================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP. My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
================
If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file. The programs
exit if the file cannot be read.
[Complete contents of file is used as password. Use:
echo -n "secret" > password
to create a file with "secret" as the password. The -n avoids
adding a newline (which would invalidate the password). Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]
I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords. [I fixed up ldapwhoami.]
Rerun autoconf after applying this patch. [Done.]
Note: I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt. (fstat() is used to warn if the file is publicly
readable or writeable.) [I used fstat() to set the buffer size to
read.]
[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
Version: head
OS: SuSE Linux 7.3
URL: ftp://ftp.openldap.org/incoming/norbert.klasen.rejects.20020605.patch
Submission from: (NULL) (62.104.216.66)
This patch adds an '-S' option to ldapmodify. If a filename is specified with
this option, records which could not successfully be added/modified/deleted from
the LDAP server will be written to the specified file. Most useful in
conjunction with '-c' option.
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Here are fixes for more places where the argument to ctype.h functions
should be in the range of `unsigned char'.
Explanation of the last patch (to schema_init.c:bvcasechr()):
TOLOWER() and TOUPPER() return values in the range of `unsigned char',
but bvcasechr() then compares those values with a plain `char'. So I
convert the return values from TOLOWER()/TOUPPER() to `char' first.
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, April 2002.
using best available mechanism. (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
-R now ignored
-C added to chase. No rebind proc yet, no checking of appropriate authentication.
complain if non-critical TLS was not started.
Fail if requested version is not supported.
ldapdelete:
deletechildren modified to use ldap_search_ext_s()
fixed deletechildren dn memory leak
ldapsearch:
modified to use ldap_search_ext()
references, extended results, and extended partial results. LDIF
extended to support these new features and reported version 2.
-L now limits output to LDIFv1 for compatibility reasons. No
-L is now LDIFv2. Old alternative form is no longer supported.
Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp
Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded
file://tmp/
an internal flag set. Used for SEQUENCE testing. Flag must
be set using debugger. Modified ber_printf to use new format
were needed for extensibility testing.
Added first cut -lldap support for extended responses.
Modified ldapsearch(1) to handle v3 search references when not
chasing. Also added extended/unsolicited notification handling
and extended partial response handling. Changes include a
number of LDIF enhancements.
Fixed getpassphrase() returns NULL bugs
simple bind via:
{KERBEROS}principal
Code is disabled by default (for security reasons). Use
--enable-kpasswd to enable. Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support. Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
ldapsearch:
use draft guidelines for determining when to use
-t only writes binary attributes to files
-tt writes all attributes to files
output now lists URL instead of path to such files
-T dir can be used to specify directory to create temp files in
-V urlprefix can be used to change the URL prefix
LDIF is now commented (can be disabled using -LL)
LDIF now contains version attribute (can be disabled with -LLL)
LDIF:
put interface changed to allow caller to specify how to encode
put interface uses draft guidelines for determine when to base64 encode
wrapping kludged to match old off by one bug
Tests:
removed trailing space from some attributes (to avoid base64 encoding)
enabled -LLL in defines.sh (should sed output to remove
wrapping/comments/redundant separators)
Misc:
updated codes outputting LDIF to use new put interface
TODO:
handling of version attribute on input
handling of URLs on input (ie: fetch URL)
Includes support for update referral for each replicated backend.
Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world. Still testing in LDAPv3 world.
Added default referral (test009) test.
ldap_defaults.h incorporates non-generated ldapconfig.h values.
ldap_config.h.in is new template for autoconf generated defaults
(namely directories and paths)
ldap_config.h.nt, NT template (must be manually copied)
s/<ldapconfig.h>/<ldap_defaults.h>/
s/DIRSEP/LDAP_DIRSEP/ & s/DEFAULT_/LDAP_/
Check for ldap_set_option() error using LDAP_OPT_ERROR, not -1.
(probably should check != LDAP_OPT_SUCCESS instead).
Added additional usage errors.
Used return(EXIT_FAILURE) instead of exit(1).
Used DIRSEP instead of '/' && '\\'
Moved verbose output to stderr.
library use:
LBER_ macros expand to system routines.
LDAP_ macros expand to new ber_ allocators.
Add ber_ and ldap_ memory allocators/deallocator:
ber_ routines are wrappers of LBER_ macros.
ldap_ routines are wrappers of ber_ routines.
Removed safe_realloc() macro from various files. This issue
(if an issue) should be resolved across whole package.
ldapmodify.c now uses ber_ allocators to resolve ber_bvfree()
vs. WIN32 multiple heaps issue.
These changes should facilate implementation of
ber_set_option( NULL, LBER_OPT_MEMORY_FN, ...)
and
ldap_set_option( NULL, LDAP_OPT_MEMORY_FN, ...).
This commit includes many changes. All changes compile under NT but
have not been tested under UNIX.
A Summary of changes (likely incomplete):
NT changes:
Removed lint.
Clean up configuration support for "Debug", "Release", "SDebug",
and "SRelease" configurations.
Share output directories for clients, libraries,
and slapd. (maybe they should be combined further
and moved to build/{,S}{Debug,Release}).
Enable threading when _MT is defined.
Enable debuging when _DEBUG is defined.
Disable setting of NDEBUG under Release/SRelease. Asserts
are disabled in <ac/assert.h> when LDAP_DEBUG is not
defined.
Added 'build/main.dsp' Master project.
Removed non-slapd projects from slapd.dsp (see main.dsp).
Removed replaced many uses of _WIN32 macro with feature based
macros.
ldap_cdefs.h changes
#define LDAP_CONST const
(see below)
#define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST
To allow specifiers to be added before and after
the type declaration. (For DLL handling)
LBER/LDAP changes
Namespace changes:
s/lber_/ber_/ for here and there.
s/NAME_ERROR/LDAP_NAME_ERROR/g
Deleted NULLMSG and other NULL* macros for namespace reasons.
"const" libraries. Installed headers (ie: lber.h, ldap.h)
use LDAP_CONST macro. Normally set to 'const' when
__STDC__. Can be set externally to enable/disable
'constification' of external interface. Internal
interface always uses 'const'. Did not fix warnings
in -lldif (in lieu of new LDIF parser).
Added _ext API implementations (excepting search and bind).
Need to implement ldap_int_get_controls() for reponses
with controls.
Added numberous assert() checks.
LDAP_R
_MT defines HAVE_NT_THREADS
Added numberous assert() checks.
Changed ldap_pthread_t back to unsigned long. Used cast
to HANDLE in _join().
LDBM
Replaced _WIN32 with HAVE_SYSLOG
ud
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
slapd
Made connection sockbuf field a pointer to a sockbuf. This
removed slap.h dependency on lber-int.h. lber-int.h now only
included by those files needing to mess with the sockbuf.
Used ber_* functions/macros to access sockbuf internals whenever
possible.
Added version string if MKVERSION is not defined. (MKVERSION
needs to be set under UNIX).
Removed FD_SET unsigned lint
slapd/tools
Used EXEEXT to added ".exe" to routines. Need to define EXEEXT
under UNIX.
ldappasswd
Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand().
nt_debug
Minor cleanup. Added "portable.h" include and used <ac/*.h> where
appropriate. Added const to char* format argument.
reindentation, and use of spaces instead of tab. Diffs will be reviewed
to identify and commit only functional changes as time permits.
Note: this is more my fault than Dave's. I should have provided
clearer guidance. Live and learn.
This could cause problems on odd systems. The generic
headers should be extended as needed to include necessary
system headers or, if necessary, make explicit declarations.
Extended ac/string.h header to look for string.h/strings.h if
STDC_HEADERS is not defined. Also provide basic declarations for
str*() functions. This could cause problems on odd systems.
Extended ac/unistd.h header to define basic declaration for misc
functions that might be missing from headers. This includes
externs for getenv(), getopt(), mktemp(), tempname().
Protect fax500.h from multiple inclusion. Moved includes of
system/generic headers back to source files.
Made mail500 helper functions static.
Fixed includes of ctype.h, signal.h, etc. to use generics.
lutil/tempname.c: was including stdlib.h twice, one should stdio.h.
Wrapped <sys/resource.h> with HAVE_SYS_RESOURCE_H.
lber/io.c/ber_get_next(): Changed noctets back to signed.
Used with BerRead which expects signed int as second arg and
returns signed int.
Most function and variable definitions are now preceded by its extern
definition, for error checking. Retyped a number of functions, usually
to return void. Fixed a number of printf format errors.
API changes (in ldap/include):
Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.
A number of `extern' declarations are left (some added by protoize), to
be cleaned away later. Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
Modified clients to reduce use of ldapconfig.h.edit.
ldap_{get,set}_option support is relatively complete. Needs
to be extended to support other "features" of OpenLDAP.
updated clients to use ldap_get/set_options
ld_options is renamed ld_booleans. ldap-int.h has accessor macros.
updated libldap to use new accessor macros.