Enable autoconf build on Windows with cygwin and free MSVC compiler + SDK
1) Don't set the -lsvrcore in SVRCORE_LIBS in configure - instead, do it the
way we do the NSPR and NSS libs, in build.mk
2) For the component LINK macros, use name.lib instead of -lname on Windows
3) The new free MSVC compiler does not have lib.exe - add an autoconf test for
the lib program and use link /lib if missing
4) If using MSVC (which expects DOS style absolute paths) and cygwin (which
uses unix style abs. paths), use cygpath -m on all user supplied paths to make
sure they are in the correct format for cl and link. It's better to do this
during configure rather than depend on cygwin_wrapper which is much, much
slower.
5) Don't link with the odbc libs (Why did we ever need these!?!??!?)
6) The free MSVC doesn't include afxwin.h, so use the other header files
instead
7) Add libutil to the Windows build, including getting rid of the old Makefile
and adding a new Makefile.in for the autoconf build (the Makefile.client
remains)
8) getopt.c doesn't need lber.h
I verified that these changes also build on Win2k with MSVC 6 SP 3. I also changed the copyright in the new Makefile.in as suggested by Mark Smith.
When the malloc fails in the 'v' or 'V' ber_scanf case, we need to break out of the loop and return with an LBER_DEFAULT code. Also, in the realloc case, we need to save a copy of the old pointer and use either ber_svecfree ('v' case) or ber_bvecfree ('V' case) to clean up the memory.
bug 324525
If the malloc is done to allocate the *bv, but then an lber error is
encountered while doing the ber_skip_tag (due to a bad or malicious client),
the bv->bv_val is set to a random value. If you then try to use ber_bvfree to
free the bv, it may call free on this uninitialized value, and badness ensues.
I think the proper fix is for ber_get_stringal to set (*bv)->bv_val to NULL and
(*bv)->bv_len to 0 just after the malloc.
There were only a few places that needed to be changed. I needed to change the
order of c++ and cc detection around in configure - it seems that if you do the
cross compilation stuff first, it messes up the "regular" case, which is the
more important one. In order for the GNU_CC tests to work, you must define
CC=gcc and CXX=g++ on the configure command line. If building 64 bit, you must
also specify CFLAGS=-m64 and CXXFLAGS=-m64. I also removed the extra arguments
for static library building as they were not only not necessary but they were
also making the build abort.
Mem and resource leaks in ldapsinit.c
1) I'm pretty sure the reference to socket should be fd instead. I don't know
why it compiled with socket in there . . . note to self: read compiler warnings
. . .
2) The cert returned by SSL_PeerCertificate is "dup"ed, so we need to call
CERT_DestroyCertificate to release it otherwise we'll leak references.
3) The hostname returned by SSL_RevealURL is strduped and must be freed.
Reviewed by Mark and Pete (Thanks!)
Reviewed by Mark, Dan, Chris (Thanks!)
The newly added README.rpm explains how to build an RPM.
Running ./configure will print the list of flags and what they do.
LDAP command line tools now accept 2 new options:
-ZZ (issue a startTLS request)
-ZZZ (like -ZZ but require a successful response).
API extensions:
ldap_ssl.h: LDAP_EXOP_START_TLS macro (OID of start TLS extended op.).
libssldap: Added ldap_start_tls_s() function.
libprldap: Added prldap_is_installed() and prldap_import_connection().
libldap: Added new LDAP_X_OPT_SOCKETARG option for ldap_get_option()
and ldap_set_option() (get/set the socketarg associated
with the main LDAP TCP connection).
liblber: Added new LBER_SOCKBUF_OPT_SOCK_ARG option for
ber_sockbuf_set_option() and ber_sockbuf_get_option()
(get/set the socketarg associated with a Sockbuf).
Also, some refactoring was done in libssldap to simplify the code.
Updated NSPR and NSS component revision numbers.
Handle for part release numbers on Linux, e.g., 2.4.20-6
Use correct paths for NSPR headers and libraries.
Remove obsolete LDAP Makefiles (generated by configure these days).
Fix command line tools link error on Linux: link with -lstdc++
length or tag is split across buffers.
Improve backwards compatibility by setting *Bytes_Scanned to zero
when errors occur; use errno to report specific errors.
A queue of pending outbound requests is kept. UnBind requests are NOT
queued however.
Abandon requests are not sent if a request is not outstanding.
Cleaned up the code in result.c to avoid use of magic return values
such as -1 and -2. Also removed some dead code and dead files.
ltest (test.c) now supports SSL and async I/O options.
Fix most critical warnings in the core LDAP library code:
AIX has snprintf() so we now #define HAVE_SNPRINTF there.
Use snprintf() instead of sprintf() in ldap_perror().
Use snprintf() instead of sprintf() in ldap_init_getfilter_buf()
and improve error reporting for bad regular expressions.
Don't treat a request as complete if its LDAP result message
has not yet been received. Previously, nested referrals and
references could cause requests to be prematurely terminated.
The LDAP tools code no longer has any knowledge of the NSS
file names; the certpath2keypath() function has been deleted
and we now simply use the certdbpath as keydbpath when it is
provided (it makes no difference in the end). But note that
because we need to maintain backwards compatibility, the
libssldap code used by the ldapssl_.*_init() functions still
knows the default name of the NSS module file (secmod.db),
and the code also relies on the fact that the suffix for the
key and cert files is ".db" and that the first letter in the
main part of the name is either 'c' or 'k'.
Also fixed a bug that caused the module file name specified on
the LDAP tools command line (-m name) to be ignored.
The ldapsearch and ldapcmp tools now exit with LDAP_NO_MEMORY
if an LDIF fragment can't be constructed.
Also fixed some issues reported by lint:
Return values that were ignored.
Make more functions and global variables static.
Add /*ARGSUSED*/ and similar lint-friendly comments.
If a NULL keypasswd value is passed to ldapssl_enable_clientauth()
then it is assumed that the application has already unlocked
the key DB or has installed its own GetPassword callback.
Also improved some error reporting.
The prldap_tsd_destroy() function (which is called when a
thread exits) was not freeing the information contained within
the PRLDAP_ErrorInfo structure. Added prldap_free_errorinfo()
and a way to determine if that thread-private data looks like
error information (the plei_magic field). At the moment, only
one kind of thread-private data is stored anyway (the error
information).
The prldap_allocate_map() function, which is called when a new
LDAP session is created, was blindly setting the thread-private
error information pointer to NULL. But if a different thread
created or used an LDAP session than called ldap_unbind(), old
error information may have been left in memory. Now the error
info. pointer is reset and reused, which was the original goal.