diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-07-06 12:11:01 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-07 08:32:42 -0600 |
| commit | 209521323f731daad54682fd98715f7b22c88c78 (patch) | |
| tree | 74a1fa8df06641fe543c8518e4db4357ab610828 /ldap/servers/slapd/tools | |
| parent | 3116dbec570b65d2d0a1df5bd000f6e63439e8ee (diff) | |
| download | ds-209521323f731daad54682fd98715f7b22c88c78.tar.gz ds-209521323f731daad54682fd98715f7b22c88c78.tar.xz ds-209521323f731daad54682fd98715f7b22c88c78.zip | |
OpenLDAP supportcleanup
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
Diffstat (limited to 'ldap/servers/slapd/tools')
| -rw-r--r-- | ldap/servers/slapd/tools/ldaptool.h | 7 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/ldclt/ldapfct.c | 177 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/ldclt/ldclt.c | 4 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/ldclt/ldclt.h | 34 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/ldclt/scalab01.c | 108 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/ldif.c | 19 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/pwenc.c | 1 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/rsearch/addthread.c | 7 | ||||
| -rw-r--r-- | ldap/servers/slapd/tools/rsearch/searchthread.c | 8 |
9 files changed, 262 insertions, 103 deletions
diff --git a/ldap/servers/slapd/tools/ldaptool.h b/ldap/servers/slapd/tools/ldaptool.h index e85c4d0f..1aaf0edc 100644 --- a/ldap/servers/slapd/tools/ldaptool.h +++ b/ldap/servers/slapd/tools/ldaptool.h @@ -100,12 +100,6 @@ extern int getopt (int argc, char *const *argv, const char *optstring); #include <ldaplog.h> #include <ldif.h> -#if defined(NET_SSL) -#include <ldap_ssl.h> -#endif - -#include <ldappr.h> - #ifdef __cplusplus extern "C" { #endif @@ -119,7 +113,6 @@ extern "C" { #define LDAPTOOL_DEFSEP "=" /* used by ldapcmp and ldapsearch */ #define LDAPTOOL_DEFHOST "localhost" -#define LDAPTOOL_DEFSSLSTRENGTH LDAPSSL_AUTH_CERT #define LDAPTOOL_DEFCERTDBPATH "." #define LDAPTOOL_DEFKEYDBPATH "." #define LDAPTOOL_DEFREFHOPLIMIT 5 diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c index e58a41e1..a2382b7f 100644 --- a/ldap/servers/slapd/tools/ldclt/ldapfct.c +++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c @@ -256,10 +256,11 @@ dd/mm/yy | Author | Comments #include <sasl.h> #include "ldaptool-sasl.h" +#if !defined(USE_OPENLDAP) #include <ldap_ssl.h> /* ldapssl_init(), etc... */ +#endif - - +#include <prprf.h> @@ -463,7 +464,27 @@ buildNewBindDN ( +#if defined(USE_OPENLDAP) +int +refRebindProc( + LDAP *ldapCtx, + const char *url, + ber_tag_t request, + ber_int_t msgid, + void *arg +) +{ + thread_context *tttctx; + struct berval cred; + + tttctx = (thread_context *)arg; + cred.bv_val = tttctx->bufPasswd; + cred.bv_len = strlen(tttctx->bufPasswd); + return ldap_sasl_bind_s(ldapCtx, tttctx->bufBindDN, LDAP_SASL_SIMPLE, + &cred, NULL, NULL, NULL); +} +#else /* !USE_OPENLDAP */ /* New function */ /*JLS 08-03-01*/ /* **************************************************************************** FUNCTION : refRebindProc @@ -503,6 +524,7 @@ refRebindProc ( return (LDAP_SUCCESS); } +#endif /* !USE_OPENLDAP */ @@ -589,6 +611,7 @@ connectToServer ( int ret; /* Return value */ LBER_SOCKET fd; /* LDAP cnx's fd */ int v2v3; /* LDAP version used */ + struct berval cred = {0, NULL}; /* * Maybe close the connection ? @@ -629,8 +652,8 @@ connectToServer ( if (close ((int)fd) < 0) { perror ("ldctx"); - printf ("ldclt[%d]: T%03d: cannot close(fd=%ld), error=%d (%s)\n", - mctx.pid, tttctx->thrdNum, fd, errno, strerror (errno)); + printf ("ldclt[%d]: T%03d: cannot close(fd=%d), error=%d (%s)\n", + mctx.pid, tttctx->thrdNum, (int)fd, errno, strerror (errno)); return (-1); } } @@ -642,7 +665,7 @@ connectToServer ( * But don't be afraid, the UNBIND operation never reach the * server that will only see a suddent socket disconnection. */ - ret = ldap_unbind (tttctx->ldapCtx); + ret = ldap_unbind_ext (tttctx->ldapCtx, NULL, NULL); if (ret != LDAP_SUCCESS) { fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n", @@ -660,6 +683,27 @@ connectToServer ( */ if (tttctx->ldapCtx == NULL) { + const char *mech = LDAP_SASL_SIMPLE; + const char *binddn = NULL; + const char *passwd = NULL; +#if defined(USE_OPENLDAP) + char *ldapurl = NULL; +#endif + +#if defined(USE_OPENLDAP) + ldapurl = PR_smprintf("ldap%s://%s:%d/", + (mctx.mode & SSL) ? "s" : "", + mctx.hostname, mctx.port); + if ((ret = ldap_initialize(&tttctx->ldapCtx, ldapurl))) { + printf ("ldclt[%d]: T%03d: Cannot ldap_initialize (%s), errno=%d ldaperror=%d:%s\n", + mctx.pid, tttctx->thrdNum, ldapurl, errno, ret, my_ldap_err2string(ret)); + fflush (stdout); + PR_smprintf_free(ldapurl); + return (-1); + } + PR_smprintf_free(ldapurl); + ldapurl = NULL; +#else /* !USE_OPENLDAP */ /* * SSL is enabled ? */ @@ -720,6 +764,18 @@ connectToServer ( return (-1); } } +#endif /* !USE_OPENLDAP */ + + if (mctx.mode & CLTAUTH) { + mech = "EXTERNAL"; + binddn = ""; + passwd = NULL; + } else { + binddn = tttctx->bufBindDN; + passwd = tttctx->bufPasswd; + cred.bv_val = (char *)passwd; + cred.bv_len = strlen(passwd); + } if (mctx.mode & LDAP_V2) v2v3 = LDAP_VERSION2; @@ -849,14 +905,21 @@ connectToServer ( perror ("malloc"); exit (LDAP_NO_MEMORY); } - +#if defined(USE_OPENLDAP) + ret = ldap_sasl_interactive_bind_s( tttctx->ldapCtx, mctx.bindDN, mctx.sasl_mech, + NULL, NULL, mctx.sasl_flags, + ldaptool_sasl_interact, defaults ); +#else ret = ldap_sasl_interactive_bind_ext_s( tttctx->ldapCtx, mctx.bindDN, mctx.sasl_mech, NULL, NULL, mctx.sasl_flags, ldaptool_sasl_interact, defaults, NULL ); +#endif if (ret != LDAP_SUCCESS ) { tttctx->binded = 0; - if (!(mctx.mode & QUIET)) - ldap_perror( tttctx->ldapCtx, "Bind Error" ); + if (!(mctx.mode & QUIET)) { + fprintf(stderr, "Error: could not bind: %d:%s\n", + ret, my_ldap_err2string(ret)); + } if (addErrorStat (ret) < 0) return (-1); } else { @@ -868,15 +931,17 @@ connectToServer ( if (((mctx.bindDN != NULL) || (mctx.mod2 & M2_RNDBINDFILE)) && /*03-05-01*/ ((!(tttctx->binded)) || (mctx.mode & BIND_EACH_OPER))) { + struct berval *servercredp = NULL; + if (buildNewBindDN (tttctx) < 0) /*JLS 05-01-01*/ return (-1); /*JLS 05-01-01*/ if (mctx.mode & VERY_VERBOSE) printf ("ldclt[%d]: T%03d: Before ldap_simple_bind_s (%s, %s)\n", mctx.pid, tttctx->thrdNum, tttctx->bufBindDN, mctx.passwd?tttctx->bufPasswd:"NO PASSWORD PROVIDED"); - ret = ldap_simple_bind_s (tttctx->ldapCtx, - tttctx->bufBindDN, /*JLS 05-01-01*/ - mctx.passwd?tttctx->bufPasswd:"NO PASSWORD PROVIDED"); + ret = ldap_sasl_bind_s (tttctx->ldapCtx, tttctx->bufBindDN, LDAP_SASL_SIMPLE, + &cred, NULL, NULL, &servercredp); /*JLS 05-01-01*/ + ber_bvfree(servercredp); if (mctx.mode & VERY_VERBOSE) printf ("ldclt[%d]: T%03d: After ldap_simple_bind_s (%s, %s)\n", mctx.pid, tttctx->thrdNum, tttctx->bufBindDN, @@ -1821,9 +1886,31 @@ createMissingNodes ( */ if (cnx == NULL) { + const char *mech = LDAP_SASL_SIMPLE; + const char *binddn = NULL; + const char *passwd = NULL; + struct berval cred = {0, NULL}; +#if defined(USE_OPENLDAP) + char *ldapurl = NULL; +#endif + if (mctx.mode & VERY_VERBOSE) /*JLS 14-12-00*/ printf ("ldclt[%d]: T%03d: must connect to the server.\n", mctx.pid, tttctx->thrdNum); +#if defined(USE_OPENLDAP) + ldapurl = PR_smprintf("ldap%s://%s:%d/", + (mctx.mode & SSL) ? "s" : "", + mctx.hostname, mctx.port); + if ((ret = ldap_initialize(&tttctx->ldapCtx, ldapurl))) { + printf ("ldclt[%d]: T%03d: Cannot ldap_initialize (%s), errno=%d ldaperror=%d:%s\n", + mctx.pid, tttctx->thrdNum, ldapurl, errno, ret, my_ldap_err2string(ret)); + fflush (stdout); + PR_smprintf_free(ldapurl); + return (-1); + } + PR_smprintf_free(ldapurl); + ldapurl = NULL; +#else /* !USE_OPENLDAP */ /* * SSL is enabled ? */ @@ -1879,6 +1966,18 @@ createMissingNodes ( return (-1); } } +#endif /* !USE_OPENLDAP */ + + if (mctx.mode & CLTAUTH) { + mech = "EXTERNAL"; + binddn = ""; + passwd = NULL; + } else { + binddn = tttctx->bufBindDN; + passwd = tttctx->bufPasswd; + cred.bv_val = (char *)passwd; + cred.bv_len = strlen(passwd); + } if (mctx.mode & LDAP_V2) v2v3 = LDAP_VERSION2; @@ -1897,30 +1996,15 @@ createMissingNodes ( /* * Bind to the server */ - /* - * for SSL client authentication, SASL BIND is used - */ - if (mctx.mode & CLTAUTH) - { - ret = ldap_sasl_bind_s (tttctx->ldapCtx, "", "EXTERNAL", NULL, NULL, NULL, + ret = ldap_sasl_bind_s (tttctx->ldapCtx, binddn, mech, &cred, NULL, NULL, NULL); if (ret != LDAP_SUCCESS) { - printf ("ldclt[%d]: T%03d: Cannot ldap_sasl_bind_s, error=%d (%s)\n", - mctx.pid, tttctx->thrdNum, ret, my_ldap_err2string (ret)); - fflush (stdout); - tttctx->exitStatus = EXIT_NOBIND; - if (addErrorStat (ret) < 0) - return (-1); - return (-1); - } - } else { - ret = ldap_simple_bind_s (cnx, tttctx->bufBindDN, tttctx->bufPasswd); - if (ret != LDAP_SUCCESS) - { - printf ("ldclt[%d]: T%03d: Cannot ldap_simple_bind_s (%s, %s), error=%d (%s)\n", + printf ("ldclt[%d]: T%03d: Cannot bind using mech [%s] (%s, %s), error=%d (%s)\n", mctx.pid, tttctx->thrdNum, - tttctx->bufBindDN, tttctx->bufPasswd, + mech ? mech : "SIMPLE", + tttctx->bufBindDN ? tttctx->bufBindDN : "", + tttctx->bufPasswd ? tttctx->bufPasswd : "", ret, my_ldap_err2string (ret)); fflush (stdout); tttctx->exitStatus = EXIT_NOBIND; /*JLS 25-08-00*/ @@ -1929,7 +2013,6 @@ createMissingNodes ( return (-1); } } - } /* * Create the entry @@ -1951,7 +2034,7 @@ createMissingNodes ( * Add the entry * If it doesn't work, we will recurse on the nodeDN */ - ret = ldap_add_s (cnx, nodeDN, attrs); + ret = ldap_add_ext_s (cnx, nodeDN, attrs, NULL, NULL); if ((ret != LDAP_SUCCESS) && (ret != LDAP_ALREADY_EXISTS)) { if (ret == LDAP_NO_SUCH_OBJECT) @@ -2015,7 +2098,7 @@ createMissingNodes ( if (freeAttrib (attrs) < 0) return (-1); - ret = ldap_unbind (cnx); + ret = ldap_unbind_ext (cnx, NULL, NULL); if (ret != LDAP_SUCCESS) { fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n", @@ -2775,7 +2858,7 @@ doAddEntry ( retry = 1; while (retry) { - ret = ldap_add_s (tttctx->ldapCtx, newDn, attrs); + ret = ldap_add_ext_s (tttctx->ldapCtx, newDn, attrs, NULL, NULL); if (ret != LDAP_SUCCESS) { if (!((mctx.mode & QUIET) && ignoreError (ret))) @@ -2871,6 +2954,8 @@ doAddEntry ( } else { + int msgid = 0; + if ((mctx.mode & VERBOSE) && (tttctx->asyncHit == 1) && (!(mctx.mode & SUPER_QUIET))) @@ -2887,7 +2972,7 @@ doAddEntry ( if (buildNewEntry (tttctx, newDn, attrs) < 0) return (-1); - ret = ldap_add (tttctx->ldapCtx, newDn, attrs); + ret = ldap_add_ext (tttctx->ldapCtx, newDn, attrs, NULL, NULL, &msgid); if (ret < 0) { if (ldap_get_option (tttctx->ldapCtx, LDAP_OPT_ERROR_NUMBER, &ret) < 0) @@ -2929,7 +3014,7 @@ doAddEntry ( /* * Memorize the operation */ - if (msgIdAdd (tttctx, ret, newDn, newDn, attrs) < 0) + if (msgIdAdd (tttctx, msgid, newDn, newDn, attrs) < 0) return (-1); if (incrementNbOpers (tttctx) < 0) return (-1); @@ -3160,7 +3245,7 @@ doDeleteEntry ( strcat (delDn, ","); strcat (delDn, tttctx->bufBaseDN); - ret = ldap_delete_s (tttctx->ldapCtx, delDn); + ret = ldap_delete_ext_s (tttctx->ldapCtx, delDn, NULL, NULL); if (ret != LDAP_SUCCESS) { if (!((mctx.mode & QUIET) && ignoreError (ret))) @@ -3223,6 +3308,8 @@ doDeleteEntry ( } else { + int msgid = 0; + if ((mctx.mode & VERBOSE) && (tttctx->asyncHit == 1) && (!(mctx.mode & SUPER_QUIET))) @@ -3243,7 +3330,7 @@ doDeleteEntry ( strcat (delDn, ","); strcat (delDn, tttctx->bufBaseDN); - ret = ldap_delete (tttctx->ldapCtx, delDn); + ret = ldap_delete_ext (tttctx->ldapCtx, delDn, NULL, NULL, &msgid); if (ret < 0) { if (ldap_get_option (tttctx->ldapCtx, LDAP_OPT_ERROR_NUMBER, &ret) < 0) @@ -3389,9 +3476,9 @@ doExactSearch ( */ if (!(mctx.mode & ASYNC)) { - ret = ldap_search_s (tttctx->ldapCtx, tttctx->bufBaseDN, mctx.scope, + ret = ldap_search_ext_s (tttctx->ldapCtx, tttctx->bufBaseDN, mctx.scope, tttctx->bufFilter, attrlist, /*JLS 15-03-01*/ - mctx.attrsonly, &res); /*JLS 03-01-01*/ + mctx.attrsonly, NULL, NULL, NULL, -1, &res); /*JLS 03-01-01*/ if (ret != LDAP_SUCCESS) { if (!((mctx.mode & QUIET) && ignoreError (ret))) @@ -3493,6 +3580,8 @@ doExactSearch ( } else { + int msgid = 0; + if ((mctx.mode & VERBOSE) && (tttctx->asyncHit == 1) && (!(mctx.mode & SUPER_QUIET))) @@ -3503,9 +3592,9 @@ doExactSearch ( fflush (stdout); } - ret = ldap_search (tttctx->ldapCtx, tttctx->bufBaseDN, mctx.scope, + ret = ldap_search_ext (tttctx->ldapCtx, tttctx->bufBaseDN, mctx.scope, tttctx->bufFilter, attrlist, /*JLS 15-03-01*/ - mctx.attrsonly); /*JLS 03-01-01*/ + mctx.attrsonly, NULL, NULL, NULL, -1, &msgid); /*JLS 03-01-01*/ if (ret < 0) { if (ldap_get_option (tttctx->ldapCtx, LDAP_OPT_ERROR_NUMBER, &ret) < 0) @@ -3699,7 +3788,7 @@ doAbandon (thread_context *tttctx) if (msgid >= 0) { /* ABANDON the search request immediately */ - (void) ldap_abandon(tttctx->ldapCtx, msgid); + (void) ldap_abandon_ext(tttctx->ldapCtx, msgid, NULL, NULL); } /* diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c index 5346e241..f98233cc 100644 --- a/ldap/servers/slapd/tools/ldclt/ldclt.c +++ b/ldap/servers/slapd/tools/ldclt/ldclt.c @@ -281,7 +281,9 @@ dd/mm/yy | Author | Comments #include <time.h> /* ctime(), etc... */ /*JLS 18-08-00*/ #include <lber.h> /* ldap C-API BER decl. */ #include <ldap.h> /* ldap C-API decl. */ +#if !defined(USE_OPENLDAP) #include <ldap_ssl.h> /* ldapssl_init(), etc... */ +#endif #ifdef LDAP_H_FROM_QA_WKA #include <proto-ldap.h> /* ldap C-API prototypes */ #endif @@ -1547,6 +1549,7 @@ basicInit (void) } } +#if !defined(USE_OPENLDAP) /* * SSL is enabled ? */ @@ -1577,6 +1580,7 @@ basicInit (void) } } } +#endif /* !defined(USE_OPENLDAP) */ /* * Specific scenarios initialization... diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.h b/ldap/servers/slapd/tools/ldclt/ldclt.h index 0ed8ef8e..8fa03d8b 100644 --- a/ldap/servers/slapd/tools/ldclt/ldclt.h +++ b/ldap/servers/slapd/tools/ldclt/ldclt.h @@ -327,20 +327,54 @@ dd/mm/yy | Author | Comments #ifdef SOLARIS_LIBLDAP /*JLS 19-09-00*/ #define WORKAROUND_4197228 1 /*JLS 19-09-00*/ #else /*JLS 19-09-00*/ +#ifndef LDAP_REQ_BIND #define LDAP_REQ_BIND 0x60 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_UNBIND #define LDAP_REQ_UNBIND 0x42 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_SEARCH #define LDAP_REQ_SEARCH 0x63 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_MODIFY #define LDAP_REQ_MODIFY 0x66 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_ADD #define LDAP_REQ_ADD 0x68 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_DELETE #define LDAP_REQ_DELETE 0x4a /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_MODRDN #define LDAP_REQ_MODRDN 0x6c /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_COMPARE #define LDAP_REQ_COMPARE 0x6e /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_ABANDON #define LDAP_REQ_ABANDON 0x50 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_EXTENDED #define LDAP_REQ_EXTENDED 0x77 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_UNBIND_30 #define LDAP_REQ_UNBIND_30 0x62 /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_DELETE_30 #define LDAP_REQ_DELETE_30 0x6a /*JLS 19-09-00*/ +#endif +#ifndef LDAP_REQ_ABANDON_30 #define LDAP_REQ_ABANDON_30 0x70 /*JLS 19-09-00*/ #endif /*JLS 19-09-00*/ +#endif + +#ifndef LBER_SOCKET +#ifdef LBER_SOCKET_T +#define LBER_SOCKET LBER_SOCKET_T +#else +#define LBER_SOCKET int +#endif +#endif /* * This structure is the internal representation of an image diff --git a/ldap/servers/slapd/tools/ldclt/scalab01.c b/ldap/servers/slapd/tools/ldclt/scalab01.c index 3dc2bda8..595df0ff 100644 --- a/ldap/servers/slapd/tools/ldclt/scalab01.c +++ b/ldap/servers/slapd/tools/ldclt/scalab01.c @@ -91,8 +91,10 @@ dd/mm/yy | Author | Comments #include <lber.h> /* ldap C-API BER declarations */ #include <ldap.h> /* ldap C-API declarations */ +#if !defined(USE_OPENLDAP) #include <ldap_ssl.h> /* ldapssl_init(), etc... */ - +#endif +#include <prprf.h> #include "port.h" /* Portability definitions */ #include "ldclt.h" /* This tool's include file */ #include "utils.h" /* Utilities functions */ @@ -509,8 +511,28 @@ scalab01_connectSuperuser (void) { int ret; /* Return value */ int v2v3; /* LDAP version used */ - char bindDN [MAX_DN_LENGTH]; /* To bind */ + char bindDN [MAX_DN_LENGTH] = {0}; /* To bind */ + const char *mech = LDAP_SASL_SIMPLE; + struct berval cred = {0, NULL}; + struct berval *servercredp = NULL; +#if defined(USE_OPENLDAP) + char *ldapurl = NULL; +#endif +#if defined(USE_OPENLDAP) + ldapurl = PR_smprintf("ldap%s://%s:%d/", + (mctx.mode & SSL) ? "s" : "", + mctx.hostname, mctx.port); + if ((ret = ldap_initialize(&s1ctx.ldapCtx, ldapurl))) { + printf ("ldclt[%d]: ctrl: Cannot ldap_initialize (%s), errno=%d ldaperror=%d:%s\n", + mctx.pid, ldapurl, errno, ret, my_ldap_err2string(ret)); + fflush (stdout); + PR_smprintf_free(ldapurl); + return (-1); + } + PR_smprintf_free(ldapurl); + ldapurl = NULL; +#else /* !USE_OPENLDAP */ /* * Create the LDAP context */ @@ -571,6 +593,17 @@ scalab01_connectSuperuser (void) return (-1); } } +#endif /* !USE_OPENLDAP */ + + if (mctx.mode & CLTAUTH) { + mech = "EXTERNAL"; + } else { + strcpy (bindDN, SCALAB01_SUPER_USER_RDN); + strcat (bindDN, ","); + strcat (bindDN, mctx.baseDN); + cred.bv_val = SCALAB01_SUPER_USER_PASSWORD; + cred.bv_len = strlen(cred.bv_val); + } /* * Set the LDAP version and other options... @@ -590,49 +623,21 @@ scalab01_connectSuperuser (void) } /*JLS 14-03-01*/ - /* - * Now we could bind - */ - /* - * for SSL client authentication, SASL BIND is used - */ - if (mctx.mode & CLTAUTH) - { - if (mctx.mode & VERY_VERBOSE) - printf ("ldclt[%d]: ctrl: Before ldap_sasl_bind_s\n", mctx.pid); - ret = ldap_sasl_bind_s (s1ctx.ldapCtx, "", "EXTERNAL", NULL, NULL, NULL, - NULL); - if (mctx.mode & VERY_VERBOSE) - printf ("ldclt[%d]: ctrl: After ldap_sasl_bind_s\n", mctx.pid); - if (ret != LDAP_SUCCESS) - { - printf ("ldclt[%d]: ctrl: Cannot ldap_sasl_bind_s, error=%d (%s)\n", - mctx.pid, ret, my_ldap_err2string (ret)); - fflush (stdout); - return (-1); - } - } - else + if (mctx.mode & VERY_VERBOSE) + printf ("ldclt[%d]: ctrl: Before bind mech %s (%s , %s)\n", + mctx.pid, mech ? mech : "SIMPLE", bindDN, SCALAB01_SUPER_USER_PASSWORD); + ret = ldap_sasl_bind_s (s1ctx.ldapCtx, bindDN, mech, &cred, NULL, NULL, &servercredp); + ber_bvfree(servercredp); + if (mctx.mode & VERY_VERBOSE) + printf ("ldclt[%d]: ctrl: After bind mech %s (%s, %s)\n", + mctx.pid, mech ? mech : "SIMPLE", bindDN, SCALAB01_SUPER_USER_PASSWORD); + if (ret != LDAP_SUCCESS) { - strcpy (bindDN, SCALAB01_SUPER_USER_RDN); - strcat (bindDN, ","); - strcat (bindDN, mctx.baseDN); - if (mctx.mode & VERY_VERBOSE) - printf ("ldclt[%d]: ctrl: Before ldap_simple_bind_s (%s , %s)\n", - mctx.pid, bindDN, SCALAB01_SUPER_USER_PASSWORD); - ret = ldap_simple_bind_s (s1ctx.ldapCtx, - bindDN, SCALAB01_SUPER_USER_PASSWORD); - if (mctx.mode & VERY_VERBOSE) - printf ("ldclt[%d]: ctrl: After ldap_simple_bind_s (%s, %s)\n", - mctx.pid, bindDN, SCALAB01_SUPER_USER_PASSWORD); - if (ret != LDAP_SUCCESS) - { - printf("ldclt[%d]: ctrl: Cannot ldap_simple_bind_s (%s, %s), error=%d (%s)\n", - mctx.pid, bindDN, SCALAB01_SUPER_USER_PASSWORD, - ret, my_ldap_err2string (ret)); - fflush (stdout); - return (-1); - } + printf("ldclt[%d]: ctrl: Cannot bind mech %s (%s, %s), error=%d (%s)\n", + mctx.pid, mech ? mech : "SIMPLE", bindDN, SCALAB01_SUPER_USER_PASSWORD, + ret, my_ldap_err2string (ret)); + fflush (stdout); + return (-1); } /* @@ -676,7 +681,6 @@ readAttrValue ( LDAPMessage *cur; /* Current message */ BerElement *ber; /* To decode the response */ char *aname; /* Current attribute name */ - char **vals; /* Attribute value returned */ char *filter; /* Filter used for searching */ /* @@ -686,8 +690,8 @@ readAttrValue ( attrs[1] = NULL; filter = (char *)malloc((4+strlen(attname))*sizeof(char)); sprintf(filter, "(%s=*)", attname); - ret = ldap_search_s (ldapCtx, dn, LDAP_SCOPE_BASE, - filter, attrs, 0, &res); + ret = ldap_search_ext_s (ldapCtx, dn, LDAP_SCOPE_BASE, + filter, attrs, 0, NULL, NULL, NULL, -1, &res); if (filter != NULL) free(filter); if (ret != LDAP_SUCCESS) { @@ -712,7 +716,8 @@ readAttrValue ( */ if (!strcmp (aname, attname)) { - vals = ldap_get_values (ldapCtx, cur, aname); + struct berval **vals; + vals = ldap_get_values_len (ldapCtx, cur, aname); if (vals == NULL) { printf ("ldclt[%d]: %s: no value for %s in %s\n", @@ -720,8 +725,9 @@ readAttrValue ( fflush (stdout); return (-1); } - strcpy (value, vals[0]); - ldap_value_free (vals); + strncpy (value, vals[0]->bv_val, vals[0]->bv_len); + value[vals[0]->bv_len] = '\0'; + ldap_value_free_len (vals); } /* @@ -736,7 +742,7 @@ readAttrValue ( * Next entry - shouldn't happen in theory */ if (ber != NULL) - ldap_ber_free (ber, 0); + ber_free (ber, 0); cur = ldap_next_entry (ldapCtx, cur); } ldap_msgfree (res); /* Free the response */ diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c index bf100539..892b6ee2 100644 --- a/ldap/servers/slapd/tools/ldif.c +++ b/ldap/servers/slapd/tools/ldif.c @@ -42,6 +42,7 @@ #include <stdio.h> #include <string.h> +#include <stdlib.h> #include <memory.h> #include <sys/types.h> #if defined( _WINDOWS ) || defined( _WIN32 ) @@ -58,6 +59,24 @@ int ldap_syslog; int ldap_syslog_level; +#if defined(USE_OPENLDAP) +static char * +ldif_type_and_value(const char *type, const char *val, int vlen) +{ + char *buf, *p; + int tlen; + + tlen = strlen( type ); + if (( buf = (char *)malloc( LDIF_SIZE_NEEDED( tlen, vlen ) + 1 )) != + NULL ) { + p = buf; + ldif_sput( &p, LDIF_PUT_VALUE, type, val, vlen ); + *p = '\0'; + } + + return( buf ); +} +#endif static void display_usage( char *name ) diff --git a/ldap/servers/slapd/tools/pwenc.c b/ldap/servers/slapd/tools/pwenc.c index dba107a3..c03cfdec 100644 --- a/ldap/servers/slapd/tools/pwenc.c +++ b/ldap/servers/slapd/tools/pwenc.c @@ -61,7 +61,6 @@ #include <ctype.h> #include <stdlib.h> #include "ldap.h" -#include "ldif.h" #include "../slapi-plugin.h" #include "../slap.h" #include <nspr.h> diff --git a/ldap/servers/slapd/tools/rsearch/addthread.c b/ldap/servers/slapd/tools/rsearch/addthread.c index d87c5a53..417a4c19 100644 --- a/ldap/servers/slapd/tools/rsearch/addthread.c +++ b/ldap/servers/slapd/tools/rsearch/addthread.c @@ -53,6 +53,13 @@ #include "addthread.h" #include "infadd.h" +#ifndef LBER_SOCKET +#ifdef LBER_SOCKET_T +#define LBER_SOCKET LBER_SOCKET_T +#else +#define LBER_SOCKET int +#endif +#endif /* local data for a search thread */ struct _addthread { diff --git a/ldap/servers/slapd/tools/rsearch/searchthread.c b/ldap/servers/slapd/tools/rsearch/searchthread.c index 443419c0..38d5d593 100644 --- a/ldap/servers/slapd/tools/rsearch/searchthread.c +++ b/ldap/servers/slapd/tools/rsearch/searchthread.c @@ -57,6 +57,14 @@ #include "rsearch.h" #include "searchthread.h" +#ifndef LBER_SOCKET +#ifdef LBER_SOCKET_T +#define LBER_SOCKET LBER_SOCKET_T +#else +#define LBER_SOCKET int +#endif +#endif + /* local data for a search thread */ struct _searchthread { PRUint32 searchCount; |