Imported from devel

+ Fixed clients printf/usage bugs (ITS#749)
+ Fixed slapd spasswd support (ITS#751)
+ Fixed --enable-spasswd (ITS#751)
+ Fixed ldif(5) file:/// bug (ITS#750)

CHANGES

@@ -1,14 +1,18 @@
 OpenLDAP 2.0 Change Log
 
 OpenLDAP 2.0.x Engineering
-	Fixed clients printf bugs
+	Fixed clients printf/usage bugs (ITS#749)
 	Fixed -lldap SASL interoperability bug
 	Fixed -lldap PF_LOCAL declaration/call bugs
+	Fixed slapd spasswd support (ITS#751)
 	Updated slurpd SASL support
 	Added slurpd TLS support
 	Removed lint
+	Build Environment
+		Fixed --enable-spasswd (ITS#751)
 	Documentation
-		updated ldap_schema(3)
+		Fixed ldif(5) file:/// bug (ITS#750)
+		Updated ldap_schema(3)
 
 OpenLDAP 2.0.3 Release
 	Fixed -lldap KBIND typo (ITS#717)

clients/tools/ldapdelete.c

@@ -458,7 +458,7 @@ main( int argc, char **argv )
 #endif
 		break;
 	default:
-		fprintf( stderr, "%s: unrecongized option -%c\n",
+		fprintf( stderr, "%s: unrecognized option -%c\n",
 			prog, optopt );
 		usage( prog );
 		return( EXIT_FAILURE );

clients/tools/ldapmodify.c

@@ -518,7 +518,7 @@ main( int argc, char **argv )
 #endif
 		break;
 	default:
-		fprintf( stderr, "%s: unrecongized option -%c\n",
+		fprintf( stderr, "%s: unrecognized option -%c\n",
 			prog, optopt );
 	    usage( prog );
 	}

clients/tools/ldapmodrdn.c

@@ -480,7 +480,7 @@ main(int argc, char **argv)
 #endif
 		break;
 	default:
-		fprintf( stderr, "%s: unrecongized option -%c\n",
+		fprintf( stderr, "%s: unrecognized option -%c\n",
 			prog, optopt );
 	    usage( argv[0] );
 	    return( EXIT_FAILURE );

clients/tools/ldappasswd.c

@@ -481,7 +481,7 @@ main( int argc, char *argv[] )
 
 
 		default:
-			fprintf( stderr, "%s: unrecongized option -%c\n",
+			fprintf( stderr, "%s: unrecognized option -%c\n",
 				prog, optopt );
 			usage (argv[0]);
 		}

clients/tools/ldapsearch.c

@@ -586,7 +586,7 @@ main( int argc, char **argv )
 #endif
 		break;
 	default:
-		fprintf( stderr, "%s: unrecongized option -%c\n",
+		fprintf( stderr, "%s: unrecognized option -%c\n",
 			prog, optopt );
 		usage( argv[0] );
 	}

configure.in

@@ -350,7 +350,7 @@ if test $ol_enable_spasswd = yes ; then
 	if test $ol_with_cyrus_sasl = no ; then
 		AC_MSG_ERROR([options require --with-cyrus-sasl])
 	fi
-	ol_link_spasswd=yes
+	ol_with_cyrus_sasl=yes
 fi
 
 AC_MSG_RESULT(done)
@@ -1794,7 +1794,11 @@ if test $ol_with_cyrus_sasl != no ; then
 				AC_MSG_WARN([Strong authentication not supported!])
 			fi
 		fi
+
+	elif test $ol_enable_spasswd != no ; then
+		ol_link_spasswd=yes
 	fi
+
 else
 	AC_MSG_WARN([SASL authentication not supported!])
 	if test $ol_link_tls = no ; then

doc/man/man5/ldif.5

@@ -66,7 +66,7 @@ in the file /tmp/value would be listed like this:
 .LP
 .nf
 .ft tt
-	cn:< file://tmp/value
+	cn:< file:///tmp/value
 .ft
 .fi
 Other URI schemes (ftp,http) may be supported as well.

libraries/libldbm/ldbm.c

@@ -94,7 +94,7 @@ static void
 ldbm_db_errcall( const char *prefix, char *message )
 {
 #ifdef LDAP_SYSLOG
-	syslog( LOG_INFO, "ldbm_db_errcall(): %s %s", prefix, message );
+	syslog( LOG_INFO, "ldbm: %s %s", prefix, message );
 #endif
 }
 

servers/slapd/back-ldbm/bind.c

@@ -68,7 +68,7 @@ ldbm_back_bind(
 		/* allow noauth binds */
 		rc = 1;
 		if ( method == LDAP_AUTH_SIMPLE ) {
-			if ( be_isroot_pw( be, dn, cred ) ) {
+			if ( be_isroot_pw( be, conn, dn, cred ) ) {
 				*edn = ch_strdup( be_root_dn( be ) );
 				rc = 0; /* front end will send result */
 
@@ -139,7 +139,7 @@ ldbm_back_bind(
 	switch ( method ) {
 	case LDAP_AUTH_SIMPLE:
 		/* check for root dn/passwd */
-		if ( be_isroot_pw( be, dn, cred ) ) {
+		if ( be_isroot_pw( be, conn, dn, cred ) ) {
 			/* front end will send result */
 			if(*edn != NULL) free( *edn );
 			*edn = ch_strdup( be_root_dn( be ) );
@@ -165,7 +165,7 @@ ldbm_back_bind(
 			goto return_results;
 		}
 
-		if ( slap_passwd_check( a, cred ) != 0 ) {
+		if ( slap_passwd_check( conn, a, cred ) != 0 ) {
 			send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
 				NULL, NULL, NULL, NULL );
 			/* stop front end from sending result */

servers/slapd/backend.c

@@ -498,7 +498,10 @@ be_root_dn( Backend *be )
 }
 
 int
-be_isroot_pw( Backend *be, const char *ndn, struct berval *cred )
+be_isroot_pw( Backend *be,
+	Connection *conn,
+	const char *ndn,
+	struct berval *cred )
 {
 	int result;
 
@@ -510,14 +513,20 @@ be_isroot_pw( Backend *be, const char *ndn, struct berval *cred )
 		return 0;
 	}
 
-#ifdef SLAPD_CRYPT
-	ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+	ldap_pvt_thread_mutex_lock( &passwd_mutex );
+#ifdef SLAPD_SPASSWD
+	lutil_passwd_sasl_conn = conn->c_sasl_context;
+#endif
 #endif
 
 	result = lutil_passwd( &be->be_root_pw, cred, NULL );
 
-#ifdef SLAPD_CRYPT
-	ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+#ifdef SLAPD_SPASSWD
+	lutil_passwd_sasl_conn = NULL;
+#endif
+	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
 
 	return result == 0;

servers/slapd/daemon.c

@@ -870,18 +870,6 @@ slapd_daemon_task(
 				continue;
 			}
 
-#ifdef LDAP_DEBUG
-			ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
-
-			/* newly accepted stream should not be in any of the FD SETS */
-
-			assert( !FD_ISSET( s, &slap_daemon.sd_actives) );
-			assert( !FD_ISSET( s, &slap_daemon.sd_readers) );
-			assert( !FD_ISSET( s, &slap_daemon.sd_writers) );
-
-			ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
-#endif
-
 #ifndef HAVE_WINSOCK
 			/* make sure descriptor number isn't too great */
 			if ( s >= dtblsize ) {
@@ -892,7 +880,18 @@ slapd_daemon_task(
 				continue;
 			}
 #endif
-		   
+
+#ifdef LDAP_DEBUG
+			ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
+
+			/* newly accepted stream should not be in any of the FD SETS */
+			assert( !FD_ISSET( s, &slap_daemon.sd_actives) );
+			assert( !FD_ISSET( s, &slap_daemon.sd_readers) );
+			assert( !FD_ISSET( s, &slap_daemon.sd_writers) );
+
+			ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
+#endif
+
 			Debug( LDAP_DEBUG_CONNS, "daemon: new connection on %ld\n",
 				(long) s, 0, 0 );
 

servers/slapd/init.c

@@ -40,8 +40,8 @@ char		**g_argv;
  */
 ldap_pvt_thread_pool_t	connection_pool;
 ldap_pvt_thread_mutex_t	gmtime_mutex;
-#ifdef SLAPD_CRYPT
-ldap_pvt_thread_mutex_t	crypt_mutex;
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+ldap_pvt_thread_mutex_t	passwd_mutex;
 #endif
 
 int				num_conns;
@@ -103,8 +103,8 @@ slap_init( int mode, const char *name )
 			ldap_pvt_thread_mutex_init( &num_sent_mutex );
 
 			ldap_pvt_thread_mutex_init( &gmtime_mutex );
-#ifdef SLAPD_CRYPT
-			ldap_pvt_thread_mutex_init( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+			ldap_pvt_thread_mutex_init( &passwd_mutex );
 #endif
 
 			rc = slap_sasl_init();

servers/slapd/passwd.c

@@ -217,28 +217,35 @@ struct berval * slap_passwd_return(
 
 int
 slap_passwd_check(
+	Connection *conn,
 	Attribute *a,
 	struct berval *cred )
 {
 	int     i;
+	int result = 1;
+
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+	ldap_pvt_thread_mutex_lock( &passwd_mutex );
+#ifdef SLAPD_SPASSWD
+	lutil_passwd_sasl_conn = conn->c_sasl_context;
+#endif
+#endif
+
 	for ( i = 0; a->a_vals[i] != NULL; i++ ) {
-		int result;
-
-#ifdef SLAPD_CRYPT
-		ldap_pvt_thread_mutex_lock( &crypt_mutex );
-#endif
-
-		result = lutil_passwd( a->a_vals[i], cred, NULL );
-
-#ifdef SLAPD_CRYPT
-		ldap_pvt_thread_mutex_unlock( &crypt_mutex );
-#endif
-
-		if( !result )
-			return result;
+		if( !lutil_passwd( a->a_vals[i], cred, NULL ) ) {
+			result = 0;
+			break;
+		}
 	}
 
-	return( 1 );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+#ifdef SLAPD_SPASSWD
+	lutil_passwd_sasl_conn = NULL;
+#endif
+	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+#endif
+
+	return result;
 }
 
 struct berval * slap_passwd_generate( void )
@@ -259,14 +266,14 @@ struct berval * slap_passwd_hash(
 
 	struct berval *new;
 
-#ifdef SLAPD_CRYPT
-	ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+	ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #endif
 
 	new = lutil_passwd_hash( cred , hash );
 	
-#ifdef SLAPD_CRYPT
-	ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD )
+	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
 
 	return new;

servers/slapd/proto-slap.h

@@ -151,7 +151,8 @@ LDAP_SLAPD_F (BackendDB *) select_backend LDAP_P(( const char * dn ));
 
 LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be, const char *suffix ));
 LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be, const char *ndn ));
-LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be, const char *ndn, struct berval *cred ));
+LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be,
+	Connection *conn, const char *ndn, struct berval *cred ));
 LDAP_SLAPD_F (char *) be_root_dn LDAP_P(( Backend *be ));
 LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P(( Backend *be, Entry *e, int rw ));
 #define be_entry_release_r( be, e ) be_entry_release_rw( be, e, 0 )
@@ -727,6 +728,7 @@ LDAP_SLAPD_F (int) passwd_extop LDAP_P((
 	struct berval *** refs ));
 
 LDAP_SLAPD_F (int) slap_passwd_check(
+	Connection			*conn,
 	Attribute			*attr,
 	struct berval		*cred );
 
@@ -803,8 +805,8 @@ LDAP_SLAPD_F (ldap_pvt_thread_pool_t)	connection_pool;
 LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	entry2str_mutex;
 LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	replog_mutex;
 
-#ifdef SLAPD_CRYPT
-LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	crypt_mutex;
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	passwd_mutex;
 #endif
 LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	gmtime_mutex;
 

servers/slapd/sasl.c

@@ -203,11 +203,7 @@ int slap_sasl_init( void )
     sasl_secprops.maxbufsize = 65536;
     sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
 
-#ifdef SLAPD_SPASSWD
-	lutil_passwd_sasl_conn = server;
-#else
 	sasl_dispose( &server );
-#endif
 
 #endif
 	return 0;
@@ -216,9 +212,6 @@ int slap_sasl_init( void )
 int slap_sasl_destroy( void )
 {
 #ifdef HAVE_CYRUS_SASL
-#ifdef SLAPD_SPASSWD
-	sasl_dispose( &lutil_passwd_sasl_conn );
-#endif
 	sasl_done();
 #endif
 	return 0;