Description: Change LDAP C SDK version to 6
Fix Description: Change the version to major 6, minor 0, and submin/patch 0. The change is in various places in the build makefiles and header files. The shared lib suffix is now 60 (from 50).
In a somewhat unrelated change, the configure script had to change to allow
building with the RPM spec %configure macro on rhel/fedora. That macro
defines --host, --build, and --target, and defines --host different than
--target. This caused configure to think it was doing a cross compilation.
Instead, the correct cross compilation trigger is if --host is specified and
it is different than --build. However, the mozilla builds expect to be able
to pass in --host different than --target, so all of these different
combinations had to be accomodated.
Description: ber_printf support for O format
Fix Description: When calling ber_printf with the 'O' format, the corresponding argument must be a struct berval *. If the bval argument is NULL, nothing is written (i.e. it is safe to use a NULL here). Otherwise, bval->bv_len bytes from bval->bv_val will be written to the output.
Description: Merge sun libprldap changes on to trunk
Fix Description: Pretty much the same as the fixes made for bugs 352519 352673 on the sun_merge_branch_20060523, this just merges those changes on to the trunk. One additional change is the removal of an unused variable.
Description: Merge sun_merge_branch_20060523 changes into trunk.
Fix Description: I had to change re_encode_request to use the new ber types. Other than that, these merges are basically the sasl, ipv6, and ber types code already committed to the sun merge branch.
Description: Memleak: ldap_start_tls_s should free oidptr and dataptr
Fix Description: Just omit oidptr and dataptr and pass NULL for those arguments to ldap_extended_operation_s().
Bug: 348927
Description: Memleak: ldaptls_complete should free hostlist
Fix Description: Instead of returning directly from early error conditions, just goto the error handling code, and let that code free hostlist and do the other cleanup. I had to make sure all relevant variables were initialized to NULL in order for cleanup to work properly.
Description: The client must call ldapssl_enable_clientauth before the first operation. This means before ldap_start_tls_s in the case of startTLS. However, the certname and keypassword (if any) are stored in the connection context. ldapssl_enable_clientauth will now allocate and store this connection context if it doesn't already exist, then set the certname and keypassword.
Fix Description: Make a copy of the value parameter passed into ldap_getfirstfilter() and store it in lfd_curval. Free it in the LDAPFiltDesc free function.
Fix Description: Using the -Z flag sets the secure option, but using -ZZ (use starttls) does not. The code in several places uses a test like if (secure || isZZ) to see if it has to perform some sort of ssl/tls related initialization. The one place that was missed was before the call to PinArgRegistration() which was just if (secure).
Fix Description: Replaced PK11_FindCertFromNickname() with CERT_FindUserCertByUsage(), using a cert usage of SSL Client. This should only find certs that are used for SSL Clients, which is the type of cert we want in this context (as opposed to e.g. an email signing cert). The LDAPSSLSessionInfo* ssip is passed now as the context argument. Moved calling PK11_SetPasswordFunc before CERT_FindUserCertByUsage() in case CERT_FindUserCertByUsage() needs it for some reason.
Fix Description: First look for a return of < 0 from ldap_count_entries, and return LDAP_PARAM_ERROR in that case (in both keysort and multisort). Then, if count < 2, there is nothing to sort, so just return 0.
Fix Description: If there is a scope given in the reference/referral URL, use it. Otherwise, if the URL is for a search reference (continuation reference) result, comply with RFC4511 section 4.5.3 concerning scope. Otherwise, parse the scope from the original request and just use it.
Note that this fix does not address support for filters in referrals/references. Support for filters will require a great deal more changes. The current version of openldap (2.3.x) does not support filters, so this fix at least brings us up to par with openldap with respect to this feature.
Description: ber_scanf sometimes gives incorrect return code on 64-bit
Fix: ber_get_boolean needs to get the return value of ber_get_int as an unsigned long and return that unsigned long value
Allow build on Mac OSX
1) There is no RPATH on Darwin, so undefine the RPATH macros before linking
2) Have to use g++ to link
3) The iconv functions are in libiconv
Enable autoconf build on Windows with cygwin and free MSVC compiler + SDK
1) Don't set the -lsvrcore in SVRCORE_LIBS in configure - instead, do it the
way we do the NSPR and NSS libs, in build.mk
2) For the component LINK macros, use name.lib instead of -lname on Windows
3) The new free MSVC compiler does not have lib.exe - add an autoconf test for
the lib program and use link /lib if missing
4) If using MSVC (which expects DOS style absolute paths) and cygwin (which
uses unix style abs. paths), use cygpath -m on all user supplied paths to make
sure they are in the correct format for cl and link. It's better to do this
during configure rather than depend on cygwin_wrapper which is much, much
slower.
5) Don't link with the odbc libs (Why did we ever need these!?!??!?)
6) The free MSVC doesn't include afxwin.h, so use the other header files
instead
7) Add libutil to the Windows build, including getting rid of the old Makefile
and adding a new Makefile.in for the autoconf build (the Makefile.client
remains)
8) getopt.c doesn't need lber.h
I verified that these changes also build on Win2k with MSVC 6 SP 3. I also changed the copyright in the new Makefile.in as suggested by Mark Smith.
When the malloc fails in the 'v' or 'V' ber_scanf case, we need to break out of the loop and return with an LBER_DEFAULT code. Also, in the realloc case, we need to save a copy of the old pointer and use either ber_svecfree ('v' case) or ber_bvecfree ('V' case) to clean up the memory.
bug 324525
If the malloc is done to allocate the *bv, but then an lber error is
encountered while doing the ber_skip_tag (due to a bad or malicious client),
the bv->bv_val is set to a random value. If you then try to use ber_bvfree to
free the bv, it may call free on this uninitialized value, and badness ensues.
I think the proper fix is for ber_get_stringal to set (*bv)->bv_val to NULL and
(*bv)->bv_len to 0 just after the malloc.
There were only a few places that needed to be changed. I needed to change the
order of c++ and cc detection around in configure - it seems that if you do the
cross compilation stuff first, it messes up the "regular" case, which is the
more important one. In order for the GNU_CC tests to work, you must define
CC=gcc and CXX=g++ on the configure command line. If building 64 bit, you must
also specify CFLAGS=-m64 and CXXFLAGS=-m64. I also removed the extra arguments
for static library building as they were not only not necessary but they were
also making the build abort.
Mem and resource leaks in ldapsinit.c
1) I'm pretty sure the reference to socket should be fd instead. I don't know
why it compiled with socket in there . . . note to self: read compiler warnings
. . .
2) The cert returned by SSL_PeerCertificate is "dup"ed, so we need to call
CERT_DestroyCertificate to release it otherwise we'll leak references.
3) The hostname returned by SSL_RevealURL is strduped and must be freed.
Reviewed by Mark and Pete (Thanks!)
It also seems to be important in certain cases when using g++
to build shared libraries.
I was having weird errors building the CLUs on linux x86_64. These turned out to be due to the incorrect ordering of objects on the link line.
The LINK_EXE macro already has everything needed - it is not necessary to
supply extra libs in the form of the LDTOOLS_LIBS. Just specify them in the
correct order in EXTRA_LIBS. You don't need to set EXTRA_LIBS for every
platform - on *nix platforms, they are all the same, so just define them in a
common place in the correct order. Use PLATFORMLIBS to specify platform
dependent libs.
The one tricky thing is that LINK_EXE expects OBJS to have all of the objects.
This works if you only build one executable per makefile, but this makefile
builds several, so you need to get the executable specific .obj file in the
link line as well. I suppose I could have used target specific variable
assignment to OBJS, but that seemed messy to me, so I just added a $(filter ..)
to the LINK_EXE command which will add all of the .obj files specified in the
executable link target dependency list to the link line. The filter is to
filter out libraries and other dependencies, which are usually specified
elsewhere. This seems to work on linux x86_64 and HP IPF 64 just fine.
Reviewed by Mark, Dan, Chris (Thanks!)
The newly added README.rpm explains how to build an RPM.
Running ./configure will print the list of flags and what they do.
The getpass() function on HP-UX only allows 8 characters.
Since there is not (yet?) a better function, this fix
allows up to 256 character passwords using the raw
tty interfaces for no echo.
LDAP command line tools now accept 2 new options:
-ZZ (issue a startTLS request)
-ZZZ (like -ZZ but require a successful response).
API extensions:
ldap_ssl.h: LDAP_EXOP_START_TLS macro (OID of start TLS extended op.).
libssldap: Added ldap_start_tls_s() function.
libprldap: Added prldap_is_installed() and prldap_import_connection().
libldap: Added new LDAP_X_OPT_SOCKETARG option for ldap_get_option()
and ldap_set_option() (get/set the socketarg associated
with the main LDAP TCP connection).
liblber: Added new LBER_SOCKBUF_OPT_SOCK_ARG option for
ber_sockbuf_set_option() and ber_sockbuf_get_option()
(get/set the socketarg associated with a Sockbuf).
Also, some refactoring was done in libssldap to simplify the code.
Add Makefile.client under mozilla/directory/c-sdk/config and call it
from mozilla/directory/Makefile (this "new" Makefile.client is
the same as the old mozilla/directory/c-sdk/Makefile that was
recently cvs removed).
Simplify the logic in mozilla/directory/build.mk and make sure the
command line tools are linked with the C++ compiler on all platforms
where necessary.
Recognize HP/UX 11.11 (treated the same as 11.00).
Replace an incorrect dependency on Makefile with a dependency on
Makefile.client inside the command line tools Makefile.client.
anton.bobrov%sun.com
richm%stanfordalumni.org
cls%seawood.org
mcs%pearlcrescent.com