From 2cc5ac4e6de01c75d3b974146fde7f41a77b0268 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Thu, 25 Feb 2010 08:46:32 -0700 Subject: problems linking with -z defs https://bugzilla.redhat.com/show_bug.cgi?id=506206 Resolves: bug 506206 Bug Description: problems linking with -z defs Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Some platforms (debian) and some build checking tools (rpmlint, others) link with -z defs to look for any undefined references at link time. We had several of these in various directory server objects. 1) all of the plugins need to link against libslapd.la 2) most of the plugins need to link against ldapcsdk and nspr 3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform dependent 4) various other link fixes Platforms tested: RHEL5 x86_64 Flag Day: yes - autotool file changes Doc impact: no --- ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 2 +- ldap/servers/slapd/bind.c | 76 -------------------------------- ldap/servers/slapd/ldaputil.c | 75 +++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 77 deletions(-) (limited to 'ldap/servers/slapd') diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c index ce79c6fe..e5faa27d 100644 --- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c @@ -1951,7 +1951,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb) &psrdn, NULL, 0, run_from_cmdline, NULL); if (rc) { - LDAPDebugArg(LDAP_DEBUG_ANY, + LDAPDebug1Arg(LDAP_DEBUG_ANY, "ldbm2ldif: Failed to get dn of ID " "%d\n", pid); slapi_ch_free_string(&rdn); diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index 79d8c5cf..8c5bc6ba 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -804,79 +804,3 @@ log_bind_access ( method, version ); } } - - -void -slapi_add_auth_response_control( Slapi_PBlock *pb, const char *binddn ) -{ - LDAPControl arctrl; - char dnbuf_fixedsize[ 512 ], *dnbuf, *dnbuf_dynamic = NULL; - size_t dnlen; - - if ( NULL == binddn ) { - binddn = ""; - } - dnlen = strlen( binddn ); - - /* - * According to draft-weltman-ldapv3-auth-response-03.txt section - * 4 (Authentication Response Control): - * - * The controlType is "2.16.840.1.113730.3.4.15". If the bind request - * succeeded and resulted in an identity (not anonymous), the - * controlValue contains the authorization identity [AUTH] granted to - * the requestor. If the bind request resulted in anonymous - * authentication, the controlValue field is a string of zero length. - * - * [AUTH] is a reference to RFC 2829, which in section 9 defines - * authorization identity as: - * - * - * The authorization identity is a string in the UTF-8 character set, - * corresponding to the following ABNF [7]: - * - * ; Specific predefined authorization (authz) id schemes are - * ; defined below -- new schemes may be defined in the future. - * - * authzId = dnAuthzId / uAuthzId - * - * ; distinguished-name-based authz id. - * dnAuthzId = "dn:" dn - * dn = utf8string ; with syntax defined in RFC 2253 - * - * ; unspecified userid, UTF-8 encoded. - * uAuthzId = "u:" userid - * userid = utf8string ; syntax unspecified - * - * A utf8string is defined to be the UTF-8 encoding of one or more ISO - * 10646 characters. - * - * We always map identities to DNs, so we always use the dnAuthzId form. - */ - arctrl.ldctl_oid = LDAP_CONTROL_AUTH_RESPONSE; - arctrl.ldctl_iscritical = 0; - - if ( dnlen == 0 ) { /* anonymous -- return zero length value */ - arctrl.ldctl_value.bv_val = ""; - arctrl.ldctl_value.bv_len = 0; - } else { /* mapped to a DN -- return "dn:" */ - if ( 3 + dnlen < sizeof( dnbuf_fixedsize )) { - dnbuf = dnbuf_fixedsize; - } else { - dnbuf = dnbuf_dynamic = slapi_ch_malloc( 4 + dnlen ); - } - strcpy( dnbuf, "dn:" ); - strcpy( dnbuf + 3, binddn ); - arctrl.ldctl_value.bv_val = dnbuf; - arctrl.ldctl_value.bv_len = 3 + dnlen; - } - - if ( slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, &arctrl ) != 0 ) { - slapi_log_error( SLAPI_LOG_FATAL, "bind", - "unable to add authentication response control" ); - } - - if ( NULL != dnbuf_dynamic ) { - slapi_ch_free_string( &dnbuf_dynamic ); - } -} diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index 9c69254f..2c5b0c9b 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -768,6 +768,81 @@ done: return rc; } +void +slapi_add_auth_response_control( Slapi_PBlock *pb, const char *binddn ) +{ + LDAPControl arctrl; + char dnbuf_fixedsize[ 512 ], *dnbuf, *dnbuf_dynamic = NULL; + size_t dnlen; + + if ( NULL == binddn ) { + binddn = ""; + } + dnlen = strlen( binddn ); + + /* + * According to draft-weltman-ldapv3-auth-response-03.txt section + * 4 (Authentication Response Control): + * + * The controlType is "2.16.840.1.113730.3.4.15". If the bind request + * succeeded and resulted in an identity (not anonymous), the + * controlValue contains the authorization identity [AUTH] granted to + * the requestor. If the bind request resulted in anonymous + * authentication, the controlValue field is a string of zero length. + * + * [AUTH] is a reference to RFC 2829, which in section 9 defines + * authorization identity as: + * + * + * The authorization identity is a string in the UTF-8 character set, + * corresponding to the following ABNF [7]: + * + * ; Specific predefined authorization (authz) id schemes are + * ; defined below -- new schemes may be defined in the future. + * + * authzId = dnAuthzId / uAuthzId + * + * ; distinguished-name-based authz id. + * dnAuthzId = "dn:" dn + * dn = utf8string ; with syntax defined in RFC 2253 + * + * ; unspecified userid, UTF-8 encoded. + * uAuthzId = "u:" userid + * userid = utf8string ; syntax unspecified + * + * A utf8string is defined to be the UTF-8 encoding of one or more ISO + * 10646 characters. + * + * We always map identities to DNs, so we always use the dnAuthzId form. + */ + arctrl.ldctl_oid = LDAP_CONTROL_AUTH_RESPONSE; + arctrl.ldctl_iscritical = 0; + + if ( dnlen == 0 ) { /* anonymous -- return zero length value */ + arctrl.ldctl_value.bv_val = ""; + arctrl.ldctl_value.bv_len = 0; + } else { /* mapped to a DN -- return "dn:" */ + if ( 3 + dnlen < sizeof( dnbuf_fixedsize )) { + dnbuf = dnbuf_fixedsize; + } else { + dnbuf = dnbuf_dynamic = slapi_ch_malloc( 4 + dnlen ); + } + strcpy( dnbuf, "dn:" ); + strcpy( dnbuf + 3, binddn ); + arctrl.ldctl_value.bv_val = dnbuf; + arctrl.ldctl_value.bv_len = 3 + dnlen; + } + + if ( slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, &arctrl ) != 0 ) { + slapi_log_error( SLAPI_LOG_FATAL, "bind", + "unable to add authentication response control" ); + } + + if ( NULL != dnbuf_dynamic ) { + slapi_ch_free_string( &dnbuf_dynamic ); + } +} + /* the following implements the client side of sasl bind, for LDAP server -> LDAP server SASL */ -- cgit