Description: The client must call ldapssl_enable_clientauth before the first operation. This means before ldap_start_tls_s in the case of startTLS. However, the certname and keypassword (if any) are stored in the connection context. ldapssl_enable_clientauth will now allocate and store this connection context if it doesn't already exist, then set the certname and keypassword.
Fix Description: Make a copy of the value parameter passed into ldap_getfirstfilter() and store it in lfd_curval. Free it in the LDAPFiltDesc free function.
Fix Description: Using the -Z flag sets the secure option, but using -ZZ (use starttls) does not. The code in several places uses a test like if (secure || isZZ) to see if it has to perform some sort of ssl/tls related initialization. The one place that was missed was before the call to PinArgRegistration() which was just if (secure).
Fix Description: Replaced PK11_FindCertFromNickname() with CERT_FindUserCertByUsage(), using a cert usage of SSL Client. This should only find certs that are used for SSL Clients, which is the type of cert we want in this context (as opposed to e.g. an email signing cert). The LDAPSSLSessionInfo* ssip is passed now as the context argument. Moved calling PK11_SetPasswordFunc before CERT_FindUserCertByUsage() in case CERT_FindUserCertByUsage() needs it for some reason.
Fix Description: First look for a return of < 0 from ldap_count_entries, and return LDAP_PARAM_ERROR in that case (in both keysort and multisort). Then, if count < 2, there is nothing to sort, so just return 0.
Fix Description: The default now is to not use RPATH when building shared libraries and executables. The configure flag --with-rpath[=dir] has been added. The dir is optional, and a default will be used if not given.
Fix Description: If there is a scope given in the reference/referral URL, use it. Otherwise, if the URL is for a search reference (continuation reference) result, comply with RFC4511 section 4.5.3 concerning scope. Otherwise, parse the scope from the original request and just use it.
Note that this fix does not address support for filters in referrals/references. Support for filters will require a great deal more changes. The current version of openldap (2.3.x) does not support filters, so this fix at least brings us up to par with openldap with respect to this feature.
Description: Fix build to allow building command line tools without svrcore
Fix Description: Should allow the command line tools to be built without svrcore. Also fixed the problem with system svrcore.
Description: ber_scanf sometimes gives incorrect return code on 64-bit
Fix: ber_get_boolean needs to get the return value of ber_get_int as an unsigned long and return that unsigned long value
I had made a change to make 64 bit builds the default on those platforms that
support 64 bit binaries. However, the expected behavior for other mozilla
components is that you have to explicitly use --enable-64bit to make a 64
bit binary, and default to 32 bit binaries. So, I made mozldap work like the
other components.
Allow build on Mac OSX
1) There is no RPATH on Darwin, so undefine the RPATH macros before linking
2) Have to use g++ to link
3) The iconv functions are in libiconv
This fix allows the trunk ldap c sdk build to be used to build the mozilla client. I was able to use this to build the mozilla 1_8 branch of thunderbird on Fedora Core 4. Addressbook and typedown addressing work fine.
The gist of the fix is to completely ignore svrcore if not specified, and to imply --with-nspr if --with-mozilla is specified. If not specified, the client build uses $(DIST)/include/nspr and $(DIST)/lib for the locations of the NSPR files.
Enable autoconf build on Windows with cygwin and free MSVC compiler + SDK
1) Don't set the -lsvrcore in SVRCORE_LIBS in configure - instead, do it the
way we do the NSPR and NSS libs, in build.mk
2) For the component LINK macros, use name.lib instead of -lname on Windows
3) The new free MSVC compiler does not have lib.exe - add an autoconf test for
the lib program and use link /lib if missing
4) If using MSVC (which expects DOS style absolute paths) and cygwin (which
uses unix style abs. paths), use cygpath -m on all user supplied paths to make
sure they are in the correct format for cl and link. It's better to do this
during configure rather than depend on cygwin_wrapper which is much, much
slower.
5) Don't link with the odbc libs (Why did we ever need these!?!??!?)
6) The free MSVC doesn't include afxwin.h, so use the other header files
instead
7) Add libutil to the Windows build, including getting rid of the old Makefile
and adding a new Makefile.in for the autoconf build (the Makefile.client
remains)
8) getopt.c doesn't need lber.h
I verified that these changes also build on Win2k with MSVC 6 SP 3. I also changed the copyright in the new Makefile.in as suggested by Mark Smith.
When the malloc fails in the 'v' or 'V' ber_scanf case, we need to break out of the loop and return with an LBER_DEFAULT code. Also, in the realloc case, we need to save a copy of the old pointer and use either ber_svecfree ('v' case) or ber_bvecfree ('V' case) to clean up the memory.
bug 324525
If the malloc is done to allocate the *bv, but then an lber error is
encountered while doing the ber_skip_tag (due to a bad or malicious client),
the bv->bv_val is set to a random value. If you then try to use ber_bvfree to
free the bv, it may call free on this uninitialized value, and badness ensues.
I think the proper fix is for ber_get_stringal to set (*bv)->bv_val to NULL and
(*bv)->bv_len to 0 just after the malloc.