upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-19 02:28:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Import from devel

Browse source
This commit is contained in:
Kurt Zeilenga 2000-07-04 19:58:12 +00:00
parent 0f6d8abff6
commit 0dbee3f688
222 changed files with 9011 additions and 8862 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
INSTALL
View file

@ -151,12 +151,12 @@ information about how to use "configure", please read:
USING ENVIRONMENT VARIABLES
The configure script will also use your environmental
variables for determining compiler/linker options. This can
be used to manual specify features and compilation options.
The configure script will also use environmental variables for
determining compiler/linker options. This can be used to manually
specify features and compilation options.
WARNING: Executable built in your environment may not run
in your user's environments. The portability of
WARNING: Executables built in your environment may not run
in your users' environments. The portability of
executables between environments is your responsibility.
Supported Environmental Variables

9
acconfig.h
View file

@ -13,11 +13,6 @@
/* end of preamble */
#if !defined(SLAPD_SCHEMA_COMPAT) && !defined(SLAPD_SCHEMA_NOT_COMPAT)
/* define SLAPD_SCHEMA_COMPAT if you want old schema codes */
#define SLAPD_SCHEMA_NOT_COMPAT 1
#endif
@TOP@
/* define this if needed to get reentrant functions */
@ -83,9 +78,9 @@
# define WIN32_LEAN_AND_MEAN 1
#endif
#ifndef __NEED_PROTOTYPES
#ifndef LDAP_NEEDS_PROTOTYPES
/* force LDAP_P to always include prototypes */
#define __NEED_PROTOTYPES 1
#define LDAP_NEEDS_PROTOTYPES 1
#endif
#ifdef HAVE_STDDEF_H

24
build/main.dsw
View file

@ -273,30 +273,6 @@ Package=<4>
###############################################################################
Project: "ldif"=..\servers\slapd\tools\ldif.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
Begin Project Dependency
Project_Dep_Name liblber
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldif
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldap
End Project Dependency
Begin Project Dependency
Project_Dep_Name liblutil
End Project Dependency
}}}
###############################################################################
Project: "libavl"=..\libraries\libavl\libavl.dsp - Package Owner=<4>
Package=<5>

1
build/top.mk
View file

@ -135,7 +135,6 @@ MODULES_LIBS = @MODULES_LIBS@
TERMCAP_LIBS = @TERMCAP_LIBS@
LINK_BINS_DYNAMIC = @LINK_BINS_DYNAMIC@
QUIPU_LIBS = @QUIPU_LIBS@
SLAPD_LIBS = @SLAPD_LIBS@
SLURPD_LIBS = @SLURPD_LIBS@

1
clients/fax500/rp500.c
View file

@ -30,7 +30,6 @@
#include <sys/resource.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "fax500.h"

2
clients/tools/Makefile.in
View file

@ -8,7 +8,7 @@ OBJS = ldapsearch.o ldapmodify.o ldapdelete.o ldapmodrdn.o ldappasswd.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
NT_DYN_DEFS = -DLIBLBER_DECL=dllimport -DLIBLDAP_DECL=dllimport
NT_DYN_DEFS = -DLBER_DECL=dllimport -DLDAP_DECL=dllimport
CPPFLAGS = $(@PLAT@_@LIB_LINKAGE@_DEFS)
XLIBS = -llutil -lldif -lldap -llber

250
clients/tools/ldapdelete.c
View file

@ -16,7 +16,6 @@
#include <ac/string.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldap.h>
static char *binddn = NULL;
@ -36,11 +35,12 @@ static int not, verbose, contoper;
static LDAP *ld;
static int dodelete LDAP_P((
LDAP *ld,
char *dn));
LDAP *ld,
const char *dn));
static int deletechildren LDAP_P(( LDAP *ld,
char *dn ));
static int deletechildren LDAP_P((
LDAP *ld,
const char *dn ));
static void
usage( const char *s )
@ -52,6 +52,7 @@ usage( const char *s )
" or from the file specified with \"-f file\".\n"
"options:\n"
" -c\t\tcontinuous operation mode (do not stop on errors)\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
@ -64,7 +65,7 @@ usage( const char *s )
" -M\t\tenable Manage DSA IT control (-MM to make it critical)\n"
" -n\t\tshow what would be done but don't actually delete\n"
" -p port\t\tport on LDAP server\n"
" -P version\tprocotol version (2 or 3)\n"
" -P version\tprocotol version (default: 3)\n"
" -r\t\tdelete recursively\n"
" -U user\t\tSASL authentication identity (username)\n"
" -v\t\trun in verbose mode (diagnostics to standard output)\n"
@ -72,7 +73,7 @@ usage( const char *s )
" -W\t\tprompt for bind passwd\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
@ -84,14 +85,14 @@ main( int argc, char **argv )
{
char buf[ 4096 ];
FILE *fp;
int i, rc, authmethod, want_bindpw, version, debug, manageDSAit;
int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit;
not = verbose = contoper = want_bindpw = debug = manageDSAit = 0;
not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
fp = NULL;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
while (( i = getopt( argc, argv, "cD:d:Ef:h:IKkMnP:p:rU:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "cCD:d:Ef:h:IKMnP:p:rU:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
@ -112,6 +113,9 @@ main( int argc, char **argv )
case 'c': /* continuous operation mode */
++contoper;
break;
case 'C':
referrals++;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
@ -291,35 +295,48 @@ main( int argc, char **argv )
#endif
if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
perror( "ldap_init" );
return( EXIT_FAILURE );
perror( "ldap_init" );
return( EXIT_FAILURE );
}
{
/* this seems prudent */
/* this seems prudent for searches below */
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
if (version != -1 &&
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
/* chase referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version == -1 ) {
version = 3;
}
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
!= LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
if ( use_tls > 1 ) {
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( authmethod == LDAP_AUTH_SASL ) {
@ -386,7 +403,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
@ -415,83 +433,141 @@ main( int argc, char **argv )
static int dodelete(
LDAP *ld,
char *dn)
const char *dn)
{
int rc;
int id;
int rc, code;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
LDAPMessage *res;
if ( verbose ) {
printf( "%sdeleting entry \"%s\"\n",
(not ? "!" : ""), dn );
}
if ( not ) {
rc = LDAP_SUCCESS;
} else {
/* If prune is on, remove a whole subtree. Delete the children of the
* DN recursively, then the DN requested.
*/
if ( prune ) deletechildren( ld, dn );
if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete" );
} else if ( verbose ) {
printf( "\tremoved\n" );
if ( verbose ) {
printf( "%sdeleting entry \"%s\"\n",
(not ? "!" : ""), dn );
}
}
return( rc );
if ( not ) {
return LDAP_SUCCESS;
}
/* If prune is on, remove a whole subtree. Delete the children of the
* DN recursively, then the DN requested.
*/
if ( prune ) deletechildren( ld, dn );
rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete_ext" );
return rc;
}
rc = ldap_result( ld, LDAP_RES_ANY, 0, NULL, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( refs );
return code;
}
/*
* Delete all the children of an entry recursively until leaf nodes are reached.
*
*/
static int deletechildren( LDAP *ld,
char *dn )
static int deletechildren(
LDAP *ld,
const char *dn )
{
LDAPMessage *res, *e;
int entries;
int rc;
int timeout = 30 * 10000;
LDAPMessage *res, *e;
int entries;
int rc;
static char *attrs[] = { "1.1", NULL };
ldap_set_option( ld, LDAP_OPT_TIMEOUT, &timeout );
if ( verbose ) printf ( "deleting children of: %s\n", dn );
/*
* Do a one level search at dn for children. For each, delete its children.
*/
if ( ldap_search_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, NULL, 0, &res ) == -1 )
{
ldap_perror( ld, "ldap_search" );
ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
return( rc );
}
if ( verbose ) printf ( "deleting children of: %s\n", dn );
/*
* Do a one level search at dn for children. For each, delete its children.
*/
entries = ldap_count_entries( ld, res );
if ( entries > 0 )
{
int i;
rc = ldap_search_ext_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
NULL, NULL, NULL, -1, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search" );
return( rc );
}
for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
e = ldap_next_entry( ld, e ), i++ )
{
if ( (rc = deletechildren( ld, ldap_get_dn( ld, e) )) == -1 )
{
ldap_perror( ld, "ldap_prune" );
return rc;
}
if ( verbose )
{
printf( "\tremoving %s\n", ldap_get_dn( ld, e ) );
}
if ( ( rc = ldap_delete_s( ld, ldap_get_dn( ld, e ) ) ) == -1 )
{
ldap_perror( ld, "ldap_delete" );
return rc;
}
else if ( verbose )
{
printf( "\t%s removed\n", ldap_get_dn( ld, e ) );
}
}
}
ldap_msgfree( res );
return rc;
entries = ldap_count_entries( ld, res );
if ( entries > 0 ) {
int i;
for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
e = ldap_next_entry( ld, e ), i++ )
{
char *dn = ldap_get_dn( ld, e );
if( dn == NULL ) {
ldap_perror( ld, "ldap_prune" );
ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
ber_memfree( dn );
return rc;
}
rc = deletechildren( ld, dn );
if ( rc == -1 ) {
ldap_perror( ld, "ldap_prune" );
ber_memfree( dn );
return rc;
}
if ( verbose ) {
printf( "\tremoving %s\n", dn );
}
rc = ldap_delete_s( ld, dn );
if ( rc == -1 ) {
ldap_perror( ld, "ldap_delete" );
ber_memfree( dn );
return rc;
}
if ( verbose ) {
printf( "\t%s removed\n", dn );
}
ber_memfree( dn );
}
}
ldap_msgfree( res );
return rc;
}

474
clients/tools/ldapmodify.c
View file

@ -27,7 +27,6 @@
#include <fcntl.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "ldif.h"
@ -46,7 +45,7 @@ static int sasl_integrity = 0;
static int sasl_privacy = 0;
#endif
static int use_tls = 0;
static int new, replace, not, verbose, contoper, force, valsfromfiles;
static int ldapadd, replace, not, verbose, contoper, force;
static LDAP *ld;
#define LDAPMOD_MAXLINE 4096
@ -72,14 +71,22 @@ static LDAP *ld;
static void usage LDAP_P(( const char *prog )) LDAP_GCCATTR((noreturn));
static int process_ldapmod_rec LDAP_P(( char *rbuf ));
static int process_ldif_rec LDAP_P(( char *rbuf, int count ));
static void addmodifyop LDAP_P(( LDAPMod ***pmodsp, int modop, char *attr,
char *value, int vlen ));
static int domodify LDAP_P(( char *dn, LDAPMod **pmods, int newentry ));
static int dodelete LDAP_P(( char *dn ));
static int domodrdn LDAP_P(( char *dn, char *newrdn, int deleteoldrdn ));
static int fromfile LDAP_P(( char *path, struct berval *bv ));
static void addmodifyop LDAP_P((
LDAPMod ***pmodsp, int modop,
const char *attr,
struct berval *value ));
static int domodify LDAP_P((
const char *dn,
LDAPMod **pmods,
int newentry ));
static int dodelete LDAP_P((
const char *dn ));
static int dorename LDAP_P((
const char *dn,
const char *newrdn,
const char *newsup,
int deleteoldrdn ));
static char *read_one_record LDAP_P(( FILE *fp ));
static void
@ -94,6 +101,7 @@ usage( const char *prog )
" -a\t\tadd values (default%s)\n"
" -b\t\tread values from files (for binary attributes)\n"
" -c\t\tcontinuous operation\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D dn\t\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
@ -105,7 +113,7 @@ usage( const char *prog )
" -k\t\tuse Kerberos authentication\n"
" -K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
" -M\t\tenable Manage DSA IT control (-MM to make it critical)\n"
" -n\t\tprint adds, don't actually do them\n"
" -n\t\tprint changes, don't actually do them\n"
" -p port\t\tport on LDAP server\n"
" -r\t\treplace values\n"
" -U user\t\tSASL authentication identity (username)\n"
@ -113,7 +121,7 @@ usage( const char *prog )
" -w passwd\tbind password (for Simple authentication)\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") );
exit( EXIT_FAILURE );
}
@ -122,9 +130,9 @@ usage( const char *prog )
int
main( int argc, char **argv )
{
char *infile, *rbuf, *start, *p, *q;
char *infile, *rbuf, *start;
FILE *fp;
int rc, i, use_ldif, authmethod, version, want_bindpw, debug, manageDSAit;
int rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals;
int count;
if (( prog = strrchr( argv[ 0 ], *LDAP_DIRSEP )) == NULL ) {
@ -134,27 +142,26 @@ main( int argc, char **argv )
}
/* Print usage when no parameters */
if( argc < 2 )
usage( prog );
if( argc < 2 ) usage( prog );
new = ( strcmp( prog, "ldapadd" ) == 0 );
ldapadd = ( strcmp( prog, "ldapadd" ) == 0 );
infile = NULL;
not = verbose = valsfromfiles = want_bindpw = debug = manageDSAit = 0;
not = verbose = want_bindpw = debug = manageDSAit = referrals = 0;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
while (( i = getopt( argc, argv, "abcD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "acCD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'a': /* add */
new = 1;
break;
case 'b': /* read values from files (for binary attributes) */
valsfromfiles = 1;
ldapadd = 1;
break;
case 'c': /* continuous operation */
contoper = 1;
break;
case 'C':
referrals++;
break;
case 'r': /* default is to replace rather than add values */
replace = 1;
break;
@ -360,18 +367,26 @@ main( int argc, char **argv )
return( EXIT_FAILURE );
}
/* this seems prudent */
/* referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF, &deref);
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
if (version != -1 &&
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
if (version == -1 ) {
version = 3;
}
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
!= LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION to %d\n", version );
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
@ -379,11 +394,12 @@ main( int argc, char **argv )
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( authmethod == LDAP_AUTH_SASL ) {
@ -454,7 +470,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
@ -465,49 +482,18 @@ main( int argc, char **argv )
while (( rc == 0 || contoper ) &&
( rbuf = read_one_record( fp )) != NULL ) {
count++;
/*
* we assume record is ldif/slapd.replog if the first line
* has a colon that appears to the left of any equal signs, OR
* if the first line consists entirely of digits (an entry id)
*/
#ifdef LDAP_LDIF
use_ldif = 1;
#else
use_ldif = ( *rbuf == '#' ) ||
(( p = strchr( rbuf, ':' )) != NULL &&
( q = strchr( rbuf, '\n' )) != NULL && p < q &&
(( q = strchr( rbuf, '=' )) == NULL || p < q ));
#endif
start = rbuf;
if ( !use_ldif && ( q = strchr( rbuf, '\n' )) != NULL ) {
for ( p = rbuf; p < q; ++p ) {
if ( !isdigit( (unsigned char) *p )) {
break;
}
}
if ( p >= q ) {
use_ldif = 1;
start = q + 1;
}
}
if ( use_ldif ) {
rc = process_ldif_rec( start, count );
} else {
rc = process_ldapmod_rec( start );
}
rc = process_ldif_rec( start, count );
if( rc )
fprintf( stderr, "%s() = %d\n",
use_ldif ? "ldif_rec" : "ldapmod_rec" , rc );
free( rbuf );
fprintf( stderr, "ldif_record() = %d\n", rc );
free( rbuf );
}
if ( !not ) {
ldap_unbind( ld );
ldap_unbind( ld );
}
return( rc );
@ -517,16 +503,16 @@ main( int argc, char **argv )
static int
process_ldif_rec( char *rbuf, int count )
{
char *line, *dn, *type, *value, *newrdn, *newsup, *p;
char *line, *dn, *type, *newrdn, *newsup, *p;
int rc, linenum, modop, replicaport;
ber_len_t vlen;
int expect_modop, expect_sep, expect_ct, expect_newrdn, expect_newsup;
int expect_deleteoldrdn, deleteoldrdn;
int saw_replica, use_record, new_entry, delete_entry, got_all;
LDAPMod **pmods;
int version;
struct berval val;
new_entry = new;
new_entry = ldapadd;
rc = got_all = saw_replica = delete_entry = modop = expect_modop = 0;
expect_deleteoldrdn = expect_newrdn = expect_newsup = 0;
@ -547,7 +533,7 @@ process_ldif_rec( char *rbuf, int count )
continue;
}
if ( ldif_parse_line( line, &type, &value, &vlen ) < 0 ) {
if ( ldif_parse_line( line, &type, &val.bv_val, &val.bv_len ) < 0 ) {
fprintf( stderr, "%s: invalid format (line %d) entry: \"%s\"\n",
prog, linenum, dn == NULL ? "" : dn );
rc = LDAP_PARAM_ERROR;
@ -557,27 +543,27 @@ process_ldif_rec( char *rbuf, int count )
if ( dn == NULL ) {
if ( !use_record && strcasecmp( type, T_REPLICA_STR ) == 0 ) {
++saw_replica;
if (( p = strchr( value, ':' )) == NULL ) {
if (( p = strchr( val.bv_val, ':' )) == NULL ) {
replicaport = 0;
} else {
*p++ = '\0';
replicaport = atoi( p );
}
if ( ldaphost != NULL && strcasecmp( value, ldaphost ) == 0 &&
if ( ldaphost != NULL && strcasecmp( val.bv_val, ldaphost ) == 0 &&
replicaport == ldapport ) {
use_record = 1;
}
} else if ( count == 1 && linenum == 1 &&
strcasecmp( type, T_VERSION_STR ) == 0 )
{
if( vlen == 0 || atoi(value) != 1 ) {
if( val.bv_len == 0 || atoi(val.bv_val) != 1 ) {
fprintf( stderr, "%s: invalid version %s, line %d (ignored)\n",
prog, value == NULL ? "(null)" : value, linenum );
prog, val.bv_val == NULL ? "(null)" : val.bv_val, linenum );
}
version++;
} else if ( strcasecmp( type, T_DN_STR ) == 0 ) {
if (( dn = strdup( value ? value : "" )) == NULL ) {
if (( dn = strdup( val.bv_val ? val.bv_val : "" )) == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
@ -594,31 +580,31 @@ process_ldif_rec( char *rbuf, int count )
prog, dn );
free( dn );
ber_memfree( type );
ber_memfree( value );
ber_memfree( val.bv_val );
return( 0 );
}
if ( strcasecmp( type, T_CHANGETYPESTR ) == 0 ) {
if ( strcasecmp( value, T_MODIFYCTSTR ) == 0 ) {
if ( strcasecmp( val.bv_val, T_MODIFYCTSTR ) == 0 ) {
new_entry = 0;
expect_modop = 1;
} else if ( strcasecmp( value, T_ADDCTSTR ) == 0 ) {
} else if ( strcasecmp( val.bv_val, T_ADDCTSTR ) == 0 ) {
new_entry = 1;
} else if ( strcasecmp( value, T_MODRDNCTSTR ) == 0
|| strcasecmp( value, T_MODDNCTSTR ) == 0
|| strcasecmp( value, T_RENAMECTSTR ) == 0)
} else if ( strcasecmp( val.bv_val, T_MODRDNCTSTR ) == 0
|| strcasecmp( val.bv_val, T_MODDNCTSTR ) == 0
|| strcasecmp( val.bv_val, T_RENAMECTSTR ) == 0)
{
expect_newrdn = 1;
} else if ( strcasecmp( value, T_DELETECTSTR ) == 0 ) {
} else if ( strcasecmp( val.bv_val, T_DELETECTSTR ) == 0 ) {
got_all = delete_entry = 1;
} else {
fprintf( stderr,
"%s: unknown %s \"%s\" (line %d of entry \"%s\")\n",
prog, T_CHANGETYPESTR, value, linenum, dn );
prog, T_CHANGETYPESTR, val.bv_val, linenum, dn );
rc = LDAP_PARAM_ERROR;
}
goto end_line;
} else if ( new ) { /* missing changetype => add */
} else if ( ldapadd ) { /* missing changetype => add */
new_entry = 1;
modop = LDAP_MOD_ADD;
} else {
@ -634,11 +620,11 @@ process_ldif_rec( char *rbuf, int count )
goto end_line;
} else if ( strcasecmp( type, T_MODOPREPLACESTR ) == 0 ) {
modop = LDAP_MOD_REPLACE;
addmodifyop( &pmods, modop, value, NULL, 0 );
addmodifyop( &pmods, modop, val.bv_val, NULL );
goto end_line;
} else if ( strcasecmp( type, T_MODOPDELETESTR ) == 0 ) {
modop = LDAP_MOD_DELETE;
addmodifyop( &pmods, modop, value, NULL, 0 );
addmodifyop( &pmods, modop, val.bv_val, NULL );
goto end_line;
} else { /* no modify op: use default */
modop = replace ? LDAP_MOD_REPLACE : LDAP_MOD_ADD;
@ -647,7 +633,7 @@ process_ldif_rec( char *rbuf, int count )
if ( expect_newrdn ) {
if ( strcasecmp( type, T_NEWRDNSTR ) == 0 ) {
if (( newrdn = strdup( value )) == NULL ) {
if (( newrdn = strdup( val.bv_val ? val.bv_val : "" )) == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
@ -660,7 +646,7 @@ process_ldif_rec( char *rbuf, int count )
}
} else if ( expect_deleteoldrdn ) {
if ( strcasecmp( type, T_DELETEOLDRDNSTR ) == 0 ) {
deleteoldrdn = ( *value == '0' ) ? 0 : 1;
deleteoldrdn = ( *val.bv_val == '0' ) ? 0 : 1;
expect_deleteoldrdn = 0;
expect_newsup = 1;
got_all = 1;
@ -671,7 +657,7 @@ process_ldif_rec( char *rbuf, int count )
}
} else if ( expect_newsup ) {
if ( strcasecmp( type, T_NEWSUPSTR ) == 0 ) {
if (( newsup = strdup( value )) == NULL ) {
if (( newsup = strdup( val.bv_val ? val.bv_val : "" )) == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
@ -687,12 +673,12 @@ process_ldif_rec( char *rbuf, int count )
prog, linenum, dn );
rc = LDAP_PARAM_ERROR;
} else {
addmodifyop( &pmods, modop, type, value, vlen );
addmodifyop( &pmods, modop, type, val.bv_val == NULL ? NULL : &val );
}
end_line:
ber_memfree( type );
ber_memfree( value );
ber_memfree( val.bv_val );
}
if( linenum == 0 ) {
@ -707,7 +693,7 @@ end_line:
if ( delete_entry ) {
rc = dodelete( dn );
} else if ( newrdn != NULL ) {
rc = domodrdn( dn, newrdn, deleteoldrdn );
rc = dorename( dn, newrdn, newsup, deleteoldrdn );
} else {
rc = domodify( dn, pmods, new_entry );
}
@ -731,195 +717,85 @@ end_line:
}
static int
process_ldapmod_rec( char *rbuf )
{
char *line, *dn, *p, *q, *attr, *value;
int rc, linenum, modop;
LDAPMod **pmods;
pmods = NULL;
dn = NULL;
linenum = 0;
line = rbuf;
rc = 0;
while ( rc == 0 && rbuf != NULL && *rbuf != '\0' ) {
++linenum;
if (( p = strchr( rbuf, '\n' )) == NULL ) {
rbuf = NULL;
} else {
if ( *(p-1) == '\\' ) { /* lines ending in '\' are continued */
SAFEMEMCPY( p - 1, p, strlen( p ) + 1 );
rbuf = p;
continue;
}
*p++ = '\0';
rbuf = p;
}
if ( dn == NULL ) { /* first line contains DN */
if (( dn = strdup( line )) == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
} else {
if (( p = strchr( line, '=' )) == NULL ) {
value = NULL;
p = line + strlen( line );
} else {
*p++ = '\0';
value = p;
}
for ( attr = line;
*attr != '\0' && isspace( (unsigned char) *attr ); ++attr ) {
; /* skip attribute leading white space */
}
for ( q = p - 1; q > attr && isspace( (unsigned char) *q ); --q ) {
*q = '\0'; /* remove attribute trailing white space */
}
if ( value != NULL ) {
while ( isspace( (unsigned char) *value )) {
++value; /* skip value leading white space */
}
for ( q = value + strlen( value ) - 1; q > value &&
isspace( (unsigned char) *q ); --q ) {
*q = '\0'; /* remove value trailing white space */
}
if ( *value == '\0' ) {
value = NULL;
}
}
if ( value == NULL && new ) {
fprintf( stderr, "%s: missing value on line %d (attr=\"%s\")\n",
prog, linenum, attr );
rc = LDAP_PARAM_ERROR;
} else {
switch ( *attr ) {
case '-':
modop = LDAP_MOD_DELETE;
++attr;
break;
case '+':
modop = LDAP_MOD_ADD;
++attr;
break;
default:
modop = replace ? LDAP_MOD_REPLACE : LDAP_MOD_ADD;
}
addmodifyop( &pmods, modop, attr, value,
( value == NULL ) ? 0 : strlen( value ));
}
}
line = rbuf;
}
if ( rc == 0 ) {
if ( dn == NULL ) {
rc = LDAP_PARAM_ERROR;
} else if (( rc = domodify( dn, pmods, new )) == LDAP_SUCCESS ) {
rc = 0;
}
}
if ( pmods != NULL ) {
ldap_mods_free( pmods, 1 );
}
if ( dn != NULL ) {
free( dn );
}
return( rc );
}
static void
addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen )
addmodifyop(
LDAPMod ***pmodsp,
int modop,
const char *attr,
struct berval *val )
{
LDAPMod **pmods;
int i, j;
struct berval *bvp;
LDAPMod **pmods;
int i, j;
pmods = *pmodsp;
modop |= LDAP_MOD_BVALUES;
pmods = *pmodsp;
modop |= LDAP_MOD_BVALUES;
i = 0;
if ( pmods != NULL ) {
for ( ; pmods[ i ] != NULL; ++i ) {
if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
pmods[ i ]->mod_op == modop ) {
break;
}
i = 0;
if ( pmods != NULL ) {
for ( ; pmods[ i ] != NULL; ++i ) {
if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
pmods[ i ]->mod_op == modop )
{
break;
}
}
}
}
if ( pmods == NULL || pmods[ i ] == NULL ) {
if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) *
sizeof( LDAPMod * ))) == NULL ) {
perror( "realloc" );
exit( EXIT_FAILURE );
}
*pmodsp = pmods;
pmods[ i + 1 ] = NULL;
if (( pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod )))
== NULL ) {
perror( "calloc" );
exit( EXIT_FAILURE );
}
pmods[ i ]->mod_op = modop;
if (( pmods[ i ]->mod_type = ber_strdup( attr )) == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
}
if ( pmods == NULL || pmods[ i ] == NULL ) {
if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) *
sizeof( LDAPMod * ))) == NULL )
{
perror( "realloc" );
exit( EXIT_FAILURE );
}
if ( value != NULL ) {
j = 0;
if ( pmods[ i ]->mod_bvalues != NULL ) {
for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
;
}
}
if (( pmods[ i ]->mod_bvalues =
(struct berval **)ber_memrealloc( pmods[ i ]->mod_bvalues,
(j + 2) * sizeof( struct berval * ))) == NULL ) {
perror( "ber_realloc" );
exit( EXIT_FAILURE );
}
pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
if (( bvp = (struct berval *)ber_memalloc( sizeof( struct berval )))
== NULL ) {
perror( "ber_memalloc" );
exit( EXIT_FAILURE );
}
pmods[ i ]->mod_bvalues[ j ] = bvp;
*pmodsp = pmods;
pmods[ i + 1 ] = NULL;
if ( valsfromfiles && *value == '/' ) { /* get value from file */
if ( fromfile( value, bvp ) < 0 ) {
exit( EXIT_FAILURE );
}
} else {
bvp->bv_len = vlen;
if (( bvp->bv_val = (char *)ber_memalloc( vlen + 1 )) == NULL ) {
perror( "malloc" );
exit( EXIT_FAILURE );
}
SAFEMEMCPY( bvp->bv_val, value, vlen );
bvp->bv_val[ vlen ] = '\0';
pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod ));
if ( pmods[ i ] == NULL ) {
perror( "calloc" );
exit( EXIT_FAILURE );
}
pmods[ i ]->mod_op = modop;
pmods[ i ]->mod_type = ber_strdup( attr );
if ( pmods[ i ]->mod_type == NULL ) {
perror( "strdup" );
exit( EXIT_FAILURE );
}
}
if ( val != NULL ) {
j = 0;
if ( pmods[ i ]->mod_bvalues != NULL ) {
for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
/* Empty */;
}
}
pmods[ i ]->mod_bvalues = (struct berval **) ber_memrealloc(
pmods[ i ]->mod_bvalues, (j + 2) * sizeof( struct berval * ));
if ( pmods[ i ]->mod_bvalues == NULL ) {
perror( "ber_realloc" );
exit( EXIT_FAILURE );
}
pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
pmods[ i ]->mod_bvalues[ j ] = ber_bvdup( val );
if ( pmods[ i ]->mod_bvalues[ j ] == NULL ) {
perror( "ber_bvdup" );
exit( EXIT_FAILURE );
}
}
}
}
static int
domodify( char *dn, LDAPMod **pmods, int newentry )
domodify(
const char *dn,
LDAPMod **pmods,
int newentry )
{
int i, j, k, notascii, op;
struct berval *bvp;
@ -984,7 +860,8 @@ domodify( char *dn, LDAPMod **pmods, int newentry )
static int
dodelete( char *dn )
dodelete(
const char *dn )
{
int rc;
@ -1006,7 +883,11 @@ dodelete( char *dn )
static int
domodrdn( char *dn, char *newrdn, int deleteoldrdn )
dorename(
const char *dn,
const char *newrdn,
const char* newsup,
int deleteoldrdn )
{
int rc;
@ -1017,7 +898,7 @@ domodrdn( char *dn, char *newrdn, int deleteoldrdn )
newrdn, deleteoldrdn ? "do not " : "" );
}
if ( !not ) {
if (( rc = ldap_modrdn2_s( ld, dn, newrdn, deleteoldrdn ))
if (( rc = ldap_rename2_s( ld, dn, newrdn, newsup, deleteoldrdn ))
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_modrdn" );
} else {
@ -1033,55 +914,6 @@ domodrdn( char *dn, char *newrdn, int deleteoldrdn )
}
static int
fromfile( char *path, struct berval *bv )
{
FILE *fp;
long rlen;
int eof;
if (( fp = fopen( path, "r" )) == NULL ) {
perror( path );
return( -1 );
}
if ( fseek( fp, 0L, SEEK_END ) != 0 ) {
perror( path );
fclose( fp );
return( -1 );
}
bv->bv_len = ftell( fp );
if (( bv->bv_val = (char *)ber_memalloc( bv->bv_len )) == NULL ) {
perror( "malloc" );
fclose( fp );
return( -1 );
}
if ( fseek( fp, 0L, SEEK_SET ) != 0 ) {
perror( path );
fclose( fp );
ber_memfree( bv->bv_val );
bv->bv_val = NULL;
return( -1 );
}
rlen = fread( bv->bv_val, 1, bv->bv_len, fp );
eof = feof( fp );
fclose( fp );
if ( (unsigned long) rlen != bv->bv_len ) {
perror( path );
ber_memfree( bv->bv_val );
bv->bv_val = NULL;
return( -1 );
}
return( bv->bv_len );
}
static char *
read_one_record( FILE *fp )
{

104
clients/tools/ldapmodify.dsw
View file

@ -1,104 +0,0 @@
Microsoft Developer Studio Workspace File, Format Version 5.00
# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
###############################################################################
Project: "ldapmodify"=.\ldapmodify.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
Begin Project Dependency
Project_Dep_Name liblber
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldap
End Project Dependency
Begin Project Dependency
Project_Dep_Name liblutil
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldif
End Project Dependency
}}}
###############################################################################
Project: "liblber"=..\..\libraries\liblber\liblber.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "libldap"=..\..\libraries\libldap\libldap.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
Begin Project Dependency
Project_Dep_Name liblber
End Project Dependency
}}}
###############################################################################
Project: "libldif"=..\..\libraries\libldif\libldif.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "liblutil"=..\..\libraries\liblutil\liblutil.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "setup"=..\..\include\setup.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Global:
Package=<5>
{{{
}}}
Package=<3>
{{{
}}}
###############################################################################

104
clients/tools/ldapmodrdn.c
View file

@ -28,7 +28,6 @@
#include <ac/string.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldap.h>
static char *binddn = NULL;
@ -64,6 +63,7 @@ usage( const char *s )
" from the file specified by \"-f file\" (see man page).\n"
"options:\n"
" -c\t\tcontinuous operation mode (do not stop on errors)\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
@ -76,7 +76,7 @@ usage( const char *s )
" -M\t\tenable Manage DSA IT control (-MM to make it critical)\n"
" -n\t\tshow what would be done but don't actually do it\n"
" -p port\t\tport on LDAP server\n"
" -P version\tprocotol version (2 or 3)\n"
" -P version\tprocotol version (default: 3)\n"
" -r\t\tremove old RDN\n"
" -s newsuperior\tnew superior entry\n"
" -U user\t\tSASL authentication identity (username)\n"
@ -85,7 +85,7 @@ usage( const char *s )
" -W\t\tprompt for bind passwd\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
@ -97,16 +97,18 @@ main(int argc, char **argv)
char *myname,*infile, *entrydn = NULL, *rdn = NULL, buf[ 4096 ];
FILE *fp;
int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit;
int referrals;
char *newSuperior=NULL;
infile = NULL;
not = contoper = verbose = remove = want_bindpw = debug = manageDSAit = 0;
not = contoper = verbose = remove = want_bindpw =
debug = manageDSAit = referrals = 0;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname;
while (( i = getopt( argc, argv, "cD:d:Ef:h:IKkMnP:p:rs:U:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "cCD:d:Ef:h:IKkMnP:p:rs:U:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
@ -127,6 +129,9 @@ main(int argc, char **argv)
case 'c': /* continuous operation mode */
++contoper;
break;
case 'C':
referrals++;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
@ -342,19 +347,25 @@ main(int argc, char **argv)
return( EXIT_FAILURE );
}
/* this seems prudent */
/* referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF, &deref);
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
if (version == -1 ) {
version = 3;
}
if (version != -1 &&
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
!= LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
@ -362,11 +373,12 @@ main(int argc, char **argv)
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( authmethod == LDAP_AUTH_SASL ) {
@ -433,7 +445,8 @@ main(int argc, char **argv)
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
@ -477,7 +490,9 @@ static int domodrdn(
char *newSuperior,
int remove ) /* flag: remove old RDN */
{
int i;
int rc, code, id;
char *matcheddn=NULL, *text=NULL, **refs=NULL;
LDAPMessage *res;
if ( verbose ) {
printf( "Renaming \"%s\"\n", dn );
@ -488,16 +503,51 @@ static int domodrdn(
}
}
if ( !not ) {
i = ldap_rename2_s( ld, dn, rdn, newSuperior, remove );
if ( i != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_rename2_s" );
} else if ( verbose ) {
printf( "modrdn complete\n" );
}
} else {
i = LDAP_SUCCESS;
}
if( not ) return LDAP_SUCCESS;
return( i );
rc = ldap_rename( ld, dn, rdn, newSuperior, remove,
NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_rename" );
return rc;
}
rc = ldap_result( ld, LDAP_RES_ANY, 0, NULL, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( refs );
return code;
}

104
clients/tools/ldappasswd.c
View file

@ -34,6 +34,7 @@ usage(const char *s)
" -a secret\told password\n"
" -A\t\tprompt for old password\n"
" -d level\tdebugging level\n"
" -C\t\tchase referrals\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
" -h host\t\tLDAP server (default: localhost)\n"
@ -49,7 +50,7 @@ usage(const char *s)
" -W\t\tprompt for bind password\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
@ -86,17 +87,21 @@ main( int argc, char *argv[] )
int sasl_privacy = 0;
#endif
int use_tls = 0;
int referrals = 0;
LDAP *ld;
struct berval *bv = NULL;
char *retoid;
struct berval *retdata;
int id, code;
LDAPMessage *res;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
char *retoid = NULL;
struct berval *retdata = NULL;
if (argc == 1)
usage (argv[0]);
while( (i = getopt( argc, argv,
"Aa:D:d:EIh:np:Ss:U:vWw:X:Y:Z" )) != EOF )
"Aa:CD:d:EIh:np:Ss:U:vWw:X:Y:Z" )) != EOF )
{
switch (i) {
case 'A': /* prompt for oldr password */
@ -113,6 +118,9 @@ main( int argc, char *argv[] )
}
}
break;
case 'C':
referrals++;
break;
case 'D': /* bind distinguished name */
binddn = strdup (optarg);
break;
@ -139,7 +147,6 @@ main( int argc, char *argv[] )
case 's': /* new password (secret) */
newpw = strdup (optarg);
{
char* p;
@ -249,7 +256,9 @@ main( int argc, char *argv[] )
newpw = strdup(getpassphrase("Old password: "));
ckoldpw = getpassphrase("Re-enter old password: ");
if( strncmp( oldpw, ckoldpw, strlen(oldpw) )) {
if( newpw== NULL || ckoldpw == NULL ||
strncmp( oldpw, ckoldpw, strlen(oldpw) ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
@ -261,7 +270,9 @@ main( int argc, char *argv[] )
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strncmp( newpw, cknewpw, strlen(newpw) )) {
if( newpw== NULL || cknewpw == NULL ||
strncmp( newpw, cknewpw, strlen(newpw) ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
@ -281,7 +292,7 @@ main( int argc, char *argv[] )
/* handle bind password */
fprintf( stderr, "Bind DN: %s\n", binddn );
passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
passwd.bv_len = strlen( passwd.bv_val );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( debug ) {
@ -303,8 +314,14 @@ main( int argc, char *argv[] )
return EXIT_FAILURE;
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
/* referrals */
if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
/* LDAPv3 only */
version = 3;
@ -312,6 +329,7 @@ main( int argc, char *argv[] )
if(rc != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
@ -319,6 +337,7 @@ main( int argc, char *argv[] )
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if ( authmethod == LDAP_AUTH_SASL ) {
@ -400,7 +419,7 @@ main( int argc, char *argv[] )
free(newpw);
}
ber_printf( ber, /*{*/ "}" );
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten( ber, &bv );
@ -413,13 +432,43 @@ main( int argc, char *argv[] )
ber_free( ber, 1 );
}
rc = ldap_extended_operation_s( ld,
if ( noupdates ) {
rc = LDAP_SUCCESS;
goto skip;
}
rc = ldap_extended_operation( ld,
LDAP_EXOP_X_MODIFY_PASSWD, bv,
NULL, NULL,
&retoid, &retdata );
NULL, NULL, &id );
ber_bvfree( bv );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_extended_operation" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
rc = ldap_result( ld, LDAP_RES_ANY, 0, NULL, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
if( retdata != NULL ) {
ber_tag_t tag;
char *s;
@ -444,15 +493,32 @@ main( int argc, char *argv[] )
ber_free( ber, 1 );
}
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_extended_operation" );
ldap_unbind( ld );
return EXIT_FAILURE;
if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ldap_memfree( retoid );
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( refs );
ber_memfree( retoid );
ber_bvfree( retdata );
skip:
/* disconnect from server */
ldap_unbind (ld);

710
clients/tools/ldapsearch.c
View file

@ -30,66 +30,59 @@
#include <ldap.h>
#include "ldif.h"
#include "lutil.h"
#include "ldap_defaults.h"
#undef DEPSEP
#define DEFSEP "="
static void
usage( const char *s )
{
fprintf( stderr,
"usage: %s [options] filter [attributes...]\nwhere:\n"
" filter\tRFC-1558 compliant LDAP search filter\n"
" attributes\twhitespace-separated list of attributes to retrieve\n"
"\t\t1.1 -- no attributes\n"
"\t\t* -- all user attributes\n"
"\t\t+ -- all operational attributes\n"
"\t\tempty list -- all non-operational attributes\n"
"usage: %s [options] [filter [attributes...]]\nwhere:\n"
"\tfilter\tRFC-2254 compliant LDAP search filter\n"
"\tattributes\twhitespace-separated list of attribute descriptions\n"
"\t which may include:\n"
"\t\t1.1 -- no attributes\n"
"\t\t* -- all user attributes\n"
"\t\t+ -- all operational attributes\n"
"options:\n"
" -a deref\tone of `never', `always', `search', or `find' (alias\n"
" \tdereferencing)\n"
" -A\t\tretrieve attribute names only (no values)\n"
" -b basedn\tbase dn for search\n"
" -B\t\tdo not suppress printing of binary values\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
" -f file\t\tperform sequence of searches listed in `file'\n"
" -F sep\t\tprint `sep' instead of `=' between attribute names and\n"
" \tvalues\n"
" -h host\t\tLDAP server\n"
" -I\t\trequest SASL integrity checking (-II to make it\n"
" \tcritical)\n"
" -k\t\tuse Kerberos authentication\n"
" -K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
" -l limit\ttime limit (in seconds) for search\n"
" -L\t\tprint entries in LDIF format (implies -B)\n"
" -LL\t\tprint entries in LDIF format without comments\n"
" -LLL\t\tprint entries in LDIF format without comments and\n"
" \tversion\n"
" -M\t\tenable Manage DSA IT control (-MM to make critical)\n"
" -n\t\tshow what would be done but don't actually search\n"
" -p port\t\tport on LDAP server\n"
" -P version\tprocotol version (2 or 3)\n"
" -R\t\tdo not automatically follow referrals\n"
" -s scope\tone of base, one, or sub (search scope)\n"
" -S attr\t\tsort the results by attribute `attr'\n"
" -t\t\twrite binary values to files in TMPDIR\n"
" -tt\t\twrite all values to files in TMPDIR\n"
" -T path\t\twrite files to directory specified by path (default:\n"
" \t\"/tmp\")\n"
" -u\t\tinclude User Friendly entry names in the output\n"
" -U user\t\tSASL authentication identity (username)\n"
" -v\t\trun in verbose mode (diagnostics to standard output)\n"
" -V prefix\tURL prefix for files (default: \"file://tmp/\")\n"
" -w passwd\tbind passwd (for simple authentication)\n"
" -W\t\tprompt for bind passwd\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
" -z limit\tsize limit (in entries) for search\n"
" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
, s );
"\t-a deref\tdereference aliases: never (default), always, search, or find\n"
"\t-A\t\tretrieve attribute names only (no values)\n"
"\t-b basedn\tbase dn for search\n"
"\t-d level\tset LDAP debugging level to `level'\n"
"\t-D binddn\tbind DN\n"
"\t-E\t\trequest SASL privacy (-EE to make it critical)\n"
"\t-f file\t\tperform sequence of searches listed in `file'\n"
"\t-h host\t\tLDAP server\n"
"\t-I\t\trequest SASL integrity checking (-II to make it\n"
"\t\t\tcritical)\n"
"\t-k\t\tuse Kerberos authentication\n"
"\t-K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
"\t-l limit\ttime limit (in seconds) for search\n"
"\t-L\t\tprint responses in LDIFv1 format\n"
"\t-LL\t\tprint responses in LDIF format without comments\n"
"\t-LLL\t\tprint responses in LDIF format without comments\n"
"\t\t\tand version\n"
"\t-M\t\tenable Manage DSA IT control (-MM to make critical)\n"
"\t-n\t\tshow what would be done but don't actually search\n"
"\t-p port\t\tport on LDAP server\n"
"\t-P version\tprocotol version (default: 3)\n"
"\t-s scope\tone of base, one, or sub (search scope)\n"
"\t-S attr\t\tsort the results by attribute `attr'\n"
"\t-t\t\twrite binary values to files in temporary directory\n"
"\t-tt\t\twrite all values to files in temporary directory\n"
"\t-T path\t\twrite files to directory specified by path (default:\n"
"\t\t\t\"" LDAP_TMPDIR "\")\n"
"\t-u\t\tinclude User Friendly entry names in the output\n"
"\t-U user\t\tSASL authentication identity (username)\n"
"\t-v\t\trun in verbose mode (diagnostics to standard output)\n"
"\t-V prefix\tURL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n"
"\t-w passwd\tbind passwd (for simple authentication)\n"
"\t-W\t\tprompt for bind passwd\n"
"\t-X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
"\t-Y mech\t\tSASL mechanism\n"
"\t-z limit\tsize limit (in entries) for search\n"
"\t-Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
}
@ -99,6 +92,26 @@ static void print_entry LDAP_P((
LDAPMessage *entry,
int attrsonly));
static void print_reference(
LDAP *ld,
LDAPMessage *reference );
static void print_extended(
LDAP *ld,
LDAPMessage *extended );
static void print_partial(
LDAP *ld,
LDAPMessage *partial );
static int print_result(
LDAP *ld,
LDAPMessage *result,
int search );
static void print_ctrls(
LDAPControl **ctrls );
static int write_ldif LDAP_P((
int type,
char *name,
@ -109,13 +122,14 @@ static int dosearch LDAP_P((
LDAP *ld,
char *base,
int scope,
char *filtpatt,
char *value,
char **attrs,
int attrsonly,
char *filtpatt,
char *value));
#define TMPDIR "/tmp"
#define URLPRE "file:/tmp/"
LDAPControl **sctrls,
LDAPControl **cctrls,
struct timeval *timelimit,
int sizelimit ));
static char *tmpdir = NULL;
static char *urlpre = NULL;
@ -133,15 +147,13 @@ static int sasl_integrity = 0;
static int sasl_privacy = 0;
#endif
static int use_tls = 0;
static char *sep = DEFSEP;
static char *sortattr = NULL;
static int skipsortattr = 0;
static int verbose, not, includeufn, binary, vals2tmp, ldif;
static int verbose, not, includeufn, vals2tmp, ldif;
int
main( int argc, char **argv )
{
char *infile, *filtpattern, **attrs, line[ BUFSIZ ];
char *infile, *filtpattern, **attrs, line[BUFSIZ];
FILE *fp = NULL;
int rc, i, first, scope, deref, attrsonly, manageDSAit;
int referrals, timelimit, sizelimit, debug;
@ -149,22 +161,19 @@ main( int argc, char **argv )
LDAP *ld;
infile = NULL;
debug = verbose = binary = not = vals2tmp =
debug = verbose = not = vals2tmp = referrals =
attrsonly = manageDSAit = ldif = want_bindpw = 0;
deref = sizelimit = timelimit = version = -1;
/* default should be off */
referrals = 1;
scope = LDAP_SCOPE_SUBTREE;
authmethod = LDAP_AUTH_SIMPLE;
while (( i = getopt( argc, argv,
"Aa:Bb:D:d:EF:f:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
"Aa:b:CD:d:Ef:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
{
switch( i ) {
case 'n': /* do Not do any searches */
case 'n': /* do nothing */
++not;
break;
case 'v': /* verbose mode */
@ -193,31 +202,31 @@ main( int argc, char **argv )
case 'u': /* include UFN */
++includeufn;
break;
case 't': /* write attribute values to /tmp files */
case 't': /* write attribute values to TMPDIR files */
++vals2tmp;
break;
case 'M':
/* enable Manage DSA IT */
manageDSAit++;
break;
case 'R': /* don't automatically chase referrals */
referrals = 0;
case 'C':
referrals++;
break;
case 'R': /* ignore */
break;
case 'A': /* retrieve attribute names only -- no values */
++attrsonly;
break;
case 'L': /* print entries in LDIF format */
++ldif;
/* fall through -- always allow binary when outputting LDIF */
case 'B': /* allow binary values to be printed */
++binary;
break;
case 's': /* search scope */
if ( strcasecmp( optarg, "base" ) == 0 ) {
scope = LDAP_SCOPE_BASE;
} else if ( strcasecmp( optarg, "one" ) == 0 ) {
} else if ( strncasecmp( optarg, "one", sizeof("one")-1 ) == 0 ) {
scope = LDAP_SCOPE_ONELEVEL;
} else if ( strcasecmp( optarg, "sub" ) == 0 ) {
} else if ( strncasecmp( optarg, "sub", sizeof("sub")-1 ) == 0 ) {
scope = LDAP_SCOPE_SUBTREE;
} else {
fprintf( stderr, "scope should be base, one, or sub\n" );
@ -228,9 +237,9 @@ main( int argc, char **argv )
case 'a': /* set alias deref option */
if ( strcasecmp( optarg, "never" ) == 0 ) {
deref = LDAP_DEREF_NEVER;
} else if ( strcasecmp( optarg, "search" ) == 0 ) {
} else if ( strncasecmp( optarg, "search", sizeof("search")-1 ) == 0 ) {
deref = LDAP_DEREF_SEARCHING;
} else if ( strcasecmp( optarg, "find" ) == 0 ) {
} else if ( strncasecmp( optarg, "find", sizeof("find")-1 ) == 0 ) {
deref = LDAP_DEREF_FINDING;
} else if ( strcasecmp( optarg, "always" ) == 0 ) {
deref = LDAP_DEREF_ALWAYS;
@ -240,24 +249,21 @@ main( int argc, char **argv )
}
break;
case 'T': /* field separator */
case 'T': /* tmpdir */
if( tmpdir ) free( tmpdir );
tmpdir = strdup( optarg );
break;
case 'V': /* field separator */
case 'V': /* uri prefix */
if( urlpre ) free( urlpre );
urlpre = strdup( optarg );
break;
case 'F': /* field separator */
sep = strdup( optarg );
break;
case 'f': /* input file */
infile = strdup( optarg );
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'b': /* searchbase */
case 'b': /* search base */
base = strdup( optarg );
break;
case 'D': /* bind DN */
@ -369,11 +375,6 @@ main( int argc, char **argv )
}
}
#ifdef LDAP_LDIF
/* no alternative format */
if( ldif < 1 ) ldif = 1;
#endif
if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
LDAP_AUTH_KRBV41 ) ) {
if( version > LDAP_VERSION2 ) {
@ -407,28 +408,15 @@ main( int argc, char **argv )
}
if ( argc - optind < 1 ) {
usage( argv[ 0 ] );
filtpattern = "(objectclass=*)";
} else {
filtpattern = strdup( argv[optind++] );
}
filtpattern = strdup( argv[ optind ] );
if ( argv[ optind + 1 ] == NULL ) {
if ( argv[optind] == NULL ) {
attrs = NULL;
} else if ( sortattr == NULL || *sortattr == '\0' ) {
attrs = &argv[ optind + 1 ];
} else {
for ( i = optind + 1; i < argc; i++ ) {
if ( strcasecmp( argv[ i ], sortattr ) == 0 ) {
break;
}
}
if ( i == argc ) {
skipsortattr = 1;
argv[ optind ] = sortattr;
} else {
optind++;
}
attrs = &argv[ optind ];
attrs = &argv[optind];
}
if ( infile != NULL ) {
@ -445,7 +433,7 @@ main( int argc, char **argv )
&& (tmpdir = getenv("TMP")) == NULL
&& (tmpdir = getenv("TEMP")) == NULL )
{
tmpdir = "/tmp";
tmpdir = LDAP_TMPDIR;
}
if( urlpre == NULL ) {
@ -485,48 +473,60 @@ main( int argc, char **argv )
if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
perror( "ldap_init" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
if (deref != -1 &&
ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
return EXIT_FAILURE;
}
if (timelimit != -1 &&
ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
return EXIT_FAILURE;
}
if (sizelimit != -1 &&
ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
return EXIT_FAILURE;
}
if (referrals != -1 &&
ldap_set_option( ld, LDAP_OPT_REFERRALS,
(referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS )
/* referrals */
if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version != -1 &&
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS )
if (version == -1 ) {
version = 3;
}
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
!= LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
if ( use_tls > 1 ) {
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( authmethod == LDAP_AUTH_SASL ) {
@ -569,8 +569,7 @@ main( int argc, char **argv )
argv[0] );
return( EXIT_FAILURE );
#endif
}
else {
} else {
if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
@ -593,7 +592,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
@ -601,7 +601,7 @@ main( int argc, char **argv )
}
if ( verbose ) {
fprintf( stderr, "filter%s: %s\nreturning: ",
fprintf( stderr, "filter%s: %s\nrequesting: ",
infile != NULL ? " pattern" : "",
filtpattern );
@ -615,42 +615,47 @@ main( int argc, char **argv )
fprintf( stderr, "\n" );
}
if ( ldif ) {
if (ldif < 3 ) {
printf( "version: 1\n\n");
}
if (ldif < 3 ) {
printf( "version: %d\n\n", ldif ? 1 : 2 );
}
if (ldif < 2 ) {
printf( "#\n# filter%s: %s\n# returning: ",
infile != NULL ? " pattern" : "",
filtpattern );
if (ldif < 2 ) {
printf( "#\n# filter%s: %s\n# requesting: ",
infile != NULL ? " pattern" : "",
filtpattern );
if ( attrs == NULL ) {
printf( "ALL" );
} else {
for ( i = 0; attrs[ i ] != NULL; ++i ) {
printf( "%s ", attrs[ i ] );
}
if ( attrs == NULL ) {
printf( "ALL" );
} else {
for ( i = 0; attrs[ i ] != NULL; ++i ) {
printf( "%s ", attrs[ i ] );
}
printf( "\n#\n\n" );
}
if ( manageDSAit ) {
printf("\n# with manageDSAit %scontrol",
manageDSAit > 1 ? "critical " : "" );
}
printf( "\n#\n\n" );
}
if ( infile == NULL ) {
rc = dosearch( ld, base, scope, attrs, attrsonly, NULL, filtpattern );
rc = dosearch( ld, base, scope, NULL, filtpattern,
attrs, attrsonly, NULL, NULL, NULL, -1 );
} else {
rc = 0;
first = 1;
while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) {
while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) {
line[ strlen( line ) - 1 ] = '\0';
if ( !first ) {
putchar( '\n' );
} else {
first = 0;
}
rc = dosearch( ld, base, scope, attrs, attrsonly,
filtpattern, line );
rc = dosearch( ld, base, scope, filtpattern, line,
attrs, attrsonly, NULL, NULL, NULL, -1 );
}
if ( fp != stdin ) {
fclose( fp );
@ -666,14 +671,24 @@ static int dosearch(
LDAP *ld,
char *base,
int scope,
char *filtpatt,
char *value,
char **attrs,
int attrsonly,
char *filtpatt,
char *value)
LDAPControl **sctrls,
LDAPControl **cctrls,
struct timeval *timelimit,
int sizelimit )
{
char filter[ BUFSIZ ];
int rc, first, matches;
LDAPMessage *res, *e;
int rc, first;
int nresponses;
int nentries;
int nreferences;
int nextended;
int npartial;
LDAPMessage *res, *msg;
ber_int_t msgid;
if( filtpatt != NULL ) {
sprintf( filter, filtpatt, value );
@ -682,7 +697,7 @@ static int dosearch(
fprintf( stderr, "filter is: (%s)\n", filter );
}
if( ldif == 1 ) {
if( ldif < 2 ) {
printf( "#\n# filter: %s\n#\n", filter );
}
@ -691,66 +706,86 @@ static int dosearch(
}
if ( not ) {
return( LDAP_SUCCESS );
return LDAP_SUCCESS;
}
if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) {
int ld_errno;
rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
sctrls, cctrls, timelimit, sizelimit, &msgid );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search" );
ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno);
return( ld_errno );
return( rc );
}
matches = 0;
first = 1;
res = NULL;
while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res ))
== LDAP_RES_SEARCH_ENTRY ) {
matches++;
e = ldap_first_entry( ld, res );
if ( !first ) {
putchar( '\n' );
} else {
first = 0;
}
print_entry( ld, e, attrsonly );
ldap_msgfree( res );
nresponses = nentries = nreferences = nextended = npartial = 0;
res = NULL;
while ((rc = ldap_result( ld, LDAP_RES_ANY,
sortattr ? 1 : 0, NULL, &res )) > 0 )
{
if( sortattr ) {
(void) ldap_sort_entries( ld, &res,
( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
}
for ( msg = ldap_first_message( ld, res );
msg != NULL;
msg = ldap_next_message( ld, msg ) )
{
if( nresponses++ ) putchar('\n');
switch( ldap_msgtype( msg ) ) {
case LDAP_RES_SEARCH_ENTRY:
nentries++;
print_entry( ld, msg, attrsonly );
break;
case LDAP_RES_SEARCH_REFERENCE:
nreferences++;
print_reference( ld, msg );
break;
case LDAP_RES_EXTENDED:
nextended++;
print_extended( ld, msg );
if( ldap_msgid( msg ) == 0 ) {
/* unsolicited extended operation */
goto done;
}
break;
case LDAP_RES_EXTENDED_PARTIAL:
npartial++;
print_partial( ld, msg );
break;
case LDAP_RES_SEARCH_RESULT:
rc = print_result( ld, msg, 1 );
goto done;
}
}
ldap_msgfree( res );
}
if ( rc == -1 ) {
ldap_perror( ld, "ldap_result" );
return( rc );
}
if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search" );
}
if ( sortattr != NULL ) {
(void) ldap_sort_entries( ld, &res,
( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
matches = 0;
first = 1;
for ( e = ldap_first_entry( ld, res ); e != NULL;
e = ldap_next_entry( ld, e ) ) {
matches++;
if ( !first ) {
putchar( '\n' );
} else {
first = 0;
}
print_entry( ld, e, attrsonly );
}
ldap_perror( ld, "ldap_result" );
return( rc );
}
if ( verbose ) {
printf( "%d matches\n", matches );
done:
if ( ldif < 2 ) {
printf( "\n# numResponses: %d\n", nresponses );
if( nentries ) printf( "# numEntries: %d\n", nentries );
if( nextended ) printf( "# numExtended: %d\n", nextended );
if( npartial ) printf( "# numPartial: %d\n", npartial );
if( nreferences ) printf( "# numReferences: %d\n", nreferences );
}
ldap_msgfree( res );
return( rc );
}
static void
print_entry(
LDAP *ld,
@ -760,33 +795,39 @@ print_entry(
char *a, *dn, *ufn;
char tmpfname[ 256 ];
char url[ 256 ];
int i;
int i, rc;
BerElement *ber = NULL;
struct berval **bvals;
LDAPControl **ctrls = NULL;
FILE *tmpfp;
dn = ldap_get_dn( ld, entry );
ufn = NULL;
if ( ldif == 1 ) {
if ( ldif < 2 ) {
ufn = ldap_dn2ufn( dn );
write_ldif( LDIF_PUT_COMMENT, NULL, ufn, strlen( ufn ));
write_ldif( LDIF_PUT_COMMENT, NULL, ufn, ufn ? strlen( ufn ) : 0 );
}
if ( ldif ) {
write_ldif( LDIF_PUT_VALUE, "dn", dn, strlen( dn ));
} else {
printf( "%s\n", dn );
write_ldif( LDIF_PUT_VALUE, "dn", dn, dn ? strlen( dn ) : 0);
rc = ldap_get_entry_controls( ld, entry, &ctrls );
if( rc != LDAP_SUCCESS ) {
fprintf(stderr, "print_entry: %d\n", rc );
ldap_perror( ld, "ldap_get_entry_controls" );
exit( EXIT_FAILURE );
}
if( ctrls ) {
print_ctrls( ctrls );
ldap_controls_free( ctrls );
}
if ( includeufn ) {
if( ufn == NULL ) {
ufn = ldap_dn2ufn( dn );
}
if ( ldif ) {
write_ldif( LDIF_PUT_VALUE, "ufn", ufn, strlen( ufn ));
} else {
printf( "%s\n", ufn );
}
write_ldif( LDIF_PUT_VALUE, "ufn", ufn, ufn ? strlen( ufn ) : 0 );
}
if( ufn != NULL ) ldap_memfree( ufn );
@ -795,16 +836,8 @@ print_entry(
for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL;
a = ldap_next_attribute( ld, entry, ber ) )
{
if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) {
continue;
}
if ( attrsonly ) {
if ( ldif ) {
write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 );
} else {
printf( "%s\n", a );
}
write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 );
} else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) {
for ( i = 0; bvals[i] != NULL; i++ ) {
@ -845,25 +878,11 @@ print_entry(
sprintf( url, "%s%s", urlpre,
&tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] );
if ( ldif ) {
write_ldif( LDIF_PUT_URL, a, url, strlen( url ));
} else {
printf( "%s%s%s\n", a, sep, url );
}
write_ldif( LDIF_PUT_URL, a, url, strlen( url ));
} else {
if ( ldif ) {
write_ldif( LDIF_PUT_VALUE, a,
bvals[ i ]->bv_val, bvals[ i ]->bv_len );
} else {
int notprint = !binary && !vals2tmp
&& ldif_is_not_printable( bvals[i]->bv_val,
bvals[i]->bv_len );
printf( "%s%s", a, sep );
puts( notprint ? "NOT PRINTABLE" : bvals[ i ]->bv_val );
}
write_ldif( LDIF_PUT_VALUE, a,
bvals[ i ]->bv_val, bvals[ i ]->bv_len );
}
}
ber_bvecfree( bvals );
@ -875,6 +894,241 @@ print_entry(
}
}
static void print_reference(
LDAP *ld,
LDAPMessage *reference )
{
int rc;
char **refs = NULL;
LDAPControl **ctrls;
if( ldif < 2 ) {
printf("# search reference\n");
}
rc = ldap_parse_reference( ld, reference, &refs, &ctrls, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_reference");
exit( EXIT_FAILURE );
}
if( refs ) {
int i;
for( i=0; refs[i] != NULL; i++ ) {
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"ref", refs[i], strlen(refs[i]) );
}
ber_memvfree( (void **) refs );
}
if( ctrls ) {
print_ctrls( ctrls );
ldap_controls_free( ctrls );
}
}
static void print_extended(
LDAP *ld,
LDAPMessage *extended )
{
int rc;
char *retoid = NULL;
struct berval *retdata = NULL;
if( ldif < 2 ) {
printf("# extended result response\n");
}
rc = ldap_parse_extended_result( ld, extended,
&retoid, &retdata, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_extended_result");
exit( EXIT_FAILURE );
}
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"extended", retoid, retoid ? strlen(retoid) : 0 );
ber_memfree( retoid );
if(retdata) {
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
"data", retdata->bv_val, retdata->bv_len );
ber_bvfree( retdata );
}
print_result( ld, extended, 0 );
}
static void print_partial(
LDAP *ld,
LDAPMessage *partial )
{
int rc;
char *retoid = NULL;
struct berval *retdata = NULL;
LDAPControl **ctrls = NULL;
if( ldif < 2 ) {
printf("# extended partial response\n");
}
rc = ldap_parse_extended_partial( ld, partial,
&retoid, &retdata, &ctrls, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_extended_partial");
exit( EXIT_FAILURE );
}
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"partial", retoid, retoid ? strlen(retoid) : 0 );
ber_memfree( retoid );
if( retdata ) {
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
"data",
retdata->bv_val, retdata->bv_len );
ber_bvfree( retdata );
}
if( ctrls ) {
print_ctrls( ctrls );
ldap_controls_free( ctrls );
}
}
static int print_result(
LDAP *ld,
LDAPMessage *result, int search )
{
char rst[BUFSIZ];
int rc;
int err;
char *matcheddn = NULL;
char *text = NULL;
char **refs = NULL;
LDAPControl **ctrls = NULL;
if( search ) {
if ( ldif < 2 ) {
printf("# search result\n");
}
if ( ldif < 1 ) {
printf("%s: %d\n", "search", ldap_msgid(result) );
}
}
rc = ldap_parse_result( ld, result,
&err, &matcheddn, &text, &refs, &ctrls, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_result");
exit( EXIT_FAILURE );
}
if( !ldif ) {
printf( "result: %d %s\n", err, ldap_err2string(err) );
} else if ( err != LDAP_SUCCESS ) {
fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );
}
if( matcheddn && *matcheddn ) {
if( !ldif ) {
write_ldif( LDIF_PUT_VALUE,
"matchedDN", matcheddn, strlen(matcheddn) );
} else {
fprintf( stderr, "Matched DN: %s\n", matcheddn );
}
ber_memfree( matcheddn );
}
if( text && *text ) {
if( !ldif ) {
write_ldif( LDIF_PUT_TEXT, "text",
text, strlen(text) );
} else {
fprintf( stderr, "Additional information: %s\n", text );
}
ber_memfree( text );
}
if( refs ) {
int i;
for( i=0; refs[i] != NULL; i++ ) {
if( !ldif ) {
write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) );
} else {
fprintf( stderr, "Referral: %s", refs[i] );
}
}
ber_memvfree( (void **) refs );
}
if( ctrls ) {
print_ctrls( ctrls );
ldap_controls_free( ctrls );
}
return err;
}
void print_ctrls( LDAPControl **ctrls ) {
int i;
for(i=0; ctrls[i] != NULL; i++ ) {
/* control: OID criticality base64value */
struct berval *b64 = NULL;
ber_len_t len;
char *str;
len = strlen( ctrls[i]->ldctl_oid );
/* add enough for space after OID and the critical value itself */
len += ctrls[i]->ldctl_iscritical
? sizeof("true") : sizeof("false");
/* convert to base64 */
if( ctrls[i]->ldctl_value.bv_len ) {
b64 = ber_memalloc( sizeof(struct berval) );
b64->bv_len = LUTIL_BASE64_ENCODE_LEN(
ctrls[i]->ldctl_value.bv_len ) + 1;
b64->bv_val = ber_memalloc( b64->bv_len + 1 );
b64->bv_len = lutil_b64_ntop(
ctrls[i]->ldctl_value.bv_val, ctrls[i]->ldctl_value.bv_len,
b64->bv_val, b64->bv_len );
}
if( b64 ) {
len += 1 + b64->bv_len;
}
str = malloc( len + 1 );
strcpy( str, ctrls[i]->ldctl_oid );
strcat( str, ctrls[i]->ldctl_iscritical
? " true" : " false" );
if( b64 ) {
strcat(str, " ");
strcat(str, b64->bv_val );
}
write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"control", str, len );
free( str );
ber_bvfree( b64 );
}
}
static int
write_ldif( int type, char *name, char *value, ber_len_t vallen )

101
clients/tools/ldapsearch.dsw
View file

@ -1,101 +0,0 @@
Microsoft Developer Studio Workspace File, Format Version 5.00
# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
###############################################################################
Project: "ldapsearch"=.\ldapsearch.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
Begin Project Dependency
Project_Dep_Name liblber
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldap
End Project Dependency
Begin Project Dependency
Project_Dep_Name libldif
End Project Dependency
Begin Project Dependency
Project_Dep_Name liblutil
End Project Dependency
}}}
###############################################################################
Project: "liblber"=..\..\libraries\liblber\liblber.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "libldap"=..\..\libraries\libldap\libldap.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "libldif"=..\..\libraries\libldif\libldif.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "liblutil"=..\..\libraries\liblutil\liblutil.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Project: "setup"=..\..\include\setup.dsp - Package Owner=<4>
Package=<5>
{{{
}}}
Package=<4>
{{{
}}}
###############################################################################
Global:
Package=<5>
{{{
}}}
Package=<3>
{{{
}}}
###############################################################################

2
clients/ud/Makefile.in
View file

@ -11,7 +11,7 @@ PROGRAMS= ud
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
NT_DYN_DEFS = -DLIBLBER_DECL=dllimport -DLIBLDAP_DECL=dllimport
NT_DYN_DEFS = -DLBER_DECL=dllimport -DLDAP_DECL=dllimport
CPPFLAGS = $(@PLAT@_@LIB_LINKAGE@_DEFS)
XLIBS = -llutil -lldif -lldap -llber

3
clients/ud/auth.c
View file

@ -31,7 +31,6 @@
#include <pwd.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "ldap_defaults.h"
@ -164,7 +163,7 @@ auth( char *who, int implicit )
/* if we're running as a server (e.g., out of inetd) */
if ( ! isatty( 1 ) ) {
strcpy( tktpath, "/tmp/ud_tktXXXXXX" );
strcpy( tktpath, LDAP_TMPDIR LDAP_DEFSEP "ud_tktXXXXXX" );
mktemp( tktpath );
krb_set_tkt_string( tktpath );
}

1
clients/ud/edit.c
View file

@ -46,7 +46,6 @@
#include <io.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "ldap_defaults.h"

1
clients/ud/find.c
View file

@ -25,7 +25,6 @@
#include <ac/string.h>
#include <ac/time.h>
#include <lber.h>
#include <ldap.h>
#include "ud.h"

1
clients/ud/group.c
View file

@ -29,7 +29,6 @@
#include <io.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "ldap_defaults.h"

1
clients/ud/help.c
View file

@ -23,7 +23,6 @@
#include <ac/string.h>
#include <ac/time.h>
#include <lber.h>
#include <ldap.h>
#include "ud.h"

1
clients/ud/main.c
View file

@ -44,7 +44,6 @@
#include <sys/file.h>
#endif
#include <lber.h>
#include <ldap.h>
#include "ldap_defaults.h"

1
clients/ud/mod.c
View file

@ -25,7 +25,6 @@
#include <ac/string.h>
#include <ac/time.h>
#include <lber.h>
#include <ldap.h>
#include "ud.h"

1
clients/ud/print.c
View file

@ -23,7 +23,6 @@
#include <ac/string.h>
#include <ac/time.h>
#include <lber.h>
#include <ldap.h>
#include "ud.h"

1
clients/ud/util.c
View file

@ -29,7 +29,6 @@
#include <ac/time.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldap.h>
#include "ldap_defaults.h"

1411
configure vendored
View file

File diff suppressed because it is too large Load diff

25
configure.in
View file

@ -23,7 +23,7 @@ define([AC_INIT_BINSH],
# in file LICENSE in the top-level directory of the distribution.
echo "Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved."
echo "Copying restrictions apply, see COPYRIGHT file."
echo "Restrictions apply, see COPYRIGHT and LICENSE files."
])dnl
dnl ----------------------------------------------------------------
dnl Disable config.cache!
@ -146,7 +146,6 @@ OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verific
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
OL_ARG_ENABLE(multimaster,[ --enable-multimaster enable multimaster replication], no)dnl
OL_ARG_ENABLE(phonetic,[ --enable-phonetic enable phonetic/soundex], no)dnl
OL_ARG_ENABLE(quipu,[ --enable-quipu build quipu migration tools], no)dnl
OL_ARG_ENABLE(rlookups,[ --enable-rlookups enable reverse lookups], auto)dnl
OL_ARG_ENABLE(aci,[ --enable-aci enable per-object ACIs], no)dnl
OL_ARG_ENABLE(wrappers,[ --enable-wrappers enable tcp wrapper support], no)dnl
@ -217,9 +216,6 @@ if test $ol_enable_slapd = no ; then
if test $ol_enable_phonetic = yes ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-phonetic argument])
fi
if test $ol_enable_quipu = yes ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-quipu argument])
fi
if test $ol_enable_rlookups = yes ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-rlookups argument])
fi
@ -261,7 +257,6 @@ if test $ol_enable_slapd = no ; then
ol_enable_modules=no
ol_enable_multimaster=no
ol_enable_phonetic=no
ol_enable_quipu=no
ol_enable_rlookups=no
ol_enable_aci=no
ol_enable_wrappers=no
@ -357,14 +352,12 @@ LDBM_LIBS=
LTHREAD_LIBS=
LUTIL_LIBS=
QUIPU_LIBS=
SLAPD_LIBS=
SLURPD_LIBS=
BUILD_SLAPD=no
BUILD_SLURPD=no
BUILD_QUIPU=no
BUILD_THREAD=no
BUILD_DNSSRV=no
@ -738,20 +731,6 @@ if test "$ol_enable_dnssrv" = yes -a "$ol_link_dnssrv" = no ; then
AC_MSG_ERROR([DNSSRV requires res_query()])
fi
dnl ----------------------------------------------------------------
dnl QUIPU
if test $ol_enable_quipu != no ; then
AC_CHECK_HEADERS(quipu/commonarg.h)
if test $ac_cv_header_quipu_commonarg_h = yes ; then
BUILD_QUIPU=yes
elif test $ol_enable_quipu = auto ; then
AC_MSG_WARN([no quipu for --enable-quipu=auto, disabling])
else
AC_MSG_ERROR(no quipu for --enable-quipu=$ol_enable_quipu)
fi
fi
dnl ----------------------------------------------------------------
dnl Kerberos
ol_link_kbind=no
@ -2171,7 +2150,6 @@ AC_SUBST(BUILD_SLAPD)
AC_SUBST(BUILD_LDAP)
AC_SUBST(BUILD_LDBM)
AC_SUBST(BUILD_PASSWD)
AC_SUBST(BUILD_QUIPU)
AC_SUBST(BUILD_SHELL)
AC_SUBST(BUILD_DNSSRV_DYNAMIC)
AC_SUBST(BUILD_LDAP_DYNAMIC)
@ -2183,7 +2161,6 @@ AC_SUBST(BUILD_SLURPD)
AC_SUBST(LDAP_LIBS)
AC_SUBST(LDIF_LIBS)
AC_SUBST(SLAPD_LIBS)
AC_SUBST(QUIPU_LIBS)
AC_SUBST(SLURPD_LIBS)
AC_SUBST(LDBM_LIBS)
AC_SUBST(LTHREAD_LIBS)

7
contrib/README
View file

@ -22,6 +22,11 @@ Current contributions:
Contributed by Eric Rosenquist. See saucer/README
and its man page for more information.
tweb
HTTP gateway derived from web500gw. Contributed
by the Universitaet Tuebingen, GERMANY. See
tweb/README for more information.
web_ldap
web frontend (in C) from Jens Moller
@ -37,3 +42,5 @@ Current contributions:
Please submit your contributions using the OpenLDAP Issue
Tracking System <http://www.openldap.org/>.
$OpenLDAP$

20
contrib/ldaptcl/ldaperr.tcl
View file

@ -10,18 +10,34 @@ proc genstrings {path} {
puts "/* This file automatically generated, hand edit at your own risk! */"
puts -nonewline "char *ldaptclerrorcode\[\] = {
NULL"
set lasterr 0
while {[gets $fp line] != -1} {
#puts stderr $line
if {[clength $line] == 0 || [ctype space $line]} continue
if {![string match #define* $line]} break
if {![string match "#define LDAP_*" $line]} continue
if {[string match "*LDAP_RANGE*" $line]} continue
lassign $line define macro value
set ldap_errcode($macro) $value
}
foreach i [array names ldap_errcode] {
set value $ldap_errcode($i)
#puts stderr "checking $value"
if [regexp {^[A-Z_]} $value] {
if [info exists ldap_errcode($value)] {
set value $ldap_errcode($value)
set ldap_errcode($i) $value
}
}
set ldap_errname($value) $i
}
set lasterr 0
foreach value [lsort -integer [array names ldap_errname]] {
incr lasterr
while {$lasterr < $value} {
puts -nonewline ",\n\tNULL"
incr lasterr
}
puts -nonewline ",\n\t\"$macro\""
puts -nonewline ",\n\t\"$ldap_errname($value)\""
}
puts "\n};"
puts "#define LDAPTCL_MAXERR\t$value"

37
contrib/ldaptcl/neoXldap.c
View file

@ -797,7 +797,7 @@ NeoX_LdapTargetObjCmd (clientData, interp, objc, objv)
deref = LDAP_DEREF_NEVER;
else if (STREQU(derefString, "search"))
deref = LDAP_DEREF_SEARCHING;
else if (STREQU(derefString, "find") == 0)
else if (STREQU(derefString, "find"))
deref = LDAP_DEREF_FINDING;
else if (STREQU(derefString, "always"))
deref = LDAP_DEREF_ALWAYS;
@ -886,6 +886,9 @@ NeoX_LdapTargetObjCmd (clientData, interp, objc, objv)
ldap_disable_cache(ldap);
}
#endif
ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
tclResult = LDAP_PerformSearch (interp,
ldaptcl,
baseString,
@ -907,10 +910,42 @@ NeoX_LdapTargetObjCmd (clientData, interp, objc, objv)
else
ldap_enable_cache(ldap, ldaptcl->timeout, ldaptcl->maxmem);
}
deref = LDAP_DEREF_NEVER;
ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
#endif
return tclResult;
}
/* object compare dn attr value */
if (STREQU (subCommand, "compare")) {
char *dn;
char *attr;
char *value;
int result;
int lderrno;
if (objc != 5)
return TclX_WrongArgs (interp,
objv [0],
"compare dn attribute value");
dn = Tcl_GetStringFromObj (objv[2], NULL);
attr = Tcl_GetStringFromObj (objv[3], NULL);
value = Tcl_GetStringFromObj (objv[4], NULL);
result = ldap_compare_s (ldap, dn, attr, value);
if (result == LDAP_COMPARE_TRUE || result == LDAP_COMPARE_FALSE) {
Tcl_SetIntObj(resultObj, result == LDAP_COMPARE_TRUE);
return TCL_OK;
}
LDAP_SetErrorCode(ldaptcl, result, interp);
Tcl_AppendStringsToObj (resultObj,
"LDAP compare error: ",
LDAP_ERR_STRING(ldap),
(char *)NULL);
return TCL_ERROR;
}
#if defined(UMICH_LDAP) || (defined(OPEN_LDAP) && !defined(LDAP_API_VERSION))
if (STREQU (subCommand, "cache")) {
char *cacheCommand;

10
doc/drafts/README
View file

@ -7,10 +7,12 @@ and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
OpenLDAP maintains copies of drafts for which we have and/or
are planning "experimental" implementations of. The I-D
found in this directory may be stale, expired, or otherwise
out of date.
OpenLDAP maintains copies of drafts for which we find interesting.
It existance does not necessarily imply any support or any plans to
support for the I-D. The I-D found in this directory may be stale,
expired, or otherwise out of date.
Please refer to http://www.ietf.org/ for latest revisions (and
status).
$OpenLDAP$

412
doc/drafts/draft-ietf-ldapext-ldapv3-dupent-xx.txt Normal file
View file

@ -0,0 +1,412 @@
LDAPEXT Working Group J. Sermersheim
Internet Draft Novell, Inc
Document: draft-ietf-ldapext-ldapv3-dupent-03.txt March 2000
Category: Proposed Standard
LDAP Control for a Duplicate Entry Representation of Search Results
1. Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 [1].
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet- Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
2. Abstract
This document describes a Duplicate Entry Representation control
extension for the LDAP Search operation. By using the control with
an LDAP search, a client requests that the server return separate
entries for each value held in the specified attributes. For
instance, if a specified attribute of an entry holds multiple
values, the search operation will return multiple instances of that
entry, each instance holding a separate single value in that
attribute.
3. Overview
The Server-Side Sorting control [SSS] allows the server to order
search result entries based on attribute values (sort keys). It
does not allow one to specify behavior when an attribute contains
multiple values. The default behavior, as outlined in 7.9 of
[X.511], is to use the smallest value as the sort key.
An application may need to produce an ordered list of entries,
sorted by a multi-valued attribute, where each attribute value is
represented in the list. In order to do this, a separate control is
needed which causes the set of entries to be expanded sufficiently
to represent each attribute value prior to sorting.
Sermersheim Standards Track - Expires Sep 2000 Page 1
LDAP Control for a Duplicate Entry Representation of Search Results
This document describes controls, which allow duplicate entries in
the result set of search, where each entry represents a distinct
value of a given multiple valued attribute.
An example of this would be a sorted list of all telephone numbers
in an organization. Because any entry may have multiple telephone
numbers, and the list is to be sorted by telephone number, the list
must be able to contain duplicate entries, each with its own unique
telephone number.
Another example would be an application that needs to display an
ordered list of all members of a group. It would use this control
to create a result set of duplicate groupOfNames entries, each with
a single, unique value in its member attribute.
The key words "MUST", "SHOULD", and "MAY" used in this document
carry the meanings described in [Bradner97].
4. The Controls
Support for the controls is advertised by the presence of their OID
in the supportedControl attribute of a server's root DSE. The OID
for the request control is "2.16.840.1.113719.1.27.101.1" and the
OID for the response control is "2.16.840.1.113719.1.27.101.2".
4.1 Request Control
This control is included in the searchRequest message as part of the
controls field of the LDAPMessage, as defined in Section 4.1.12 of
[LDAPv3].
The controlType is set to "2.16.840.1.113719.1.27.101.1". The
criticality MAY be set to either TRUE or FALSE. The controlValue is
an OCTET STRING, whose value is the BER encoding of the following
type:
DuplicateEntryRequest ::= AttributeDescriptionList
The "AttributeDescriptionList" data type is described in 4.1.5 of
[LDAPv3] and describes a list of 0 or more AttributeDescription
types as also described in 4.1.5 of [LDAPv3]. Both definitions are
repeated here for convenience:
AttributeDescriptionList ::= SEQUENCE OF
AttributeDescription
AttributeDescription ::= <AttributeType> [ ";" <options> ]
While processing a search request, a server implementation examines
this list. If a specified attribute exists in an entry to be
returned by search, one instance of that entry per attribute value
is returned. In this case, the specified attribute in each entry
Sermersheim Standards Track - Expires Sep 2000 Page 2
LDAP Control for a Duplicate Entry Representation of Search Results
holds a single, unique value from the original set of values of that
attribute.
An AttributeDescription should only occur once in the list. If an
AttributeDescription is included in the DuplicateEntryRequest
multiple times, the server should return an unwillingToPerform error
in the DuplicateEntryResponse.
When two or more attribute types are specified by this control, the
number of duplicate entries is the combination of all values in each
attribute. Because of the potential complexity involved in servicing
multiple attribute types, server implementations MAY choose to
support a limited number of attribute types in the control.
There is a special case where either no attributes are specified, or
an attribute description value of "*" is specified. In this case,
all attributes are used. (The "*" allows the client to request all
user attributes in addition to specific operational attributes).
4.2 Response Control
This control is included in the searchResultDone message as part of
the controls field of the LDAPMessage, as defined in Section 4.1.12
of [LDAPv3].
The controlType is set to "2.16.840.1.113719.1.27.101.2". The
criticality is FALSE (MAY be absent). The controlValue is an OCTET
STRING, whose value is the BER encoding of the following SEQUENCE:
DuplicateEntryResponse ::= SEQUENCE {
result ENUMERATED {
success (0),
operations error (1), -- server internal failure
timeLimitExceeded (3), -- time limit reached before
-- attribute values could be
-- processed
sizeLimitExceeded (4), -- size limit reached as a
-- result of this control
adminLimitExceeded (11), -- result set too large for
-- server to handle
noSuchAttribute (16), -- unrecognized attribute
-- description
busy (51),
unwillingToPerform (53),
other (80) },
attributeType AttributeDescription OPTIONAL }
A result field is provided here to allow feedback in the case where
the criticality of the request control is FALSE, and the server
could not process the control - yet it could complete the search
operation successfully. If the request control's criticality is
TRUE, and the server cannot process the control, the resultCode of
the LDAPResult is used to report the error.
Sermersheim Standards Track - Expires Sep 2000 Page 3
LDAP Control for a Duplicate Entry Representation of Search Results
attributeType MAY be set to the value of the first attribute type
specified by the DuplicateEntryRequest that was in error. The
client MUST ignore the attributeType field if the result is success.
5. Protocol Examples
5.1 Simple example
This example will show this control being used to produce a list of
all telephone numbers in the "Acting" organizational unit of "Looney
Tunes". Let's say the following three entries exist in this
organization;
dn: cn=Bugs Bunny,ou=Acting,o=Looney Tunes
telephoneNumber: 555-0123
dn: cn=Daffy Duck,ou=Acting,o=Looney Tunes
telephoneNumber: 555-8854
telephoneNumber: 555-4588
telephoneNumber: 555-5884
dn: cn=Porky Pig,ou=Acting,o=Looney Tunes
telephoneNumber: 555-9425
telephoneNumber: 555-7992
First an LDAP search is specified with a baseDN of "ou=Acting,
o=Looney Tunes ", subtree scope, filter set to "telephoneNumber=*".
A DuplicateEntryRequest control is attached to the search,
specifying "telephoneNumber" as the attribute description, and the
search request is sent to the server.
The set of search results returned by the server would then consist
of the following entries:
dn: cn=Bugs Bunny,ou=Acting,o=Looney Tunes
telephoneNumber: 555-0123
dn: cn=Daffy Duck,ou=Acting,o=Looney Tunes
telephoneNumber: 555-8854
dn: cn=Daffy Duck,ou=Acting,o=Looney Tunes
telephoneNumber: 555-4588
dn: cn=Daffy Duck,ou=Acting,o=Looney Tunes
telephoneNumber: 555-5884
dn: cn=Porky Pig,ou=Acting,o=Looney Tunes
telephoneNumber: 555-9425
dn: cn=Porky Pig,ou=Acting,o=Looney Tunes
telephoneNumber: 555-7992
Sermersheim Standards Track - Expires Sep 2000 Page 4
LDAP Control for a Duplicate Entry Representation of Search Results
Note that it is not necessary to use an attribute type in this
control that is specified in the search filter. This example only
does so, because the result was to obtain a list of telephone
numbers.
5.2 Specifying multiple attributes
A more complicated example involving multiple attributes will result
in more entries. If we assume these entries in the directory:
dn: cn=Bugs Bunny,ou=Acting,o=Looney Tunes
givenName: Bugs
mail: bbunny@looneytunes.com
dn: cn=Elmer Fudd,ou=Acting,o=Looney Tunes
givenName: Elmer
givenName: Doc
mail: efudd@looneytunes.com
mail: bunnyhunter@nra.org
And both "mail" and "givenName" are specified as attribute types in
this control, the resulting set of entries would be this:
dn: cn=Bugs Bunny,ou=Acting,o=Looney Tunes
givenName: Bugs
mail: bbunny@looneytunes.com
dn: cn=Elmer Fudd,ou=Acting,o=Looney Tunes
givenName: Elmer
mail: efudd@looneytunes.com
dn: cn=Elmer Fudd,ou=Acting,o=Looney Tunes
givenName: Elmer
mail: bunnyhunter@nra.org
dn: cn=Elmer Fudd,ou=Acting,o=Looney Tunes
givenName: Doc
mail: efudd@looneytunes.com
dn: cn=Elmer Fudd,ou=Acting,o=Looney Tunes
givenName: Doc
mail: bunnyhunter@nra.org
5.3 Listing the members of a groupOfNames
This example shows how the controls can be used to turn a single
groupOfNames entry into multiple duplicate entries. LetÆs say this
is our groupOfNames entry:
dn: cn=Administrators,o=acme
cn: Administrators
member: cn=aBaker,o=acme
member: cn=cDavis,o=acme
Sermersheim Standards Track - Expires Sep 2000 Page 5
LDAP Control for a Duplicate Entry Representation of Search Results
member: cn=bChilds,o=acme
member: cn=dEvans,o=acme
We could set our search base to "cn=Administrators,o=acme", filter
to "objectClass=*", use an object scope (to restrict it to this
entry) and send the duplicateEntryRequest control with "member" as
its attribute value. The resulting set would look like this:
dn: cn=Administrators,o=acme
member: cn=aBaker,o=acme
dn: cn=Administrators,o=acme
member: cn=cDavis,o=acme
dn: cn=Administrators,o=acme
member: cn=bChilds,o=acme
dn: cn=Administrators,o=acme
member: cn=dEvans,o=acme
This list can then be sorted by member and displayed (also by
member) in a list.
6 Relationship to other controls
This control is intended (but not limited) to be used with the
Server Side Sorting control [SSS]. By pairing this control with the
Server Side Sorting control, One can produce a set of entries,
sorted by attribute values, where each attribute value is
represented in the sorted set. Server implementations should ensure
that this control is processed before sorting the result of a
search, as this control alters the result set of search.
This control may also be used with the Virtual List View [VLV]
control (which has a dependency on the Server Side Sort control).
The nature of the dependency between the VLV control and the Sort
control is such that the Sorting takes place first. Because the sort
happens first, and because this control is processed before the sort
control, the impact of this control on the VLV control is minimal.
Some server implementations may need to carefully consider how to
handle the typedown functionality of the VLV control when paired
with this control. The details of this are heavily implementation
dependent and are beyond the scope of this document.
7. Notes for Implementers
Both client and server implementations should be aware that using
this control could potentially result in a very large set of search
results. Servers MAY return an adminLimitExceeded result in the
response control due to inordinate consumption of resources. This
may be due to some a priori knowledge such as a server restriction
of the number of attribute types in the request control that it's
Sermersheim Standards Track - Expires Sep 2000 Page 6
LDAP Control for a Duplicate Entry Representation of Search Results
willing to service, or it may be due to the server attempting to
service the control and running out of resources.
Client implementations must be aware that search entries returned,
when using this control will contain a subset of the values of any
specified attribute.
8. Acknowledgments
The author gratefully thanks the input and support of participants
of the LDAP-EXT working group.
9. References
[LDAPv3]
Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access
Protocol (v3)", Internet Standard, December, 1997.
Available as RFC2251.
[SSS]
Wahl, M, A. Herron and T. Howes, "LDAP Control Extension for Server
Side Sorting of Search Results", Internet Draft, March, 1998.
Available as draft-ietf-ldapext-sorting-02.txt.
[VLV]
Boreham, D, Sermersheim, J, Anantha, A, Armijo, M, "LDAP Extensions
for Scrolling View Browsing of Search Results", Internet Draft,
June, 1999.
Available as draft-ietf-ldapext-ldapv3-vlv-03.txt.
[X.511]
ITU-T Rec. X.511, "The Directory: Abstract Service Definition",
1993.
[Bradner97]
Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement
Levels", Internet Draft, March, 1997.
Available as RFC2119.
10. Author's Address
Jim Sermersheim
Novell, Inc.
122 East 1700 South
Provo, Utah 84606, USA
jimse@novell.com
+1 801 861-3088
Sermersheim Standards Track - Expires Sep 2000 Page 7

307
doc/drafts/draft-ietf-ldapext-matchedval-xx.txt Normal file
View file

@ -0,0 +1,307 @@
Internet-Draft David Chadwick
LDAPExt WG University of Salford
Intended Category: Standards Track Sean Mullan
Sun
Microsystems
Expires: 8 March 2000 8 September 1999
Returning Matched Values with LDAPv3
<draft-ietf-ldapext-matchedval-01.txt>
STATUS OF THIS MEMO
This document is an Internet-Draft and is in full conformance with
all the provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft expires on 8 March 2000. Comments and suggestions
on this document are encouraged. Comments on this document should be
sent to the LDAPExt working group discussion list:
ietf-ldapext@netscape.com
or directly to the authors.
ABSTRACT
This document describes a control for the Lightweight Directory
Access Protocol v3 that is used to return a subset of attribute
values from an entry, specifically, only those values that
contributed to the search filter evaluating to TRUE. Without support
for this control, a client must retrieve all of an attribute's values
and search for specific values locally.
1. Introduction
When reading an attribute from an entry using LDAP v2 [1] or LDAPv3
[2], it is normally only possible to read either the attribute type,
or the attribute type and all its values. It is not possible to
selectively read just a few of the attribute values. If an attribute
holds many values, for example, the userCertificate attribute, or the
subschema publishing operational attributes objectClasses and
attributeTypes [3], then it may be desirable for the user to be able
to selectively retrieve a subset of the values, specifically, those
attribute values that match the selection criteria as specified by
the user in the filter. Without the control specified in this
[ID/standard] a client must read all of the attribute's values and
filter out the unwanted values, necessitating the client to implement
the matching rules. It also requires the client to potentially read
and process many irrelevant values, which can be inefficient if the
values are large or complex, or there are many values stored per
attribute.
This Internet Draft specifies an LDAPv3 control to enable a user to
return only those values that matched (i.e. returned TRUE to) one or
more elements of the Search filter. This control can be especially
useful when used in conjunction with extensible matching rules that
match on one or more components of complex binary attribute values.
The control has been described in such a way as to be fully
compatible with the matchedValuesOnly boolean of the X.500 DAP [4]
Search argument, as amended in the latest version [6].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [5].
2. The matchedValuesOnly Control
The matchedValuesOnly control MAY be critical or non-critical as
determined by the user. It is only applicable to the Search
operation, and SHALL be ignored by the server if it is present on any
other LDAP operation (even if marked critical on such operations).
The object identifier for this control is 1.2.826.0.1.3344810.2.2
The controlValue is absent.
If the server supports this control, the server MUST make use of the
control as follows:
(1) If the typesOnly parameter of the Search Request is TRUE,
the control has no effect and the Search Request SHOULD be
processed as if the control had not been specified.
(2) If the attributes parameter of the Search Request consists
of a list containing only the attribute with OID "1.1"
(specifying that no attributes are to be returned), the control
has no effect and the Search Request SHOULD be processed as if
the control had not been specified.
(3) For each attribute listed in the attributes parameter of the
Search Request, the server MUST apply the control as follows:
i) Every attribute value that evaluates TRUE against one or
more filters, excluding the ignored filters (see below),
is logically marked by the server as contributing to the
filter matching.
ii) Attributes that have no values marked as contributing,
have all their values returned to the user.
iii) Attributes that have one or more values marked as
contributing have only the contributing values returned to
the user, whilst the other values of the same attribute
(if there are any) are not returned.
Certain filters are ignored for the purposes of marking the attribute
values as contributing. These are:
the ôpresentö filter, since this filter does not test against
any attribute values;
the ônotö filter, since this would have the effect of marking
all the attribute values except the one(s) that matched the
non-negated filter.
3. Relationship to X.500
The matchedValuesOnly control defined in this document is derived
from the matchedValuesOnly boolean parameter of the X.511 (93) DAP
Search operation [4]. Note however that in X.511 (93), the
matchedValuesOnly parameter is ignored when used with an "equality"
match FilterItem, and so the user must use the extensibleMatch filter
along with the equality matching rule if only matched values are
wanted with equality matching. This slightly spurious equality match
restriction has been removed from the 2000 version of X.511 [6]. For
LDAP servers acting as a gateway to an X.500 directory, the matched
valuesOnly control can be directly mapped onto the X.511
matchedValuesOnly Search parameter as follows:
(1) If the matchedValuesOnly control is specified, the
matchedValuesOnly DAP parameter MUST be set to true. If the
control criticality value is TRUE then bit 17 of the DAP
criticalExtensions MUST be set.
(2) If an equality matching rule is specified in the filter of
the LDAPv3 search operation, then if operating with a pre-2000
edition DSA, the corresponding equality FilterItem contained in
the X.511 filter parameter MUST NOT be used, but rather the
extensibleMatch filter item MUST be used instead (the assertion
consisting of the equality matching rule, the attribute type to
match on, and the asserted value). When operating with DSAs
that support the 2000 DAP enhancement, the equality FilterItem
MAY be used.
4. Examples
(1) The first example simply shows how the control can be used to
selectively read a subset of attribute values.
The entry below represents a groupOfNames object class containing
several members from different organizations.
cn: Cross Organizational Standards Body
member: cn=joe, o=acme
member: cn=alice, o=acme
member: cn=bob, o=foo
member: cn=sue, o=bar
An LDAP search operation is specified with a baseObject set to the
DN of the entry, a baseObject scope, a filter set to
"member=*o=acme", and the list of attributes to be returned set to
"member". In addition, a matchedValuesOnly control is attached to the
search request.
The search results returned by the server would consist of the
following entry:
cn: Cross Organizational Standards Body
member: cn=joe, o=acme
member: cn=alice, o=acme
(2) The second example shows how the control has no effect on
attributes that do not participate in the search filter.
The entries below represent inetOrgPerson [7] object classes located
below some distinguished name in the directory.
cn: Sean Mullan
mail: sean.mullan@sun.com
mail: mullan@east.sun.com
telephoneNumber: +1 781 442 0926
telephoneNumber: 555-9999
cn: David Chadwick
mail: d.w.chadwick@salford.ac.uk
An LDAP search operation is specified with a baseObject set to the
DN of the entry, a subtree scope, a filter set to
"(|(mail=sean.mullan@sun.com)(mail=d.w.chadwick@salford.ac.uk))", and
the list of attributes to be returned set to "mail telephoneNumber".
In addition, a matchedValuesOnly control is attached to the search
request.
The search results returned by the server would consist of the
following entries:
cn: Sean Mullan
mail: sean.mullan@sun.com
telephoneNumber: +1 781 442 0926
telephoneNumber: 555-9999
cn: David Chadwick
mail: d.w.chadwick@salford.ac.uk
Note that the control has no effect on the values returned for the
"telephoneNumber" attribute (all of the values are returned), since
it did not participate in the search filter.
5. Security Considerations
This Internet Draft does not discuss security issues at all.
Note that attribute values MUST only be returned if the access
controls applied by the LDAP server allow them to be returned, and in
this respect the effect of the matchedValuesOnly control is of no
consequence.
Note that the matchedValuesOnly control may have a positive effect on
the deployment of public key infrastructures. Certain PKI operations,
like searching for specific certificates, become more practical (when
combined with X.509 certificate matching rules at the server) and
more scalable, since the control avoids the downloading of
potentially large numbers of irrelevant certificates which would have
to be processed and filtered locally (which in some cases is very
difficult to perform).
6. Copyright
Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
7. References
[1] Yeong, W., Howes, T., and Kille, S. "Lightweight Directory Access
Protocol", RFC 1777, March 1995.
[2] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
Protocol (v3)", Dec. 1997, RFC 2251
[3] M. Wahl, A. Coulbeck, T. Howes, S. Kille, ôLightweight Directory
Access Protocol (v3): Attribute Syntax Definitionsö, RFC 2252, Dec
1997
[4] ITU-T Rec. X.511, "The Directory: Abstract Service Definition",
1993.
[5] S.Bradner. "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
[6] ôFPDAMs to ISO/IEC 9594 Parts 1, 2, 3, 4, 5, 6, 7 and 9 to
support the ITU-T Rec. F.510 "Automated Directory Assistance, White
Pages Service Definitions"ö, Collaborative ITU-T/SG7/Q15 and
JTC1/SC6/WG7 OSI Directory Meeting 7-15 April 1999, Orlando, USA
[7] M. Smith. "Definition of the inetOrgPerson LDAP Object Class",
Internet Draft <draft-smith-ldap-inetorgperson-03.txt>, April 1999.
8. Authors Addresses
David Chadwick
IS Institute
University of Salford
Salford M5 4WT
England
Email: d.w.chadwick@salford.ac.uk
Sean Mullan
Sun Microsystems Laboratories
One Network Drive
Burlington
MA 01803-0902
USA
Tel: +1 781 442-0926 Fax: +1 781 442-1692
Email: sean.mullan@sun.com
Internet-Draft Returning Matched Values with LDAPv3 8 September 1999
5

463
doc/drafts/draft-ietf-ldapext-psearch-xx.txt Normal file
View file

@ -0,0 +1,463 @@
Network Working Group M. Smith, Editor
INTERNET-DRAFT G. Good
Intended Category: Informational R. Weltman
Expires: September 2000 Netscape Communications Corp.
T. Howes
Loudcloud, Inc.
7 March 2000
Persistent Search: A Simple LDAP Change Notification Mechanism
<draft-ietf-ldapext-psearch-02.txt>
1. Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and its
working groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This draft document will be submitted to the RFC Editor as an Informa-
tional document. Distribution of this memo is unlimited. Technical dis-
cussion of this document will take place on the IETF LDAP Extension
Working Group mailing list <ietf-ldapext@netscape.com>. Please send
editorial comments directly to the editor <mcs@netscape.com>.
Copyright (C) The Internet Society (1997-2000). All Rights Reserved.
Please see the Copyright section near the end of this document for more
information.
Smith, et. al. Intended Category: Informational [Page 1]
LDAP Persistent Search 7 March 2000
2. Abstract
This document defines two controls that extend the LDAPv3 [LDAP] search
operation to provide a simple mechanism by which an LDAP client can
receive notification of changes that occur in an LDAP server. The
mechanism is designed to be very flexible yet easy for clients and
servers to implement. Since the IETF is likely to pursue a different,
more comprehensive solution in this area, this document will eventually
be published with Informational status in order to document an existing
practice.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are
to be interpreted as described in RFC 2119 [KEYWORDS].
3. General Approach
The approach taken by the Persistent Search mechanism described in this
document is to alter the standard LDAP search operation so that it does
not end after the initial set of entries matching the search criteria
are returned. Instead, LDAP servers keep the search operation going.
This provides clients and servers participating in Persistent Search
with an active channel through which entries that change (and additional
information about the changes that occur) can be communicated.
4. Persistent Search Control
This control may be included in the Controls portion of an LDAPv3 Sear-
chRequest message. The controlType is "2.16.840.1.113730.3.4.3".
PersistentSearch ::= SEQUENCE {
changeTypes INTEGER,
changesOnly BOOLEAN,
returnECs BOOLEAN
}
Upon receiving this control, a server that supports it MUST process this
as a standard LDAPv3 search with the following exceptions:
a) If changesOnly is TRUE, the server MUST NOT return any existing
entries that match the search criteria. Entries are only
returned when they are changed (added, modified, deleted, or
subject to a modifyDN operation).
Smith, et. al. Intended Category: Informational [Page 2]
LDAP Persistent Search 7 March 2000
b) The server MUST NOT return a SearchResult message. Instead, the
search operation MUST be kept active until it is abandoned by
the client or until the client unbinds.
c) As changes are made to the server, the effected entries MUST be
returned to the client if they match the standard search cri-
teria and if the operation that caused the change is included in
the changeTypes field. The changeTypes field is the logical OR
of one or more of these values: add (1), delete (2), modify (4),
modDN (8).
d) If returnECs is TRUE, the server MUST return an Entry Change
Notification control with each entry returned as the result of
changes. This control is described in the next section.
5. Entry Change Notification Control
This control provides additional information about the change the caused
a particular entry to be returned as the result of a persistent search.
The controlType is "2.16.840.1.113730.3.4.7". If the client set the
returnECs boolean to TRUE in the PersistentSearch control, servers MUST
include an EntryChangeNotification control in the Controls portion of
each SearchResultEntry that is returned due to an entry being added,
deleted, or modified.
EntryChangeNotification ::= SEQUENCE {
changeType ENUMERATED {
add (1),
delete (2),
modify (4),
modDN (8)
},
previousDN LDAPDN OPTIONAL, -- modifyDN ops. only
changeNumber INTEGER OPTIONAL -- if supported
}
changeType indicates what LDAP operation caused the entry to be
returned.
previousDN is present only for modifyDN operations and gives the DN of
the entry before it was renamed and/or moved. Servers MUST include this
optional field only when returning change notifications as a result of
modifyDN operations.
Smith, et. al. Intended Category: Informational [Page 3]
LDAP Persistent Search 7 March 2000
changeNumber is the change number [CHANGELOG] assigned by a server for
the change. If a server supports an LDAP Change Log it SHOULD include
this field.
6. Intended Use
Some of the scenarios that the Persistent Search mechanism described in
this document is designed to support are described in this section.
Other uses of the mechanism are possible as well, but please refer to
the "Implementation Considerations" section for some issues to consider.
6.1. Cache Consistency
An LDAP client application with high performance needs may want to main-
tain a temporary, local cache of information obtained through LDAP
search, compare, or bind operations. To improve performance, the local
cache is always consulted before sending a request to an LDAP server.
The client application can use Persistent Search(es) against the change-
log [CHANGELOG] (if one is available) or against one or more subtrees
within the LDAP server to enable it to maintain consistency between the
data in its local cache and the data stored in the LDAP server. A Per-
sistent Search request where the changesOnly flag is FALSE can be used
if it is desirable to prime the cache; otherwise changesOnly would typi-
cally be set to TRUE in the request.
Caches are used for reasons other than performance improvement as well.
In some cases, they arise naturally out of a particular application's
design. For example, an LDAP client designed for administration of
information held in LDAP servers will undoubtedly generate screen
displays that show information gleaned from an LDAP server. The screen
display is a cache that is active and visible until the user of the
application takes some action that causes different information to be
displayed. A refresh button or similar control may be provided to the
user to allow them to update the cached display. A Persistent Search
request can be used instead by the administrative application to
automatically refresh the screen display as soon as the underlying LDAP
information changes.
6.2. Synchronization
Some LDAP clients such as those that execute on a portable computer may
maintain a partial or complete offline copy of the entries stored in an
LDAP server. While connected to the network, such a client can direct
all queries to the copy of data it holds and use a Persistent Search to
Smith, et. al. Intended Category: Informational [Page 4]
LDAP Persistent Search 7 March 2000
actively maintain the contents of the offline copy (alternatively, the
client could direct requests to the LDAP server that is the source of
the data). While disconnected from the network, the client must satisfy
all queries using its offline copy of the data. When the client recon-
nects to the network, it can synchronize its own copy of the data with
the one stored on the LDAP server and proceed to actively maintain its
offline copy by issuing a Persistent Search with the changesOnly flag
set to FALSE against the server's changelog [CHANGELOG]. A search
filter like "(changeNumber>=NUM)" where NUM is an integer one greater
than the last change the client processed would be used to limit the
entries returned to the set of changes the client has not yet seen.
6.3. Triggered Actions
An LDAP client application may want to take some action when an entry in
the directory is changed. A Persistent Search request can be used to
proactively monitor one or more LDAP servers for interesting changes
that in turn cause specific actions to be taken by an application. For
example, an electronic mail repository may want to perform a "create
mailbox" task when a new person entry is added to an LDAP directory and
a "delete mailbox" task when a person entry is deleted from an LDAP
directory.
7. Implementation Considerations
Implementors of servers that support the mechanism described in this
document should ensure that their implementation scales well as the
number of active Persistent Search requests increases and as the number
of changes made in the directory increases.
Each active Persistent Search request requires that an open TCP connec-
tion be maintained between an LDAP client and an LDAP server that might
not otherwise be kept open. Therefore, client implementors are
encouraged to avoid using Persistent Search for non-essential tasks and
to close idle LDAP connections as soon as practical. Server implemen-
tors are encouraged to support a large number of client connections if
they need to support large numbers of Persistent Search clients.
This specification makes no guarantees about how soon a server should
send notification of a changed entry to a Persistent Search client.
This is intentional as any specific maximum delay would be impossible to
meet in a distributed directory service implementation. Server imple-
mentors are encouraged to minimize the delay before sending notifica-
tions to ensure that clients' needs for timeliness of change
Smith, et. al. Intended Category: Informational [Page 5]
LDAP Persistent Search 7 March 2000
notification are met.
8. Security Considerations
In some situations, it may be important to prevent general exposure of
information about changes that occur in an LDAP server. Therefore,
servers that implement the mechanism described in this document SHOULD
provide a means to enforce access control on the entries returned and
MAY also provide specific access control mechanisms to control the use
of the PersistentSearch and EntryChangeNotification controls.
As with normal LDAP search requests, a malicious client can initiate a
large number of Persistent Search requests in an attempt to consume all
available server resources and deny service to legitimate clients. For
this reason, servers that implement the mechanism described in the docu-
ment SHOULD provide a means to limit the number of resources that can be
consumed by a single client.
9. Copyright
Copyright (C) The Internet Society (1997-2000). All Rights Reserved.
This document and translations of it may be copied and furnished to oth-
ers, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and dis-
tributed, in whole or in part, without restriction of any kind, provided
that the above copyright notice and this paragraph are included on all
such copies and derivative works. However, this document itself may not
be modified in any way, such as by removing the copyright notice or
references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet Stan-
dards process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
Smith, et. al. Intended Category: Informational [Page 6]
LDAP Persistent Search 7 March 2000
FITNESS FOR A PARTICULAR PURPOSE.
10. Bibliography
[KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate Require-
ment Levels", RFC 2119, March 1997.
[LDAP] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
Protocol (v3)", RFC 2251, December 1997.
[CHANGELOG] G. Good, "Definition of an Object Class to Hold LDAP Change
Record", INTERNET-DRAFT <draft-ietf-asid-changelog-01.txt>,
July 1997.
[PSEARCHAPI] M. Smith, "LDAP C API Extensions for Persistent Search",
INTERNET-DRAFT <draft-ietf-ldapext-c-api-psearch-00.txt>,
March 1998.
11. Authors' Addresses
Mark Smith
Netscape Communications Corp.
501 E. Middlefield Rd., Mailstop MV068
Mountain View, CA 94043
USA
+1 650 937-3477
mcs@netscape.com
Gordon Good
Netscape Communications Corp.
501 E. Middlefield Rd., Mailstop MV068
Mountain View, CA 94043
USA
+1 650 937-3825
ggood@netscape.com
Rob Weltman
Netscape Communications Corp.
501 E. Middlefield Rd., Mailstop MV068
Mountain View, CA 94043
USA
+1 650 937-3301
rweltman@netscape.com
Smith, et. al. Intended Category: Informational [Page 7]
LDAP Persistent Search 7 March 2000
Tim Howes
Loudcloud, Inc.
615 Tasman Dr.
Sunnyvale, CA 94089
USA
+1 650 321 4565
howes@loudcloud.com
12. Appendix A: Changes since draft-ietf-ldapext-psearch-01.txt
"Status of this Memo" section: changed "Intended Category" to Infor-
mational. Also updated boilerplate text to reflect current I-D
guidelines and updated copyright to include the year "2000."
"Abstract" section: added sentence that says why this will be pub-
lished as Informational.
"Entry Change Notification Control" section: added the word "only" to
clarify that the previousDN field is only returned for modifyDN
operations.
"Authors' Addresses" section: updated Tim Howes' information.
Smith, et. al. Intended Category: Informational [Page 8]
1. Status of this Memo............................................1
2. Abstract.......................................................2
3. General Approach...............................................2
4. Persistent Search Control......................................2
5. Entry Change Notification Control..............................3
6. Intended Use...................................................4
6.1. Cache Consistency...........................................4
6.2. Synchronization.............................................4
6.3. Triggered Actions...........................................5
7. Implementation Considerations..................................5
8. Security Considerations........................................6
9. Copyright......................................................6
10. Bibliography...................................................7
11. Authors' Addresses.............................................7
12. Appendix A: Changes since draft-ietf-ldapext-psearch-01.txt...8

223
doc/drafts/draft-ietf-ldapext-sorting-xx.txt
View file

@ -1,45 +1,50 @@
Network Working Group T. Howes, Netscape
INTERNET DRAFT M. Wahl, Critical Angle Inc
Intended Category: Standards Track A. Anantha, Microsoft
Expires: December 5, 2000 June 5, 2000
Network Working Group A. Herron, Microsoft
INTERNET DRAFT T. Howes, Netscape
Expire in six months M. Wahl, Critical Angle Inc
A. Anantha, Microsoft
April 5, 1999
LDAP Control Extension for Server Side Sorting of Search Results
draft-ietf-ldapext-sorting-02.txt
draft-ietf-ldapext-sorting-03.txt
1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and its
working groups. Note that other groups may also distribute working
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as ``work in progress.''
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe),
ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
This document expires on October 5, 1999.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This draft document will be submitted to the RFC Editor as a Standards
Track document. Distribution of this memo is unlimited. Technical
discussion of this document will take place on the IETF LDAP Extension
Working Group mailing list <ietf-ldapext@netscape.com>. Please send
editorial comments directly to the authors.
2. Abstract
This document describes two LDAPv3 control extensions for server side
This document describes two LDAPv3 control extensions for server side
sorting of search results. These controls allows a client to specify the
attribute types and matching rules a server should use when returning
the results to an LDAP search request. The controls may be useful when
the LDAP client has limited functionality or for some other reason
cannot sort the results but still needs them sorted. Other permissible
attribute types and matching rules a server should use when returning
the results to an LDAP search request. The controls may be useful when
the LDAP client has limited functionality or for some other reason
cannot sort the results but still needs them sorted. Other permissible
controls on search operations are not defined in this extension.
The sort controls allow a server to return a result code for the sorting
of the results that is independent of the result code returned for the
of the results that is independent of the result code returned for the
search operation.
The key words "MUST", "SHOULD", and "MAY" used in this document are to
@ -49,13 +54,14 @@ be interpreted as described in [bradner97].
3.1 Request Control
This control is included in the searchRequest message as part of the
controls field of the LDAPMessage, as defined in Section 4.1.12 of
This control is included in the searchRequest message as part of the
controls field of the LDAPMessage, as defined in Section 4.1.12 of
[LDAPv3].
The controlType is set to "1.2.840.113556.1.4.473". The criticality
MAY be either TRUE or FALSE (where absent is also equivalent to
FALSE) at the client's option. The controlValue is an OCTET STRING,
FALSE) at the client's option. The controlValue is an OCTET STRING,
whose value is the BER encoding of a value of the following SEQUENCE:
SortKeyList ::= SEQUENCE OF SEQUENCE {
@ -66,27 +72,27 @@ whose value is the BER encoding of a value of the following SEQUENCE:
The SortKeyList sequence is in order of highest to lowest sort key
precedence.
The MatchingRuleID SHOULD be one that is valid for the attribute type
it applies to. If it is not, the server MUST return unwillingToPerform.
The MatchingRuleID SHOULD be one that is valid for the attribute type it
applies to. If it is not, the server will return inappropriateMatching.
Each attributeType should only occur in the SortKeyList once. If an
attributeType is included in the sort key list multiple times, the
Each attributeType should only occur in the SortKeyList once. If an
attributeType is included in the sort key list multiple times, the
server should return an error in the sortResult of unwillingToPerform.
If the orderingRule is omitted, the ordering MatchingRule defined for use
with this attribute MUST be used.
If the orderingRule is omitted, the ordering MatchingRule defined for
use with this attribute MUST be used.
Any conformant implementation of this control MUST allow a sort key
list with at least one key.
Any conformant implementation of this control MUST allow a sort key list
with at least one key.
3.2 Response Control
This control is included in the searchResultDone message as part of the
controls field of the LDAPMessage, as defined in Section 4.1.12 of
controls field of the LDAPMessage, as defined in Section 4.1.12 of
[LDAPv3].
The controlType is set to "1.2.840.113556.1.4.474". The criticality is
FALSE (MAY be absent). The controlValue is an OCTET STRING, whose
FALSE (MAY be absent). The controlValue is an OCTET STRING, whose
value is the BER encoding of a value of the following SEQUENCE:
SortResult ::= SEQUENCE {
@ -102,24 +108,26 @@ value is the BER encoding of a value of the following SEQUENCE:
-- for the server to sort
noSuchAttribute (16), -- unrecognized attribute
-- type in sort key
inappropriateMatching (18), -- unrecognized or inappro-
-- priate matching rule in
-- sort key
inappropriateMatching (18), -- unrecognized or
-- inappropriate matching
-- rule in sort key
insufficientAccessRights (50), -- refused to return sorted
-- results to this client
busy (51), -- too busy to process
unwillingToPerform (53), -- unable to sort
other (80)
},
attributeType [0] AttributeDescription OPTIONAL }
4. Client-Server Interaction
The sortKeyRequestControl specifies one or more attribute types and
The sortKeyRequestControl specifies one or more attribute types and
matching rules for the results returned by a search request. The server
SHOULD return all results for the search request in the order specified
by the sort keys. If the reverseOrder field is set to TRUE, then the
entries will be presented in reverse sorted order for the specified
by the sort keys. If the reverseOrder field is set to TRUE, then the
entries will be presented in reverse sorted order for the specified
key.
There are six possible scenarios that may occur as a result of the sort
@ -128,13 +136,13 @@ control being included on the search request :
1 - If the server does not support this sorting control and the client
specified TRUE for the control's criticality field, then the server
MUST return unavailableCriticalExtension as a return code in the
searchResultDone message and not send back any other results. This
searchResultDone message and not send back any other results. This
behavior is specified in section 4.1.12 of [LDAPv3].
2 - If the server does not support this sorting control and the client
specified FALSE for the control's criticality field, then the server
MUST ignore the sort control and process the search request as if it
were not present. This behavior is specified in section 4.1.12 of
were not present. This behavior is specified in section 4.1.12 of
[LDAPv3].
3 - If the server supports this sorting control but for some reason
@ -163,18 +171,19 @@ searchResultDone message.
The client application is assured that the results are sorted in the
specified key order if and only if the result code in the
sortKeyResponseControl is success. If the server omits the
sortKeyResponseControl is success. If the server omits the
sortKeyResponseControl from the searchResultDone message, the client
SHOULD assume that the sort control was ignored by the server.
The sortKeyResponseControl, if included by the server in the
searchResultDone message, should have the sortResult set to either
success if the results were sorted in accordance with the keys
success if the results were sorted in accordance with the keys
specified in the sortKeyRequestControl or set to the appropriate error
code as to why it could not sort the data (such as noSuchAttribute or
inappropriateMatching). Optionally, the server MAY set the
inappropriateMatching). Optionally, the server MAY set the
attributeType to the first attribute type specified in the SortKeyList
that was in error. The client SHOULD ignore the attributeType field if
that was in error. The client SHOULD ignore the attributeType field if
the sortResult is success.
The server may not be able to sort the results using the specified sort
@ -190,53 +199,54 @@ prior to sending back the results.
4.1 Behavior in a chained environment
If a server receives a sort request, the client expects to receive a
set of sorted results. If a client submits a sort request to a server
which chains the request and gets entries from multiple servers, and
the client has set the criticality of the sort extension to TRUE, the
server MUST merge sort the results before returning them to the client
If a server receives a sort request, the client expects to receive a
set of sorted results. If a client submits a sort request to a server
which chains the request and gets entries from multiple servers, and
the client has set the criticality of the sort extension to TRUE, the
server MUST merge sort the results before returning them to the client
or MUST return unwillingToPerform.
4.2 Other sort issues
An entry that meets the search criteria may be missing one or more of
the sort keys. In that case, the entry is considered to have a value of
NULL for that key. This standard considers NULL to be a larger value
than all other valid values for that key. For example, if only one key
is specified, entries which meet the search criteria but do not have
that key collate after all the entries which do have that key. If the
reverseOrder flag is set, and only one key is specified, entries which
meet the search criteria but do not have that key collate BEFORE all
the entries which do have that key.
An entry that meets the search criteria may be missing one or more of
the sort keys. In that case, the entry is considered to have a value of
NULL for that key. This standard considers NULL to be a larger value
than all other valid values for that key. For example, if only one key
is specified, entries which meet the search criteria but do not have
that key collate after all the entries which do have that key. If the
reverseOrder flag is set, and only one key is specified, entries which
meet the search criteria but do not have that key collate BEFORE all
the entries which do have that key.
If a sort key is a multi-valued attribute, and an entry happens to have
multiple values for that attribute and no other controls are present that
affect the sorting order, then the server SHOULD use the least value
(according to the ORDERING rule for that attribute).
If a sort key is a multi-valued attribute, and an entry happens to have
multiple values for that attribute and no other controls are present
that affect the sorting order, then the server SHOULD use the least
value (according to the ORDERING rule for that attribute).
5. Interaction with other search controls
When the sortKeyRequestControl control is included with the
pagedResultsControl control as specified in [LdapPaged], then the
server should send the searchResultEntry messages sorted according to
the sort keys applied to the entire result set. The server should not
the sort keys applied to the entire result set. The server should not
simply sort each page, as this will give erroneous results to the
client.
The sortKeyList must be present on each searchRequest message for the
paged result. It also must not change between searchRequests for the
same result set. If the server has sorted the data, then it SHOULD
paged result. It also must not change between searchRequests for the
same result set. If the server has sorted the data, then it SHOULD
send back a sortKeyResponseControl control on every searchResultDone
message for each page. This will allow clients to quickly determine
message for each page. This will allow clients to quickly determine
if the result set is sorted, rather than waiting to receive the entire
result set.
6. Security Considerations
Implementors and administrators should be aware that allowing sorting
of results could enable the retrieval of a large number of records from
a given directory service, irregardless of administrative limits set on
Implementors and administrators should be aware that allowing sorting of
results could enable the retrieval of a large number of records from
a given directory service, regardless of administrative limits set on
the maximum number of records to return.
A client that desired to pull all records out of a directory service
@ -253,51 +263,40 @@ retrieved by a client.
7. References
[LDAPv3]
Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access
Pro-
tocol (v3)", RFC 2251, December, 1997.
Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access
Protocol (v3)", RFC 2251, December, 1997.
[Bradner97]
Bradner, Scott, "Key Words for use in RFCs to Indicate
Requirement
Levels", RFC 2119, March, 1997.
Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March, 1997.
[LdapPaged]
C. Weider, A. Herron, and T. Howes, "LDAP Control Extension for
Simple Paged Results Manipulation", Internet Draft, February, 1997.
Available as draft-ietf-asid-ldapv3-simplepaged-00.txt.
C. Weider, A. Herron, A. Anantha and T. Howes, "LDAP Control
Extension for Simple Paged Results Manipulation", RFC 2696,
September 1999.
8. Author's Address
Anoop Anantha
Microsoft Corp.
1 Microsoft Way
Redmond, WA 98052
USA
Anoopa@microsoft.com
+1 425 882-8080
Andy Herron
Microsoft Corp.
1 Microsoft Way
Redmond, WA 98052
USA
andyhe@microsoft.com
+1 425 882-8080
Anoop Anantha
Microsoft Corp.
1 Microsoft Way
Redmond, WA 98052
USA
anoopa@microsoft.com
+1 425 882-8080
Tim Howes
Loudcloud, Inc.
615 Tasman Dr.
Sunnyvale, CA 94089
USA
howes@loudcloud.com
Tim Howes
Netscape Communications Corp.
501 E. Middlefield Road
Mountain View, CA 94043
USA
howes@netscape.com
+1 415 937-2600
Mark Wahl
Sun Microsystems, Inc.
8911 Capital of Texas Hwy Suite 4140
Austin, TX 78759
USA
M.Wahl@innosoft.com
Mark Wahl
Critical Angle Inc.
4815 W Braker Lane #502-385
Austin, TX 78759
USA
M.Wahl@critical-angle.com

1785
doc/drafts/draft-just-ldapv3-rescodes-xx.txt Normal file
View file

File diff suppressed because it is too large Load diff

1
doc/man/Makefile.in
View file

@ -1,3 +1,4 @@
# $OpenLDAP$
## Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, See COPYRIGHT file
##

1
doc/man/man1/Makefile.in
View file

@ -1,3 +1,4 @@
# $OpenLDAP$
## Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, See COPYRIGHT file
##

5
doc/man/man1/ldapdelete.1
View file

@ -17,6 +17,8 @@ ldapdelete \- LDAP delete entry tool
[\c
.BR \-c ]
[\c
.BR \-C ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
@ -82,6 +84,9 @@ Same as \-k, but only does step 1 of the kerberos bind. This is useful
when connecting to a slapd and there is no x500dsa.hostname principal
registered with your kerberos servers.
.TP
.B \-C
Automatically chase referrals.
.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapdelete

5
doc/man/man1/ldapmodify.1
View file

@ -13,6 +13,8 @@ ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-c ]
[\c
.BR \-C ]
[\c
.BR \-r ]
[\c
.BR \-n ]
@ -128,6 +130,9 @@ Assume that any values that start with a `/' are binary values and that
the actual value is in a file whose path is specified in the place where
values normally appear.
.TP
.B \-C
Automatically chase referrals.
.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapmodify

5
doc/man/man1/ldapmodrdn.1
View file

@ -19,6 +19,8 @@ ldapmodrdn \- LDAP rename entry tool
[\c
.BR \-c ]
[\c
.BR \-C ]
[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
@ -86,6 +88,9 @@ Same as \-k, but only does step 1 of the kerberos bind. This is useful
when connecting to a slapd and there is no x500dsa.hostname principal
registered with your kerberos servers.
.TP
.B \-C
Automatically chase referrals.
.TP
.B \-c
Continuous operation mode. Errors are reported, but ldapmodify
will continue with modifications. The default is to exit after

6
doc/man/man1/ldappasswd.1
View file

@ -10,6 +10,9 @@ ldappasswd \- change the password of an LDAP entry
.BR \-A ]
[\c
.BI \-a \ oldPasswd\fR]
[\c
.BR \-C ]
[\c
.BI \-D \ binddn\fR
[\c
.BI \-d \ debuglevel\fR]
@ -62,6 +65,9 @@ This is used instead of specifying the password on the command line.
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
.B \-C
Automatically chase referrals.
.TP
.BI \-D \ binddn
Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should
be a string-represented DN as defined in RFC 2253.

74
doc/man/man1/ldapsearch.1
View file

@ -21,18 +21,14 @@ ldapsearch \- LDAP search tool
[\c
.BR \-A ]
[\c
.BR \-B ]
.BR \-C ]
[\c
.BR \-L ]
.BR \-L[L[L]] ]
[\c
.BR \-M[M] ]
[\c
.BR \-R ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-F \ sep\fR]
[\c
.BI \-f \ file\fR]
[\c
.BI \-D \ binddn\fR]
@ -122,32 +118,20 @@ Retrieve attributes only (no values). This is useful when you just want to
see if an attribute is present in an entry and are not interested in the
specific values.
.TP
.B \-B
Do not suppress display of non-ascii values. This is useful when
dealing with values that appear in alternate characters sets such as
ISO-8859.1. This option is implied by -L (see below).
.TP
.B \-L
Display search results in
.BR ldif (5)
format. This option also turns on the -B option, and causes the -F option
to be ignored.
format. A second -L disables comments. A third -L disables
printing of the LDIF version.
The default is -L.
.TP
.B \-M[M]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
.B \-R
Do not automatically follow referrals returned while searching.
.B ldapsearch
must be compiled with LDAP_REFERRALS defined for referrals to be
automatically followed by default, and for this option to have any effect.
.TP
.BI \-F \ sep
Use \fIsep\fP as the field separator between attribute names and values.
The default separator is `=', unless the -L flag has been specified, in
which case this option is ignored.
.B \-C
Automatically chase referrals.
.TP
.BI \-S \ attribute
Sort the entries returned based on \fIattribute\fP. The default is not
@ -292,16 +276,15 @@ in the form:
...
.fi
.LP
Multiple entries are separated with a single blank line. If the -F option
is used to specify a separator character, it will be used instead of the
`=' character. If the -t option is used, the name of a temporary file
Multiple entries are separated with a single blank line.
If the -t option is used, the name of a temporary file
is used in place of the actual value. If the -A option
is given, only the "attributename" part is written.
.SH EXAMPLE
The following command:
.LP
.nf
ldapsearch "(sn=smith)" cn sn telephoneNumber
ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
will perform a subtree search (using the default search base) for
@ -311,23 +294,27 @@ standard output.
The output might look something like this if two entries are found:
.LP
.nf
uid=jts, ou=Volunteers, ou=People, dc=OpenLDAP, dc=org
cn=John Smith
cn=John T. Smith
sn=Smith
telephoneNumber=+1 555 123-4567
dn: uid=jts, ou=Volunteers, ou=People, dc=OpenLDAP, dc=org
cn: John Smith
cn: John T. Smith
sn: Smith
sn;lang-en: Smith
sn;lang-de: Schmidt
telephoneNumber: 1 555 123-4567
uid=sss, ou=Staff, ou=People, dc=OpenLDAP, dc=org
cn=Steve Smith
cn=Steve S. Smith
sn=Smith
telephoneNumber=+1 555 765-4321
dn: uid=sss, ou=Staff, ou=People, dc=OpenLDAP, dc=org
cn: Steve Smith
cn: Steve S. Smith
sn: Smith
sn;lang-en: Smith
sn;lang-de: Schmidt
telephoneNumber: 1 555 765-4321
.fi
.LP
The command:
.LP
.nf
ldapsearch -u -t "uid=xyz" jpegPhoto audio
ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
.fi
.LP
will perform a subtree search using the default search base for entries
@ -338,21 +325,20 @@ output might look like this if one entry with one value for each of the
requested attributes is found:
.LP
.nf
uid=xyz, ou=Staff, ou=People, dc=OpenLDAP, dc=org
xyz, Staff, People, OpenLDAP, org
audio=/tmp/ldapsearch-audio-a19924
jpegPhoto=/tmp/ldapsearch-jpegPhoto-a19924
dn: uid=xyz, ou=Staff, ou=People, dc=OpenLDAP, dc=org
ufn: xyz, Staff, People, OpenLDAP, org
audio:< file::/tmp/ldapsearch-audio-a19924
jpegPhoto:< file::=/tmp/ldapsearch-jpegPhoto-a19924
.fi
.LP
This command:
.LP
.nf
ldapsearch -L -s one -b "c=US" "o=University*" o description
ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
.fi
.LP
will perform a one-level search at the c=US level for all entries
whose organizationName (o) begins begins with \fBUniversity\fP.
Search results will be displayed in the LDIF format.
The organizationName and description attribute values will be retrieved
and printed to standard output, resulting in output similar to this:
.LP

1
doc/man/man3/Makefile.in
View file

@ -1,3 +1,4 @@
# $OpenLDAP$
## Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, See COPYRIGHT file
##

1
doc/man/man5/Makefile.in
View file

@ -1,3 +1,4 @@
# $OpenLDAP$
## Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, See COPYRIGHT file
##

27
doc/man/man5/ldif.5
View file

@ -17,16 +17,16 @@ The basic form of an LDIF entry is:
.nf
.ft tt
dn: <distinguished name>
<attrtype>: <attrvalue>
<attrtype>: <attrvalue>
<attrtype>:: <base64-encoded-value>
<attrtype>:< <URL>
<attrdesc>: <attrvalue>
<attrdesc>: <attrvalue>
<attrdesc>:: <base64-encoded-value>
<attrdesc>:< <URL>
...
.ft
.fi
.LP
The value may be specified as ASCII text or as base64 encoded data,
or a URL may be provided to the location of the attribute value.
The value may be specified as UTF-8 text or as base64 encoded data,
or a URI may be provided to the location of the attribute value.
.LP
A line may be continued by starting the next line with a single space
or tab, e.g.,
@ -38,6 +38,8 @@ or tab, e.g.,
.ft
.fi
.LP
Lines beginning with a sharpe sign ('#') are ignored.
.LP
Multiple attribute values are specified on separate lines, e.g.,
.LP
.nf
@ -59,7 +61,7 @@ the value " begins with a space" would be encoded like this:
.fi
.LP
If the attribute value is located in a file, the <attrtype> is
followed by a ':<' and a file:// URL. e.g., the value contained
followed by a ':<' and a file:// URI. e.g., the value contained
in the file /tmp/value would be listed like this:
.LP
.nf
@ -67,6 +69,7 @@ in the file /tmp/value would be listed like this:
cn:< file://tmp/value
.ft
.fi
Other URI schemes (ftp,http) may be supported as well.
.LP
Multiple entries within the same LDIF file are separated by blank
lines.
@ -79,7 +82,7 @@ Here is an example of an LDIF file containing three entries.
cn: Barbara J Jensen
cn: Babs Jensen
objectclass: person
description:< file://tmp/barbara
description:< file://tmp/babs
sn: Jensen
dn: cn=Bjorn J Jensen, dc=OpenLDAP, dc=Org
@ -100,14 +103,14 @@ Here is an example of an LDIF file containing three entries.
.ft
.fi
.LP
Notice that the jpegPhoto in Jennifer Jensen's entry is encoded using
base 64.
Notice that the description in Barbara Jensen's entry is
read from file://tmp/babs and the jpegPhoto in Jennifer
Jensen's entry is encoded using base 64.
.SH SEE ALSO
.BR ldap (3),
.BR ldapsearch (1),
.BR ldapadd (1)
.LP
"The SLAPD and SLURPD Administrator's Guide"
.BR "LDAP Data Interchange Format," Good, G., RFC 2849.
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).

16
doc/man/man5/slapd.conf.5
View file

@ -138,17 +138,6 @@ The ( absolute ) name of a file that will hold the
server's command line options
if started without the debugging command line option.
.TP
.B
locale { <locale-name> | on | off }
Obey <locale-name>'s character classification and case conversion; i.e. the
.BR locale (5)
LC_CTYPE category. See
.BR locale (5)
for details about locales. "on" takes the locale from the environment,
typically $LANG or $LC_CTYPE, and will only work properly if slapd will
run with the same environment variables as when the database was
generated. "off" (the default setting) resets to the initial "C" locale.
.TP
.B loglevel <integer>
Specify the level at which debugging statements and operation
statistics should be syslogged (currently logged to the
@ -321,7 +310,9 @@ or administrative limit restrictions for operations on this database.
Specify a password (or hash of the password) for the rootdn.
This option accepts all RFC 2307 userPassword formats known to
the server including \fB{SSHA}\fP, \fB{SHA}\fP, \fB{SMD5}\fP,
\fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext schemes. Cleartext
\fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext schemes.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
and \fB{CRYPT}\fP passwords are not recommended.
.TP
.B suffix <dn suffix>
@ -439,6 +430,7 @@ ETCDIR/slapd.conf
.BR slapadd (8),
.BR slapcat (8),
.BR slapindex (8),
.BR slappassword (8),
.BR slurpd (8),
.LP
"The SLAPD and SLURPD Administrator's Guide"

1
doc/man/man8/Makefile.in
View file

@ -1,3 +1,4 @@
# $OpenLDAP$
## Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, See COPYRIGHT file
##

162
doc/man/man8/centipede.8
View file

@ -1,162 +0,0 @@
.TH CENTIPEDE 8C "22 September 1998" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
centipede \- LDAP centroid index generation and maintenance program
.SH SYNOPSIS
.B SBINDIR/centipede
.B [\-f filter]
.B [\-F] [\-R]
.B [\-f filter] [\-t directory]
.B [\-m authmethod] [\-b binddn]
.B [\-p passwd] [\-c cachesize]
.B \-s sourceurl \-d desturl attributes
.SH DESCRIPTION
.LP
The centipede program is used to extract centroid or other index
information from one LDAP server and install it in another. Although
index information can be extracted from any LDAP server, only a
.BR slapd (8)
LDAP server will understand the information and thus be capable of
making use of it as indexing information (i.e., you should only
install index information in a
.BR slapd (8)
LDAP server).
.LP
The basic form of the command is as follows
.LP
.nf
.ft tt
SBINDIR/centipede [options]
-s "ldap://[host/]subtree-to-index-dn"
-d "ldap://[host/]parent-of-index-entry-dn"
attributes
.ft
.fi
.LP
where the
.B \-s
option specifies the subtree for which index information is to
be generated, and the
.B \-d
option specifies the parent under which the index information is to
be installed.
.LP
For example, suppose you are running an
LDAP server on the host
.I babs.com
for an organization called "BabsCo" based in the US, and you want to
generate index information for the cn, sn and objectclass attributes of
all the people entries in your subtree. You want to install the index
informatioin in the indexing
.BR slapd (8)
running on the host
.I vertigo.rs.itd.umich.edu
under the c=US entry.
This way, when an LDAP client connects to the
.BR slapd (8)
on vertigo and does a subtree search of c=US,
.BR slapd (8)
can consult the index information to tell whether it should refer the
client to your server or not. You could accomplish this with a command
like this:
.LP
.nf
.ft tt
SBINDIR/centipede -f '(objectclass=person)'
-m simple -b your-rootdn -p your-rootdnpw
-s "ldap://babs.com/o=BabsCo, c=US"
-d "ldap://vertigo.rs.itd.umich.edu/c=US"
cn sn objectclass
.ft
.fi
.LP
Note the
.B \-b
and
.B \-p
options can be used to authenticate as an entity able to read all
the information you want.
.LP
See "The SLAPD and SLURPD Administrator's Guide" for more details on
using this program.
.SH OPTIONS
.TP
.B \-v
Turn on verbose mode. This option can be given multiple times to increase
the level of verbosity.
.TP
.B \-n
Do not actually install index information. Useful in conjunction with
.B -v
for seeing what
.B centipede
is up to.
.TP
.BI \-f " ldapfilter"
Specify a filter used to select the entries for which to generate indexing
information.
.I ldapfilter
should be a string LDAP filter as described by RFC 1588.
.TP
.BI \-F
Generate full, as opposed to relative, index information.
.TP
.BI \-R
Generate relative, as opposed to full, index information. Full information
is still generated if there is no previous information available from
which to generate the relative information. This is the default.
.TP
.BI \-t " directory"
Specify the directory in which to create temporary files, find existing
index information, and put new index information. The default is
whatever is used by tempnam.
.TP
.BI \-b " binddn"
Specify the DN to authenticate with when extracting index information.
.TP
.BI \-p " passwd"
Specify the password to use for simple authentication when extracting
index information.
.TP
.BI \-m " authmethod"
Specify the authentication method to use when extracting index information.
.I authmethod
should be either "simple" or "kerberos".
.TP
.BI \-B " binddn"
Specify the DN to authenticate with when installing index information.
.TP
.BI \-P " passwd"
Specify the password to use for simple authentication when installing
index information.
.TP
.BI \-M " authmethod"
Specify the authentication method to use when installing index information.
.I authmethod
should be either "simple" or "kerberos".
.TP
.BI \-c " cachesize"
Specify the size in bytes of the cache used when building the new
index information. Upping this number can cause a big performance boost,
if you've got the memory for it.
.SH NOTES
This is all very experimental at the moment, and is subject to change.
.LP
Currently,
.B centipede
only handles value-based index information. A future version of centipede
will allow other types of index information to be manipulated (e.g.,
word-based indexes, substring indexes, phonetic indexes, hash indexes,
etc.). A future version may also allow weights to be generated.
.SH "SEE ALSO"
.BR ldap (3),
.BR slapd (8)
.LP
"The SLAPD and SLURPD Administrator's Guide"
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.

110
doc/man/man8/chlog2replog.8
View file

@ -1,110 +0,0 @@
.TH CHLOG2REPLOG 8C "22 September 1998" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
chlog2replog \- convert an X.500 DSA-style changelog to an LDAP-style
replication log
.SH SYNOPSIS
.B SBINDIR/chlog2replog
.B \-r hostname:port [\-r hostname:port ...]
.B \-d dn\-suffix [\-o output\-file] < input\-file
.LP
.SH DESCRIPTION
.LP
chlog2replog is used to convert an X.500\-style changelog to an
LDAP\-style replication log. It reads its standard input and
writes standard output if no \-o flag is given. If the \-o flag
is given,
.B chlog2replog
writes its output to the given file, following
the same advisory locking mechanisms respected by the
.B slurpd
program. This makes it possible to use chlog2replog in a pipeline
to produce input for
.B slurpd.
.SH OPTIONS
.TP
.BI \-r " hostname:port"
This option specifies the hostname and port number to which updates
should be propagated.
.B chlog2replog
will include one "replica: hostname:port" directive in each replication
log entry it writes out for each
.B \-r
option given. You may supply as many replica hostname:port options as
you wish.
.TP
.BI \-d " dn\-suffix"
This option specifies an additional string to append to converted
DNs (Distinguished Names) converted from the changelog file. The
DNs in the changelog file will typically be partial DNs which omit
the portion of the directory tree "above" the organizational root.
For example, if your directory tree is rooted at o=University of
Michigan, c=US, you will need to include the argument
"\-d ", o=University of Michigan, c=US".
.TP
.BI \-o " output\-file"
If given, this option specifies an output file to which converted
replication log entries will be written.
.B chlog2replog
obeys the same file locking conventions used by
.B slurpd,
so that it is possible to use
.B chlog2replog
to "feed" changes from an X.500 DSA to
.B slurpd. See the
.B examples
section, below, for more information.
.SH EXAMPLES
To read the DSA-style changelog file
.BR changlelog
and write on the standard output an LDAP-style replication log,
appending ", o=University of Michigan, c=US" to all entry
DNs, and including a replica: entry for host "ldapserver," port
389, give the command:
.LP
.nf
.ft tt
SBINDIR/chlog2replog -d ", o=University of Michigan, c=US"
-r ldapserver:389 < changelog
.ft
.fi
.LP
To do the same, but routing the output to the file "replog," using
slurpd\-compatible file\-locking,
give this command:
.LP
.nf
.ft tt
SBINDIR/chlog2replog -d ", o=University of Michigan, c=US"
-r ldapserver:389 -o replog < changelog
.ft
.fi
.LP
To continually read new changes from the file "changelog" and write
them to the file "replog",
give this command:
.LP
.nf
.ft tt
tail +0f changelog | SBINDIR/chlog2replog
-d ", o=University of Michigan, c=US"
-r ldapserver:389 -o replog < changelog
.ft
.fi
.LP
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slurpd (8),
.BR slapd (8),
.LP
"The SLAPD and SLURPD Administrator's Guide"
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.

107
doc/man/man8/edb2ldif.8
View file

@ -1,107 +0,0 @@
.TH EDB2LDIF 8C "22 September 1998" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
edb2ldif \- QUIPU EDB file to LDIF conversion tool
.SH SYNOPSIS
.B SBINDIR/edb2ldif
.B [\-d] [\-v] [\-r] [\-o] [\-b basedn]
.B [\-a addvalsfile] [\-f fileattrdir]
.B [\-i ignoreattr...] [edbfile...]
.B
.SH DESCRIPTION
.LP
Data that is held in a QUIPU DSA (available as part of the ISODE package)
is stored in or can be easily converted to the EDB file format. The
.I edb2ldif
tool is used to convert directory data from EDB file format to the
LDAP Directory Interchange Format (LDIF) used by
.BR slapd (8)
and associated utilities. The
.BR slapadd (8)
program can be used to convert the resulting LDIF data into a database
that is compatible with
.BR slapd (8).
.LP
.I edb2ldif
writes LDIF formatted data to standard output. If you specify a particular
.I edbfile
(or files) to read data from, they are converted. If no
.I edbfile
is specified, the files named
.BR EDB.root
(if it exists) and
.BR EDB
in the current directory are converted. An entire EDB hierarchy
can be converted using the
.B \-r
option.
.LP
When
.I edb2ldif
is invoked, it will also look for files named
.BR .add
in the directories
where EDB files are found and append the contents of the
.BR .add
file to each entry in the corresponding EDB file.
Typically, this feature is used to include inherited
attribute values (e.g., objectClass) that do not appear in the EDB files.
.LP
See "The SLAPD and SLURPD Administrator's Guide" for more details on
using
.I edb2ldif,
including step-by-step conversion instructions.
.SH OPTIONS
.TP
.B \-d
Turn on some extra debugging which is written to standard error.
.TP
.B \-v
Enable verbose mode that writes status information to standard error, such
as which EDB file is being processed, how many entries have been
converted so far, etc.
.TP
.B \-r
Recurse through child directories, processing all EDB files found.
.TP
.B \-o
Cause local
.B .add
file definitions to override the global addfile (see the
.B \-a
option below)
.TP
.BI \-b " basedn"
Specify the Distinguished Name that all EDB file entries appear below.
.TP
.B \-a " addvalsfile"
The LDIF information contained in this file will be appended to each entry.
(See the
.B \-o
option above.)
.TP
.BI \-f " fileattrdir"
Specify a single directory where all file-based attributes (typically sounds
and images) can be found. If this option is not given, file attributes are
assumed to be located in the same directory as the EDB file that refers to
them.
.TP
.BI \-i " ignoreattr"
Specify an attribute that should not be converted. You can include as many
\- i flags as necessary.
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapd (8),
.BR slapadd (8)
.LP
"The SLAPD and SLURPD Administrator's Guide"
.LP
Volume 5 of The ISODE Manual
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.

56
doc/man/man8/ldif.8
View file

@ -1,56 +0,0 @@
.TH LDIF 8C "22 September 1998" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldif \- convert arbitrary data to LDIF format
.SH SYNOPSIS
.B SBINDIR/ldif [\-b] attr\-name
.LP
.SH DESCRIPTION
.LP
This program is used to convert arbitrary data to the
LDAP Directory Interchange Format (LDIF) described in
.BR ldif (5).
.B ldif
reads data from standard input, converts it,
and writes the corresponding LDIF output to standard output.
The output is suitable for use as a line in an
.BR ldif (5)
file.
.LP
Without the
.B \-b
flag,
.B ldif
considers its input a sequence of values to be
converted, one per line. With the
.B \-b
flag,
.B ldif
considers its input as a single raw binary value to be
converted. This can be useful when converting binary data
such as a photo or audio attribute.
.LP
See "The SLAPD and SLURPD Administrator's Guide" for more details on
using this program.
.SH OPTIONS
.TP
.B \-b
This option specifies that
.B ldif
should interpret its input as a single binary value for conversion.
Otherwise, it interprets it as a sequence of lines, with each line
containing a single value.
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
.BR slapadd (8),
.BR slapd (8)
.LP
"The SLAPD and SLURPD Administrator's Guide"
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.

2
doc/rfc/INDEX
View file

@ -53,3 +53,5 @@ rfc2829.txt LDAPv3/Authentication Methods (PS)
rfc2830.txt LDAPv3/StartTLS (PS)
rfc2831.txt SASL/DIGEST-MD5 (PS)
rfc2849.txt LDIFv1 (PS)
$OpenLDAP$

4
include/ac/errno.h
View file

@ -25,8 +25,8 @@
# define sys_errlist ((char **)0)
#elif DECL_SYS_ERRLIST
/* have sys_errlist but need declaration */
LIBC_F (int) sys_nerr;
LIBC_F (char) *sys_errlist[];
LDAP_LIBC_V (int) sys_nerr;
LDAP_LIBC_V (char) *sys_errlist[];
#endif
#ifdef HAVE_STRERROR

8
include/ac/setproctitle.h
View file

@ -19,10 +19,10 @@
# include <libutil.h>
#else
/* use lutil version */
LIBLUTIL_F (void) (setproctitle) LDAP_P((const char *fmt, ...)) \
LDAP_GCCATTR((format(printf, 1, 2)));
LIBLUTIL_F (int) Argc;
LIBLUTIL_F (char) **Argv;
LDAP_LUTIL_F (void) (setproctitle) LDAP_P((const char *fmt, ...)) \
LDAP_GCCATTR((format(printf, 1, 2)));
LDAP_LUTIL_V (int) Argc;
LDAP_LUTIL_V (char) **Argv;
#endif
#endif /* LDAP_PROCTITLE */

9
include/ac/signal.h
View file

@ -36,11 +36,10 @@
# else
/*
LinuxThreads implemented unfortunately uses the only
two signals reserved for user applications. This forces
OpenLDAP to use, hopefullly unused, signals reserved
for other uses.
*/
* Some versions of LinuxThreads unfortunately uses the only
* two signals reserved for user applications. This forces
* OpenLDAP to use other signals reserved for other uses.
*/
# if defined( SIGSTKFLT )
# define LDAP_SIGUSR1 SIGSTKFLT

4
include/ac/socket.h
View file

@ -92,7 +92,7 @@
#define sock_errno() WSAGetLastError()
#define sock_errstr(e) ber_pvt_wsa_err2string(e)
LIBLBER_F (char *) ber_pvt_wsa_err2string LDAP_P((int));
LBER_F( char * ) ber_pvt_wsa_err2string LDAP_P((int));
#elif MACOS
# define tcp_close( s ) tcpclose( s )
@ -148,7 +148,7 @@ LIBLBER_F (char *) ber_pvt_wsa_err2string LDAP_P((int));
#if !defined( HAVE_INET_ATON ) && !defined( inet_aton )
#define inet_aton ldap_pvt_inet_aton
struct in_addr;
LIBLDAP_F (int) ldap_pvt_inet_aton LDAP_P(( const char *, struct in_addr * ));
LDAP_F (int) ldap_pvt_inet_aton LDAP_P(( const char *, struct in_addr * ));
#endif
#if defined(__WIN32) && defined(_ALPHA)

4
include/ac/string.h
View file

@ -43,7 +43,7 @@
#endif
/* use ldap_pvt_strtok instead of strtok or strtok_r! */
LIBLDAP_F(char *) ldap_pvt_strtok LDAP_P(( char *str, const char *delim,
LDAP_F(char *) ldap_pvt_strtok LDAP_P(( char *str, const char *delim,
char **pos ));
#ifndef HAVE_STRDUP
@ -52,7 +52,7 @@ LIBLDAP_F(char *) ldap_pvt_strtok LDAP_P(( char *str, const char *delim,
# define strdup(s) ber_strdup(s)
#else
/* some systems fail to declare strdup */
LIBC_F(char *) (strdup)();
LDAP_LIBC_F(char *) (strdup)();
#endif
/*

15
include/ac/unistd.h
View file

@ -28,16 +28,16 @@
/* note: callers of crypt(3) should include <ac/crypt.h> */
#if defined(HAVE_GETPASSPHRASE)
LIBC_F(char*)(getpassphrase)();
LDAP_LIBC_F(char*)(getpassphrase)();
#elif defined(HAVE_GETPASS)
#define getpassphrase(p) getpass(p)
LIBC_F(char*)(getpass)();
LDAP_LIBC_F(char*)(getpass)();
#else
#define NEED_GETPASSPHRASE 1
#define getpassphrase(p) lutil_getpass(p)
LIBLUTIL_F(char*)(lutil_getpass) LDAP_P((const char *getpass));
LDAP_LUTIL_F(char*)(lutil_getpass) LDAP_P((const char *getpass));
#endif
/* getopt() defines may be in separate include file */
@ -50,13 +50,14 @@ LIBLUTIL_F(char*)(lutil_getpass) LDAP_P((const char *getpass));
#else
/* assume we need to declare these externs */
LIBC_F (char *) optarg;
LIBC_F (int) optind, opterr, optopt;
LDAP_LIBC_V (char *) optarg;
LDAP_LIBC_V (int) optind, opterr, optopt;
#endif
#ifndef HAVE_TEMPNAM
LIBLUTIL_F(char *)(tempnam) LDAP_P(( const char *tmpdir,
const char *prefix));
LDAP_LUTIL_F(char *)(tempnam) LDAP_P((
const char *tmpdir,
const char *prefix));
#endif
/* use lutil file locking */

22
include/avl.h
View file

@ -61,39 +61,39 @@ typedef int (*AVL_CMP) LDAP_P((const void*, const void*));
typedef int (*AVL_DUP) LDAP_P((void*, void*));
typedef void (*AVL_FREE) LDAP_P((void*));
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_free LDAP_P(( Avlnode *root, AVL_FREE dfree ));
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_insert LDAP_P((Avlnode **, void*, AVL_CMP, AVL_DUP));
LIBAVL_F( void* )
LDAP_AVL_F( void* )
avl_delete LDAP_P((Avlnode **, void*, AVL_CMP));
LIBAVL_F( void* )
LDAP_AVL_F( void* )
avl_find LDAP_P((Avlnode *, const void*, AVL_CMP));
LIBAVL_F( void* )
LDAP_AVL_F( void* )
avl_find_lin LDAP_P((Avlnode *, const void*, AVL_CMP));
#ifdef AVL_NONREENTRANT
LIBAVL_F( void* )
LDAP_AVL_F( void* )
avl_getfirst LDAP_P((Avlnode *));
LIBAVL_F( void* )
LDAP_AVL_F( void* )
avl_getnext LDAP_P((void));
#endif
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_dup_error LDAP_P((void*, void*));
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_dup_ok LDAP_P((void*, void*));
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_apply LDAP_P((Avlnode *, AVL_APPLY, void*, int, int));
LIBAVL_F( int )
LDAP_AVL_F( int )
avl_prefixapply LDAP_P((Avlnode *, void*, AVL_CMP, void*, AVL_CMP, void*, int));
/* apply traversal types */

36
include/disptmpl.h
View file

@ -225,88 +225,88 @@ struct ldap_disptmpl {
typedef int (*ldap_writeptype) LDAP_P((
void *writeparm, char *p, ber_len_t len ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_init_templates LDAP_P(( char *file, struct ldap_disptmpl **tmpllistp ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_init_templates_buf LDAP_P(( char *buf,
ber_len_t buflen,
struct ldap_disptmpl **tmpllistp ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_free_templates LDAP_P(( struct ldap_disptmpl *tmpllist ));
LIBLDAP_F( struct ldap_disptmpl * )
LDAP_F( struct ldap_disptmpl * )
ldap_first_disptmpl LDAP_P(( struct ldap_disptmpl *tmpllist ));
LIBLDAP_F( struct ldap_disptmpl * )
LDAP_F( struct ldap_disptmpl * )
ldap_next_disptmpl LDAP_P(( struct ldap_disptmpl *tmpllist,
struct ldap_disptmpl *tmpl ));
LIBLDAP_F( struct ldap_disptmpl * )
LDAP_F( struct ldap_disptmpl * )
ldap_name2template LDAP_P(( char *name,
struct ldap_disptmpl *tmpllist ));
LIBLDAP_F( struct ldap_disptmpl * )
LDAP_F( struct ldap_disptmpl * )
ldap_oc2template LDAP_P(( char **oclist,
struct ldap_disptmpl *tmpllist ));
LIBLDAP_F( char ** )
LDAP_F( char ** )
ldap_tmplattrs LDAP_P(( struct ldap_disptmpl *tmpl,
char **includeattrs,
int exclude,
unsigned long syntaxmask ));
LIBLDAP_F( struct ldap_tmplitem * )
LDAP_F( struct ldap_tmplitem * )
ldap_first_tmplrow LDAP_P(( struct ldap_disptmpl *tmpl ));
LIBLDAP_F( struct ldap_tmplitem * )
LDAP_F( struct ldap_tmplitem * )
ldap_next_tmplrow LDAP_P(( struct ldap_disptmpl *tmpl,
struct ldap_tmplitem *row ));
LIBLDAP_F( struct ldap_tmplitem * )
LDAP_F( struct ldap_tmplitem * )
ldap_first_tmplcol LDAP_P(( struct ldap_disptmpl *tmpl,
struct ldap_tmplitem *row ));
LIBLDAP_F( struct ldap_tmplitem * )
LDAP_F( struct ldap_tmplitem * )
ldap_next_tmplcol LDAP_P(( struct ldap_disptmpl *tmpl,
struct ldap_tmplitem *row,
struct ldap_tmplitem *col ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_entry2text LDAP_P(( LDAP *ld,
char *buf, LDAPMessage *entry,
struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
ldap_writeptype writeproc, void *writeparm, char *eol, int rdncount,
unsigned long opts ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_vals2text LDAP_P(( LDAP *ld,
char *buf, char **vals, char *label, int labelwidth,
unsigned long syntaxid, ldap_writeptype writeproc, void *writeparm,
char *eol, int rdncount ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_entry2text_search LDAP_P(( LDAP *ld,
char *dn, char *base, LDAPMessage *entry,
struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
ldap_writeptype writeproc, void *writeparm, char *eol, int rdncount,
unsigned long opts ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_entry2html LDAP_P(( LDAP *ld,
char *buf, LDAPMessage *entry,
struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
ldap_writeptype writeproc, void *writeparm, char *eol, int rdncount,
unsigned long opts, char *urlprefix, char *base ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_vals2html LDAP_P(( LDAP *ld,
char *buf, char **vals, char *label, int labelwidth,
unsigned long syntaxid, ldap_writeptype writeproc, void *writeparm,
char *eol, int rdncount, char *urlprefix ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_entry2html_search LDAP_P(( LDAP
*ld, char *dn, char *base, LDAPMessage *entry,
struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,

7
include/getopt-compat.h
View file

@ -25,10 +25,9 @@ LDAP_BEGIN_DECL
#define optopt lutil_optopt
#define getopt lutil_getopt
LIBLUTIL_F (char *) optarg;
LIBLUTIL_F (int) optind, opterr, optopt;
LIBLUTIL_F (int) getopt LDAP_P(( int, char * const [], const char *));
LDAP_LUTIL_V (char *) optarg;
LDAP_LUTIL_V (int) optind, opterr, optopt;
LDAP_LUTIL_F (int) getopt LDAP_P(( int, char * const [], const char *));
LDAP_END_DECL

141
include/lber.h
View file

@ -101,6 +101,9 @@ LDAP_BEGIN_DECL
#define LBER_OPT_ERROR_FN 0x8003
#define LBER_OPT_LOG_PRINT_FILE 0x8004
/* get/set Memory Debug options */
#define LBER_OPT_MEMORY_INUSE 0x8005 /* for memory debugging */
typedef int* (*BER_ERRNO_FN) LDAP_P(( void ));
typedef void (*BER_LOG_PRINT_FN) LDAP_P(( LDAP_CONST char *buf ));
@ -202,19 +205,19 @@ typedef struct berval {
/*
* in bprint.c:
*/
LIBLBER_F( void )
LBER_F( void )
ber_error_print LDAP_P((
LDAP_CONST char *data ));
LIBLBER_F( void )
LBER_F( void )
ber_bprint LDAP_P((
LDAP_CONST char *data, ber_len_t len ));
LIBLBER_F( void )
LBER_F( void )
ber_dump LDAP_P((
BerElement *ber, int inout ));
LIBLBER_F( void )
LBER_F( void )
ber_sos_dump LDAP_P((
Seqorset *sos ));
@ -227,74 +230,74 @@ typedef int (*BERDecodeCallback) LDAP_P((
void *data,
int mode ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_tag LDAP_P((
BerElement *ber ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_skip_tag LDAP_P((
BerElement *ber,
ber_len_t *len ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_peek_tag LDAP_P((
BerElement *ber,
ber_len_t *len ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_int LDAP_P((
BerElement *ber,
ber_int_t *num ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_enum LDAP_P((
BerElement *ber,
ber_int_t *num ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_stringb LDAP_P((
BerElement *ber,
char *buf,
ber_len_t *len ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_stringa LDAP_P((
BerElement *ber,
char **buf ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_stringal LDAP_P((
BerElement *ber,
struct berval **bv ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_bitstringa LDAP_P((
BerElement *ber,
char **buf,
ber_len_t *len ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_null LDAP_P((
BerElement *ber ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_boolean LDAP_P((
BerElement *ber,
ber_int_t *boolval ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_first_element LDAP_P((
BerElement *ber,
ber_len_t *len,
char **last ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_next_element LDAP_P((
BerElement *ber,
ber_len_t *len,
LDAP_CONST char *last ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_scanf LDAP_P((
BerElement *ber,
LDAP_CONST char *fmt,
@ -307,74 +310,74 @@ typedef int (*BEREncodeCallback) LDAP_P((
BerElement *ber,
void *data ));
LIBLBER_F( int )
LBER_F( int )
ber_put_enum LDAP_P((
BerElement *ber,
ber_int_t num,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_int LDAP_P((
BerElement *ber,
ber_int_t num,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_ostring LDAP_P((
BerElement *ber,
LDAP_CONST char *str,
ber_len_t len,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_berval LDAP_P((
BerElement *ber,
LDAP_CONST struct berval *bv,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_string LDAP_P((
BerElement *ber,
LDAP_CONST char *str,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_bitstring LDAP_P((
BerElement *ber,
LDAP_CONST char *str,
ber_len_t bitlen,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_null LDAP_P((
BerElement *ber,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_boolean LDAP_P((
BerElement *ber,
ber_int_t boolval,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_start_seq LDAP_P((
BerElement *ber,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_start_set LDAP_P((
BerElement *ber,
ber_tag_t tag ));
LIBLBER_F( int )
LBER_F( int )
ber_put_seq LDAP_P((
BerElement *ber ));
LIBLBER_F( int )
LBER_F( int )
ber_put_set LDAP_P((
BerElement *ber ));
LIBLBER_F( int )
LBER_F( int )
ber_printf LDAP_P((
BerElement *ber,
LDAP_CONST char *fmt,
@ -385,65 +388,65 @@ ber_printf LDAP_P((
* in io.c:
*/
LIBLBER_F( ber_slen_t )
LBER_F( ber_slen_t )
ber_read LDAP_P((
BerElement *ber,
char *buf,
ber_len_t len ));
LIBLBER_F( ber_slen_t )
LBER_F( ber_slen_t )
ber_write LDAP_P((
BerElement *ber,
LDAP_CONST char *buf,
ber_len_t len,
int nosos ));
LIBLBER_F( void )
LBER_F( void )
ber_free LDAP_P((
BerElement *ber,
int freebuf ));
LIBLBER_F( int )
LBER_F( int )
ber_flush LDAP_P((
Sockbuf *sb,
BerElement *ber,
int freeit ));
LIBLBER_F( BerElement * )
LBER_F( BerElement * )
ber_alloc LDAP_P(( void )); /* DEPRECATED */
LIBLBER_F( BerElement * )
LBER_F( BerElement * )
der_alloc LDAP_P(( void )); /* DEPRECATED */
LIBLBER_F( BerElement * )
LBER_F( BerElement * )
ber_alloc_t LDAP_P((
int beroptions ));
LIBLBER_F( BerElement * )
LBER_F( BerElement * )
ber_dup LDAP_P((
BerElement *ber ));
LIBLBER_F( ber_tag_t )
LBER_F( ber_tag_t )
ber_get_next LDAP_P((
Sockbuf *sb,
ber_len_t *len,
BerElement *ber ));
LIBLBER_F( void )
LBER_F( void )
ber_init_w_nullc LDAP_P((
BerElement *ber,
int options ));
LIBLBER_F( void )
LBER_F( void )
ber_reset LDAP_P((
BerElement *ber,
int was_writing ));
LIBLBER_F( BerElement * )
LBER_F( BerElement * )
ber_init LDAP_P((
struct berval *bv ));
LIBLBER_F( int )
LBER_F( int )
ber_flatten LDAP_P((
BerElement *ber,
struct berval **bvPtr ));
@ -452,13 +455,13 @@ ber_flatten LDAP_P((
* LBER ber accessor functions
*/
LIBLBER_F( int )
LBER_F( int )
ber_get_option LDAP_P((
void *item,
int option,
void *outvalue));
LIBLBER_F( int )
LBER_F( int )
ber_set_option LDAP_P((
void *item,
int option,
@ -468,97 +471,97 @@ ber_set_option LDAP_P((
* LBER sockbuf.c
*/
LIBLBER_F( Sockbuf * )
LBER_F( Sockbuf * )
ber_sockbuf_alloc LDAP_P((
void ));
LIBLBER_F( void )
LBER_F( void )
ber_sockbuf_free LDAP_P((
Sockbuf *sb ));
LIBLBER_F( int )
LBER_F( int )
ber_sockbuf_add_io LDAP_P((
Sockbuf *sb,
Sockbuf_IO *sbio,
int layer,
void *arg ));
LIBLBER_F( int )
LBER_F( int )
ber_sockbuf_remove_io LDAP_P((
Sockbuf *sb,
Sockbuf_IO *sbio,
int layer ));
LIBLBER_F( int )
LBER_F( int )
ber_sockbuf_ctrl LDAP_P((
Sockbuf *sb,
int opt,
void *arg ));
LIBLBER_F( Sockbuf_IO ) ber_sockbuf_io_tcp;
LIBLBER_F( Sockbuf_IO ) ber_sockbuf_io_udp;
LIBLBER_F( Sockbuf_IO ) ber_sockbuf_io_readahead;
LIBLBER_F( Sockbuf_IO ) ber_sockbuf_io_fd;
LIBLBER_F( Sockbuf_IO ) ber_sockbuf_io_debug;
LBER_F( Sockbuf_IO ) ber_sockbuf_io_tcp;
LBER_F( Sockbuf_IO ) ber_sockbuf_io_udp;
LBER_F( Sockbuf_IO ) ber_sockbuf_io_readahead;
LBER_F( Sockbuf_IO ) ber_sockbuf_io_fd;
LBER_F( Sockbuf_IO ) ber_sockbuf_io_debug;
/*
* LBER memory.c
*/
LIBLBER_F( void * )
LBER_F( void * )
ber_memalloc LDAP_P((
ber_len_t s ));
LIBLBER_F( void * )
LBER_F( void * )
ber_memrealloc LDAP_P((
void* p,
ber_len_t s ));
LIBLBER_F( void * )
LBER_F( void * )
ber_memcalloc LDAP_P((
ber_len_t n,
ber_len_t s ));
LIBLBER_F( void )
LBER_F( void )
ber_memfree LDAP_P((
void* p ));
LIBLBER_F( void )
LBER_F( void )
ber_memvfree LDAP_P((
void** vector ));
LIBLBER_F( void )
LBER_F( void )
ber_bvfree LDAP_P((
struct berval *bv ));
LIBLBER_F( void )
LBER_F( void )
ber_bvecfree LDAP_P((
struct berval **bv ));
LIBLBER_F( int )
LBER_F( int )
ber_bvecadd LDAP_P((
struct berval ***bvec,
struct berval *bv ));
LIBLBER_F( struct berval * )
LBER_F( struct berval * )
ber_bvdup LDAP_P((
LDAP_CONST struct berval *bv ));
LIBLBER_F( struct berval * )
LBER_F( struct berval * )
ber_bvstr LDAP_P((
LDAP_CONST char * ));
LIBLBER_F( struct berval * )
LBER_F( struct berval * )
ber_bvstrdup LDAP_P((
LDAP_CONST char * ));
LIBLBER_F( char * )
LBER_F( char * )
ber_strdup LDAP_P((
LDAP_CONST char * ));
/*
* error.c
*/
LIBLBER_F( int * ) ber_errno_addr LDAP_P((void));
LBER_F( int * ) ber_errno_addr LDAP_P((void));
#define ber_errno (*(ber_errno_addr)())
#define LBER_ERROR_NONE 0

16
include/lber_pvt.h
View file

@ -30,9 +30,9 @@ typedef struct sockbuf_buf {
/*
* bprint.c
*/
LIBLBER_F( BER_LOG_PRINT_FN ) ber_pvt_log_print;
LBER_F( BER_LOG_PRINT_FN ) ber_pvt_log_print;
LIBLBER_F( int )
LBER_F( int )
ber_pvt_log_printf LDAP_P((
int errlvl,
int loglvl,
@ -42,22 +42,22 @@ ber_pvt_log_printf LDAP_P((
/*
* sockbuf.c
*/
LIBLBER_F( ber_slen_t )
LBER_F( ber_slen_t )
ber_pvt_sb_do_write LDAP_P(( Sockbuf_IO_Desc *sbiod, Sockbuf_Buf *buf_out ));
LIBLBER_F( void )
LBER_F( void )
ber_pvt_sb_buf_init LDAP_P(( Sockbuf_Buf *buf ));
LIBLBER_F( void )
LBER_F( void )
ber_pvt_sb_buf_destroy LDAP_P(( Sockbuf_Buf *buf ));
LIBLBER_F( int )
LBER_F( int )
ber_pvt_sb_grow_buffer LDAP_P(( Sockbuf_Buf *buf, ber_len_t minsize ));
LIBLBER_F( ber_len_t )
LBER_F( ber_len_t )
ber_pvt_sb_copy_out LDAP_P(( Sockbuf_Buf *sbb, char *buf, ber_len_t len ));
LIBLBER_F( int )
LBER_F( int )
ber_pvt_socket_set_nonblock LDAP_P(( ber_socket_t sd, int nb ));
LDAP_END_DECL

327
include/ldap.h
View file

File diff suppressed because it is too large Load diff

89
include/ldap_cdefs.h
View file

@ -21,7 +21,7 @@
# define LDAP_END_DECL /* end declarations */
#endif
#if !defined(__NO_PROTOTYPES) && ( defined(__NEED_PROTOTYPES) || \
#if !defined(LDAP_NO_PROTOTYPES) && ( defined(LDAP_NEEDS_PROTOTYPES) || \
defined(__STDC__) || defined(__cplusplus) || defined(c_plusplus) )
/* ANSI C or C++ */
@ -57,6 +57,24 @@
/* Support for NT dynamic libraries. */
/* LBER library */
#if defined(LBER_DECL) && defined(_WIN32)
# define LBER_F(type) extern __declspec(LBER_DECL) type
# define LBER_V(type) extern __declspec(LBER_DECL) type
#else
# define LBER_F(type) extern type
# define LBER_V(type) extern type
#endif
/* LDAP library */
#if defined(LDAP_DECL) && defined(_WIN32)
# define LDAP_F(type) extern __declspec(LDAP_DECL) type
# define LDAP_V(type) extern __declspec(LDAP_DECL) type
#else
# define LDAP_F(type) extern type
# define LDAP_V(type) extern type
#endif
/*
* C library. Mingw32 links with the C run-time library by default,
* so the explicit definition of CSTATIC will keep dllimport from
@ -64,58 +82,65 @@
*/
#if (defined(__MINGW32__) && !defined(CSTATIC) || \
defined(_WIN32) && defined(_DLL))
# define LIBC_F(type) extern __declspec(dllimport) type
# define LDAP_LIBC_F(type) extern __declspec(dllimport) type
# define LDAP_LIBC_V(type) extern __declspec(dllimport) type
#else
# define LIBC_F(type) extern type
# define LDAP_LIBC_F(type) extern type
# define LDAP_LIBC_V(type) extern type
#endif
/* AVL library */
#if defined(LIBAVL_DECL) && defined(_WIN32)
# define LIBAVL_F(type) extern __declspec(LIBAVL_DECL) type
#if defined(LDAP_AVL_DECL) && defined(_WIN32)
# define LDAP_AVL_F(type) extern __declspec(LDAP_AVL_DECL) type
# define LDAP_AVL_V(type) extern __declspec(LDAP_AVL_DECL) type
#else
# define LIBAVL_F(type) extern type
#endif
/* LBER library */
#if defined(LIBLBER_DECL) && defined(_WIN32)
# define LIBLBER_F(type) extern __declspec(LIBLBER_DECL) type
#else
# define LIBLBER_F(type) extern type
#endif
/* LDAP library */
#if defined(LIBLDAP_DECL) && defined(_WIN32)
# define LIBLDAP_F(type) extern __declspec(LIBLDAP_DECL) type
#else
# define LIBLDAP_F(type) extern type
# define LDAP_AVL_F(type) extern type
# define LDAP_AVL_V(type) extern type
#endif
/* LDBM library */
#if defined(LIBLDBM_DECL) && defined(_WIN32)
# define LIBLDBM_F(type) extern __declspec(LIBLDBM_DECL) type
#if defined(LDAP_LDBM_DECL) && defined(_WIN32)
# define LDAP_LDBM_F(type) extern __declspec(LDAP_LDBM_DECL) type
# define LDAP_LDBM_V(type) extern __declspec(LDAP_LDBM_DECL) type
#else
# define LIBLDBM_F(type) extern type
# define LDAP_LDBM_F(type) extern type
# define LDAP_LDBM_V(type) extern type
#endif
/* LDIF library */
#if defined(LIBLDIF_DECL) && defined(_WIN32)
# define LIBLDIF_F(type) extern __declspec(LIBLDIF_DECL) type
#if defined(LDAP_LDIF_DECL) && defined(_WIN32)
# define LDAP_LDIF_F(type) extern __declspec(LDAP_LDIF_DECL) type
# define LDAP_LDIF_V(type) extern __declspec(LDAP_LDIF_DECL) type
#else
# define LIBLDIF_F(type) extern type
# define LDAP_LDIF_F(type) extern type
# define LDAP_LDIF_V(type) extern type
#endif
/* LUNICODE library */
#if defined(LDAP_LUNICODE_DECL) && defined(_WIN32)
# define LDAP_LUNICODE_F(type) extern __declspec(LDAP_LUNICODE_DECL) type
# define LDAP_LUNICODE_V(type) extern __declspec(LDAP_LUNICODE_DECL) type
#else
# define LDAP_LUNICODE_F(type) extern type
# define LDAP_LUNICODE_V(type) extern type
#endif
/* LUTIL library */
#if defined(LIBLUTIL_DECL) && defined(_WIN32)
# define LIBLUTIL_F(type) extern __declspec(LIBLUTIL_DECL) type
#if defined(LDAP_LUTIL_DECL) && defined(_WIN32)
# define LDAP_LUTIL_F(type) extern __declspec(LDAP_LUTIL_DECL) type
# define LDAP_LUTIL_V(type) extern __declspec(LDAP_LUTIL_DECL) type
#else
# define LIBLUTIL_F(type) extern type
# define LDAP_LUTIL_F(type) extern type
# define LDAP_LUTIL_V(type) extern type
#endif
/* SLAPD (as a module exporting symbols) */
#if defined(LIBSLAPD_DECL) && defined(_WIN32)
# define LIBSLAPD_F(type) extern __declspec(LIBSLAPD_DECL) type
#if defined(LDAP_SLAPD_DECL) && defined(_WIN32)
# define LDAP_SLAPD_F(type) extern __declspec(LDAP_SLAPD_DECL) type
# define LDAP_SLAPD_V(type) extern __declspec(LDAP_SLAPD_DECL) type
#else
# define LIBSLAPD_F(type) extern type
# define LDAP_SLAPD_F(type) extern type
# define LDAP_SLAPD_V(type) extern type
#endif
#endif /* _LDAP_CDEFS_H */

11
include/ldap_config.h.in
View file

@ -26,6 +26,17 @@
#endif
#endif
/* directory for temporary files */
#if defined( _P_tmpdir )
# define LDAP_TMPDIR _P_tmpdir
#elif defined( P_tmpdir )
# define LDAP_TMPDIR P_tmpdir
#elif defined( _PATH_TMPDIR )
# define LDAP_TMPDIR _PATH_TMPDIR
#else
# define LDAP_TMPDIR LDAP_DIRSEP "tmp"
#endif
/* directories */
#ifndef LDAP_BINDIR
#define LDAP_BINDIR "%BINDIR%"

7
include/ldap_config.nt
View file

@ -22,6 +22,13 @@
#define LDAP_DIRSEP "\\"
#endif
/* directory for temporary files */
#if defined( _P_tmpdir )
#define LDAP_TMPDIR _P_tmpdir
#else
#define LDAP_TMPDIR "\\"
#endif
/* directories */
#ifndef LDAP_PREFIX
#define LDAP_PREFIX "C:\\OpenLDAP"

5
include/ldap_defaults.h
View file

@ -35,6 +35,11 @@
#define LDAP_USERRC_FILE "ldaprc"
#define LDAP_ENV_PREFIX "LDAP"
/* default ldapi:// socket */
#define LDAPI_SOCK LDAP_TMPDIR LDAP_DIRSEP ".ldapi_sock"
/* default file: URI prefix */
#define LDAP_FILE_URI_PREFIX "file://" LDAP_TMPDIR LDAP_DIRSEP
/*
* SHARED DEFINITIONS - other things you can change

8
include/ldap_int_thread.h
View file

@ -187,10 +187,10 @@ LDAP_END_DECL
LDAP_BEGIN_DECL
LIBLDAP_F(int) ldap_int_thread_initialize LDAP_P(( void ));
LIBLDAP_F(int) ldap_int_thread_destroy LDAP_P(( void ));
LIBLDAP_F(int) ldap_int_thread_pool_startup ( void );
LIBLDAP_F(int) ldap_int_thread_pool_shutdown ( void );
LDAP_F(int) ldap_int_thread_initialize LDAP_P(( void ));
LDAP_F(int) ldap_int_thread_destroy LDAP_P(( void ));
LDAP_F(int) ldap_int_thread_pool_startup ( void );
LDAP_F(int) ldap_int_thread_pool_shutdown ( void );
#ifndef LDAP_THREAD_HAVE_TPOOL
typedef struct ldap_int_thread_pool_s * ldap_int_thread_pool_t;

2
include/ldap_log.h
View file

@ -78,7 +78,7 @@ extern int ldap_syslog_level;
#define Debug( level, fmt, arg1, arg2, arg3 )
#endif /* LDAP_DEBUG */
LIBLUTIL_F(void) lutil_debug LDAP_P((
LDAP_LUTIL_F(void) lutil_debug LDAP_P((
int debug, int level,
const char* fmt, ... )) LDAP_GCCATTR((format(printf, 3, 4)));

109
include/ldap_pvt.h
View file

@ -25,27 +25,27 @@ LDAP_BEGIN_DECL
#define LDAP_PROTO_UDP 2
#define LDAP_PROTO_IPC 3
LIBLDAP_F ( int )
LDAP_F ( int )
ldap_pvt_url_scheme2proto LDAP_P((
const char * ));
LIBLDAP_F ( int )
LDAP_F ( int )
ldap_pvt_url_scheme2tls LDAP_P((
const char * ));
LIBLDAP_F ( int )
LDAP_F ( int )
ldap_pvt_domain2dn LDAP_P((
LDAP_CONST char *domain,
char **dn ));
struct hostent; /* avoid pulling in <netdb.h> */
LIBLDAP_F( char * )
LDAP_F( char * )
ldap_pvt_ctime LDAP_P((
const time_t *tp,
char *buf ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_gethostbyname_a LDAP_P((
const char *name,
struct hostent *resbuf,
@ -53,7 +53,7 @@ ldap_pvt_gethostbyname_a LDAP_P((
struct hostent **result,
int *herrno_ptr ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_gethostbyaddr_a LDAP_P((
const char *addr,
int len,
@ -66,40 +66,40 @@ ldap_pvt_gethostbyaddr_a LDAP_P((
/* charray.c */
LIBLDAP_F( int )
LDAP_F( int )
ldap_charray_add LDAP_P((
char ***a,
char *s ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_charray_merge LDAP_P((
char ***a,
char **s ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_charray_free LDAP_P(( char **a ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_charray_inlist LDAP_P((
char **a,
char *s ));
LIBLDAP_F( char ** )
LDAP_F( char ** )
ldap_charray_dup LDAP_P(( char **a ));
LIBLDAP_F( char ** )
LDAP_F( char ** )
ldap_str2charray LDAP_P((
const char *str,
const char *brkstr ));
/* url.c */
LIBLDAP_F (void) ldap_pvt_hex_unescape LDAP_P(( char *s ));
LIBLDAP_F (int) ldap_pvt_unhex( int c );
LDAP_F (void) ldap_pvt_hex_unescape LDAP_P(( char *s ));
LDAP_F (int) ldap_pvt_unhex( int c );
/* these macros assume 'x' is an ASCII x */
#define LDAP_DNSEPARATOR(c) ((c) == ',' || (c) == ';')
#define LDAP_SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+')
#define LDAP_SPACE(c) ((c) == ' ' || (c) == '\n')
#define LDAP_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n')
#define LDAP_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
#define LDAP_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
@ -113,55 +113,56 @@ LIBLDAP_F (int) ldap_pvt_unhex( int c );
#define LDAP_OIDCHAR(c) ( LDAP_DIGIT(c) || (c) == '.' )
#define LDAP_LEADATTRCHAR(c) ( LDAP_LEADKEYCHAR(c) || LDAP_LEADOIDCHAR(c) )
#define LDAP_ATTRCHAR(c) ( LDAP_KEYCHAR((c)) || (c) == '.' )
#define LDAP_ATTRCHAR(c) ( LDAP_KEYCHAR(c) || LDAP_OIDCHAR(c) )
#define LDAP_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
#ifdef HAVE_CYRUS_SASL
/* sasl.c */
LDAP_END_DECL
#include <sasl.h>
#include <ldap.h>
LDAP_BEGIN_DECL
LIBLDAP_F (int) ldap_pvt_sasl_init LDAP_P(( void )); /* clientside init */
LIBLDAP_F (int) ldap_pvt_sasl_install LDAP_P(( Sockbuf *, void * ));
LIBLDAP_F (int) ldap_pvt_sasl_bind LDAP_P(( LDAP *, LDAP_CONST char *,
LDAP_F (int) ldap_pvt_sasl_init LDAP_P(( void )); /* clientside init */
LDAP_F (int) ldap_pvt_sasl_install LDAP_P(( Sockbuf *, void * ));
LDAP_F (int) ldap_pvt_sasl_bind LDAP_P(( LDAP *, LDAP_CONST char *,
LDAP_CONST char *, LDAP_CONST sasl_callback_t *, LDAPControl **,
LDAPControl ** ));
LIBLDAP_F (int) ldap_pvt_sasl_get_option LDAP_P(( LDAP *ld, int option,
LDAP_F (int) ldap_pvt_sasl_get_option LDAP_P(( LDAP *ld, int option,
void *arg ));
LIBLDAP_F (int) ldap_pvt_sasl_set_option LDAP_P(( LDAP *ld, int option,
LDAP_F (int) ldap_pvt_sasl_set_option LDAP_P(( LDAP *ld, int option,
void *arg ));
#endif /* HAVE_CYRUS_SASL */
/* search.c */
LIBLDAP_F( char * )
LDAP_F( char * )
ldap_pvt_find_wildcard LDAP_P(( const char *s ));
LIBLDAP_F( ber_slen_t )
LDAP_F( ber_slen_t )
ldap_pvt_filter_value_unescape LDAP_P(( char *filter ));
/* string.c */
LIBLDAP_F( char * )
LDAP_F( char * )
ldap_pvt_str2upper LDAP_P(( char *str ));
LIBLDAP_F( char * )
LDAP_F( char * )
ldap_pvt_str2lower LDAP_P(( char *str ));
/* tls.c */
struct ldapoptions;
struct ldap;
LIBLDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
LIBLDAP_F (int) ldap_pvt_tls_config LDAP_P(( struct ldapoptions *lo, int option, const char *arg ));
LIBLDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
LIBLDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LIBLDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
LIBLDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
LIBLDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LIBLDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
LIBLDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
LIBLDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
LDAP_F (int) ldap_pvt_tls_config LDAP_P(( struct ldapoptions *lo, int option, const char *arg ));
LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
/*
* UTF-8 (in utf-8.c)
@ -172,39 +173,39 @@ typedef short ldap_ucs2_t;
typedef ldap_ucs2_t ldap_unicode_t;
/* returns the number of bytes in the UTF-8 string */
LIBLDAP_F (ber_len_t) ldap_utf8_bytes( const char * );
LDAP_F (ber_len_t) ldap_utf8_bytes( const char * );
/* returns the number of UTF-8 characters in the string */
LIBLDAP_F (ber_len_t) ldap_utf8_chars( const char * );
LDAP_F (ber_len_t) ldap_utf8_chars( const char * );
/* returns the length (in bytes) of the UTF-8 character */
LIBLDAP_F (int) ldap_utf8_offset( const char * );
LDAP_F (int) ldap_utf8_offset( const char * );
/* returns the length (in bytes) indicated by the UTF-8 character */
LIBLDAP_F (int) ldap_utf8_charlen( const char * );
LDAP_F (int) ldap_utf8_charlen( const char * );
/* copies a UTF-8 character and returning number of bytes copied */
LIBLDAP_F (int) ldap_utf8_copy( char *, const char *);
LDAP_F (int) ldap_utf8_copy( char *, const char *);
/* returns pointer of next UTF-8 character in string */
LIBLDAP_F (char*) ldap_utf8_next( const char * );
LDAP_F (char*) ldap_utf8_next( const char * );
/* returns pointer of previous UTF-8 character in string */
LIBLDAP_F (char*) ldap_utf8_prev( const char * );
LDAP_F (char*) ldap_utf8_prev( const char * );
/* primitive ctype routines -- not aware of non-ascii characters */
LIBLDAP_F (int) ldap_utf8_isascii( const char * );
LIBLDAP_F (int) ldap_utf8_isalpha( const char * );
LIBLDAP_F (int) ldap_utf8_isalnum( const char * );
LIBLDAP_F (int) ldap_utf8_isdigit( const char * );
LIBLDAP_F (int) ldap_utf8_isxdigit( const char * );
LIBLDAP_F (int) ldap_utf8_isspace( const char * );
LDAP_F (int) ldap_utf8_isascii( const char * );
LDAP_F (int) ldap_utf8_isalpha( const char * );
LDAP_F (int) ldap_utf8_isalnum( const char * );
LDAP_F (int) ldap_utf8_isdigit( const char * );
LDAP_F (int) ldap_utf8_isxdigit( const char * );
LDAP_F (int) ldap_utf8_isspace( const char * );
/* span characters not in set, return bytes spanned */
LIBLDAP_F (ber_len_t) ldap_utf8_strcspn( const char* str, const char *set);
LDAP_F (ber_len_t) ldap_utf8_strcspn( const char* str, const char *set);
/* span characters in set, return bytes spanned */
LIBLDAP_F (ber_len_t) ldap_utf8_strspn( const char* str, const char *set);
LDAP_F (ber_len_t) ldap_utf8_strspn( const char* str, const char *set);
/* return first occurance of character in string */
LIBLDAP_F (char *) ldap_utf8_strchr( const char* str, const char *chr);
LDAP_F (char *) ldap_utf8_strchr( const char* str, const char *chr);
/* return first character of set in string */
LIBLDAP_F (char *) ldap_utf8_strpbrk( const char* str, const char *set);
LDAP_F (char *) ldap_utf8_strpbrk( const char* str, const char *set);
/* reentrant tokenizer */
LIBLDAP_F (char*) ldap_utf8_strtok( char* sp, const char* sep, char **last);
LDAP_F (char*) ldap_utf8_strtok( char* sp, const char* sep, char **last);
/* Optimizations */
#define LDAP_UTF8_ISASCII(p) ( * (const unsigned char *) (p) < 0x100 )

70
include/ldap_pvt_thread.h
View file

@ -22,111 +22,111 @@ typedef ldap_int_thread_t ldap_pvt_thread_t;
typedef ldap_int_thread_mutex_t ldap_pvt_thread_mutex_t;
typedef ldap_int_thread_cond_t ldap_pvt_thread_cond_t;
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_initialize LDAP_P(( void ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_destroy LDAP_P(( void ));
LIBLDAP_F( unsigned int )
LDAP_F( unsigned int )
ldap_pvt_thread_sleep LDAP_P(( unsigned int s ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_get_concurrency LDAP_P(( void ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_set_concurrency LDAP_P(( int ));
#define LDAP_PVT_THREAD_CREATE_JOINABLE 0
#define LDAP_PVT_THREAD_CREATE_DETACHED 1
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_create LDAP_P((
ldap_pvt_thread_t * thread,
int detach,
void *(*start_routine)( void * ),
void *arg));
LIBLDAP_F( void )
LDAP_F( void )
ldap_pvt_thread_exit LDAP_P(( void *retval ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_join LDAP_P(( ldap_pvt_thread_t thread, void **status ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_kill LDAP_P(( ldap_pvt_thread_t thread, int signo ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_yield LDAP_P(( void ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_cond_init LDAP_P(( ldap_pvt_thread_cond_t *cond ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_cond_destroy LDAP_P(( ldap_pvt_thread_cond_t *cond ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_cond_signal LDAP_P(( ldap_pvt_thread_cond_t *cond ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_cond_broadcast LDAP_P(( ldap_pvt_thread_cond_t *cond ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_cond_wait LDAP_P((
ldap_pvt_thread_cond_t *cond,
ldap_pvt_thread_mutex_t *mutex ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_mutex_init LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_mutex_destroy LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_mutex_lock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_mutex_trylock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_mutex_unlock LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
#ifndef LDAP_THREAD_HAVE_RDWR
typedef struct ldap_int_thread_rdwr_s * ldap_pvt_thread_rdwr_t;
#endif
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_init LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_destroy LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_rlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_rtrylock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_runlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_wlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_wtrylock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_wunlock LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
#ifdef LDAP_DEBUG
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_readers LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_writers LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_rdwr_active LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
#endif /* LDAP_DEBUG */
@ -135,23 +135,23 @@ ldap_pvt_thread_rdwr_active LDAP_P((ldap_pvt_thread_rdwr_t *rdwrp));
typedef ldap_int_thread_pool_t ldap_pvt_thread_pool_t;
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_pool_init LDAP_P((
ldap_pvt_thread_pool_t *pool_out,
int max_concurrency,
int max_pending ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_pool_submit LDAP_P((
ldap_pvt_thread_pool_t *pool,
void *(*start_routine)( void * ),
void *arg ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_pool_backload LDAP_P((
ldap_pvt_thread_pool_t *pool ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_pvt_thread_pool_destroy LDAP_P((
ldap_pvt_thread_pool_t *pool,
int run_pending ));

34
include/ldap_schema.h
View file

@ -107,83 +107,83 @@ typedef struct ldap_objectclass {
#define LDAP_SCHEMA_ALLOW_DESCR_PREFIX 0x08 /* Allow descr as OID prefix */
#define LDAP_SCHEMA_ALLOW_ALL 0x0f /* Be very liberal in parsing */
LIBLDAP_F( LDAP_CONST char * )
LDAP_F( LDAP_CONST char * )
ldap_syntax2name LDAP_P((
LDAP_SYNTAX * syn ));
LIBLDAP_F( LDAP_CONST char * )
LDAP_F( LDAP_CONST char * )
ldap_matchingrule2name LDAP_P((
LDAP_MATCHING_RULE * mr ));
LIBLDAP_F( LDAP_CONST char * )
LDAP_F( LDAP_CONST char * )
ldap_attributetype2name LDAP_P((
LDAP_ATTRIBUTE_TYPE * at ));
LIBLDAP_F( LDAP_CONST char * )
LDAP_F( LDAP_CONST char * )
ldap_objectclass2name LDAP_P((
LDAP_OBJECT_CLASS * oc ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_syntax_free LDAP_P((
LDAP_SYNTAX * syn ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_matchingrule_free LDAP_P((
LDAP_MATCHING_RULE * mr ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_attributetype_free LDAP_P((
LDAP_ATTRIBUTE_TYPE * at ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_objectclass_free LDAP_P((
LDAP_OBJECT_CLASS * oc ));
LIBLDAP_F( LDAP_OBJECT_CLASS * )
LDAP_F( LDAP_OBJECT_CLASS * )
ldap_str2objectclass LDAP_P((
LDAP_CONST char * s,
int * code,
LDAP_CONST char ** errp,
LDAP_CONST int flags ));
LIBLDAP_F( LDAP_ATTRIBUTE_TYPE * )
LDAP_F( LDAP_ATTRIBUTE_TYPE * )
ldap_str2attributetype LDAP_P((
LDAP_CONST char * s,
int * code,
LDAP_CONST char ** errp,
LDAP_CONST int flags ));
LIBLDAP_F( LDAP_SYNTAX * )
LDAP_F( LDAP_SYNTAX * )
ldap_str2syntax LDAP_P((
LDAP_CONST char * s,
int * code,
LDAP_CONST char ** errp,
LDAP_CONST int flags ));
LIBLDAP_F( LDAP_MATCHING_RULE * )
LDAP_F( LDAP_MATCHING_RULE * )
ldap_str2matchingrule LDAP_P((
LDAP_CONST char * s,
int * code,
LDAP_CONST char ** errp,
LDAP_CONST int flags ));
LIBLDAP_F( char *)
LDAP_F( char *)
ldap_objectclass2str LDAP_P((
LDAP_CONST LDAP_OBJECT_CLASS * oc ));
LIBLDAP_F( char *)
LDAP_F( char *)
ldap_attributetype2str LDAP_P((
LDAP_CONST LDAP_ATTRIBUTE_TYPE * at ));
LIBLDAP_F( char *)
LDAP_F( char *)
ldap_syntax2str LDAP_P((
LDAP_CONST LDAP_SYNTAX * syn ));
LIBLDAP_F( char *)
LDAP_F( char *)
ldap_matchingrule2str LDAP_P((
LDAP_CONST LDAP_MATCHING_RULE * mr ));
LIBLDAP_F( char *)
LDAP_F( char *)
ldap_scherr2str LDAP_P((
int code )) LDAP_GCCATTR((const));

28
include/ldbm.h
View file

@ -236,25 +236,25 @@ LDAP_END_DECL
LDAP_BEGIN_DECL
LIBLDBM_F (int) ldbm_initialize( void );
LIBLDBM_F (int) ldbm_shutdown( void );
LDAP_LDBM_F (int) ldbm_initialize( void );
LDAP_LDBM_F (int) ldbm_shutdown( void );
LIBLDBM_F (int) ldbm_errno( LDBM ldbm );
LIBLDBM_F (LDBM) ldbm_open( char *name, int rw, int mode, int dbcachesize );
LIBLDBM_F (void) ldbm_close( LDBM ldbm );
LIBLDBM_F (void) ldbm_sync( LDBM ldbm );
LIBLDBM_F (void) ldbm_datum_free( LDBM ldbm, Datum data );
LIBLDBM_F (Datum) ldbm_datum_dup( LDBM ldbm, Datum data );
LIBLDBM_F (Datum) ldbm_fetch( LDBM ldbm, Datum key );
LIBLDBM_F (int) ldbm_store( LDBM ldbm, Datum key, Datum data, int flags );
LIBLDBM_F (int) ldbm_delete( LDBM ldbm, Datum key );
LDAP_LDBM_F (int) ldbm_errno( LDBM ldbm );
LDAP_LDBM_F (LDBM) ldbm_open( char *name, int rw, int mode, int dbcachesize );
LDAP_LDBM_F (void) ldbm_close( LDBM ldbm );
LDAP_LDBM_F (void) ldbm_sync( LDBM ldbm );
LDAP_LDBM_F (void) ldbm_datum_free( LDBM ldbm, Datum data );
LDAP_LDBM_F (Datum) ldbm_datum_dup( LDBM ldbm, Datum data );
LDAP_LDBM_F (Datum) ldbm_fetch( LDBM ldbm, Datum key );
LDAP_LDBM_F (int) ldbm_store( LDBM ldbm, Datum key, Datum data, int flags );
LDAP_LDBM_F (int) ldbm_delete( LDBM ldbm, Datum key );
LIBLDBM_F (Datum) ldbm_firstkey( LDBM ldbm, LDBMCursor **cursor );
LIBLDBM_F (Datum) ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *cursor );
LDAP_LDBM_F (Datum) ldbm_firstkey( LDBM ldbm, LDBMCursor **cursor );
LDAP_LDBM_F (Datum) ldbm_nextkey( LDBM ldbm, Datum key, LDBMCursor *cursor );
/* initialization of Datum structures */
#if defined( HAVE_BERKELEY_DB ) && (DB_VERSION_MAJOR >= 2)
LIBLDBM_F (void *) ldbm_malloc( size_t size );
LDAP_LDBM_F (void *) ldbm_malloc( size_t size );
# define ldbm_datum_init(d) ((void)memset(&(d), '\0', sizeof(Datum)))
#else
# define ldbm_datum_init(d) ((void)0)

16
include/ldif.h
View file

@ -28,7 +28,7 @@
LDAP_BEGIN_DECL
/* This is NOT a bogus extern declaration (unlike ldap_debug) */
LIBLDIF_F (int) ldif_debug;
LDAP_LDIF_V (int) ldif_debug;
#define LDIF_LINE_WIDTH 76 /* maximum length of LDIF lines */
@ -49,23 +49,23 @@ LIBLDIF_F (int) ldif_debug;
((nlen) + 4 + LDIF_BASE64_LEN(vlen) \
+ ((LDIF_BASE64_LEN(vlen) + (nlen) + 3) / LDIF_LINE_WIDTH * 2 ))
LIBLDIF_F( int )
LDAP_LDIF_F( int )
ldif_parse_line LDAP_P((
LDAP_CONST char *line,
char **name,
char **value,
ber_len_t *vlen ));
LIBLDIF_F( int )
LDAP_LDIF_F( int )
ldif_fetch_url LDAP_P((
LDAP_CONST char *line,
char **value,
ber_len_t *vlen ));
LIBLDIF_F( char * )
LDAP_LDIF_F( char * )
ldif_getline LDAP_P(( char **next ));
LIBLDIF_F( int )
LDAP_LDIF_F( int )
ldif_read_record LDAP_P((
FILE *fp,
int *lineno,
@ -83,7 +83,7 @@ ldif_read_record LDAP_P((
#define LDIF_PUT_URL 0x0020 /* url */
#define LDIF_PUT_SEP 0x0040 /* separator */
LIBLDIF_F( void )
LDAP_LDIF_F( void )
ldif_sput LDAP_P((
char **out,
int type,
@ -91,14 +91,14 @@ ldif_sput LDAP_P((
LDAP_CONST char *val,
ber_len_t vlen ));
LIBLDIF_F( char * )
LDAP_LDIF_F( char * )
ldif_put LDAP_P((
int type,
LDAP_CONST char *name,
LDAP_CONST char *val,
ber_len_t vlen ));
LIBLDIF_F( int )
LDAP_LDIF_F( int )
ldif_is_not_printable LDAP_P((
LDAP_CONST char *val,
ber_len_t vlen ));

26
include/lutil.h
View file

@ -30,27 +30,27 @@ LDAP_BEGIN_DECL
/* ISC Base64 Routines */
/* base64.c */
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_b64_ntop LDAP_P((
unsigned char const *,
size_t,
char *,
size_t));
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_b64_pton LDAP_P((
char const *,
unsigned char *,
size_t));
/* detach.c */
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_detach LDAP_P((
int debug,
int do_close));
/* entropy.c */
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_entropy LDAP_P((
char *buf,
ber_len_t nbytes ));
@ -58,13 +58,13 @@ lutil_entropy LDAP_P((
/* passwd.c */
struct berval; /* avoid pulling in lber.h */
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_authpasswd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_authpasswd_hash LDAP_P((
const struct berval *cred,
struct berval **passwd, /* password to store */
@ -73,36 +73,36 @@ lutil_authpasswd_hash LDAP_P((
#if defined( SLAPD_SPASSWD ) && defined( HAVE_CYRUS_SASL )
/* cheat to avoid pulling in <sasl.h> */
LIBLUTIL_F( struct sasl_conn * ) lutil_passwd_sasl_conn;
LDAP_LUTIL_F( struct sasl_conn * ) lutil_passwd_sasl_conn;
#endif
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_passwd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
LIBLUTIL_F( struct berval * )
LDAP_LUTIL_F( struct berval * )
lutil_passwd_generate LDAP_P(( ber_len_t ));
LIBLUTIL_F( struct berval * )
LDAP_LUTIL_F( struct berval * )
lutil_passwd_hash LDAP_P((
const struct berval *passwd,
const char *method ));
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_passwd_scheme LDAP_P((
const char *scheme ));
/* utils.c */
LIBLUTIL_F( char* )
LDAP_LUTIL_F( char* )
lutil_progname LDAP_P((
const char* name,
int argc,
char *argv[] ));
/* sockpair.c */
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_pair( LBER_SOCKET_T sd[2] );
LDAP_END_DECL

4
include/lutil_lockf.h
View file

@ -19,10 +19,10 @@
LDAP_BEGIN_DECL
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_lockf LDAP_P(( int fd ));
LIBLUTIL_F( int )
LDAP_LUTIL_F( int )
lutil_unlockf LDAP_P(( int fd ));
LDAP_END_DECL

8
include/lutil_md5.h
View file

@ -32,22 +32,22 @@ struct lutil_MD5Context {
unsigned char in[64];
};
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_MD5Init LDAP_P((
struct lutil_MD5Context *context));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_MD5Update LDAP_P((
struct lutil_MD5Context *context,
unsigned char const *buf,
ber_len_t len));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_MD5Final LDAP_P((
unsigned char digest[16],
struct lutil_MD5Context *context));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_MD5Transform LDAP_P((
ber_uint_t buf[4],
const unsigned char in[64]));

14
include/lutil_sha1.h
View file

@ -35,31 +35,31 @@ typedef struct {
unsigned char buffer[64];
} lutil_SHA1_CTX;
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_SHA1Transform
LDAP_P((uint32 state[5], const unsigned char buffer[64]));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_SHA1Init
LDAP_P((lutil_SHA1_CTX *context));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_SHA1Update
LDAP_P((lutil_SHA1_CTX *context, const unsigned char *data, uint32 len));
LIBLUTIL_F( void )
LDAP_LUTIL_F( void )
lutil_SHA1Final
LDAP_P((unsigned char digest[20], lutil_SHA1_CTX *context));
LIBLUTIL_F( char * )
LDAP_LUTIL_F( char * )
lutil_SHA1End
LDAP_P((lutil_SHA1_CTX *, char *));
LIBLUTIL_F( char * )
LDAP_LUTIL_F( char * )
lutil_SHA1File
LDAP_P((char *, char *));
LIBLUTIL_F( char * )
LDAP_LUTIL_F( char * )
lutil_SHA1Data
LDAP_P((const unsigned char *, size_t, char *));

12
include/portable.h.in
View file

@ -14,11 +14,6 @@
/* end of preamble */
#if !defined(SLAPD_SCHEMA_COMPAT) && !defined(SLAPD_SCHEMA_NOT_COMPAT)
/* define SLAPD_SCHEMA_COMPAT if you want old schema codes */
#define SLAPD_SCHEMA_NOT_COMPAT 1
#endif
/* Define if on AIX 3.
System headers sometimes define this.
@ -458,9 +453,6 @@
/* Define if you have the <pwd.h> header file. */
#undef HAVE_PWD_H
/* Define if you have the <quipu/commonarg.h> header file. */
#undef HAVE_QUIPU_COMMONARG_H
/* Define if you have the <readline/history.h> header file. */
#undef HAVE_READLINE_HISTORY_H
@ -925,9 +917,9 @@
# define WIN32_LEAN_AND_MEAN 1
#endif
#ifndef __NEED_PROTOTYPES
#ifndef LDAP_NEEDS_PROTOTYPES
/* force LDAP_P to always include prototypes */
#define __NEED_PROTOTYPES 1
#define LDAP_NEEDS_PROTOTYPES 1
#endif
#ifdef HAVE_STDDEF_H

4
include/portable.nt
View file

@ -725,9 +725,9 @@ typedef signed int ssize_t;
/* begin of postamble */
#ifndef __NEED_PROTOTYPES
#ifndef LDAP_NEEDS_PROTOTYPES
/* force LDAP_P to always include prototypes */
#define __NEED_PROTOTYPES 1
#define LDAP_NEEDS_PROTOTYPES 1
#endif
#ifdef HAVE_STDDEF_H

10
include/srchpref.h
View file

@ -78,22 +78,22 @@ struct ldap_searchobj {
#define LDAP_SEARCHPREF_ERR_FILE 4
LIBLDAP_F( int )
LDAP_F( int )
ldap_init_searchprefs LDAP_P(( char *file,
struct ldap_searchobj **solistp ));
LIBLDAP_F( int )
LDAP_F( int )
ldap_init_searchprefs_buf LDAP_P(( char *buf,
ber_len_t buflen,
struct ldap_searchobj **solistp ));
LIBLDAP_F( void )
LDAP_F( void )
ldap_free_searchprefs LDAP_P(( struct ldap_searchobj *solist ));
LIBLDAP_F( struct ldap_searchobj * )
LDAP_F( struct ldap_searchobj * )
ldap_first_searchobj LDAP_P(( struct ldap_searchobj *solist ));
LIBLDAP_F( struct ldap_searchobj * )
LDAP_F( struct ldap_searchobj * )
ldap_next_searchobj LDAP_P(( struct ldap_searchobj *sollist,
struct ldap_searchobj *so ));

2
libraries/liblber/Makefile.in
View file

@ -27,7 +27,7 @@ XXLIBS =
LINKAGE = @LT_LIB_LINKAGE@
NT_DYN_TEST_DEFS = -DLIBLBER_DECL=dllimport
NT_DYN_TEST_DEFS = -DLBER_DECL=dllimport
# Extras for building the library
EXTRA_DEFS = $(@PLAT@_@LIB_LINKAGE@_LIB_DEFS)

12
libraries/liblber/encode.c
View file

@ -649,6 +649,9 @@ ber_put_set( BerElement *ber )
return( ber_put_seqorset( ber ) );
}
/* N tag */
static ber_tag_t lber_int_null = 0;
/* VARARGS */
int
ber_printf( BerElement *ber, LDAP_CONST char *fmt, ... )
@ -698,6 +701,15 @@ ber_printf( BerElement *ber, LDAP_CONST char *fmt, ... )
rc = ber_put_null( ber, ber->ber_tag );
break;
case 'N': /* Debug NULL */
if( lber_int_null != 0 ) {
/* Insert NULL to ensure peer ignores unknown tags */
rc = ber_put_null( ber, lber_int_null );
} else {
rc = 0;
}
break;
case 'o': /* octet string (non-null terminated) */
s = va_arg( ap, char * );
len = va_arg( ap, ber_len_t );

2
libraries/liblber/etest.c
View file

@ -144,7 +144,7 @@ main( int argc, char **argv )
}
fprintf(stderr, "encode: end\n" );
if( ber_printf( ber, /*{*/ "}" ) == -1 ) {
if( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
perror( /*{*/ "ber_printf }" );
return( EXIT_FAILURE );
}

23
libraries/liblber/lber-int.h
View file

@ -24,12 +24,13 @@
LDAP_BEGIN_DECL
LIBLBER_F (BER_ERRNO_FN) ber_int_errno_fn;
LBER_F (BER_ERRNO_FN) ber_int_errno_fn;
struct lber_options {
short lbo_valid;
unsigned short lbo_options;
int lbo_debug;
long lbo_meminuse;
};
#define LBER_UNINITIALIZED 0x0
@ -37,7 +38,7 @@ struct lber_options {
#define LBER_VALID_BERELEMENT 0x2
#define LBER_VALID_SOCKBUF 0x3
LIBLBER_F (struct lber_options) ber_int_options;
LBER_F (struct lber_options) ber_int_options;
#define ber_int_debug ber_int_options.lbo_debug
struct berelement {
@ -100,21 +101,21 @@ int ber_realloc LDAP_P((
*/
#define ber_log_printf ber_pvt_log_printf
LIBLBER_F( int )
LBER_F( int )
ber_log_bprint LDAP_P((
int errlvl,
int loglvl,
const char *data,
ber_len_t len ));
LIBLBER_F( int )
LBER_F( int )
ber_log_dump LDAP_P((
int errlvl,
int loglvl,
BerElement *ber,
int inout ));
LIBLBER_F( int )
LBER_F( int )
ber_log_sos_dump LDAP_P((
int errlvl,
int loglvl,
@ -123,7 +124,7 @@ ber_log_sos_dump LDAP_P((
/* memory.c */
/* simple macros to realloc for now */
LIBLBER_F (BerMemoryFunctions *) ber_int_memory_fns;
LBER_F (BerMemoryFunctions *) ber_int_memory_fns;
#ifdef CSRIMALLOC
#define LBER_INT_MALLOC malloc
@ -158,19 +159,19 @@ LIBLBER_F (BerMemoryFunctions *) ber_int_memory_fns;
/* sockbuf.c */
LIBLBER_F( int )
LBER_F( int )
ber_int_sb_init LDAP_P(( Sockbuf *sb ));
LIBLBER_F( int )
LBER_F( int )
ber_int_sb_close LDAP_P(( Sockbuf *sb ));
LIBLBER_F( int )
LBER_F( int )
ber_int_sb_destroy LDAP_P(( Sockbuf *sb ));
LIBLBER_F( ber_slen_t )
LBER_F( ber_slen_t )
ber_int_sb_read LDAP_P(( Sockbuf *sb, void *buf, ber_len_t len ));
LIBLBER_F( ber_slen_t )
LBER_F( ber_slen_t )
ber_int_sb_write LDAP_P(( Sockbuf *sb, void *buf, ber_len_t len ));
LDAP_END_DECL

149
libraries/liblber/memory.c
View file

@ -10,6 +10,13 @@
#include "lber-int.h"
#ifdef LDAP_MEMORY_TRACE
# ifndef LDAP_MEMORY_DEBUG
# define LDAP_MEMORY_DEBUG 1
# endif
#include <stdio.h>
#endif
#if LDAP_MEMORY_DEBUG
/*
* LDAP_MEMORY_DEBUG should only be enabled for the purposes of
@ -23,7 +30,12 @@
*/
struct ber_mem_hdr {
union bmu_align_u {
ber_int_t bm_top; /* Pattern to detect buf overrun from prev buffer */
ber_int_t bm_length; /* Length of user allocated area */
#ifdef LDAP_MEMORY_TRACE
ber_int_t bm_sequence; /* Allocation sequence number */
#endif
union bmu_align_u { /* Force alignment, pattern to detect back clobber */
ber_len_t bmu_len_t;
ber_tag_t bmu_tag_t;
ber_int_t bmu_int_t;
@ -33,13 +45,61 @@ struct ber_mem_hdr {
double bmu_double;
long bmu_long;
long (*bmu_funcp)( double );
char bmu_char[4];
unsigned char bmu_char[4];
} ber_align;
#define bm_junk ber_align.bmu_len_t
#define bm_data ber_align.bmu_char[1]
#define bm_char ber_align.bmu_char
};
/* Pattern at top of allocated space */
#define BER_MEM_JUNK 0xdeaddadaU
static const struct ber_mem_hdr ber_int_mem_hdr = { BER_MEM_JUNK };
static const struct ber_mem_hdr ber_int_mem_hdr = { BER_MEM_JUNK, 0, 0 };
/* Note sequence and ber_int_options.lbu_meminuse are counters, but are not
* thread safe. If you want to use these values for multithreaded applications,
* you must put mutexes around them, otherwise they will have incorrect values.
* When debugging, if you sort the debug output, the sequence number will
* put allocations/frees together. It is then a simple matter to write a script
* to find any allocations that don't have a buffer free function.
*/
#ifdef LDAP_MEMORY_TRACE
static ber_int_t sequence = 0;
#endif
/* Pattern placed just before user data */
static unsigned char toppattern[4] = { 0xde, 0xad, 0xba, 0xde };
/* Pattern placed just after user data */
static unsigned char endpattern[4] = { 0xd1, 0xed, 0xde, 0xca };
#define mbu_len sizeof(ber_int_mem_hdr.ber_align)
/* Test if pattern placed just before user data is good */
#define testdatatop(val) ( \
*(val->bm_char+mbu_len-4)==toppattern[0] && \
*(val->bm_char+mbu_len-3)==toppattern[1] && \
*(val->bm_char+mbu_len-2)==toppattern[2] && \
*(val->bm_char+mbu_len-1)==toppattern[3] )
/* Place pattern just before user data */
#define setdatatop(val) *(val->bm_char+mbu_len-4)=toppattern[0]; \
*(val->bm_char+mbu_len-3)=toppattern[1]; \
*(val->bm_char+mbu_len-2)=toppattern[2]; \
*(val->bm_char+mbu_len-1)=toppattern[3];
/* Test if pattern placed just after user data is good */
#define testend(val) ( *((unsigned char *)val+0)==endpattern[0] && \
*((unsigned char *)val+1)==endpattern[1] && \
*((unsigned char *)val+2)==endpattern[2] && \
*((unsigned char *)val+3)==endpattern[3] )
/* Place pattern just after user data */
#define setend(val) *((unsigned char *)val+0)=endpattern[0]; \
*((unsigned char *)val+1)=endpattern[1]; \
*((unsigned char *)val+2)=endpattern[2]; \
*((unsigned char *)val+3)=endpattern[3];
#define BER_MEM_BADADDR ((void *) &ber_int_mem_hdr.bm_data)
#define BER_MEM_VALID(p) do { \
assert( (p) != BER_MEM_BADADDR ); \
@ -80,9 +140,17 @@ ber_memfree( void *p )
#ifdef LDAP_MEMORY_DEBUG
struct ber_mem_hdr *mh = (struct ber_mem_hdr *)
((char *)p - sizeof(struct ber_mem_hdr));
assert( mh->bm_top == BER_MEM_JUNK);
assert( testdatatop( mh));
assert( testend( (char *)&mh[1] + mh->bm_length) );
ber_int_options.lbo_meminuse -= mh->bm_length;
assert( mh->bm_junk == BER_MEM_JUNK );
mh->bm_junk = ~BER_MEM_JUNK;
#ifdef LDAP_MEMORY_TRACE
fprintf(stderr, "0x%08x 0x%08x -f- %d ber_memfree %d\n",
mh->bm_sequence, mh, mh->bm_length, ber_int_options.lbo_meminuse);
#endif
/* Fill the free space with poison */
memset( mh, 0xff, mh->bm_length + sizeof(struct ber_mem_hdr) + sizeof( ber_int_t));
free( mh );
#else
free( p );
@ -133,11 +201,23 @@ ber_memalloc( ber_len_t s )
if( ber_int_memory_fns == NULL ) {
#ifdef LDAP_MEMORY_DEBUG
struct ber_mem_hdr *mh = malloc(s + sizeof(struct ber_mem_hdr));
struct ber_mem_hdr *mh = malloc(s + sizeof(struct ber_mem_hdr) + sizeof( ber_int_t));
if( mh == NULL ) return NULL;
mh->bm_junk = BER_MEM_JUNK;
mh->bm_top = BER_MEM_JUNK;
mh->bm_length = s;
setdatatop( mh);
setend( (char *)&mh[1] + mh->bm_length );
ber_int_options.lbo_meminuse += mh->bm_length; /* Count mem inuse */
#ifdef LDAP_MEMORY_TRACE
mh->bm_sequence = sequence++;
fprintf(stderr, "0x%08x 0x%08x -a- %d ber_memalloc %d\n",
mh->bm_sequence, mh, mh->bm_length, ber_int_options.lbo_meminuse);
#endif
/* poison new memory */
memset( (char *)&mh[1], 0xff, s);
BER_MEM_VALID( &mh[1] );
new = &mh[1];
@ -173,10 +253,21 @@ ber_memcalloc( ber_len_t n, ber_len_t s )
if( ber_int_memory_fns == NULL ) {
#ifdef LDAP_MEMORY_DEBUG
struct ber_mem_hdr *mh = calloc(1,
(n * s) + sizeof(struct ber_mem_hdr) );
(n * s) + sizeof(struct ber_mem_hdr) + sizeof(ber_int_t) );
if( mh == NULL ) return NULL;
mh->bm_junk = BER_MEM_JUNK;
mh->bm_top = BER_MEM_JUNK;
mh->bm_length = n*s;
setdatatop( mh);
setend( (char *)&mh[1] + mh->bm_length );
ber_int_options.lbo_meminuse += mh->bm_length;
#ifdef LDAP_MEMORY_TRACE
mh->bm_sequence = sequence++;
fprintf(stderr, "0x%08x 0x%08x -a- %d ber_memcalloc %d\n",
mh->bm_sequence, mh, mh->bm_length, ber_int_options.lbo_meminuse);
#endif
BER_MEM_VALID( &mh[1] );
new = &mh[1];
#else
@ -216,20 +307,38 @@ ber_memrealloc( void* p, ber_len_t s )
if( ber_int_memory_fns == NULL ) {
#ifdef LDAP_MEMORY_DEBUG
ber_int_t oldlen;
struct ber_mem_hdr *mh = (struct ber_mem_hdr *)
((char *)p - sizeof(struct ber_mem_hdr));
assert( mh->bm_junk == BER_MEM_JUNK );
assert( mh->bm_top == BER_MEM_JUNK);
assert( testdatatop( mh));
assert( testend( (char *)&mh[1] + mh->bm_length) );
oldlen = mh->bm_length;
p = realloc( mh, s + sizeof(struct ber_mem_hdr) );
if( p != NULL ) {
mh = p;
assert( mh->bm_junk == BER_MEM_JUNK );
BER_MEM_VALID( &mh[1] );
new = &mh[1];
p = realloc( mh, s + sizeof(struct ber_mem_hdr) + sizeof(ber_int_t) );
if( p == NULL ) {
ber_errno = LBER_ERROR_MEMORY;
return NULL;
}
mh = p;
mh->bm_length = s;
setend( (char *)&mh[1] + mh->bm_length );
if( (s - oldlen) > 0 ) {
/* poison any new memory */
memset( (char *)&mh[1] + oldlen, 0xff, s - oldlen);
}
assert( mh->bm_top == BER_MEM_JUNK);
assert( testdatatop( mh));
ber_int_options.lbo_meminuse += s - oldlen;
#ifdef LDAP_MEMORY_TRACE
fprintf(stderr, "0x%08x 0x%08x -a- %d ber_memrealloc %d\n",
mh->bm_sequence, mh, mh->bm_length, ber_int_options.lbo_meminuse);
#endif
BER_MEM_VALID( &mh[1] );
return &mh[1];
#else
new = realloc( p, s );
#endif

28
libraries/liblber/options.c
View file

@ -36,6 +36,20 @@ ber_get_option(
if(option == LBER_OPT_BER_DEBUG) {
* (int *) outvalue = ber_int_debug;
return LBER_OPT_SUCCESS;
} else if(option == LBER_OPT_MEMORY_INUSE) {
/* The memory inuse is a global variable on kernal implementations.
* This means that memory debug is shared by all LDAP processes
* so for this variable to have much meaning, only one LDAP process
* should be running and memory inuse should be initialized to zero
* using the lber_set_option() function during startup.
* The counter is not accurate for multithreaded ldap applications.
*/
#ifdef LDAP_MEMORY_DEBUG
* (int *) outvalue = ber_int_options.lbo_meminuse;
return LBER_OPT_SUCCESS;
#else
return LBER_OPT_ERROR;
#endif
}
ber_errno = LBER_ERROR_PARAM;
@ -135,6 +149,20 @@ ber_set_option(
} else if(option == LBER_OPT_LOG_PRINT_FILE) {
ber_pvt_err_file = (void *) invalue;
return LBER_OPT_SUCCESS;
} else if(option == LBER_OPT_MEMORY_INUSE) {
/* The memory inuse is a global variable on kernal implementations.
* This means that memory debug is shared by all LDAP processes
* so for this variable to have much meaning, only one LDAP process
* should be running and memory inuse should be initialized to zero
* using the lber_set_option() function during startup.
* The counter is not accurate for multithreaded applications.
*/
#ifdef LDAP_MEMORY_DEBUG
ber_int_options.lbo_meminuse = * (int *) invalue;
return LBER_OPT_SUCCESS;
#else
return LBER_OPT_ERROR;
#endif
}
ber_errno = LBER_ERROR_PARAM;

4
libraries/libldap/Makefile.in
View file

@ -39,8 +39,8 @@ XXLIBS = $(SECURITY_LIBS) $(TLS_LIBS)
LINKAGE = @LT_LIB_LINKAGE@
NT_DYN_LIB_LIBS = -llber -llutil $(AC_LIBS)
NT_DYN_LIB_DEFS = -DLIBLBER_DECL=dllimport
NT_DYN_TEST_DEFS = -DLIBLBER_DECL=dllimport -DLIBLDAP_DECL=dllimport
NT_DYN_LIB_DEFS = -DLBER_DECL=dllimport
NT_DYN_TEST_DEFS = -DLBER_DECL=dllimport -DLDAP_DECL=dllimport
NT_XXLIBS = $(SECURITY_LIBS)

2
libraries/libldap/abandon.c
View file

@ -163,7 +163,7 @@ do_abandon(
} else {
/* close '{' */
err = ber_printf( ber, /*{*/ "}" );
err = ber_printf( ber, /*{*/ "N}" );
if( err == -1 ) {
/* encoding error */

8
libraries/libldap/add.c
View file

@ -123,10 +123,10 @@ ldap_add_ext(
/* for each attribute in the entry... */
for ( i = 0; attrs[i] != NULL; i++ ) {
if ( ( attrs[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
rc = ber_printf( ber, "{s[V]}", attrs[i]->mod_type,
rc = ber_printf( ber, "{s[V]N}", attrs[i]->mod_type,
attrs[i]->mod_bvalues );
} else {
rc = ber_printf( ber, "{s[v]}", attrs[i]->mod_type,
rc = ber_printf( ber, "{s[v]N}", attrs[i]->mod_type,
attrs[i]->mod_values );
}
if ( rc == -1 ) {
@ -136,7 +136,7 @@ ldap_add_ext(
}
}
if ( ber_printf( ber, /*{{*/ "}}" ) == -1 ) {
if ( ber_printf( ber, /*{{*/ "N}N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return ld->ld_errno;
@ -148,7 +148,7 @@ ldap_add_ext(
return ld->ld_errno;
}
if ( ber_printf( ber, /*{*/ "}" ) == -1 ) {
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return ld->ld_errno;

1
libraries/libldap/addentry.c
View file

@ -16,7 +16,6 @@
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>

4
libraries/libldap/compare.c
View file

@ -66,7 +66,7 @@ ldap_compare_ext(
return( LDAP_NO_MEMORY );
}
if ( ber_printf( ber, "{it{s{sO}}", /* '}' */
if ( ber_printf( ber, "{it{s{sON}N}", /* '}' */
++ld->ld_msgid,
LDAP_REQ_COMPARE, dn, attr, bvalue ) == -1 )
{
@ -81,7 +81,7 @@ ldap_compare_ext(
return ld->ld_errno;
}
if( ber_printf( ber, /*{*/ "}" ) == -1 ) {
if( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( ld->ld_errno );

6
libraries/libldap/controls.c
View file

@ -94,14 +94,14 @@ ldap_int_put_controls(
}
if( ber_printf( ber, /*{*/"}" ) == -1 ) {
if( ber_printf( ber, /*{*/"N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
}
if( ber_printf( ber, /*{*/"}" ) == -1 ) {
if( ber_printf( ber, /*{*/ "}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
@ -401,7 +401,7 @@ ldap_control_dup( const LDAPControl *c )
SHOULD be freed by calling ldap_control_free() when done.
---*/
LIBLDAP_F( int )
int
ldap_int_create_control(
const char *requestOID,
BerElement *ber,

2
libraries/libldap/delete.c
View file

@ -74,7 +74,7 @@ ldap_delete_ext(
return ld->ld_errno;
}
if ( ber_printf( ber, /*{*/ "}" ) == -1 ) {
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( ld->ld_errno );

1
libraries/libldap/disptmpl.c
View file

@ -24,7 +24,6 @@
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/time.h>
#include <ac/unistd.h>

3
libraries/libldap/dn.c
View file

@ -9,7 +9,6 @@
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
@ -245,7 +244,7 @@ ldap_dn_parent(
return( LDAP_STRDUP( "" ) );
}
char * ldap_dn_rdn(
char * ldap_dn_relative(
const char *dn )
{
char *s;

5
libraries/libldap/dsparse.c
View file

@ -25,7 +25,6 @@
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/time.h>
@ -155,7 +154,7 @@ next_token( char **sp )
p = *sp;
while ( isspace( (unsigned char) *p )) { /* skip leading white space */
while ( LDAP_SPACE( (unsigned char) *p )) { /* skip leading white space */
++p;
}
@ -170,7 +169,7 @@ next_token( char **sp )
t = tokstart = p;
for ( ;; ) {
if ( *p == '\0' || ( isspace( (unsigned char) *p ) && !in_quote )) {
if ( *p == '\0' || ( LDAP_SPACE( (unsigned char) *p ) && !in_quote )) {
if ( *p != '\0' ) {
++p;
}

10
libraries/libldap/error.c
View file

@ -92,7 +92,7 @@ static const struct ldaperror ldap_errlist[] = {
{LDAP_CLIENT_LOOP, "Client Loop" },
{LDAP_REFERRAL_LIMIT_EXCEEDED, "Referral Limit Exceeded" },
{-1, 0 }
{-1, NULL }
};
static const struct ldaperror *
@ -150,7 +150,7 @@ ldap_perror( LDAP *ld, LDAP_CONST char *str )
}
if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
fprintf( stderr, "\tmatched: \"%s\"\n",
fprintf( stderr, "\tmatched DN: \"%s\"\n",
ld->ld_matched );
}
@ -235,7 +235,8 @@ ldap_parse_result(
for ( lm = r; lm->lm_chain != NULL; lm = lm->lm_chain ) {
/* skip over entries and references */
if( lm->lm_msgtype != LDAP_RES_SEARCH_ENTRY &&
lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE )
lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE &&
lm->lm_msgtype != LDAP_RES_EXTENDED_PARTIAL )
{
break;
}
@ -342,7 +343,8 @@ ldap_parse_result(
for ( lm = lm->lm_chain; lm != NULL; lm = lm->lm_chain ) {
/* skip over entries and references */
if( lm->lm_msgtype != LDAP_RES_SEARCH_ENTRY &&
lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE )
lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE &&
lm->lm_msgtype != LDAP_RES_EXTENDED_PARTIAL )
{
/* more results to return */
errcode = LDAP_MORE_RESULTS_TO_RETURN;

118
libraries/libldap/extended.c
View file

@ -68,13 +68,13 @@ ldap_extended_operation(
}
if ( reqdata != NULL ) {
rc = ber_printf( ber, "{it{tstO}", /* '}' */
rc = ber_printf( ber, "{it{tstON}", /* '}' */
++ld->ld_msgid, LDAP_REQ_EXTENDED,
LDAP_TAG_EXOP_REQ_OID, reqoid,
LDAP_TAG_EXOP_REQ_VALUE, reqdata );
} else {
rc = ber_printf( ber, "{it{ts}", /* '}' */
rc = ber_printf( ber, "{it{tsN}", /* '}' */
++ld->ld_msgid, LDAP_REQ_EXTENDED,
LDAP_TAG_EXOP_REQ_OID, reqoid );
}
@ -91,7 +91,7 @@ ldap_extended_operation(
return ld->ld_errno;
}
if ( ber_printf( ber, /*{*/ "}" ) == -1 ) {
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( ld->ld_errno );
@ -274,3 +274,115 @@ ldap_parse_extended_result (
return LDAP_SUCCESS;
}
/* Parse an extended partial */
int
ldap_parse_extended_partial (
LDAP *ld,
LDAPMessage *res,
char **retoidp,
struct berval **retdatap,
LDAPControl ***serverctrls,
int freeit )
{
BerElement *ber;
ber_tag_t rc;
ber_tag_t tag;
ber_len_t len;
struct berval *resdata;
char *resoid;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( res != NULL );
Debug( LDAP_DEBUG_TRACE, "ldap_parse_extended_result\n", 0, 0, 0 );
if( ld->ld_version < LDAP_VERSION3 ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;
return ld->ld_errno;
}
if( res->lm_msgtype != LDAP_RES_EXTENDED_PARTIAL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
}
if( retoidp != NULL ) *retoidp = NULL;
if( retdatap != NULL ) *retdatap = NULL;
ber = ber_dup( res->lm_ber );
if ( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
rc = ber_scanf( ber, "{" /*}*/ );
if( rc == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 0 );
return ld->ld_errno;
}
resoid = NULL;
resdata = NULL;
tag = ber_peek_tag( ber, &len );
if( tag == LDAP_TAG_EXOP_RES_OID ) {
/* we have a resoid */
if( ber_scanf( ber, "a", &resoid ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 0 );
return ld->ld_errno;
}
tag = ber_peek_tag( ber, &len );
}
if( tag == LDAP_TAG_EXOP_RES_VALUE ) {
/* we have a resdata */
if( ber_scanf( ber, "O", &resdata ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 0 );
if( resoid != NULL ) LDAP_FREE( resoid );
return ld->ld_errno;
}
}
if ( serverctrls == NULL ) {
rc = LDAP_SUCCESS;
goto free_and_return;
}
if ( ber_scanf( ber, /*{*/ "}" ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
goto free_and_return;
}
rc = ldap_int_get_controls( ber, serverctrls );
free_and_return:
ber_free( ber, 0 );
if( retoidp != NULL ) {
*retoidp = resoid;
} else {
LDAP_FREE( resoid );
}
if( retdatap != NULL ) {
*retdatap = resdata;
} else {
ber_bvfree( resdata );
}
if( freeit ) {
ldap_msgfree( res );
}
return LDAP_SUCCESS;
}

1
libraries/libldap/free.c
View file

@ -16,7 +16,6 @@
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/time.h>

Some files were not shown because too many files have changed in this diff Show more