diff options
| -rw-r--r-- | Makefile.am | 7 | ||||
| -rw-r--r-- | Makefile.in | 50 | ||||
| -rw-r--r-- | aclocal.m4 | 15 | ||||
| -rwxr-xr-x | configure | 143 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | ldap/admin/src/create_instance.c | 14 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldif/close.c | 8 | ||||
| -rw-r--r-- | ldap/servers/slapd/bind.c | 46 | ||||
| -rw-r--r-- | ldap/servers/slapd/configdse.c | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/connection.c | 22 | ||||
| -rw-r--r-- | ldap/servers/slapd/daemon.c | 463 | ||||
| -rw-r--r-- | ldap/servers/slapd/fe.h | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/getsocketpeer.c | 143 | ||||
| -rw-r--r-- | ldap/servers/slapd/getsocketpeer.h | 40 | ||||
| -rw-r--r-- | ldap/servers/slapd/libglobs.c | 289 | ||||
| -rw-r--r-- | ldap/servers/slapd/main.c | 20 | ||||
| -rw-r--r-- | ldap/servers/slapd/passwd_extop.c | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/pblock.c | 12 | ||||
| -rw-r--r-- | ldap/servers/slapd/proto-slap.h | 23 | ||||
| -rw-r--r-- | ldap/servers/slapd/pw_mgmt.c | 24 | ||||
| -rw-r--r-- | ldap/servers/slapd/saslbind.c | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/slap.h | 32 | ||||
| -rw-r--r-- | ldap/servers/slapd/slapi-plugin.h | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/start_tls_extop.c | 5 | ||||
| -rw-r--r-- | ltmain.sh | 162 |
25 files changed, 1264 insertions, 265 deletions
diff --git a/Makefile.am b/Makefile.am index f7f41ef4..88017cc6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -880,6 +880,10 @@ mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSD #------------------------ # ns-slapd #------------------------ +if enable_ldapi + GETSOCKETPEER=ldap/servers/slapd/getsocketpeer.c +endif + ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \ ldap/servers/slapd/auth.c \ ldap/servers/slapd/bind.c \ @@ -912,7 +916,8 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \ ldap/servers/slapd/strdup.c \ ldap/servers/slapd/stubs.c \ ldap/servers/slapd/tempnam.c \ - ldap/servers/slapd/unbind.c + ldap/servers/slapd/unbind.c \ + $(GETSOCKETPEER) ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) @sasl_inc@ @ldapsdk_inc@ @nss_inc@ \ @nspr_inc@ @svrcore_inc@ diff --git a/Makefile.in b/Makefile.in index 90f173f3..cae05b96 100644 --- a/Makefile.in +++ b/Makefile.in @@ -628,6 +628,26 @@ mmldif_bin_OBJECTS = $(am_mmldif_bin_OBJECTS) mmldif_bin_DEPENDENCIES = libslapd.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__ns_slapd_SOURCES_DIST = ldap/servers/slapd/abandon.c \ + ldap/servers/slapd/auth.c ldap/servers/slapd/bind.c \ + ldap/servers/slapd/compare.c ldap/servers/slapd/config.c \ + ldap/servers/slapd/configdse.c ldap/servers/slapd/connection.c \ + ldap/servers/slapd/conntable.c ldap/servers/slapd/daemon.c \ + ldap/servers/slapd/detach.c ldap/servers/slapd/extendop.c \ + ldap/servers/slapd/fedse.c ldap/servers/slapd/fileio.c \ + ldap/servers/slapd/getopt_ext.c ldap/servers/slapd/globals.c \ + ldap/servers/slapd/house.c ldap/servers/slapd/init.c \ + ldap/servers/slapd/lite_entries.c ldap/servers/slapd/main.c \ + ldap/servers/slapd/monitor.c ldap/servers/slapd/passwd_extop.c \ + ldap/servers/slapd/protect_db.c ldap/servers/slapd/psearch.c \ + ldap/servers/slapd/pw_mgmt.c ldap/servers/slapd/rootdse.c \ + ldap/servers/slapd/sasl_io.c ldap/servers/slapd/saslbind.c \ + ldap/servers/slapd/search.c \ + ldap/servers/slapd/start_tls_extop.c \ + ldap/servers/slapd/strdup.c ldap/servers/slapd/stubs.c \ + ldap/servers/slapd/tempnam.c ldap/servers/slapd/unbind.c \ + ldap/servers/slapd/getsocketpeer.c +@enable_ldapi_TRUE@am__objects_4 = ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT) am_ns_slapd_OBJECTS = ldap/servers/slapd/ns_slapd-abandon.$(OBJEXT) \ ldap/servers/slapd/ns_slapd-auth.$(OBJEXT) \ ldap/servers/slapd/ns_slapd-bind.$(OBJEXT) \ @@ -660,7 +680,7 @@ am_ns_slapd_OBJECTS = ldap/servers/slapd/ns_slapd-abandon.$(OBJEXT) \ ldap/servers/slapd/ns_slapd-strdup.$(OBJEXT) \ ldap/servers/slapd/ns_slapd-stubs.$(OBJEXT) \ ldap/servers/slapd/ns_slapd-tempnam.$(OBJEXT) \ - ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT) + ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT) $(am__objects_4) ns_slapd_OBJECTS = $(am_ns_slapd_OBJECTS) ns_slapd_DEPENDENCIES = libslapd.la libldaputil.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -752,7 +772,7 @@ DIST_SOURCES = $(libavl_a_SOURCES) $(libldaputil_a_SOURCES) \ $(ldap_agent_bin_SOURCES) $(am__ldclt_bin_SOURCES_DIST) \ $(ldif_bin_SOURCES) $(makstrdb_SOURCES) \ $(migratecred_bin_SOURCES) $(mmldif_bin_SOURCES) \ - $(ns_slapd_SOURCES) $(pwdhash_bin_SOURCES) \ + $(am__ns_slapd_SOURCES_DIST) $(pwdhash_bin_SOURCES) \ $(rsearch_bin_SOURCES) configDATA_INSTALL = $(INSTALL_DATA) nodist_propertyDATA_INSTALL = $(INSTALL_DATA) @@ -837,7 +857,6 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ -SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOLARIS_FALSE = @SOLARIS_FALSE@ @@ -882,6 +901,8 @@ db_libver = @db_libver@ debug_defs = @debug_defs@ enable_dna_FALSE = @enable_dna_FALSE@ enable_dna_TRUE = @enable_dna_TRUE@ +enable_ldapi_FALSE = @enable_ldapi_FALSE@ +enable_ldapi_TRUE = @enable_ldapi_TRUE@ enable_pam_passthru_FALSE = @enable_pam_passthru_FALSE@ enable_pam_passthru_TRUE = @enable_pam_passthru_TRUE@ exec_prefix = @exec_prefix@ @@ -1749,6 +1770,7 @@ mmldif_bin_LDADD = libslapd.la $(NSPR_LINK) $(NSS_LINK) $(SVRCORE_LINK) $(LDAPSD #------------------------ # ns-slapd #------------------------ +@enable_ldapi_TRUE@GETSOCKETPEER = ldap/servers/slapd/getsocketpeer.c ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \ ldap/servers/slapd/auth.c \ ldap/servers/slapd/bind.c \ @@ -1781,7 +1803,8 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \ ldap/servers/slapd/strdup.c \ ldap/servers/slapd/stubs.c \ ldap/servers/slapd/tempnam.c \ - ldap/servers/slapd/unbind.c + ldap/servers/slapd/unbind.c \ + $(GETSOCKETPEER) ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) @sasl_inc@ @ldapsdk_inc@ @nss_inc@ \ @nspr_inc@ @svrcore_inc@ @@ -3628,6 +3651,9 @@ ldap/servers/slapd/ns_slapd-tempnam.$(OBJEXT): \ ldap/servers/slapd/ns_slapd-unbind.$(OBJEXT): \ ldap/servers/slapd/$(am__dirstamp) \ ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp) +ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT): \ + ldap/servers/slapd/$(am__dirstamp) \ + ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp) ns-slapd$(EXEEXT): $(ns_slapd_OBJECTS) $(ns_slapd_DEPENDENCIES) @rm -f ns-slapd$(EXEEXT) $(ns_slapd_LINK) $(ns_slapd_LDFLAGS) $(ns_slapd_OBJECTS) $(ns_slapd_LDADD) $(LIBS) @@ -4342,6 +4368,7 @@ mostlyclean-compile: -rm -f ldap/servers/slapd/ns_slapd-fedse.$(OBJEXT) -rm -f ldap/servers/slapd/ns_slapd-fileio.$(OBJEXT) -rm -f ldap/servers/slapd/ns_slapd-getopt_ext.$(OBJEXT) + -rm -f ldap/servers/slapd/ns_slapd-getsocketpeer.$(OBJEXT) -rm -f ldap/servers/slapd/ns_slapd-globals.$(OBJEXT) -rm -f ldap/servers/slapd/ns_slapd-house.$(OBJEXT) -rm -f ldap/servers/slapd/ns_slapd-init.$(OBJEXT) @@ -4792,6 +4819,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-fedse.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-fileio.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-getopt_ext.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-globals.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-house.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-init.Po@am__quote@ @@ -8241,6 +8269,20 @@ ldap/servers/slapd/ns_slapd-unbind.obj: ldap/servers/slapd/unbind.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-unbind.obj `if test -f 'ldap/servers/slapd/unbind.c'; then $(CYGPATH_W) 'ldap/servers/slapd/unbind.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/unbind.c'; fi` +ldap/servers/slapd/ns_slapd-getsocketpeer.o: ldap/servers/slapd/getsocketpeer.c +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-getsocketpeer.o -MD -MP -MF "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.o `test -f 'ldap/servers/slapd/getsocketpeer.c' || echo '$(srcdir)/'`ldap/servers/slapd/getsocketpeer.c; \ +@am__fastdepCC_TRUE@ then mv -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po"; else rm -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/slapd/getsocketpeer.c' object='ldap/servers/slapd/ns_slapd-getsocketpeer.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.o `test -f 'ldap/servers/slapd/getsocketpeer.c' || echo '$(srcdir)/'`ldap/servers/slapd/getsocketpeer.c + +ldap/servers/slapd/ns_slapd-getsocketpeer.obj: ldap/servers/slapd/getsocketpeer.c +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-getsocketpeer.obj -MD -MP -MF "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.obj `if test -f 'ldap/servers/slapd/getsocketpeer.c'; then $(CYGPATH_W) 'ldap/servers/slapd/getsocketpeer.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/getsocketpeer.c'; fi`; \ +@am__fastdepCC_TRUE@ then mv -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo" "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Po"; else rm -f "ldap/servers/slapd/$(DEPDIR)/ns_slapd-getsocketpeer.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/slapd/getsocketpeer.c' object='ldap/servers/slapd/ns_slapd-getsocketpeer.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-getsocketpeer.obj `if test -f 'ldap/servers/slapd/getsocketpeer.c'; then $(CYGPATH_W) 'ldap/servers/slapd/getsocketpeer.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/getsocketpeer.c'; fi` + ldap/servers/slapd/tools/pwdhash_bin-pwenc.o: ldap/servers/slapd/tools/pwenc.c @am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pwdhash_bin_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/tools/pwdhash_bin-pwenc.o -MD -MP -MF "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo" -c -o ldap/servers/slapd/tools/pwdhash_bin-pwenc.o `test -f 'ldap/servers/slapd/tools/pwenc.c' || echo '$(srcdir)/'`ldap/servers/slapd/tools/pwenc.c; \ @am__fastdepCC_TRUE@ then mv -f "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo" "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Po"; else rm -f "ldap/servers/slapd/tools/$(DEPDIR)/pwdhash_bin-pwenc.Tpo"; exit 1; fi @@ -1597,7 +1597,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -4305,9 +4305,6 @@ CC=$lt_[]_LT_AC_TAGVAR(compiler, $1) # Is the compiler the GNU C compiler? with_gcc=$_LT_AC_TAGVAR(GCC, $1) -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -4441,11 +4438,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_[]_LT_AC_TAGVAR(predep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_[]_LT_AC_TAGVAR(postdep_objects, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) # Dependencies to place before the objects being linked to create a # shared library. @@ -4457,7 +4454,7 @@ postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1) # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -4537,7 +4534,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -6373,7 +6370,6 @@ do done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -6406,7 +6402,6 @@ for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do done ]) SED=$lt_cv_path_SED -AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ]) @@ -465,7 +465,7 @@ ac_includes_default="\ #endif" ac_default_prefix=/opt/$PACKAGE_NAME -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE SED EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs BUNDLE_TRUE BUNDLE_FALSE enable_pam_passthru_TRUE enable_pam_passthru_FALSE enable_dna_TRUE enable_dna_FALSE enable_ldapi_TRUE enable_ldapi_FALSE configdir sampledatadir propertydir schemadir serverdir serverplugindir scripttemplatedir instconfigdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN initdir HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG ICU_CONFIG NETSNMP_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir db_inc db_incdir db_lib db_libdir db_bindir db_libver sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib icu_lib icu_inc icu_bin netsnmp_inc netsnmp_lib netsnmp_libdir netsnmp_link LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -3832,7 +3832,6 @@ do done done done -IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris @@ -3867,7 +3866,6 @@ done fi SED=$lt_cv_path_SED - echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 @@ -4308,7 +4306,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4311 "configure"' > conftest.$ac_ext + echo '#line 4309 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5443,7 +5441,7 @@ fi # Provide some information about the compiler. -echo "$as_me:5446:" \ +echo "$as_me:5444:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 @@ -6506,11 +6504,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6509: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6507: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6513: \$? = $ac_status" >&5 + echo "$as_me:6511: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6774,11 +6772,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6777: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6775: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6781: \$? = $ac_status" >&5 + echo "$as_me:6779: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6878,11 +6876,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6881: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6879: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6885: \$? = $ac_status" >&5 + echo "$as_me:6883: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8347,7 +8345,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 8350 "configure"' > conftest.$ac_ext + echo '#line 8348 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8366,7 +8364,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -9244,7 +9242,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9247 "configure" +#line 9245 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9344,7 +9342,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9347 "configure" +#line 9345 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9675,9 +9673,6 @@ CC=$lt_compiler # Is the compiler the GNU C compiler? with_gcc=$GCC -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -9811,11 +9806,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects # Dependencies to place before the objects being linked to create a # shared library. @@ -9827,7 +9822,7 @@ postdeps=$lt_postdeps # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -9907,7 +9902,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$link_all_deplibs # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -11687,11 +11682,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11690: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11685: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11694: \$? = $ac_status" >&5 + echo "$as_me:11689: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11791,11 +11786,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11794: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11789: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11798: \$? = $ac_status" >&5 + echo "$as_me:11793: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12327,7 +12322,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 12330 "configure"' > conftest.$ac_ext + echo '#line 12325 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -12346,7 +12341,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -12731,9 +12726,6 @@ CC=$lt_compiler_CXX # Is the compiler the GNU C compiler? with_gcc=$GCC_CXX -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -12867,11 +12859,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_CXX # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_CXX # Dependencies to place before the objects being linked to create a # shared library. @@ -12883,7 +12875,7 @@ postdeps=$lt_postdeps_CXX # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_CXX | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -12963,7 +12955,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$link_all_deplibs_CXX # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -13385,11 +13377,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13388: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13380: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13392: \$? = $ac_status" >&5 + echo "$as_me:13384: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13489,11 +13481,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13492: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13484: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13496: \$? = $ac_status" >&5 + echo "$as_me:13488: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14938,7 +14930,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 14941 "configure"' > conftest.$ac_ext + echo '#line 14933 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -14957,7 +14949,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -15342,9 +15334,6 @@ CC=$lt_compiler_F77 # Is the compiler the GNU C compiler? with_gcc=$GCC_F77 -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -15478,11 +15467,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_F77 # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_F77 # Dependencies to place before the objects being linked to create a # shared library. @@ -15494,7 +15483,7 @@ postdeps=$lt_postdeps_F77 # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_F77 | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_F77 # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -15574,7 +15563,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$link_all_deplibs_F77 # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -15716,11 +15705,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15719: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15708: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15723: \$? = $ac_status" >&5 + echo "$as_me:15712: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15984,11 +15973,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15987: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15976: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15991: \$? = $ac_status" >&5 + echo "$as_me:15980: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16088,11 +16077,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16091: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16080: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16095: \$? = $ac_status" >&5 + echo "$as_me:16084: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17557,7 +17546,7 @@ linux*) libsuff= case "$host_cpu" in x86_64*|s390x*|powerpc64*) - echo '#line 17560 "configure"' > conftest.$ac_ext + echo '#line 17549 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -17576,7 +17565,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" fi @@ -17961,9 +17950,6 @@ CC=$lt_compiler_GCJ # Is the compiler the GNU C compiler? with_gcc=$GCC_GCJ -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18097,11 +18083,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_GCJ # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_GCJ # Dependencies to place before the objects being linked to create a # shared library. @@ -18113,7 +18099,7 @@ postdeps=$lt_postdeps_GCJ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_GCJ | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18193,7 +18179,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$link_all_deplibs_GCJ # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -18445,9 +18431,6 @@ CC=$lt_compiler_RC # Is the compiler the GNU C compiler? with_gcc=$GCC_RC -gcc_dir=\`gcc -print-file-name=. | $SED 's,/\.$,,'\` -gcc_ver=\`gcc -dumpversion\` - # An ERE matcher. EGREP=$lt_EGREP @@ -18581,11 +18564,11 @@ striplib=$lt_striplib # Dependencies to place before the objects being linked to create a # shared library. -predep_objects=\`echo $lt_predep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +predep_objects=$lt_predep_objects_RC # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects=\`echo $lt_postdep_objects_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +postdep_objects=$lt_postdep_objects_RC # Dependencies to place before the objects being linked to create a # shared library. @@ -18597,7 +18580,7 @@ postdeps=$lt_postdeps_RC # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path=\`echo $lt_compiler_lib_search_path_RC | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +compiler_lib_search_path=$lt_compiler_lib_search_path_RC # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -18677,7 +18660,7 @@ variables_saved_for_relink="$variables_saved_for_relink" link_all_deplibs=$link_all_deplibs_RC # Compile-time system search path for libraries -sys_lib_search_path_spec=\`echo $lt_sys_lib_search_path_spec | \$SED -e "s@\${gcc_dir}@\\\${gcc_dir}@g;s@\${gcc_ver}@\\\${gcc_ver}@g"\` +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec @@ -23005,6 +22988,16 @@ else echo "${ECHO_T}no" >&6 fi + +if test "$enable_ldapi" = "yes"; then + enable_ldapi_TRUE= + enable_ldapi_FALSE='#' +else + enable_ldapi_TRUE='#' + enable_ldapi_FALSE= +fi + + # the default prefix - override with --prefix or --with-fhs @@ -25218,6 +25211,13 @@ echo "$as_me: error: conditional \"enable_dna\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${enable_ldapi_TRUE}" && test -z "${enable_ldapi_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"enable_ldapi\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"enable_ldapi\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"WINNT\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -25826,7 +25826,6 @@ s,@ac_ct_CC@,$ac_ct_CC,;t t s,@CCDEPMODE@,$CCDEPMODE,;t t s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t -s,@SED@,$SED,;t t s,@EGREP@,$EGREP,;t t s,@LN_S@,$LN_S,;t t s,@ECHO@,$ECHO,;t t @@ -25848,6 +25847,8 @@ s,@enable_pam_passthru_TRUE@,$enable_pam_passthru_TRUE,;t t s,@enable_pam_passthru_FALSE@,$enable_pam_passthru_FALSE,;t t s,@enable_dna_TRUE@,$enable_dna_TRUE,;t t s,@enable_dna_FALSE@,$enable_dna_FALSE,;t t +s,@enable_ldapi_TRUE@,$enable_ldapi_TRUE,;t t +s,@enable_ldapi_FALSE@,$enable_ldapi_FALSE,;t t s,@configdir@,$configdir,;t t s,@sampledatadir@,$sampledatadir,;t t s,@propertydir@,$propertydir,;t t diff --git a/configure.ac b/configure.ac index 4ae8302d..78e24e17 100644 --- a/configure.ac +++ b/configure.ac @@ -119,6 +119,7 @@ if test "$enable_ldapi" = yes ; then else AC_MSG_RESULT(no) fi +AM_CONDITIONAL(enable_ldapi,test "$enable_ldapi" = "yes") # the default prefix - override with --prefix or --with-fhs AC_PREFIX_DEFAULT([/opt/$PACKAGE_NAME]) diff --git a/ldap/admin/src/create_instance.c b/ldap/admin/src/create_instance.c index 3439dc61..d0c34bc0 100644 --- a/ldap/admin/src/create_instance.c +++ b/ldap/admin/src/create_instance.c @@ -2686,6 +2686,20 @@ char *ds_gen_confs(char *sroot, server_config_s *cf, char *cs_path) fprintf(f, "nsslapd-return-exact-case: on\n"); fprintf(f, "nsslapd-ssl-check-hostname: on\n"); fprintf(f, "nsslapd-port: %s\n", cf->servport); +#if defined(ENABLE_LDAPI) + fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + fprintf(f, "nsslapd-ldapilisten: on\n"); +#if defined(ENABLE_AUTOBIND) + fprintf(f, "nsslapd-ldapiautobind: on\n"); +#endif /* ENABLE_AUTOBIND */ + fprintf(f, "nsslapd-ldapimaprootdn: cn=Directory Manager\n"); + fprintf(f, "nsslapd-ldapimaptoentries: off\n"); + fprintf(f, "nsslapd-ldapiuidnumbertype: uidNumber\n"); + fprintf(f, "nsslapd-ldapigidnumbertype: gidNumber\n"); + fprintf(f, "nsslapd-ldapientrysearchbase: dc=example, dc=com\n"); + fprintf(f, "nsslapd-ldapiautodnsuffix: cn=peercred,cn=external,cn=auth\n"); +#endif /* ENABLE_LDAPI */ + #if !defined( XP_WIN32 ) if (cf->servuser && *(cf->servuser)) { fprintf(f, "nsslapd-localuser: %s\n", cf->servuser); diff --git a/ldap/servers/slapd/back-ldif/close.c b/ldap/servers/slapd/back-ldif/close.c index 379ea96f..e30e298c 100644 --- a/ldap/servers/slapd/back-ldif/close.c +++ b/ldap/servers/slapd/back-ldif/close.c @@ -92,10 +92,10 @@ ldif_back_close( Slapi_PBlock *pb ) { LDIF *db; - LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend syncing\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend syncing\n", 0, 0, 0 ); slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &db ); ldif_free_db(db); - LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend done syncing\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend done syncing\n", 0, 0, 0 ); } /* @@ -108,8 +108,8 @@ ldif_back_close( Slapi_PBlock *pb ) void ldif_back_flush( Slapi_PBlock *pb ) { - LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend flushing\n", 0, 0, 0 ); - LDAPDebug( LDAP_DEBUG_TRACE, "ldbm backend done flushing\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend flushing\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "ldif backend done flushing\n", 0, 0, 0 ); return; } diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index 6c4453cd..29772657 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -126,6 +126,7 @@ do_bind( Slapi_PBlock *pb ) char **supported, **pmech; char authtypebuf[256]; /* >26 (strlen(SLAPD_AUTH_SASL)+SASL_MECHNAMEMAX+1) */ Slapi_Entry *bind_target_entry = NULL; + int auto_bind = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 ); @@ -250,14 +251,31 @@ do_bind( Slapi_PBlock *pb ) slapi_pblock_get (pb, SLAPI_PWPOLICY, &pw_response_requested); } - log_bind_access(pb, dn, method, version, saslmech, NULL); + PR_Lock( pb->pb_conn->c_mutex ); /* According to RFC2251, * "if the bind fails, the connection will be treated as anonymous". */ - PR_Lock( pb->pb_conn->c_mutex ); - bind_credentials_clear( pb->pb_conn, PR_FALSE, /* conn is already locked */ + bind_credentials_clear( pb->pb_conn, PR_FALSE, /* do not lock conn */ PR_FALSE /* do not clear external creds. */ ); + + /* LDAPI might have auto bind on, binding as anon should + mean bind as self in this case + */ +#if defined(ENABLE_AUTOBIND) + if((0 == dn || 0 == dn[0]) && pb->pb_conn->c_unix_local) + { + slapd_bind_local_user(pb->pb_conn); + + if(pb->pb_conn->c_dn) + { + auto_bind = 1; /* flag the bind method */ + dn = slapi_ch_strdup(pb->pb_conn->c_dn); + slapi_sdn_init_dn_passin(&sdn,dn); + } + } +#endif /* ENABLE_AUTOBIND */ + /* Clear the password policy flag that forbid operation * other than Bind, Modify, Unbind : * With a new bind, the flag should be reset so that the new @@ -266,6 +284,8 @@ do_bind( Slapi_PBlock *pb ) pb->pb_conn->c_needpw = 0; PR_Unlock( pb->pb_conn->c_mutex ); + log_bind_access(pb, dn, method, version, saslmech, NULL); + switch ( version ) { case LDAP_VERSION2: if (method == LDAP_AUTH_SIMPLE @@ -502,22 +522,31 @@ do_bind( Slapi_PBlock *pb ) /* get the entry now, so that we can give it to check_account_lock and reslimit_update_from_dn */ if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(&sdn)); - rc = check_account_lock ( pb, bind_target_entry, pw_response_requested); + rc = check_account_lock ( pb, bind_target_entry, pw_response_requested,0); } slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database ); set_db_default_result_handlers(pb); - if ( (rc != 1) && (((rc = (*be->be_bind)( pb )) + if ( (rc != 1) && (auto_bind || (((rc = (*be->be_bind)( pb )) == SLAPI_BIND_SUCCESS ) || rc - == SLAPI_BIND_ANONYMOUS )) { + == SLAPI_BIND_ANONYMOUS ))) { long t; { char* authtype = NULL; + + if(auto_bind) + rc = SLAPI_BIND_SUCCESS; + switch ( method ) { case LDAP_AUTH_SIMPLE: if (cred.bv_len != 0) { authtype = SLAPD_AUTH_SIMPLE; } +#if defined(ENABLE_AUTOBIND) + else if(auto_bind) { + authtype = SLAPD_AUTH_OS; + } +#endif /* ENABLE_AUTOBIND */ break; case LDAP_AUTH_SASL: /* authtype = SLAPD_AUTH_SASL && saslmech: */ @@ -529,7 +558,8 @@ do_bind( Slapi_PBlock *pb ) } if ( rc == SLAPI_BIND_SUCCESS ) { - bind_credentials_set( pb->pb_conn, + if(!auto_bind) + bind_credentials_set( pb->pb_conn, authtype, slapi_ch_strdup( slapi_sdn_get_ndn(&sdn)), NULL, NULL, NULL, bind_target_entry ); @@ -545,7 +575,7 @@ do_bind( Slapi_PBlock *pb ) } } - if ( rc != SLAPI_BIND_ANONYMOUS && + if ( 0 == auto_bind && rc != SLAPI_BIND_ANONYMOUS && ! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { /* check if need new password before sending diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c index ebe9aa6b..f640964a 100644 --- a/ldap/servers/slapd/configdse.c +++ b/ldap/servers/slapd/configdse.c @@ -65,6 +65,8 @@ static void get_log_max_size( LDAPMod *mod, static const char *requires_restart[] = { "cn=config:nsslapd-port", "cn=config:nsslapd-secureport", + "cn=config:" CONFIG_LDAPI_FILENAME_ATTRIBUTE, + "cn=config:" CONFIG_LDAPI_SWITCH_ATTRIBUTE, "cn=config:nsslapd-workingdir", "cn=config:nsslapd-plugin", "cn=config:nsslapd-sslclientauth", diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c index 9d4dfe28..8ac98770 100644 --- a/ldap/servers/slapd/connection.c +++ b/ldap/servers/slapd/connection.c @@ -511,21 +511,27 @@ connection_dispatch_operation(Connection *conn, Operation *op, Slapi_PBlock *pb) { int i = 1; int ret = 0; - /* Set TCP_CORK here */ - ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); - if (ret < 0) { - LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %d\n",conn->c_connid, 0, 0); + /* Set TCP_CORK here but only if this is not LDAPI */ + if(!conn->c_unix_local) + { + ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); + if (ret < 0) { + LDAPDebug(LDAP_DEBUG_ANY, "Failed to set TCP_CORK on connection %d\n",conn->c_connid, 0, 0); + } } #endif do_search( pb ); #if defined(LINUX) - /* Clear TCP_CORK to flush any unsent data */ + /* Clear TCP_CORK to flush any unsent data but only if not LDAPI*/ i = 0; - ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); - if (ret < 0) { - LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %d\n",conn->c_connid, 0, 0); + if(!conn->c_unix_local) + { + ret = setsockopt(conn->c_sd,IPPROTO_TCP,TCP_CORK,&i,sizeof(i)); + if (ret < 0) { + LDAPDebug(LDAP_DEBUG_ANY, "Failed to clear TCP_CORK on connection %d\n",conn->c_connid, 0, 0); + } } } #endif diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c index 61523d7e..d34d801d 100644 --- a/ldap/servers/slapd/daemon.c +++ b/ldap/servers/slapd/daemon.c @@ -92,6 +92,10 @@ #include "fe.h" +#if defined(ENABLE_LDAPI) +#include "getsocketpeer.h" +#endif /* ENABLE_LDAPI */ + /* * Define the backlog number for use in listen() call. * We use the same definition as in ldapserver/include/base/systems.h @@ -125,6 +129,7 @@ static int readsignalpipe = SLAPD_INVALID_SOCKET; #define FDS_SIGNAL_PIPE 0 #define FDS_N_TCPS 1 #define FDS_S_TCPS 2 +#define FDS_I_UNIX 3 static int get_configured_connection_table_size(); #ifdef RESOLVER_NEEDS_LOW_FILE_DESCRIPTORS @@ -135,11 +140,11 @@ static void get_loopback_by_addr( void ); static int createlistensocket(unsigned short port, const PRNetAddr *listenaddr); #endif static PRFileDesc *createprlistensocket(unsigned short port, - const PRNetAddr *listenaddr, int secure); + const PRNetAddr *listenaddr, int secure, int local); static const char *netaddr2string(const PRNetAddr *addr, char *addrbuf, size_t addrbuflen); static void set_shutdown (int); -static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRIntn *num_to_read); +static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix, PRIntn *num_to_read); #ifdef HPUX10 static void* catch_signals(); @@ -274,7 +279,7 @@ syn_scan (int sock) static int accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr, - int addrlen, int secure, PRFileDesc **pr_clonefd) + int addrlen, int secure, int local, PRFileDesc **pr_clonefd) { int ns = 0; @@ -290,7 +295,7 @@ accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr, return(SLAPD_INVALID_SOCKET); } - ns = configure_pr_socket( pr_clonefd, secure ); + ns = configure_pr_socket( pr_clonefd, secure, local ); #else /* Windows */ if( secure ) { @@ -316,7 +321,7 @@ accept_and_configure(int s, PRFileDesc *pr_acceptfd, PRNetAddr *pr_netaddr, return(SLAPD_INVALID_SOCKET); } - ns = configure_pr_socket( pr_clonefd, secure ); + ns = configure_pr_socket( pr_clonefd, secure, local ); } else { /* !secure */ struct sockaddr *addr; /* NOT IPv6 enabled */ @@ -364,11 +369,11 @@ static void set_timeval_ms(struct timeval *t, int ms); #endif /* GGOODREPL static void handle_timeout( void ); */ static void handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll); -static int handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure ); +static int handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure, int local ); #ifdef _WIN32 static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, int n_tcps, PRFileDesc *s_tcps); #else -static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps); +static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix); #endif static int write_pid_file(); static int init_shutdown_detect(); @@ -392,13 +397,13 @@ int daemon_pre_setuid_init(daemon_ports_t *ports) &ports->n_listenaddr); #else ports->n_socket = createprlistensocket(ports->n_port, - &ports->n_listenaddr, 0); + &ports->n_listenaddr, 0, 0); #endif } if ( config_get_security() && (0 != ports->s_port) ) { ports->s_socket = createprlistensocket((unsigned short)ports->s_port, - &ports->s_listenaddr, 1); + &ports->s_listenaddr, 1, 0); #ifdef XP_WIN32 ports->s_socket_native = PR_FileDesc2NativeHandle(ports->s_socket); #endif @@ -409,6 +414,15 @@ int daemon_pre_setuid_init(daemon_ports_t *ports) #endif } +#ifndef XP_WIN32 +#if defined(ENABLE_LDAPI) + /* ldapi */ + if(0 != ports->i_port) { + ports->i_socket = createprlistensocket(1, &ports->i_listenaddr, 0, 1); + } +#endif /* ENABLE_LDAPI */ +#endif + return( rc ); } @@ -460,8 +474,8 @@ time_thread(void *nothing) void slapd_daemon( daemon_ports_t *ports ) { - /* We are passed a pair of ports---one for regular connections, the - * other for SSL connections. + /* We are passed some ports---one for regular connections, one + * for SSL connections, one for ldapi connections. */ /* Previously there was a ton of code #defined on NET_SSL. * This looked horrible, so now I'm doing it this way: @@ -475,6 +489,7 @@ void slapd_daemon( daemon_ports_t *ports ) #else PRFileDesc *n_tcps = NULL; PRFileDesc *tcps = 0; + PRFileDesc *i_unix = 0; #endif PRFileDesc *s_tcps = NULL; PRIntn num_poll = 0; @@ -504,16 +519,24 @@ void slapd_daemon( daemon_ports_t *ports ) s_tcps = ports->s_socket; #ifdef XP_WIN32 s_tcps_native = ports->s_socket_native; +#else +#if defined(ENABLE_LDAPI) + i_unix = ports->i_socket; +#endif /* ENABLE_LDAPI */ #endif createsignalpipe(); init_shutdown_detect(); + if ( #if defined( XP_WIN32 ) - if ( (n_tcps == SLAPD_INVALID_SOCKET) && + (n_tcps == SLAPD_INVALID_SOCKET) && #else - if ( (n_tcps == NULL) && + (n_tcps == NULL) && +#if defined(ENABLE_LDAPI) + (i_unix == NULL) && +#endif /* ENABLE_LDAPI */ #endif (s_tcps == NULL) ) { /* nothing to do */ LDAPDebug( LDAP_DEBUG_ANY, @@ -521,7 +544,7 @@ void slapd_daemon( daemon_ports_t *ports ) exit( 1 ); } - unfurl_banners(the_connection_table,ports,n_tcps,s_tcps); + unfurl_banners(the_connection_table,ports,n_tcps,s_tcps,i_unix); init_op_threads (); detect_timeout_support(); @@ -580,6 +603,21 @@ void slapd_daemon( daemon_ports_t *ports ) g_set_shutdown( SLAPI_SHUTDOWN_EXIT ); } +#if !defined( XP_WIN32 ) +#if defined(ENABLE_LDAPI) + if( i_unix != NULL && + PR_Listen(i_unix, DAEMON_LISTEN_SIZE) == PR_FAILURE) { + PRErrorCode prerr = PR_GetError(); + slapi_log_error(SLAPI_LOG_FATAL, "slapd_daemon", + "listen() on %s failed: error %d (%s)\n", + ports->i_listenaddr.local.path, + prerr, + slapd_pr_strerror( prerr )); + g_set_shutdown( SLAPI_SHUTDOWN_EXIT ); + } +#endif /* ENABLE_LDAPI */ +#endif + /* Now we write the pid file, indicating that the server is finally and listening for connections */ write_pid_file(); @@ -593,6 +631,8 @@ void slapd_daemon( daemon_ports_t *ports ) #endif int select_return = 0; int secure = 0; /* is a new connection an SSL one ? */ + int local = 0; /* is new connection an ldapi one? */ + #ifndef _WIN32 PRErrorCode prerr; #endif @@ -603,7 +643,7 @@ void slapd_daemon( daemon_ports_t *ports ) /* This select needs to timeout to give the server a chance to test for shutdown */ select_return = select(connection_table_size, &readfds, NULL, 0, &wakeup_timer); #else - setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,&num_poll); + setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,i_unix,&num_poll); select_return = POLL_FN(the_connection_table->fd, num_poll, pr_timeout); #endif switch (select_return) { @@ -629,11 +669,11 @@ void slapd_daemon( daemon_ports_t *ports ) #ifdef _WIN32 /* If so, then handle a new connection */ if ( n_tcps != SLAPD_INVALID_SOCKET && FD_ISSET( n_tcps,&readfds ) ) { - handle_new_connection(the_connection_table,n_tcps,NULL,0); + handle_new_connection(the_connection_table,n_tcps,NULL,0,0); } /* If so, then handle a new connection */ if ( s_tcps != SLAPD_INVALID_SOCKET && FD_ISSET( s_tcps_native,&readfds ) ) { - handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,s_tcps,1); + handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,s_tcps,1,0); } /* handle new data ready */ handle_read_ready(the_connection_table,&readfds); @@ -650,9 +690,17 @@ void slapd_daemon( daemon_ports_t *ports ) tcps = s_tcps; secure = 1; } +#if defined(ENABLE_LDAPI) + else if ( i_unix != 0 && + the_connection_table->fd[FDS_I_UNIX].out_flags & SLAPD_POLL_FLAGS ) { + tcps = i_unix; + local = 1; + } +#endif /* ENABLE_LDAPI */ + /* If so, then handle a new connection */ if ( tcps != NULL ) { - handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,tcps,secure); + handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,tcps,secure,local); } /* handle new data ready */ handle_pr_read_ready(the_connection_table, connection_table_size); @@ -674,11 +722,18 @@ void slapd_daemon( daemon_ports_t *ports ) #ifdef _WIN32 if ( n_tcps != SLAPD_INVALID_SOCKET ) { closesocket( n_tcps ); + } #else if ( n_tcps != NULL ) { PR_Close( n_tcps ); -#endif } + + if ( i_unix != NULL ) { + PR_Close( i_unix ); + } + +#endif + if ( s_tcps != NULL ) { PR_Close( s_tcps ); } @@ -934,7 +989,7 @@ static void setup_read_fds(Connection_Table *ct, fd_set *readfds, int n_tcps, in static int first_time_setup_pr_read_pds = 1; static void -setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRIntn *num_to_read) +setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix, PRIntn *num_to_read) { Connection *c= NULL; Connection *next= NULL; @@ -999,7 +1054,19 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, ct->fd[FDS_S_TCPS].fd = NULL; } -#if !defined(_WIN32) +#if !defined(_WIN32) + /* The fds entry for i_unix is always FDS_I_UNIX */ + if (i_unix != NULL && accept_new_connections) + { + ct->fd[FDS_I_UNIX].fd = i_unix; + ct->fd[FDS_I_UNIX].in_flags = SLAPD_POLL_FLAGS; + ct->fd[FDS_I_UNIX].out_flags = 0; + LDAPDebug( LDAP_DEBUG_HOUSE, + "listening for LDAPI connections on %d\n", socketdesc, 0, 0 ); + } else { + ct->fd[FDS_S_TCPS].fd = NULL; + } + /* The fds entry for the signalpipe is always FDS_SIGNAL_PIPE */ ct->fd[FDS_SIGNAL_PIPE].fd = signalpipe[0]; ct->fd[FDS_SIGNAL_PIPE].in_flags = SLAPD_POLL_FLAGS; @@ -1013,8 +1080,9 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc *n_tcps, PRFileDesc *s_tcps, /* count is the number of entries we've place in the fds array. * we always put n_tcps in slot FDS_N_TCPS, s_tcps in slot * FDS_S_TCPS and the signal pipe in slot FDS_SIGNAL_PIPE - * so we now set count to 3 */ - count = 3; + * and i_unix in FDS_I_UNIX + * so we now set count to 4 */ + count = 4; /* Walk down the list of active connections to find * out which connections we should poll over. If a connection @@ -1798,10 +1866,271 @@ daemon_register_connection() connection_type= factory_register_type(SLAPI_EXT_CONNECTION,offsetof(Connection,c_extension)); } } - + +#if defined(ENABLE_LDAPI) +int +slapd_identify_local_user(Connection *conn) +{ + int ret = -1; + uid_t uid = 0; + gid_t gid = 0; + + if(0 == slapd_get_socket_peer(conn->c_prfd, &uid, &gid)) + { + conn->c_local_uid = uid; + conn->c_local_gid = gid; + + ret = 0; + } + + return ret; +} + +#if defined(ENABLE_AUTOBIND) +int +slapd_bind_local_user(Connection *conn) +{ + int ret = -1; + uid_t uid = conn->c_local_uid; + gid_t gid = conn->c_local_gid; + + /* observe configuration for auto binding */ + /* bind at all? */ + if(config_get_ldapi_bind_switch()) + { + /* map users to a dn + root may also map to an entry + */ + + /* require real entry? */ + if(config_get_ldapi_map_entries()) + { + /* get uid type to map to (e.g. uidNumber) */ + char *utype = config_get_ldapi_uidnumber_type(); + /* get gid type to map to (e.g. gidNumber) */ + char *gtype = config_get_ldapi_gidnumber_type(); + /* get base dn for search */ + char *base_dn = config_get_ldapi_search_base_dn(); + + /* search vars */ + Slapi_PBlock *search_pb = 0; + Slapi_Entry **entries = 0; + int result; + + /* filter manipulation vars */ + char *one_type = 0; + char *filter_tpl = 0; + char *filter = 0; + + /* create filter, matching whatever is given */ + if(utype && gtype) + { + filter_tpl = "(&(%s=%u)(%s=%u))"; + } + else + { + if(utype || gtype) + { + filter_tpl = "(%s=%u)"; + if(utype) + one_type = utype; + else + one_type = gtype; + } + else + { + goto entry_map_free; + } + } + + if(one_type) + { + if(one_type == utype) + filter = slapi_ch_smprintf(filter_tpl, + utype, uid); + else + filter = slapi_ch_smprintf(filter_tpl, + gtype, gid); + } + else + { + filter = slapi_ch_smprintf(filter_tpl, + utype, uid, gtype, gid); + } + + /* search for single entry matching types */ + search_pb = slapi_pblock_new(); + + slapi_search_internal_set_pb( + search_pb, + base_dn, + LDAP_SCOPE_SUBTREE, + filter, + NULL, 0, NULL, NULL, + (void*)plugin_get_default_component_id(), + 0); + + slapi_search_internal_pb(search_pb); + slapi_pblock_get( + search_pb, + SLAPI_PLUGIN_INTOP_RESULT, + &result); + if(LDAP_SUCCESS == result) + slapi_pblock_get( + search_pb, + SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, + &entries); + + if(entries) + { + /* zero or multiple entries fail */ + if(entries[0] && 0 == entries[1]) + { + /* observe account locking */ + ret = check_account_lock( + 0, /* pb not req */ + entries[0], + 0, /* no response control */ + 1 /* inactivation only */ + ); + + if(0 == ret) + { + char *auth_dn = slapi_ch_strdup( + slapi_entry_get_ndn( + entries[0])); + + auth_dn = slapi_dn_normalize( + auth_dn); + + bind_credentials_set_nolock( + conn, + SLAPD_AUTH_OS, + auth_dn, + NULL, NULL, + NULL , entries[0]); + + ret = 0; + } + } + } + +entry_map_free: + /* auth_dn consumed by bind creds set */ + slapi_free_search_results_internal(search_pb); + slapi_pblock_destroy(search_pb); + slapi_ch_free_string(&filter); + slapi_ch_free_string(&utype); + slapi_ch_free_string(>ype); + slapi_ch_free_string(&base_dn); + } + + if(ret && 0 == uid) + { + /* map unix root (uidNumber:0)? */ + char *root_dn = config_get_ldapi_root_dn(); + + if(root_dn) + { + Slapi_DN *edn = slapi_sdn_new_dn_byref( + slapi_dn_normalize(root_dn)); + Slapi_Entry *e = 0; + + /* root might be locked too! :) */ + ret = slapi_search_internal_get_entry( + edn, 0, + &e, + (void*)plugin_get_default_component_id() + + ); + + if(0 == ret && e) + { + ret = check_account_lock( + 0, /* pb not req */ + e, + 0, /* no response control */ + 1 /* inactivation only */ + ); + + if(1 == ret) + /* sorry root, + * just not cool enough + */ + goto root_map_free; + } + + /* it's ok not to find the entry, + * dn doesn't have to have an entry + * e.g. cn=Directory Manager + */ + bind_credentials_set_nolock( + conn, SLAPD_AUTH_OS, root_dn, + NULL, NULL, NULL , e); + +root_map_free: + /* root_dn consumed by bind creds set */ + slapi_sdn_free(&edn); + slapi_entry_free(e); + ret = 0; + } + } + + if(ret) + { + /* create phony auth dn? */ + char *base = config_get_ldapi_auto_dn_suffix(); + if(base) + { + char *tpl = "gidNumber=%u+uidNumber=%u,"; + int len = + strlen(tpl) + + strlen(base) + + 51 /* uid,gid,null,w/padding */ + ; + char *dn_str = (char*)slapi_ch_malloc( + len); + char *auth_dn = (char*)slapi_ch_malloc( + len); + + dn_str[0] = 0; + strcpy(dn_str, tpl); + strcat(dn_str, base); + + sprintf(auth_dn, dn_str, gid, uid); + + auth_dn = slapi_dn_normalize(auth_dn); + + bind_credentials_set_nolock( + conn, + SLAPD_AUTH_OS, + auth_dn, + NULL, NULL, NULL , NULL); + + /* auth_dn consumed by bind creds set */ + slapi_ch_free_string(&dn_str); + slapi_ch_free_string(&base); + ret = 0; + } + } + } + +bail: + /* if all fails, the peer is anonymous */ + if(conn->c_dn) + { + /* log the auto bind */ + slapi_log_access(LDAP_DEBUG_STATS, "conn=%d AUTOBIND dn=\"%s\"\n", conn->c_connid, conn->c_dn); + } + + return ret; +} +#endif /* ENABLE_AUTOBIND */ +#endif /* ENABLE_LDAPI */ + /* NOTE: this routine is not reentrant */ static int -handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure) +handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, int secure, int local) { int ns = 0; Connection *conn = NULL; @@ -1810,7 +2139,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i PRFileDesc *pr_clonefd = NULL; if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from, - sizeof(from), secure, &pr_clonefd)) == SLAPD_INVALID_SOCKET ) { + sizeof(from), secure, local, &pr_clonefd)) == SLAPD_INVALID_SOCKET ) { return -1; } @@ -1935,6 +2264,21 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i connection_table_move_connection_on_to_active_list(the_connection_table,conn); } +#if defined(ENABLE_LDAPI) +#if !defined( XP_WIN32 ) + /* ldapi */ + if( local ) + { + conn->c_unix_local = 1; + slapd_identify_local_user(conn); + +#if defined(ENABLE_AUTOBIND) + slapd_bind_local_user(conn); +#endif /* ENABLE_AUTOBIND */ + } +#endif +#endif /* ENABLE_LDAPI */ + PR_Unlock( conn->c_mutex ); connection_new_private(conn); @@ -2019,7 +2363,7 @@ static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, int n_tcps, PRFileDesc *s_tcps) #else static void -unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps) +unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, PRFileDesc *s_tcps, PRFileDesc *i_unix) #endif { slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); @@ -2079,6 +2423,18 @@ unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDesc *n_tcps, P netaddr2string(&ports->s_listenaddr, addrbuf, sizeof(addrbuf)), ports->s_port, 0 ); } + +#if !defined( XP_WIN32 ) +#if defined(ENABLE_LDAPI) + if ( i_unix != NULL ) { /* LDAPI */ + LDAPDebug( LDAP_DEBUG_ANY, + "Listening on %s for LDAPI requests\n", + ports->i_listenaddr.local.path, + 0, 0 ); + } +#endif /* ENABLE_LDAPI */ +#endif + } #if defined( _WIN32 ) @@ -2273,7 +2629,7 @@ suppressed: static PRFileDesc * createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr, - int secure) + int secure, int local) { PRFileDesc *sock; PRNetAddr sa_server; @@ -2281,16 +2637,26 @@ createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr, PRSocketOptionData pr_socketoption; char addrbuf[ 256 ]; char *logname = "createprlistensocket"; + int socktype = PR_AF_INET6; + char *socktype_s = "PR_AF_INET"; if (!port) goto suppressed; PR_ASSERT( listenaddr != NULL ); +#if defined(ENABLE_LDAPI) + if(local) { /* ldapi */ + socktype = PR_AF_LOCAL; + socktype_s = "PR_AF_LOCAL"; + } +#endif /* ENABLE_LDAPI */ + /* create TCP socket */ - if ((sock = PR_OpenTCPSocket(PR_AF_INET6)) == SLAPD_INVALID_SOCKET) { + if ((sock = PR_OpenTCPSocket(socktype)) == SLAPD_INVALID_SOCKET) { prerr = PR_GetError(); slapi_log_error(SLAPI_LOG_FATAL, logname, - "PR_OpenTCPSocket(PR_AF_INET6) failed: %s error %d (%s)\n", + "PR_OpenTCPSocket(%s) failed: %s error %d (%s)\n", + socktype_s, SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr)); goto failed; } @@ -2307,17 +2673,44 @@ createprlistensocket(PRUint16 port, const PRNetAddr *listenaddr, /* set up listener address, including port */ memcpy(&sa_server, listenaddr, sizeof(sa_server)); - PRLDAP_SET_PORT( &sa_server, port ); + + if(!local) + PRLDAP_SET_PORT( &sa_server, port ); if ( PR_Bind(sock, &sa_server) == PR_FAILURE) { prerr = PR_GetError(); - slapi_log_error(SLAPI_LOG_FATAL, logname, + if(!local) + { + slapi_log_error(SLAPI_LOG_FATAL, logname, "PR_Bind() on %s port %d failed: %s error %d (%s)\n", netaddr2string(&sa_server, addrbuf, sizeof(addrbuf)), port, SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr)); + } +#if defined(ENABLE_LDAPI) + else + { + slapi_log_error(SLAPI_LOG_FATAL, logname, + "PR_Bind() on %s file %s failed: %s error %d (%s)\n", + netaddr2string(&sa_server, addrbuf, sizeof(addrbuf)), + sa_server.local.path, + SLAPI_COMPONENT_NAME_NSPR, prerr, slapd_pr_strerror(prerr)); + } +#endif /* ENABLE_LDAPI */ + goto failed; } +#if defined(ENABLE_LDAPI) + if(local) + { + if(chmod(listenaddr->local.path, + S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) + { + slapi_log_error(SLAPI_LOG_FATAL, logname, "err: %d", errno); + } + } +#endif /* ENABLE_LDAPI */ + return( sock ); failed: @@ -2536,7 +2929,7 @@ PRFileDesc * get_ssl_listener_fd() -int configure_pr_socket( PRFileDesc **pr_socket, int secure ) +int configure_pr_socket( PRFileDesc **pr_socket, int secure, int local ) { int ns = 0; int reservedescriptors = config_get_reservedescriptors(); @@ -2617,7 +3010,7 @@ int configure_pr_socket( PRFileDesc **pr_socket, int secure ) } /* else (secure) */ - if ( !enable_nagle ) { + if ( !enable_nagle && !local ) { pr_socketoption.option = PR_SockOpt_NoDelay; pr_socketoption.value.no_delay = 1; @@ -2628,7 +3021,7 @@ int configure_pr_socket( PRFileDesc **pr_socket, int secure ) SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n", prerr, slapd_pr_strerror( prerr ), 0 ); } - } else { + } else if( !local) { pr_socketoption.option = PR_SockOpt_NoDelay; pr_socketoption.value.no_delay = 0; if ( PR_SetSocketOption( *pr_socket, &pr_socketoption ) == PR_FAILURE) { diff --git a/ldap/servers/slapd/fe.h b/ldap/servers/slapd/fe.h index d4773f00..a92327c8 100644 --- a/ldap/servers/slapd/fe.h +++ b/ldap/servers/slapd/fe.h @@ -173,7 +173,7 @@ int secure_write_function( int ignore, const void *buffer, int count, struct lex int read_function(int ignore, void *buffer, int count, struct lextiof_socket_private *handle ); int write_function(int ignore, const void *buffer, int count, struct lextiof_socket_private *handle ); PRFileDesc * get_ssl_listener_fd(); -int configure_pr_socket( PRFileDesc **pr_socket, int secure ); +int configure_pr_socket( PRFileDesc **pr_socket, int secure, int local ); void configure_ns_socket( int * ns ); /* diff --git a/ldap/servers/slapd/getsocketpeer.c b/ldap/servers/slapd/getsocketpeer.c new file mode 100644 index 00000000..9a6cd362 --- /dev/null +++ b/ldap/servers/slapd/getsocketpeer.c @@ -0,0 +1,143 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. + * Copyright (C) 2007 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#if defined(ENABLE_LDAPI) + +#if defined(HAVE_GETPEERUCRED) +#include <ucred.h> +#endif + +#include <sys/types.h> +#include <unistd.h> +#include <sys/socket.h> + +/* nspr secrets - we need to do an end run around nspr + in order to do things it does not support + */ +#include <private/pprio.h> + +int slapd_get_socket_peer(PRFileDesc *nspr_fd, uid_t *uid, gid_t *gid) +{ + int ret = -1; + int fd = PR_FileDesc2NativeHandle(nspr_fd); /* naughty private func */ + +#if defined(SO_PEERCRED) /* linux */ + + struct ucred creds; + socklen_t len = sizeof(creds); + + if(0 == getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void*)&creds, &len )) + { + if(sizeof(creds) == len) + { + if(uid) + *uid = creds.uid; + if(gid) + *gid = creds.gid; + + ret = 0; + } + } + +#elif 0 /*defined(HAVE_GETPEERUCRED)*/ /* solaris */ + + ucred_t *creds = 0; + + if(0 == getpeerucred(fd, &creds)) + { + if(uid) + { + uid = ucred_getruid(creds); + if(-1 != uid) + ret = 0; + } + + if(gid) + { + gid = ucred_getrgid(creds); + if(-1 == gid) + ret = -1; + else + ret = 0; + } + + ucred_free(creds); + } + +#elif 0 /* defined(HAVE_GETPEEREID) */ /* osx / some BSDs */ + + if(0 == getpeereid(fd, &uid, &gid)) + ret = 0; + +#else 0 /* hpux / some BSDs - file descriptor cooperative auth */ + + struct msghdr msg; + struct iovec iov; + char dummy[8]; + int fd[2]; + + memset(msg, 0, sizeof(msg)); + + iov.iov_base = dummy; + iov.iov_len = sizeof(dummy); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_accrights = (char*)fd; + msg.msg_accrightslen = sizeof(fd); + + if(recvmsg(fd, &msg, MSG_PEEK) >= 0 && msg.msg_accrightslen == sizeof(int)) + { + struct stat st; + + ret = fstat(fd[0], &st); + close(fd[0]); + + if(0 == ret && S_ISFIFO(st.st_mode) && + 0 == st.st_mode & (S_IRWXG|S_IRWXO)) + { + if(uid) + uid = st.st_uid; + + if(gid) + gid = st.st_gid; + } + } + +#endif + + return ret; +} + +#endif /* ENABLE_LDAPI */ diff --git a/ldap/servers/slapd/getsocketpeer.h b/ldap/servers/slapd/getsocketpeer.h new file mode 100644 index 00000000..50879e10 --- /dev/null +++ b/ldap/servers/slapd/getsocketpeer.h @@ -0,0 +1,40 @@ +/** BEGIN COPYRIGHT BLOCK + * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with + * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA. + * + * In addition, as a special exception, Red Hat, Inc. gives You the additional + * right to link the code of this Program with code not covered under the GNU + * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program + * through those well defined interfaces identified in the file named EXCEPTION + * found in the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by + * the GNU General Public License. Only Red Hat, Inc. may make changes or + * additions to the list of Approved Interfaces. You must obey the GNU General + * Public License in all respects for all of the Program code and other code used + * in conjunction with the Program except the Non-GPL Code covered by this + * exception. If you modify this file, you may extend this exception to your + * version of the file, but you are not obligated to do so. If you do not wish to + * provide this exception without modification, you must delete this exception + * statement from your version and license this file solely under the GPL without + * exception. + * + * + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. + * Copyright (C) 2007 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +#if defined(ENABLE_LDAPI) +#if !defined(GETSOCKETPEER_H) +#define GETSOCKETPEER_H +int slapd_get_socket_peer(PRFileDesc *nspr_fd, uid_t *uid, gid_t *gid); +#endif +#endif /* ENABLE_LDAPI */ diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index 0c9338fc..313f3ae9 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -459,6 +459,33 @@ static struct config_get_and_set { {CONFIG_LISTENHOST_ATTRIBUTE, config_set_listenhost, NULL, 0, (void**)&global_slapdFrontendConfig.listenhost, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_FILENAME_ATTRIBUTE, config_set_ldapi_filename, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_filename, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_SWITCH_ATTRIBUTE, config_set_ldapi_switch, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_switch, CONFIG_ON_OFF, NULL}, + {CONFIG_LDAPI_BIND_SWITCH_ATTRIBUTE, config_set_ldapi_bind_switch, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_bind_switch, CONFIG_ON_OFF, NULL}, + {CONFIG_LDAPI_ROOT_DN_ATTRIBUTE, config_set_ldapi_root_dn, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_root_dn, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_MAP_ENTRIES_ATTRIBUTE, config_set_ldapi_map_entries, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_map_entries, CONFIG_ON_OFF, NULL}, + {CONFIG_LDAPI_UIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_uidnumber_type, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_uidnumber_type, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_GIDNUMBER_TYPE_ATTRIBUTE, config_set_ldapi_gidnumber_type, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_gidnumber_type, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE, config_set_ldapi_search_base_dn, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_search_base_dn, CONFIG_STRING, NULL}, + {CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE, config_set_ldapi_auto_dn_suffix, + NULL, 0, + (void**)&global_slapdFrontendConfig.ldapi_auto_dn_suffix, CONFIG_STRING, NULL}, {CONFIG_ACCESSLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL, log_set_mindiskspace, SLAPD_ACCESS_LOG, (void**)&global_slapdFrontendConfig.accesslog_minfreespace, CONFIG_INT, NULL}, @@ -750,6 +777,15 @@ FrontendConfig_init () { cfg->port = LDAP_PORT; cfg->secureport = LDAPS_PORT; + cfg->ldapi_filename = slapi_ch_strdup(SLAPD_LDAPI_DEFAULT_FILENAME); + cfg->ldapi_switch = LDAP_ON; + cfg->ldapi_bind_switch = LDAP_OFF; + cfg->ldapi_root_dn = slapi_ch_strdup("cn=Directory Manager"); + cfg->ldapi_map_entries = LDAP_OFF; + cfg->ldapi_uidnumber_type = slapi_ch_strdup("uidNumber"); + cfg->ldapi_gidnumber_type = slapi_ch_strdup("gidNumber"); + cfg->ldapi_search_base_dn = slapi_ch_strdup("dc=example, dc=com"); + cfg->ldapi_auto_dn_suffix = slapi_ch_strdup("cn=peercred,cn=external,cn=auth"); cfg->threadnumber = SLAPD_DEFAULT_MAX_THREADS; cfg->maxthreadsperconn = SLAPD_DEFAULT_MAX_THREADS_PER_CONN; cfg->reservedescriptors = SLAPD_DEFAULT_RESERVE_FDS; @@ -991,7 +1027,7 @@ config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) { if ( nPort == 0 ) { LDAPDebug( LDAP_DEBUG_ANY, - "Information: Non-Secure Port Disabled, server only contactable via secure port\n", 0, 0, 0 ); + "Information: Non-Secure Port Disabled\n", 0, 0, 0 ); } if ( apply ) { @@ -1142,6 +1178,163 @@ config_set_listenhost( const char *attrname, char *value, char *errorbuf, int ap } int +config_set_ldapi_filename( const char *attrname, char *value, char *errorbuf, int apply ) { + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_filename) ); + slapdFrontendConfig->ldapi_filename = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + +int +config_set_ldapi_switch( const char *attrname, char *value, char *errorbuf, int apply ) { + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + retVal = config_set_onoff(attrname, + value, + &(slapdFrontendConfig->ldapi_switch), + errorbuf, + apply); + + return retVal; +} + +int config_set_ldapi_bind_switch( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + retVal = config_set_onoff(attrname, + value, + &(slapdFrontendConfig->ldapi_bind_switch), + errorbuf, + apply); + + return retVal; +} + +int config_set_ldapi_root_dn( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_root_dn) ); + slapdFrontendConfig->ldapi_root_dn = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + +int config_set_ldapi_map_entries( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + retVal = config_set_onoff(attrname, + value, + &(slapdFrontendConfig->ldapi_map_entries), + errorbuf, + apply); + + return retVal; +} + +int config_set_ldapi_uidnumber_type( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_uidnumber_type) ); + slapdFrontendConfig->ldapi_uidnumber_type = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + +int config_set_ldapi_gidnumber_type( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_gidnumber_type) ); + slapdFrontendConfig->ldapi_gidnumber_type = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + +int config_set_ldapi_search_base_dn( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_search_base_dn) ); + slapdFrontendConfig->ldapi_search_base_dn = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + +int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *errorbuf, int apply ) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if ( apply) { + CFG_LOCK_WRITE(slapdFrontendConfig); + + slapi_ch_free ( (void **) &(slapdFrontendConfig->ldapi_auto_dn_suffix) ); + slapdFrontendConfig->ldapi_auto_dn_suffix = slapi_ch_strdup ( value ); + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + return retVal; +} + + +int config_set_securelistenhost( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); @@ -3066,6 +3259,100 @@ config_get_port(){ } char * +config_get_ldapi_filename(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_filename); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + + +int config_get_ldapi_switch(){ + int retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapdFrontendConfig->ldapi_switch; + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +int config_get_ldapi_bind_switch(){ + int retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapdFrontendConfig->ldapi_bind_switch; + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +char *config_get_ldapi_root_dn(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_root_dn); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +int config_get_ldapi_map_entries(){ + int retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapdFrontendConfig->ldapi_map_entries; + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +char *config_get_ldapi_uidnumber_type(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_uidnumber_type); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +char *config_get_ldapi_gidnumber_type(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_gidnumber_type); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +char *config_get_ldapi_search_base_dn(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_search_base_dn); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +char *config_get_ldapi_auto_dn_suffix(){ + char *retVal; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + CFG_LOCK_READ(slapdFrontendConfig); + retVal = slapi_ch_strdup(slapdFrontendConfig->ldapi_auto_dn_suffix); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + + +char * config_get_workingdir() { slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); char *retVal; diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c index e0f0203d..d735261e 100644 --- a/ldap/servers/slapd/main.c +++ b/ldap/servers/slapd/main.c @@ -453,6 +453,7 @@ usage( char *name, char *extraname ) static char *extraname; static char *myname; static int n_port = 0; +static int i_port = 0; static int s_port = 0; static char **ldif_file = NULL; static int ldif_files = 0; @@ -612,6 +613,7 @@ write_start_pid_file() } #endif /* WIN32 */ + int main( int argc, char **argv) { @@ -854,6 +856,19 @@ main( int argc, char **argv) return(1); } +#if defined(ENABLE_LDAPI) + if( config_get_ldapi_switch() && + config_get_ldapi_filename() != 0) + { + i_port = ports_info.i_port = 1; /* flag ldapi as on */ + ports_info.i_listenaddr.local.family = PR_AF_LOCAL; + PL_strncpyz(ports_info.i_listenaddr.local.path, + config_get_ldapi_filename(), + sizeof(ports_info.i_listenaddr.local.path)); + unlink(ports_info.i_listenaddr.local.path); + } +#endif /* ENABLE_LDAPI */ + return_value = daemon_pre_setuid_init(&ports_info); if (0 != return_value) { LDAPDebug( LDAP_DEBUG_ANY, "Failed to init daemon\n", @@ -1081,6 +1096,7 @@ main( int argc, char **argv) normalize_oc(); if (n_port) { + } else if (i_port) { } else if ( config_get_security()) { } else { #ifdef _WIN32 @@ -1105,6 +1121,10 @@ main( int argc, char **argv) MessageBox(GetDesktopWindow(), szMessage, " ", MB_ICONEXCLAMATION | MB_OK); } #endif + LDAPDebug( LDAP_DEBUG_ANY, + "Fatal Error---No ports specified. " + "Exiting now.\n", 0, 0, 0 ); + exit(1); } } diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c index 55d81c8a..feff7241 100644 --- a/ldap/servers/slapd/passwd_extop.c +++ b/ldap/servers/slapd/passwd_extop.c @@ -592,7 +592,7 @@ parse_req_done: if (oldPasswd == NULL || *oldPasswd == '\0') { /* If user is authenticated, they already gave their password during - the bind operation (or used sasl or client cert auth) */ + the bind operation (or used sasl or client cert auth or OS creds) */ slapi_pblock_get(pb, SLAPI_CONN_AUTHMETHOD, &authmethod); if (!authmethod || !strcmp(authmethod, SLAPD_AUTH_NONE)) { errMesg = "User must be authenticated to the directory server.\n"; diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index be59e274..2ca642a1 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -212,6 +212,8 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) (*(char **)value) = SLAPD_AUTH_SIMPLE; } else if (strcasecmp(authtype, SLAPD_AUTH_SSL) == 0) { (*(char **)value) = SLAPD_AUTH_SSL; + } else if (strcasecmp(authtype, SLAPD_AUTH_OS) == 0) { + (*(char **)value) = SLAPD_AUTH_OS; } else if (strncasecmp(authtype, SLAPD_AUTH_SASL, strlen(SLAPD_AUTH_SASL)) == 0) { (*(char **)value) = SLAPD_AUTH_SASL; @@ -2932,7 +2934,15 @@ bind_credentials_set( Connection *conn, char *authtype, char *normdn, char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry ) { PR_Lock( conn->c_mutex ); + bind_credentials_set_nolock(conn, authtype, normdn, + extauthtype, externaldn, clientcert, bind_target_entry); + PR_Unlock( conn->c_mutex ); +} +void +bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn, + char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry ) +{ /* clear credentials */ bind_credentials_clear( conn, PR_FALSE /* conn is already locked */, ( extauthtype != NULL ) /* clear external creds. if requested */ ); @@ -2968,6 +2978,4 @@ bind_credentials_set( Connection *conn, char *authtype, char *normdn, reslimit_update_from_entry( conn, bind_target_entry ); } } - - PR_Unlock( conn->c_mutex ); } diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index c7c09a23..6a68d049 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -239,6 +239,15 @@ int config_set_SSL3ciphers( const char *attrname, char *value, char *errorbuf, i int config_set_localhost( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_listenhost( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_securelistenhost( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_filename( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_switch( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_bind_switch( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_root_dn( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_map_entries( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_uidnumber_type( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_gidnumber_type( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_search_base_dn( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_srvtab( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_lastmod( const char *attrname, char *value, char *errorbuf, int apply ); @@ -334,6 +343,15 @@ char *config_get_SSL3ciphers(); char *config_get_localhost(); char *config_get_listenhost(); char *config_get_securelistenhost(); +char *config_get_ldapi_filename(); +int config_get_ldapi_switch(); +int config_get_ldapi_bind_switch(); +char *config_get_ldapi_root_dn(); +int config_get_ldapi_map_entries(); +char *config_get_ldapi_uidnumber_type(); +char *config_get_ldapi_gidnumber_type(); +char *config_get_ldapi_search_base_dn(); +char *config_get_ldapi_auto_dn_suffix(); char *config_get_srvtab(); int config_get_sizelimit(); char *config_get_pw_storagescheme(); @@ -738,7 +756,7 @@ int check_pw_syntax( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, char **old_pw, Slapi_Entry *e, int mod_op ); int check_pw_syntax_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, char **old_pw, Slapi_Entry *e, int mod_op, Slapi_Mods *smods ); -int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req); +int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/); int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ; void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e ); void mod_allowchange_aci(char *val); @@ -961,6 +979,9 @@ void pblock_init( Slapi_PBlock *pb ); void pblock_init_common( Slapi_PBlock *pb, Slapi_Backend *be, Connection *conn, Operation *op ); void pblock_done( Slapi_PBlock *pb ); void bind_credentials_set( Connection *conn, + char *authtype, char *normdn, + char *extauthtype, char *externaldn, CERTCertificate *clientcert , Slapi_Entry * binded); +void bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn, char *extauthtype, char *externaldn, CERTCertificate *clientcert , Slapi_Entry * binded); void bind_credentials_clear( Connection *conn, PRBool lock_conn, diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c index a383032c..20303f29 100644 --- a/ldap/servers/slapd/pw_mgmt.c +++ b/ldap/servers/slapd/pw_mgmt.c @@ -291,7 +291,7 @@ skip: /* check_account_lock is called before bind opeation; this could be a pre-op. */ int -check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req) { +check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only) { time_t unlock_time; time_t cur_time; @@ -312,8 +312,11 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre if ( bind_target_entry == NULL ) return -1; - dn = slapi_entry_get_ndn(bind_target_entry); - pwpolicy = new_passwdPolicy(pb, dn); + if(!account_inactivation_only) + { + dn = slapi_entry_get_ndn(bind_target_entry); + pwpolicy = new_passwdPolicy(pb, dn); + } /* kexcoff: account inactivation */ /* check if the entry is locked by nsAccountLock attribute - account inactivation feature */ @@ -334,11 +337,12 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre if ( (bvp != NULL) && (strcasecmp(bvp->bv_val, "true") == 0) ) { /* account inactivated */ - if (pwresponse_req) { + if (!account_inactivation_only && pwresponse_req) { slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_ACCTLOCKED ); } - send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL, + if(!account_inactivation_only) + send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL, "Account inactivated. Contact system administrator.", 0, NULL ); slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags); @@ -354,7 +358,7 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre /* * Check if the password policy has to be checked or not */ - if ( pwpolicy->pw_lockout == 0 ) { + if ( account_inactivation_only || pwpolicy->pw_lockout == 0 ) { goto notlocked; } @@ -412,11 +416,13 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre } notlocked: - /* account is not locked. */ - delete_passwdPolicy(&pwpolicy); + /* account is not locked. */ + if(!account_inactivation_only) + delete_passwdPolicy(&pwpolicy); return ( 0 ); locked: - delete_passwdPolicy(&pwpolicy); + if(!account_inactivation_only) + delete_passwdPolicy(&pwpolicy); return (1); } diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c index 53375292..d91cd69b 100644 --- a/ldap/servers/slapd/saslbind.c +++ b/ldap/servers/slapd/saslbind.c @@ -917,7 +917,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb) { break; } - if ( check_account_lock(pb, bind_target_entry, pwresponse_requested) == 1) { + if ( check_account_lock(pb, bind_target_entry, pwresponse_requested, 0) == 1) { slapi_entry_free(bind_target_entry); break; } diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index acc4a3cb..da7da7b9 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -304,6 +304,10 @@ typedef void (*VFP0)(); /* the default schema sub directory of the config sub directory */ #define SCHEMA_SUBDIR_NAME "schema" +/* LDAPI default configuration */ +#define SLAPD_LDAPI_DEFAULT_FILENAME "/var/run/ldapi" +#define SLAPD_LDAPI_DEFAULT_STATUS "off" + struct subfilt { char *sf_type; char *sf_initial; @@ -1249,6 +1253,9 @@ typedef struct conn { int c_enable_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */ int c_sasl_io; /* Flag to tell us to enable SASL I/O on the next read */ int c_sasl_ssf; /* flag to tell us the SASL SSF */ + int c_unix_local; /* flag true for LDAPI */ + uid_t c_local_uid; /* uid of connecting process */ + gid_t c_local_gid; /* gid of connecting process */ } Connection; #define CONN_FLAG_SSL 1 /* Is this connection an SSL connection or not ? * Used to direct I/O code when SSL is handled differently @@ -1456,6 +1463,11 @@ typedef struct daemon_ports_s { int s_socket_native; #else PRFileDesc *n_socket; + /* ldapi */ + PRNetAddr i_listenaddr; + int i_port; /* used as a flag only */ + PRFileDesc *i_socket; + #endif PRFileDesc *s_socket; } daemon_ports_t; @@ -1640,6 +1652,15 @@ typedef struct _slapdEntryPoints { #define CONFIG_PORT_ATTRIBUTE "nsslapd-port" #define CONFIG_WORKINGDIR_ATTRIBUTE "nsslapd-workingdir" #define CONFIG_LISTENHOST_ATTRIBUTE "nsslapd-listenhost" +#define CONFIG_LDAPI_FILENAME_ATTRIBUTE "nsslapd-ldapifilepath" +#define CONFIG_LDAPI_SWITCH_ATTRIBUTE "nsslapd-ldapilisten" +#define CONFIG_LDAPI_BIND_SWITCH_ATTRIBUTE "nsslapd-ldapiautobind" +#define CONFIG_LDAPI_ROOT_DN_ATTRIBUTE "nsslapd-ldapimaprootdn" +#define CONFIG_LDAPI_MAP_ENTRIES_ATTRIBUTE "nsslapd-ldapimaptoentries" +#define CONFIG_LDAPI_UIDNUMBER_TYPE_ATTRIBUTE "nsslapd-ldapiuidnumbertype" +#define CONFIG_LDAPI_GIDNUMBER_TYPE_ATTRIBUTE "nsslapd-ldapigidnumbertype" +#define CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE "nsslapd-ldapientrysearchbase" +#define CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE "nsslapd-ldapiautodnsuffix" #define CONFIG_SECURITY_ATTRIBUTE "nsslapd-security" #define CONFIG_SSL3CIPHERS_ATTRIBUTE "nsslapd-SSL3ciphers" #define CONFIG_ACCESSLOG_ATTRIBUTE "nsslapd-accesslog" @@ -1889,6 +1910,15 @@ typedef struct _slapdFrontendConfig { int attrname_exceptions; /* if true, allow questionable attribute names */ int rewrite_rfc1274; /* return attrs for both v2 and v3 names */ char *schemareplace; /* see CONFIG_SCHEMAREPLACE_* #defines below */ + char *ldapi_filename; /* filename for ldapi socket */ + int ldapi_switch; /* switch to turn ldapi on/off */ + int ldapi_bind_switch; /* switch to turn ldapi auto binding on/off */ + char *ldapi_root_dn; /* DN to map root to over LDAPI */ + int ldapi_map_entries; /* turns ldapi entry bind mapping on/off */ + char *ldapi_uidnumber_type; /* type that contains uid number */ + char *ldapi_gidnumber_type; /* type that contains gid number */ + char *ldapi_search_base_dn; /* base dn to search for mapped entries */ + char *ldapi_auto_dn_suffix; /* suffix to be appended to auto gen DNs */ } slapdFrontendConfig_t; #define SLAPD_FULL 0 @@ -1902,6 +1932,8 @@ typedef struct _slapdFrontendConfig { slapdFrontendConfig_t *getFrontendConfig(); +int slapd_bind_local_user(Connection *conn); + /* LP: NO_TIME cannot be -1, it generates wrong GeneralizedTime * And causes some errors on AIX also */ diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index 0149556a..c624b38c 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -1367,7 +1367,7 @@ int slapi_reslimit_get_integer_limit( Slapi_Connection *conn, int handle, #define SLAPD_AUTH_SIMPLE "simple" #define SLAPD_AUTH_SSL "SSL" #define SLAPD_AUTH_SASL "SASL " /* followed by the mechanism name */ - +#define SLAPD_AUTH_OS "OS" /* Command Line Arguments */ #define SLAPI_ARGC 147 diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c index 93c12775..3b4fadcb 100644 --- a/ldap/servers/slapd/start_tls_extop.c +++ b/ldap/servers/slapd/start_tls_extop.c @@ -275,7 +275,8 @@ start_tls( Slapi_PBlock *pb ) * connection ready. */ secure = 1; - ns = configure_pr_socket( &newsocket, secure ); + ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ ); + /* ber_sockbuf_set_option( conn->c_sb, LBER_SOCKBUF_OPT_DESC, &newsocket ); @@ -417,7 +418,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator ) #ifndef _WIN32 secure = 0; - ns = configure_pr_socket( &(c->c_prfd), secure ); + ns = configure_pr_socket( &(c->c_prfd), secure, 0 /*never local*/ ); ber_sockbuf_set_option( c->c_sb, LBER_SOCKBUF_OPT_DESC, &(c->c_prfd) ); @@ -46,16 +46,10 @@ PACKAGE=libtool VERSION=1.5.22 TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes. +if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi # Check that we have a working $echo. @@ -111,14 +105,12 @@ esac # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). # We save the old values to restore during execute mode. -for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES -do - eval "if test \"\${$lt_var+set}\" = set; then - save_$lt_var=\$$lt_var - $lt_var=C - export $lt_var - fi" -done +if test "${LC_ALL+set}" = set; then + save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL +fi +if test "${LANG+set}" = set; then + save_LANG="$LANG"; LANG=C; export LANG +fi # Make sure IFS has a sensible default lt_nl=' @@ -144,8 +136,6 @@ duplicate_deps=no preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 ##################################### # Shell function definitions: @@ -337,17 +327,7 @@ func_extract_archives () *) my_xabs=`pwd`"/$my_xlib" ;; esac my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - extracted_serial=`expr $extracted_serial + 1` - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" + my_xdir="$my_gentop/$my_xlib" $show "${rm}r $my_xdir" $run ${rm}r "$my_xdir" @@ -778,7 +758,6 @@ if test -z "$show_help"; then *.f90) xform=f90 ;; *.for) xform=for ;; *.java) xform=java ;; - *.obj) xform=obj ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` @@ -1159,9 +1138,8 @@ EOF for arg do case $arg in - -all-static | -static | -static-libtool-libs) - case $arg in - -all-static) + -all-static | -static) + if test "X$arg" = "X-all-static"; then if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2 fi @@ -1169,20 +1147,12 @@ EOF dlopen_self=$dlopen_self_static fi prefer_static_libs=yes - ;; - -static) + else if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac + fi build_libtool_libs=no build_old_libs=yes break @@ -1742,7 +1712,7 @@ EOF continue ;; - -static | -static-libtool-libs) + -static) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects @@ -2520,9 +2490,7 @@ EOF if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || - test -z "$old_library"; }; then + { test "$prefer_static_libs" = no || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. @@ -3218,7 +3186,7 @@ EOF # which has an extra 1 added just for fun # case $version_type in - darwin|linux|osf|windows|none) + darwin|linux|osf|windows) current=`expr $number_major + $number_minor` age="$number_minor" revision="$number_revision" @@ -3442,11 +3410,11 @@ EOF fi # Eliminate all temporary directories. -# for path in $notinst_path; do -# lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` -# deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` -# dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` -# done + for path in $notinst_path; do + lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` + deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` + dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` + done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. @@ -3547,12 +3515,13 @@ EOF int main() { return 0; } EOF $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then + $LTCC $LTCFLAGS -o conftest conftest.c $deplibs + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` for i in $deplibs; do name=`expr $i : '-l\(.*\)'` # If $name is empty we are operating on a -L argument. - if test "$name" != "" && test "$name" != "0"; then + if test "$name" != "" && test "$name" -ne "0"; then if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $i "*) @@ -3591,7 +3560,9 @@ EOF # If $name is empty we are operating on a -L argument. if test "$name" != "" && test "$name" != "0"; then $rm conftest - if $LTCC $LTCFLAGS -o conftest conftest.c $i; then + $LTCC $LTCFLAGS -o conftest conftest.c $i + # Did it work? + if test "$?" -eq 0 ; then ldd_output=`ldd conftest` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in @@ -3623,7 +3594,7 @@ EOF droppeddeps=yes $echo $echo "*** Warning! Library $i is needed by this library but I was not able to" - $echo "*** make it link in! You will probably need to install it or some" + $echo "*** make it link in! You will probably need to install it or some" $echo "*** library that it depends on before this library will be fully" $echo "*** functional. Installing it before continuing would be even better." fi @@ -4268,14 +4239,12 @@ EOF reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. + # -Wl from whole_archive_flag_spec wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -4723,16 +4692,16 @@ static const void *lt_preloaded_setup() { case $host in *cygwin* | *mingw* ) if test -f "$output_objdir/${outputname}.def" ; then - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` else - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` fi ;; * ) - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` ;; esac ;; @@ -4747,13 +4716,13 @@ static const void *lt_preloaded_setup() { # really was required. # Nullify the symbol file. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` - finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` fi if test "$need_relink" = no || test "$build_libtool_libs" != yes; then # Replace the output file specification. - compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP` + compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -4840,7 +4809,7 @@ static const void *lt_preloaded_setup() { if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP` + relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= @@ -4877,7 +4846,7 @@ static const void *lt_preloaded_setup() { fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` fi # Quote $echo for shipping. @@ -5284,18 +5253,6 @@ EOF Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' -# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE). -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi - # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH @@ -5438,7 +5395,7 @@ else ;; esac $echo >> $output "\ - \$echo \"\$0: cannot exec \$program \$*\" + \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" exit $EXIT_FAILURE fi else @@ -5624,7 +5581,7 @@ fi\ done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -5969,9 +5926,9 @@ relink_command=\"$relink_command\"" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP` + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi $echo "$modename: warning: relinking \`$file'" 1>&2 @@ -6180,7 +6137,7 @@ relink_command=\"$relink_command\"" file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP` + relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` $show "$relink_command" if $run eval "$relink_command"; then : @@ -6456,15 +6413,12 @@ relink_command=\"$relink_command\"" fi # Restore saved environment variables - for lt_var in LANG LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - else - $lt_unset $lt_var - fi" - done - + if test "${save_LC_ALL+set}" = set; then + LC_ALL="$save_LC_ALL"; export LC_ALL + fi + if test "${save_LANG+set}" = set; then + LANG="$save_LANG"; export LANG + fi # Now prepare to actually exec the command. exec_cmd="\$cmd$args" @@ -6821,9 +6775,9 @@ The following components of LINK-COMMAND are treated specially: -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE + try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX - try to export only the symbols matching REGEX + try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened @@ -6837,11 +6791,9 @@ The following components of LINK-COMMAND are treated specially: -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries + -static do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] + specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. |