wait for SIGINT.\n"
" not really controls)\n")
N_(" -f file read operations from `file'\n"),
N_(" -h host LDAP server\n"),
N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
N_(" -H URI LDAP Uniform Resource Identifier(s)\n"),
N_(" -I use SASL Interactive mode\n"),
N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
N_(" -n show what would be done but don't actually do it\n"),
......@@ -215,7 +270,7 @@ N_(" -O props SASL security properties\n"),
N_(" -o <opt>[=<optparam] general options\n"),
N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
N_(" -p port port on LDAP server\n"),
N_(" -P version procotol version (default: 3)\n"),
N_(" -P version protocol version (default: 3)\n"),
N_(" -Q use SASL Quiet mode\n"),
N_(" -R realm SASL realm\n"),
N_(" -U authcid SASL authentication identity\n"),
......@@ -299,7 +354,7 @@ tool_args( int argc, char **argv )
}
binddn = ber_strdup( optarg );
break;
case 'e': /* general extensions (controls and such) */
case 'e': /* general extensions (controls and such) */
/* should be extended to support comma separated list of
* [!]key[=value] parameters, e.g. -e !foo,bar=567
*/
......@@ -520,6 +575,55 @@ tool_args( int argc, char **argv )
gotintr = abcan;
}
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
} else if ( strcasecmp( control, "sessiontracking" ) == 0 ) {
if ( sessionTracking ) {
fprintf( stderr, "%s: session tracking can be only specified once\n", prog );
exit( EXIT_FAILURE );
}
sessionTracking = 1;
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
} else if ( tool_is_oid( control ) ) {
LDAPControl *tmpctrls, ctrl;
tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
if ( tmpctrls == NULL ) {
fprintf( stderr, "%s: no memory?\n", prog );
exit( EXIT_FAILURE );
}
unknown_ctrls = tmpctrls;
ctrl.ldctl_oid = control;
ctrl.ldctl_value.bv_val = NULL;
ctrl.ldctl_value.bv_len = 0;
ctrl.ldctl_iscritical = crit;
if ( cvalue != NULL ) {
struct berval bv;
size_t len = strlen( cvalue );
int retcode;
bv.bv_len = LUTIL_BASE64_DECODE_LEN( len );
bv.bv_val = ber_memalloc( bv.bv_len + 1 );
retcode = lutil_b64_pton( cvalue,
(unsigned char *)bv.bv_val,
bv.bv_len );
if ( retcode == -1 || retcode > bv.bv_len ) {
fprintf( stderr, "Unable to parse value of general control %s\n",
control );
usage();
}
bv.bv_len = retcode;
ctrl.ldctl_value = bv;
}
unknown_ctrls[ unknown_ctrls_num ] = ctrl;
unknown_ctrls_num++;
} else {
fprintf( stderr, "Invalid general control name: %s\n",
control );
......@@ -893,6 +997,9 @@ tool_args( int argc, char **argv )
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
chaining ||
#endif
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
sessionTracking ||
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
noop || ppolicy || preread || postread )
{
fprintf( stderr, "%s: -e/-M incompatible with LDAPv2\n", prog );
......@@ -957,6 +1064,137 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )
url.lud_scope = LDAP_SCOPE_DEFAULT;
ldapuri = ldap_url_desc2str( &url );
} else if ( ldapuri != NULL ) {
LDAPURLDesc *ludlist, **ludp;
char **urls = NULL;
int nurls = 0;
rc = ldap_url_parselist( &ludlist, ldapuri );
if ( rc != LDAP_URL_SUCCESS ) {
fprintf( stderr,
"Could not parse LDAP URI(s)=%s (%d)\n",
ldapuri, rc );
exit( EXIT_FAILURE );
}
for ( ludp = &ludlist; *ludp != NULL; ) {
LDAPURLDesc *lud = *ludp;
char **tmp;
if ( lud->lud_dn != NULL && lud->lud_dn[ 0 ] != '\0' &&
( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) )
{
/* if no host but a DN is provided,
* use DNS SRV to gather the host list
* and turn it into a list of URIs
* using the scheme provided */
char *domain = NULL,
*hostlist = NULL,
**hosts = NULL;
int i,
len_proto = strlen( lud->lud_scheme );
if ( ldap_dn2domain( lud->lud_dn, &domain )
|| domain == NULL )
{
fprintf( stderr,
"DNS SRV: Could not turn "
"DN=\"%s\" into a domain\n",
lud->lud_dn );
goto dnssrv_free;
}
rc = ldap_domain2hostlist( domain, &hostlist );
if ( rc ) {
fprintf( stderr,
"DNS SRV: Could not turn "
"domain=%s into a hostlist\n",
domain );
goto dnssrv_free;
}
hosts = ldap_str2charray( hostlist, " " );
if ( hosts == NULL ) {
fprintf( stderr,
"DNS SRV: Could not parse "
"hostlist=\"%s\"\n",
hostlist );
goto dnssrv_free;
}
for ( i = 0; hosts[ i ] != NULL; i++ )
/* count'em */ ;
tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
goto dnssrv_free;
}
urls = tmp;
urls[ nurls ] = NULL;
for ( i = 0; hosts[ i ] != NULL; i++ ) {
size_t len = len_proto
+ STRLENOF( "://" )
+ strlen( hosts[ i ] )
+ 1;
urls[ nurls + i + 1 ] = NULL;
urls[ nurls + i ] = (char *)malloc( sizeof( char ) * len );
if ( urls[ nurls + i ] == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
goto dnssrv_free;
}
snprintf( urls[ nurls + i ], len, "%s://%s",
lud->lud_scheme, hosts[ i ] );
}
nurls += i;
dnssrv_free:;
ber_memvfree( (void **)hosts );
ber_memfree( hostlist );
ber_memfree( domain );
} else {
tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + 2 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
break;
}
urls = tmp;
urls[ nurls + 1 ] = NULL;
urls[ nurls ] = ldap_url_desc2str( lud );
if ( urls[ nurls ] == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
break;
}
nurls++;
}
*ludp = lud->lud_next;
lud->lud_next = NULL;
ldap_free_urldesc( lud );
}
if ( ludlist != NULL ) {
ldap_free_urllist( ludlist );
exit( EXIT_FAILURE );
} else if ( urls == NULL ) {
exit( EXIT_FAILURE );
}
ldap_memfree( ldapuri );
ldapuri = ldap_charray2str( urls, " " );
ber_memvfree( (void **)urls );
}
if ( verbose ) {
......@@ -1019,21 +1257,41 @@ void
tool_bind( LDAP *ld )
{
LDAPControl **sctrlsp = NULL;
LDAPControl *sctrls[2];
LDAPControl *sctrls[3];
LDAPControl sctrl[3];
int nsctrls = 0;
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
LDAPControl c;
if ( ppolicy ) {
LDAPControl c;
c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
c.ldctl_value.bv_val = NULL;
c.ldctl_value.bv_len = 0;
c.ldctl_iscritical = 0;
sctrls[nsctrls] = &c;
sctrl[nsctrls] = c;
sctrls[nsctrls] = &sctrl[nsctrls];
sctrls[++nsctrls] = NULL;
}
#endif
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
if ( sessionTracking ) {
LDAPControl c;
if (stValue.bv_val == NULL && st_value( ld, &stValue ) ) {
exit( EXIT_FAILURE );
}
c.ldctl_oid = LDAP_CONTROL_X_SESSION_TRACKING;
c.ldctl_iscritical = 0;
ber_dupbv( &c.ldctl_value, &stValue );
sctrl[nsctrls] = c;
sctrls[nsctrls] = &sctrl[nsctrls];
sctrls[++nsctrls] = NULL;
}
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
if ( nsctrls ) {
sctrlsp = sctrls;
}
......@@ -1108,7 +1366,7 @@ tool_bind( LDAP *ld )
rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
&ctrls, 1 );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_bind parse result", rc, NULL, NULL, NULL, NULL );
tool_perror( "ldap_bind parse result", rc, NULL, matched, info, refs );
exit( LDAP_LOCAL_ERROR );
}
......@@ -1118,8 +1376,8 @@ tool_bind( LDAP *ld )
int expire, grace, len = 0;
LDAPPasswordPolicyError pErr = -1;
ctrl = ldap_find_control( LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
ctrls );
ctrl = ldap_control_find( LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
ctrls,