Fix most critical warnings in the core LDAP library code:
AIX has snprintf() so we now #define HAVE_SNPRINTF there.
Use snprintf() instead of sprintf() in ldap_perror().
Use snprintf() instead of sprintf() in ldap_init_getfilter_buf()
and improve error reporting for bad regular expressions.
Don't treat a request as complete if its LDAP result message
has not yet been received. Previously, nested referrals and
references could cause requests to be prematurely terminated.
The LDAP tools code no longer has any knowledge of the NSS
file names; the certpath2keypath() function has been deleted
and we now simply use the certdbpath as keydbpath when it is
provided (it makes no difference in the end). But note that
because we need to maintain backwards compatibility, the
libssldap code used by the ldapssl_.*_init() functions still
knows the default name of the NSS module file (secmod.db),
and the code also relies on the fact that the suffix for the
key and cert files is ".db" and that the first letter in the
main part of the name is either 'c' or 'k'.
Also fixed a bug that caused the module file name specified on
the LDAP tools command line (-m name) to be ignored.
The ldapsearch and ldapcmp tools now exit with LDAP_NO_MEMORY
if an LDIF fragment can't be constructed.
Also fixed some issues reported by lint:
Return values that were ignored.
Make more functions and global variables static.
Add /*ARGSUSED*/ and similar lint-friendly comments.
If HAVE_LIBNLS is not defined, OS functions (iconv and Win32
native APIs) are used for character set conversion of command
line arguments.
Fix bug # 177766 - LDAP tools should reject second -h argument.
A second -p argument is also rejected.
Fix bug # 159139 - HP/UX: LDAP command line tools do no charset conversion.
Removed special case makefile rules for convutf8.cpp on HP/UX.
If a NULL keypasswd value is passed to ldapssl_enable_clientauth()
then it is assumed that the application has already unlocked
the key DB or has installed its own GetPassword callback.
Also improved some error reporting.
The prldap_tsd_destroy() function (which is called when a
thread exits) was not freeing the information contained within
the PRLDAP_ErrorInfo structure. Added prldap_free_errorinfo()
and a way to determine if that thread-private data looks like
error information (the plei_magic field). At the moment, only
one kind of thread-private data is stored anyway (the error
information).
The prldap_allocate_map() function, which is called when a new
LDAP session is created, was blindly setting the thread-private
error information pointer to NULL. But if a different thread
created or used an LDAP session than called ldap_unbind(), old
error information may have been left in memory. Now the error
info. pointer is reset and reused, which was the original goal.
Added two new libssldap public functions: ldapssl_set_option() and
ldapssl_get_option().
Also fixed a bug in ldapsinit:do_ldapssl_connect() that sometimes
caused PR_Close() to be called twice on an SSL file descriptor
if an error occurred (once in do_ldapssl_connect() itself and
once in the libprldap close function that is called from
do_ldapssl_connect()).
Also updated the NSPR and NSS "error code to string" mapping
tables that are used by ldapssl_err2string().
Also fixed a bug in common.c:ldaptool_print_lderror (LDAP command
line tools) where we did not check for SSL errors when the
error code was "can't connect." We were only checking on
"server down" errors.